Are you Ready to Hire Your First Employee?
Screen Shot 2018-09-18 at 11.17.51 AM.png

There’s no reason to rush into an employee relationship before you’re ready, but when you can afford to hire the first new team member (or members) for your startup, this milestone will come with some significance. It will mean that (a) you’ve earned the trust of someone who chooses to become financially dependent on you and your success, and (b) you’re confident and stable enough to take on that responsibility.

When you hire someone, you take a chance on them and they take a chance on you. If either of you fumble the expectations of the other party, the results can be an expensive mess. But at the same time, if the decision works for both of you, a qualified person working eight hours a day can quickly put your business on the fast track. Having a full-time employee can take you to the next level—if you can keep up your end of the deal and find someone who will hold up their end as well. Here are a few considerations that can increase your odds of success.

Strangers and connections both come with different risks and benefits.

Risk-averse startup founders often like to hire employees who move within their social and professional networks, those who come with personal recommendations and traceable social links. People often feel more committed and accountable to each other when they’re bound by social ties, no matter how indirect. But if you choose someone in-network (instead of a total stranger) don’t let this weaken your otherwise rigorous background checks and skill tests.

Give every team member the opportunity to weigh in.

Every person on your existing team (if it’s small) should have a chance to sit with the candidate and get a feel for their personality and working style. If almost everyone likes the candidate, but you have just one holdout, find out why. Try to understand the person’s misgivings and what might happen if you overlook them.

Clarify and codify the relationship before you sign.

Will the employee have a vested equity interest in the business? Will they have a say in team decisions? Or will they simply execute orders in exchange for a paycheck? What promises, formal and informal, can you offer them regarding advancement? If the team takes off, will you take this person with you?

Hiring is a legal arrangement.

Involve your legal counsel in your hiring decision, your documentation, and your compliance with HR laws and policies. In other words, establish a clear and written contract that covers everything from how the person will be compensated, to the behaviors that could result in termination, to what will happen if the two of you decide to part ways voluntarily. Even if the new employee is a friend or the relationship is informal or part-time, don’t set yourself up for messy disputes down the road.

Regulatory Compliance: The First Steps Can Be the Hardest
Screen Shot 2018-09-11 at 8.03.30 PM.png

You’re a small startup now, but you recognize that as your company grows, regulatory compliance will play a larger role in your day-to-day operations.

When you have only one employee and you can count your clients on one hand, data management, financial controls, and HR protocols can be monitored at a glance.

But as you grow, expect your compliance requirements to sprawl. And during this time frame, expect these requirements to change and evolve.

You’ll need to put systems in place that can scale as your company expands. And first, you’ll need to determine exactly who you’re accountable to, where they are, and how this accountability will work. Which state, local and federal laws apply to you? Which agencies administer these laws? And how will these agencies deploy inspectors, conduct audits, or request reports that may require your cooperation?

If you don’t have the answers to these questions, you’ll have to find them. Your legal team can help.

Reach out and connect.

You (or your legal counsel acting on your behalf) may find it expedient to contact the local and state agencies that will handle your regulatory issues. If you’re running a restaurant, don’t wait for local health inspectors to come to you; find out who they are, go to them and introduce yourself. If you’re running a health tech startup, the same common sense applies. In addition, the same proactive approach can help you navigate the rest of the regulatory network that connects your business to a community of customers, vendors, employees and partners.

Strong vetting can keep things simple.

You’ll avoid a host of thorny regulatory problems if you vet your vendors and service providers carefully before signing any contracts. For example, if your cloud-based data service provider cuts a corner or violates a law and your customer data is hacked or breached, you’ll be held accountable. Recognize the significance of your background checks and interviews before you sign on with any partner—from a new employee to a lawn care service.

Put your compliance plan in writing.

Create a compliance plan, document it in writing, and update it on a regular basis. Your legal team can help you with this process. If you encounter questions or auditor concerns, your documented plan can help you explain your intentions and prove your due diligence. Some compliance deadlines are difficult to meet on shoestring budgets with limited staff, but as you scramble to meet a set of updated requirements (as with the GDPR, for example), your progress can be made transparent, which may help mitigate problems and penalties. This kind of documentation can also help you appeal decisions that could otherwise damage your budget or reputation.

Data Management Regulations: HIPAA
Screen Shot 2018-08-31 at 4.12.49 PM.png

Startup founders fall into a range of categories based on their business models; some are creating apps for entertainment, some are building companies in the retail sector, some are focused on providing software services, and some are creating products and projects that are completely new in the world and don’t fit any particular category just yet.

But if your company handles customer data—which means client data or data belonging to that client’s individual customers—data management regulations will certainly apply to your operations model. The GDPR (if your customers are European) will affect you, and compliance gaps can lead to fines and penalties. SOC 2 data standards will also apply, and gaps in this case can deter enterprise clients from signing on with you. In addition to these, you’ll need to factor HIPAA (the Health Information Privacy and Accountability Act, administered by the Department of Health and Human Services) into your plans as well.


You may think HIPAA regulations have nothing to do with you if you don’t provide healthcare services, but HIPAA should be on your radar if you deal with any clients who do handle PHI (protected health information), and you’ll need to maintain compliance if you provide or intend to provide group health insurance to your employees. In both cases your status as a “business associate” means you’re covered by the law, and compliance problems can bring headaches and expenses you might not expect.

But what if we only store the data and don’t do anything with it?

A “conduit” provision applies to some entities (like the post office) who simply hold data (PHI) temporarily before passing it along to its destination. But if you store or manage this information, you’re accountable for security against data breaches, gaps, and misuse.

What if our client data is encrypted and we don’t have a decryption key?

That doesn’t matter. You may provide cloud computing services to clients who use encrypted data that you can’t access, but if you manage, store or protect any form of PHI, HIPAA applies to you.

Should we conduct an internal audit of our HIPAA compliance even if we might not be accountable under the law?

Not necessarily. First, determine if you’re considered a business associate or covered entity. There’s no need to worry about HIPAA if you’re not. Next, determine if you plan to sign future contracts that would place you under the umbrella of compliance (for example, if you intend to offer cloud based data management service to covered clients). If either of these apply to you, or to your future goals, team up with your legal counsel and develop a plan.


Bitcoin ETFs: What does the Future Hold?
Screen Shot 2018-08-27 at 10.09.55 AM.png

Efforts to implement an exchange traded fund (ETF) for Bitcoin have been underway for several years, and the nine most recent proposals, put before the SEC by ProShares, Direxion and GraniteShares, have been rejected as of this week. Why did the SEC turn these proposals away, and what does this mean for current and future investors?

The Benefit of a Bitcoin ETF

While rejecting the most recent proposals, the SEC has acknowledged the value of a potential ETF. Exchange traded funds allow investors a measure of protection in an otherwise loosely regulated landscape in which Bitcoin holders find their own trading outlets and make their own individual trades, absorbing all associated risks. An ETF can be monitored and regulated, and the SEC showed appreciation for this fact in the wording of one of the nine recent rejections:

"The Commission acknowledges that, compared to trading in unregulated bitcoin spot markets, trading a bitcoin-based ETP on a national securities exchange may provide some additional protection to investors, but the Commission must consider this potential benefit in the broader context of whether the proposal meets each of the applicable requirements of the Exchange Act.”

The Reasons Behind the Rejection  

All nine recent rejections were based on the same essential reasoning: That the proposed exchanges have not been sufficiently designed to prevent fraud and manipulation.

The SEC has stressed that these rejections are not founded on an evaluation of bitcoin or blockchain’s value as an “innovation or investment”.  In other words, the SEC has no complaint regarding cryptocurrency in general, but it can’t support the establishment of an exchange that doesn’t protect users from harm and exploitation.

What’s happening to Bitcoin Investors?

Bitcoin holders who bought into the currency just prior to its recent plunge in value are facing two options; accept their losses and exit the marketplace, or hold onto their coins in the hope that the market will eventually stabilize, a process that would be accelerated by the establishment of a safe and monitored exchange.

The issue is by no means fully settled (as indicated by a dissenting commissioner, who asserts that blocking the path to an ETF harms both investors and innovators). But as the commission reviews future proposals, members will need to weigh the potential dangers against the benefits, as they’ve done in this case.

When Public Companies go Private
Screen Shot 2018-08-27 at 10.05.27 AM.png

Recent speculation about Tesla’s possible transition from a publicly traded company to a private entity have sparked conversation about the idea of “going private”. While many of us are familiar with the definition of an IPO and the process of establishing an initial offering and making stock available on a public exchange, the opposite move has aroused curiosity and common questions. What does this mean? How does it work? When would a company decide to make this decision? Here are a few quick answers.

Why go from public to private?

In Tesla’s case, the decision to go private appears to be driven by the difficulty of answering to public shareholders, who own a stake in the company and are therefore motivated to weigh in, praise, criticize, or attempt to influence company decisions, particularly at shareholder meetings. When thousands of people are invested in the success or failure of the business, it can be difficult to make moves that put long term gain ahead of short term returns. In addition to regulatory obligations, this is one of the risks and hassles to consider before deciding to sell public shares.

Other common motivations for going private fall under the same general heading: a lack of preparation for the obstacles and problems that public stock sales sometimes entail. Going public is serious! This transition brings an avalanche of regulatory, administrative and reporting requirements. It’s an expensive, complicated move that can come with big rewards, but sometimes it’s the wrong move for certain types of businesses, and this only becomes clear after the fact. If you haven’t decided whether to place an IPO on your list of goals, talk to your legal team and share your concerns.

How can a company go private?

Going private typically requires the support of a large private equity company or a consortium of smaller investment groups, since buying back publicly owned stock can mean an outlay of hundreds of millions of dollars. The private equity group usually finds a lender who can finance a massive purchase of stock. So again, if this support is unlikely, a move from public to private may not be easy or even possible. Keep in mind also that borrowing on this scale will require large interest payments, and this cash flow will usually need to come from company operations. If operations aren’t strong enough or cash flow isn’t steady enough to keep up with the payments, the company’s bond value can be downgraded.

What if shareholders don’t want to sell stock back to the company?

Most of the time, a company that decides to go private will seek to buy back shares at a price that’s higher (sometimes much higher) than the current value of the stock. So usually shareholders have no trouble letting go of the shares they own. But some companies make other options available, for example, the company can set up a special fund and allow public shareholders to participate, providing a brief window every six months or so during which members of the fund can enter or exit.  

In summary, going private can be a smart move for companies who want to regain tighter control lost after an IPO, but doing so will require 1) large scale financing 2) very strong potential for growth, and 3) the ability to keep the newly private company on track to success while also paying off new debts -- among a myriad of other considerations.


Common Questions about System and Organizational Controls Reporting (SOC)

On the road to launching a successful startup, founders and teams eventually confront a set of issues and requirements associated with data security. A secure data infrastructure doesn’t just protect customer information; it also reassures potential investors and enterprise-level clients. So offering guarantees and documentation that prove your company’s commitment to security can remove some of the obstacles on the path to growth.


For this reason, boards and audit committees often appreciate SOC reports—the modern standard for an assessment of a company’s internal controls. Here are few common questions asked by company leaders as they approach the reporting process.


Why do we need a SOC report?


SOC 1 and SOC 2 reports are not required by law or by regulatory agencies, but they are often required or requested by clients before contracts are signed. A clean or “unmodified” opinion on a company’s internal financial controls (SOC 1) or data management protocols (SOC 2) provided by an independent 3rd party auditor can validate the company’s assertions about its security and functionality.

SOC audits can be expensive and stressful, and some audit formats may not be worth the cost to some companies. Before you proceed with the process, you’ll need to determine which audit type will bring the most value. For example, data service providers typically benefit from a SOC 2 report, but the choice between a SOC 2 type 1 audit and type 2 audit will also need to be made.


What’s the difference between Type 1 and Type 2?


A SOC 2 type 1 audit usually requires a lower investment of time and resources, since it involves a one-time examination of a company’s data infrastructure, followed by a “modified” or unmodified opinion. In other words, upon examination, the infrastructure appears to be secure or it appears to have gaps. A type 2 audit is somewhat more in depth and involves an assessment of samples taken over an extended period of time. Again, both cost and value will need to be taken into account when choosing between the two, since the second can be more involved and expensive, but may offer more meaning for potential clients.  


Other than cost, are there risks associated with pursuing a SOC 2 audit?


Not really (though cost can be a significant factor for small startup companies). Even if a SOC 2 audit returns evidence of security or infrastructure gaps, this knowledge can be very helpful to companies who want to fix the gaps, gain a stronger footing, and attract larger enterprise clients. In the long run, it’s better to find out about these weaknesses and address them than it is to remain the dark. Legal problems or fines that can result from a weak audit are a minimal concern, since the process is voluntary and is usually requested by clients and partners.

Have you been asked to undergo a SOC 1 or SOC 2 audit, or are you considering a voluntary review? Contact our team for answers and guidance.


When is the best time to engage a Law Firm?
Screen Shot 2018-08-07 at 3.08.48 PM.png

Startup founders and teams often come to us with a common question that sounds something like this: We’re a brand new startup operating on a shoestring budget. We’ve secured some forms of financing, but at this point our customer base is still small and we can hardly afford to pay ourselves. We’d like to handle our own administrative and legal tasks as much as possible until we no longer can. At what stage of our growth should we need to retain legal counsel?

Our answer depends on the specific situation and the nature of the business in question, but in general, here are a few critical tasks and growth milestones at which startups are wise to start seeking legal support.

When You’re Establishing Clear Terms with Co-Founders

This task typically arises very early in the process of establishing a startup—and it should. Without the support of your team co-founders, you probably won’t get very far. But from day one, the pair or group of you should clearly establish who owns what percentage of the enterprise, how you will distribute responsibilities, and what will happen if any of you decide to leave.

When It’s Time to Incorporate or Choose a Business Structure

If you’re operating your business by yourself, as a sole proprietor, you may not need legal support at all and you can save the related expenses and put them back into your business. A single owner isn’t bound by very many obligations regarding legal documentation, filings, or fees. But everything changes when it’s time to incorporate and choose a business structure, or if you want to enjoy the limited liability protections that come with having a formal business entity. At that point, you’ll need to weigh the benefits of becoming a general partnership, an C corporation, an S corporation, or an LLC.

Each structure brings different documentation and filing requirements and different tax benefits, and choosing the right one can save countless costs and set your business on the path to faster and easier growth.

When it’s Time to Create a General Contract

A template customer contract can provide you with a starting point as you draft future agreements with clients and customers. Each of these agreements might vary slightly, but if you start with a standard form, you won’t need to reinvent the wheel every time you establish a new contact.  

When You’re Issuing Stock and Concerned about Securities Laws

Any sale of stock or partnership interest (even if these events are far in the future) will be subject to state and federal securities laws. Every transaction must comply with a set of disclosure and filing requirements, and violations can lead to penalties and fines (even if you don’t have the money to pay them). Keeping a strong legal team on your side can help you navigate and understand these laws.

When You’d Like to Protect Your Intellectual Property

If your product, technology, or service offerings are not especially unique, then you won’t need to worry about safeguarding your intellectual property. But if your business depends on specific patents, blueprints, patterns, formulas, or copyrights, you’ll need to protect yourself with confidentiality agreements and specific contract language.


Investor Rejections: How to Respond, What to Do Next
Screen Shot 2018-08-01 at 2.18.18 PM.png

You have your pitch deck. You have your business plan. You have your team behind you. And you’re starting to receive meeting invitations from investors and VC firms. This is an exciting chapter in the growth of any new start-up, and a long list of meeting invitations can seem promising. But some of these meetings may not amount to much, and when investor rejection letters or emails start rolling your way, they may take some of the wind out of your fully-inflated sails.

Rejection never feels great, but hearing “no” sometimes is just a natural result of taking on any difficult project. If you put yourself out there and take risks, sometimes you get shut down. Otherwise you aren’t really risking anything.

The challenge lies in how you respond to these rejections and what you ultimately do with them. Make the right moves, and you’ll come away with lessons that can help you move forward. Even better, you’ll gain the information and feedback you need to turn rejections into agreements. Here are a few things to keep in mind.

Actually read the letters and emails.

Rejections hurt! So it’s easy to drop them into the trash or delete them without reading them carefully. In some difficult fields (like the arts) rejections often come with no explanation at all. But when investors reject a start-up, they sometimes provide useful feedback and information than company owners really want to hear. Listen and take this excess information to heart. Or at least read the letters and emails -- you can process them later.

Timing matters…and timing isn’t easy.

If your investors tell you they aren’t ready to back you just yet, read between the lines. This isn’t exactly a rejection; it’s just a rejection for now. Investors often rest their decision on critical claims like “you don’t have enough customers”, “you haven’t raised enough capital from other sources”, “the market isn’t ready for this product”, or “your team is too small.” There’s a key message hidden in these claims: “Keep building and come back to us later.”

Feedback can show you where to place your risk and invest your energy.

If you haven’t yet assembled a team because you aren’t sure what offers the best return on your investment, some pointed feedback can give you the direction and courage you need to start hiring. If your investors tell you “No, because you don’t have….(X)”, that means it might be wise to start putting some effort, energy and resources into X. This may mean changing your pricing model, changing your distribution format, hiring a data security expert, or just temporarily redirecting your focus away from investors and into building your customer base. Prior to your rejections, you may have been working in the dark, not sure exactly how to distribute risk or hedge your bets. A few rejections (even harsh ones) can shine a light and show you the way.

Don’t give up after your first round of meetings, even if these meetings don’t bring tangible results. Talk to your legal team, discuss the content of your rejections, and work together to choose a path forward.




Your First Audit: Simple Tips for a Smoother Process
Screen Shot 2018-07-20 at 3.37.01 PM.png

Your startup has officially launched, and you’ve been in business for a while now. At this point, you’re expanding your customer base, protecting your data security, improving your product, and managing your team. You’re also monitoring your balance sheets and making sure that your tax filings are accurate and your reporting procedures are in line with SEC and IRS requirements.

A smart move, because sooner or later, you’ll face your first formal audit.

If you’ve been partnering with an experienced legal team during your launch and initial growth, your team will be there for you on the day you receive notice of your audit. If not, you’ll want to respond with a critical first step: engaging with a team that can help you survive the process with minimal headaches and workflow disruptions.

But what will you do next? In order to make the most of your time, money and resources, you’ll want to prepare your team and organize your documentation as efficiently as possible. Here are a few things to keep in mind.

The importance of scheduling

Within certain parameters, you have the ability to control when your audit takes place, so focus on scheduling before you make a commitment. If you’re behind on some of your active accounts, that’s okay; you’ll just need some time to update your balance sheets. If you haven’t performed an inventory in a while, you may need to do this too. Most important, you’ll need to prepare you staff and organize a workflow and communications structure around the process, and this can take time. Factor these things into your scheduling decisions.

Your PBC list

You can ask your auditors to provide you with a PBC, or “prepared by client” list, which will include all of the documents, flowcharts, process descriptions, accounting records, HR information, and other details that the auditors will need to have in hand in order to do their jobs. Obtaining this list can save time and prevent hassles, since you can review and assemble the items on the list a long time before the audit begins. Once you have your list, provide your team with clear instructions so everyone knows which person will take responsibility for preparing which items.

Clarify issues during your preliminary meeting

In the interest of maintaining your workflows and making the process easier for the both the auditors and your company, determine well beforehand how the auditors will obtain the information they need. Will they confer with you only, or will they present certain questions directly to your staff?

Don’t worry, but move quickly

Always keep in mind that auditors (tax, financial, and/or data security auditors) are not your enemies. They are not trying to create problems for your business or hold you back. They’re just looking for compliance gaps, security weaknesses, reporting anomalies or other concerns that need to be identified so they can be addressed and fixed. Work together with your auditors and you’ll have better results. As always, keep your legal team close and you’ll know exactly what to expect and how to move forward.

Five Common Startup Mistakes

The path to successful entrepreneurship can sometimes seem uncharted, and many of the obstacles along the way can seem bewildering and completely original.

But here’s something every business owner learns in time: They aren’t. When a new company stumbles, these stumbles have almost always happened hundreds of times before, often to other entrepreneurs who found a way to resolve the issues and keep moving forward.

The secret to overcoming most common startup challenges isn’t really a secret; it’s just a matter of placing the issue in a context and knowing you aren’t alone. The right legal counsel can help. Here are some very common mistakes that a strong legal team can help you address.


1.       Turning to VCs too soon.

Venture capital can be a huge boon for your business, but if you’re not yet off the ground and making money, you may not be ready to reach for this high rung. Explore other options first, and then try this route when you’re able to test, scale and prove your profitability. VC term sheets also vary dramatically. Make sure that when you start talking to VCs, you know what terms you want, and that business interests are aligned.

2.       An unscalable business model

A successful business that can attract enterprise clients and investors at all levels should be able to scale in a smooth, elastic way. Make sure your company has built the right systems to ensure the right scalability. If you don’t, the investment money you’ve taken to scale and grow isn't going to do anything.

3.       Lack of product diversification

Trusting your entire future to one product or one limited capability can slow your growth later on. Diversity your product and service portfolio to hedge against market trends.

4.       Insufficient marketing

Marketing isn’t just about selling your product to customers. You may have total faith in what you produce and you may want to believe your product sells itself, but that’s rarely the case. You’ll need to market your idea (and/or prototype) aggressively from the earliest stages of the process to attract customers. 

5.       Hiring the wrong people

At every stage of your growth from the first day to the last, you’ll need to hire competent, personable people who can execute the tasks assigned to them. But at the very beginning, you may also need to hire team members who have the patience to endure ups and downs, the risk tolerance that startups require, and the willingness to accept compensation packages that may include articles of faith, like stock options. If you don’t actively seek these qualities, you may experience expensive turnover.