More focus has been aimed at the need for compliance programs at public companies. Of course, that focus has been largely drive by the requirements of Sarbanes-Oxley. The other focus comes from highly regulated industries like financial services that require compliance programs.
That doesn’t mean that private companies can ignore compliance. There are many more private companies than public companies.
An article by Corpedia caught my eye: Making the Case for Compliance Programs at Privately Held Companies. (Since I work at a private-held company.)
As the article points out, the Federal Sentencing Guidelines do not change based on the ownership structure of the company. Private companies would need to take the same steps as private companies if they want to get credit for having an effective compliance program.
Another big reason for a compliance program is not discussed in the article. Under the Stone v Ritter and Midland Grange decisions, company officers and directors can be held responsible for the illegal conduct of employees. These cases follow up the Caremark case in expanding liability for company directors.
An effective compliance program would presumably reduce or prevent any illegal activity and shield the directors and officers from liability by showing that the illegal conduct was by a rogue employee.
One factor to keep in mind is that many private companies lack a meaningful board of directors. For many private companies, the board of directors really means the company’s principal. If there is a board, it may consist largely of family members, insiders and company officers. All the talk about access to the board of directors is lost on those us running compliance programs inside private companies.