Governance priorities for private companies

Corporate governance used to be a term that was used very loosely when it came to private companies but private companies are increasingly looking to external people, whether as managers or on boards, to provide a more objective and independent perspective on the challenges a business faces. And private companies are not excluded from a growing awareness of the more complex risk environment businesses face, which is driving a greater focus on risk management and compliance, from both the reporting and regulatory standpoints.

‘As these private companies grow, one of the real challenges they have is scaling their business models,’ explains Steve Hobbs, managing director of public company transformation at Protiviti, who has given advice to hundreds of private firms. ‘Oftentimes, companies don’t think about what else they need to make sure scales correctly. That can be some of the back office functionality, and it can also include corporate governance.’

In response to growing membership from private firms, the Society of Corporate Secretaries and Governance Professionals (SCSGP) created a private companies committee in June 2013 to discuss relevant governance issues and be better able to serve the interests of that segment of its membership. Roughly 1,100, or 36 percent, of the SCSGP’s members now work at non-public companies, but that includes more than 600 law firms and other service providers. Excluding these firms, Paul Marcela, who heads the committee, estimates that roughly 450 SCSGP members are from private companies.

At committee discussions, ‘there’s been a lot of focus on the practices and requirements a public company has that should really be adopted by private companies,’ says Marcela, whose firm Governance Partners Group provides corporate secretarial functions to smaller firms that can’t afford to host that function in-house.

Although public disclosure requirements don’t kick in for private companies until they have more than 2,000 shareholders, private firms that fund their activities partly through publicly issued and registered bonds or other debt are required to file 10Qs with the SEC. Firms with publicly traded debt are also subject to reporting rules under Sarbanes- Oxley, Dodd-Frank and other relevant statutes.

On the cards

Even companies with no financial disclosure obligations as such often have complex federal regulations to comply with. Any merchant company whose customers pay by credit card is subject to PCI compliance rules with regard to protecting the privacy of any personal data it collects. PCI compliance is a payment card industry standard that applies to any entity that stores, processes or transmits card data, whether it’s a merchant or a service provider either facilitating such activities or providing security controls to protect those activities for merchants.

Getting compliance right is a priority for most merchants because of the fines they can incur from banks and other card sponsors, says Scott Laliberte, managing director of Protiviti’s IT security and privacy practice. Firms are also trying to avoid enforcement actions by state attorneys general if there are data breaches for any residents of their states, as well as by the Federal Trade Commission.

Merchants that handle more than a million transactions per year are likely to need a third-party assessment by a qualified security assessment firm. Merchants are also required to have due diligence processes in place before hiring a service provider, as well as on an annual basis, Laliberte says.

Large private companies are making efforts to strengthen their compliance processes, while smaller entities with very low transaction volumes tend not to have such robust compliance programs around this, he adds.

Succession planning tends to be one of the top governance priorities for private businesses. Many of these companies are family-owned and family-run, and for them the prospect of bringing younger generations – typically starting with the third – into the business makes them recognize the need to professionalize their succession and other management processes. The need for governance rigor is equally great at family companies that are increasingly eager to hire outside CEOs and other senior managers to run them.

Joel Koblentz, senior partner at executive and board search firm the Koblentz Group, doesn’t think succession planning is as high a priority at most private companies as it ought to be. ‘They should be thinking about this in the same way that many public companies think about it, which is development of talent throughout an organization so that the bench becomes deeper and wider,’ he explains. ‘Many private companies don’t do that, so inevitably they don’t get all of the options that may have been available to them if they had invested more in leadership talent along the way.’

An independent view

There is also growing interest in adding independent directors to the boards of family-owned businesses. The SCSGP’s private companies committee has a board operations and best practices subcommittee whose discussions have focused on when it’s appropriate to bring on independent directors, what their roles and responsibilities should entail and how to best recruit them.

The subcommittee has invited speakers from executive search firms such as Spencer Stuart to come in and talk about their processes for finding directors for private companies. It has also discussed what’s involved in the evaluation process for board members and how information that emerges from those evaluations may be used to either improve or refresh the board, says Marcela.

‘We’ve focused that committee on the relationship between directors and management,’ he explains. ‘In a lot of private companies, as they mature, you may still have family managers but more of an independent board of directors, and that creates a different dynamic from that in a company where there is no familial relationship.’

Jennifer Pendergast, a consultant with Family Business Consulting Group who focuses on governance issues, sees an increasing trend around letting non-family members inside the tent to help family managers make business decisions.

‘One of the big drivers of formalizing governance is having shareholders who aren’t employed in the business, because as long as everyone’s employed in the business, our interests are aligned in terms of what we want to do,’ she notes. ‘Most typically we want to reinvest in the business to grow it because we’re all there.’ Owners who aren’t working in the business day to day begin to want oversight of the family members in management to ensure they’re running the company well, and that’s where the board comes into play, Pendergast says.

At Hallmark, senior management (which includes only two members of the founding Hall family) and the board ‘are responsible about looking at key roles in leadership and understanding where given employees are in their career paths, what their needs are in terms of personal development, and then who might succeed them,’ comments Nancye Green, a member of Hallmark’s board for more than 20 years.

Family matters

At a Family Business Governance Institute sponsored by WomenCorporateDirectors in New York in May, many of the leaders of such firms on one panel discussed how they had decided that jobs in the business aren’t guaranteed to family members. Many are starting to require that potential successors in the third or fourth generation get a graduate management degree and work for a minimal number of years in an outside company to gain broader business experience. At one company mentioned by a panelist, promotion of family members into senior positions is decided not only by the family but also by outside partners, in order to give such promotions more credibility.

A KPMG report, ‘Enduring across generations: how boards drive value in family-owned businesses’, released in May, suggests a family council can be helpful once the family has grown large enough. A council can help the family preserve wealth through a family office that offers investment advice and ‘can also be a good forum for developing policies regarding employment of family members’.

It makes sense to seek out more sophisticated processes as a business matures and expands, especially in a family-owned firm that is no longer controlled by family members. Where the family’s involvement in the business diminishes and there are growing numbers of outside investors, whether from private equity, venture capital firms or elsewhere, there is a greater desire and need for more formal governance structures, Marcela says. ‘So you move from a very informal decision-making model to maybe a board of advisers, and then to the next step of a board of directors with outside directors’ and eventually to forming board committees. Private firms with subsidiaries have to be as focused on protecting the corporate veil by ensuring separate board structures and record-keeping as public firms that risk being held accountable for liabilities incurred by their subsidiaries, Marcela notes.

Healthcare reform

M&A activity for private companies in certain industries is also compelling firms to think about corporate governance in new ways. Changes in the healthcare sector, such as the federal government’s focus on healthcare reform, ‘are causing companies to look at new ways to partner together, which requires both lawyers and corporate governance professionals to find ways to successfully structure these deals,’ explains Chris Wintrode, assistant general counsel for contracts, governance and policy at SSM Health, a non-profit healthcare system with 19 hospitals in four states. These partnerships can often involve expanding into new service lines or even new legal entities.

Healthcare reform, for example, has spurred the creation of new legal entities that have leading-edge governance structures, such as accountable care organizations and clinically integrated organizations, Wintrode explains. Recently, SSM Health has formed several of these legal entities, which have multiple governing boards that take joint responsibility for driving down costs and improving the quality of care.

Green has noticed that many small businesses, as they grow into bigger companies, don’t always have the same resources larger companies have to guide them into good practices. ‘A lot of them get to where they are because they do something well, they’re successful, but they don’t necessarily develop the [governance or financial] processes along the way that they need to be a bigger company,’ she explains. ‘So they find themselves growing bigger, but they still act like a small company.’

As the owner of a small company herself, Green finds it ‘hard to find really good resources that are appropriate to your level in order to get the advice you need to run a company well.’

One resource Hobbs is seeing more often at private companies is a compliance or risk committee, or at least some function comprising members of the finance and operations groups. Such committees don’t necessarily include a chief compliance officer or chief risk officer, however. ‘Any time the company is going to do something new like start a transaction, launch a new product or expand internationally or into a new geographic area, it has that committee develop a risk assessment of what risks are associated with that event,’ Hobbs says.

That and other more sophisticated business processes indicate how far private companies have come in recognizing the need for solid corporate governance practices.