The Securities and Exchange Commission, which polices bad behavior by publicly traded companies, has for the first time taken action against a privately held Silicon Valley "unicorn" startup for misleading its investors, according to a release on Thursday.
The human resources startup Zenefits and its co-founder Parker Conrad have agreed to pay a combined $980,000 to settle accusations by the SEC that they made "materially false and misleading statements and omissions" to investors over their compliance with state insurance laws, the agency said.
The settlements, following separate deals with insurance regulators from 49 states and the District of Columbia, help Zenefits and Conrad conclude a nearly two-year legal cleanup that started after a BuzzFeed News report in November 2015.
Joshua Stein, Zenefits' general counsel, said in an emailed statement: "This settlement closes the chapter on a journey we began 18 months ago to transform Zenefits through new values and leadership. We are pleased that the SEC clearly acknowledged our cooperation, our extraordinary remedial efforts, and our commitment to compliance."
Conrad, in a statement emailed by a spokesperson, said: "I’m pleased to have reached an agreement with the SEC regarding Zenefits, and I’m incredibly proud of what we built there and grateful to have worked with such a talented group of people."
For the broader startup world, the Zenefits case is a clear sign that the SEC sees itself as a new cop on the Silicon Valley beat. Such an enforcement action by the agency against a prominent privately held startup appears to be unprecedented.
The SEC has relatively limited authority in the world of private companies; by law, it can only really police misrepresentations and fraud in the sale of private company stock. Historically, part of the reason the SEC has left startups alone is that investors in such companies are considered both wealthy and "sophisticated," meaning they understand the risks and can take care of themselves. It's when a company goes public, this thinking goes, that it can pull a fast one on naive investors.
Zenefits and Conrad did not admit or deny the SEC's findings, according to the agency. The company agreed to pay $450,000 to the SEC — a small penalty compared with the over half a billion dollars it has raised. Conrad agreed to pay nearly $534,000, of which $160,000 is a penalty and $350,000 represents the disgorgement of ill-gotten gains.
Zenefits has separately agreed to pay over $11 million in penalties to state regulators, and — in deal with its investors last year — it agreed to reduce its valuation to $2 billion from $4.5 billion.
The SEC previously cracked down on Silicon Valley a decade ago, after The Wall Street Journal revealed that tech companies were backdating stock option grants to increase CEO payouts. But the companies caught up in the options backdating scandal were all publicly traded.
The corporate world has since changed, with many significant tech companies choosing to remain private. The SEC telegraphed last year that it would be keeping a watchful eye on these unicorns — private companies worth at least $1 billion.
"It is axiomatic that all private and public securities transactions, no matter the sophistication of the parties, must be free from fraud," Mary Jo White, then the SEC's boss, said in a speech in March 2016.
San Francisco-based Zenefits, a health insurance broker that makes human resources software for other startups, achieved its $4.5 billion valuation just two years after its 2013 debut. But in pursuit of rapid growth, Zenefits allowed employees to sell health insurance without the necessary state licenses. Conrad, further, created and shared with employees a program to cheat on California insurance broker licensing requirements. He was forced to resign as CEO in February 2016.
The SEC now asserts that Zenefits and Conrad, when they sold shares to investors in 2014 and 2015, failed to adequately disclose their knowledge of these compliance lapses. While investor documents in the 2015 financing included a reference to possible licensing issues, the SEC said the startup's disclosures were "misleading," since they did not represent the full extent of the problem.
One investor in the 2015 financing round asked for more information about the licensing issue, according to the SEC, but Zenefits said in response that it was "above 90% compliance" at the time, and that any past violations could incur only small penalties between $5,000 and $10,000. In reality, the agency says, Zenefits lacked adequate licensing policies and had learned just a month earlier that employees had done business in Washington state without local licenses.
Conrad also sold $10 million of his personal shares to a big investor in 2015, but, according to the SEC, he didn't provide any disclosures about compliance beyond what investors were told in the primary financing rounds.
"Zenefits was not compliant with state insurance licensing laws, and its controls were insufficient to ensure compliance," the SEC said in its order. "Zenefits and Conrad failed to fully disclose these facts to investors."
Zenefits, the SEC noted, has since overhauled its compliance by implementing new controls, replacing top leadership, and requiring employees to complete training.
Conrad, for his part, has started a new company, Rippling, which stores worker information to help companies onboard new employees. He said in the emailed statement that he "could not be more excited about my new company."
Zenefits may not be the last Silicon Valley unicorn to be chastised by the SEC. The agency has also been investigating whether the embattled blood-testing startup Theranos made deceptive statements to investors, The Wall Street Journal reported last year. The SEC hasn't announced any enforcement actions in that case.