Once upon a time, rarely did startup companies—whether toiling away in a garage somewhere or moving their way up in the world—even consider a compliance program. It was a need only larger companies had, a point that startups would reach sometime in the future.
Many are starting to realize that the future is coming fast.
“We are seeing some of the largest privately held companies in the United States, as well as mid-sized and emerging companies, bring on chief compliance officers for the first time,” says Bob Barker, managing partner at BarkerGilmore, an executive search firm for the placement of general counsel and chief compliance officers.
Mary Bennett, vice president of advisory services for NAVEX Global, says that while more smaller companies are hiring compliance professionals, there “are still shocking lapses” among growing enterprises. One reason: Growth can come quickly and unexpectedly.
“A lot of times founders of companies, which naturally will start small, have this opinion that their own principles and values inform the operation as they hire people, and that people would just know the right way from working with them,” she says. “The biggest error founders make is to assume that is enough for too long. Pretty soon it is not enough, and if you are in one of the highly regulated industries like healthcare, all of a sudden you face a lot of regulation. If you don’t handle it right, no matter how small you are, it can get you into trouble and shut you down.”
The need for at least a basic compliance framework is illustrated by the speed some companies grow. It seemed overnight that companies like Uber, AirBnB, and Snapchat became household names. Even multibillion enterprises like Google, Apple, and Facebook were once just emerging companies.
“Success is a double-edged sword,” Bennett says. “It puts you into a new league where if you don’t have risk controls in place, that’s a big black eye and an open door for regulators to come in and rifle around. When you are a one- or two-man operation, you already know what your risks are and automatically control them; get beyond a few people and you can’t do it.”
“We are seeing some of the largest privately held companies in the United States, as well as mid-sized and emerging companies, bring on chief compliance officers for the first time.”
Bob Barker, Managing Partner, BarkerGilmore
Startups, especially in the tech space, often view their future fortunes as a fork in the road. While one path is to grow into a self-sufficient money maker, a more common route is to be acquired by a much larger company. The prevalence of acquisitions is also driving the push for startups to get serious about compliance.
“Every year, I see at least a couple of deals change in a material way because of compliance issues,” says Dismas Locaria, a member of the law firm Veneble’s government contracts group. “A lot of things can come out in the due diligence process.” Having an effective compliance program in place, he says, “is going to make your company more attractive, put it in a better bargaining position, and better position the company and its negotiators to get maximum value.”
“Some small companies want to be bought, but without a compliance program they can add a lot of liability to the purchaser,” Bennett adds. “That’s not healthy for anybody. If you are starting a company and want to grow it to the point where it becomes an attractive acquisition, you need to pay attention to this stuff otherwise it will bite you, it will bite the purchaser, and it could blow up the deal.”
WARMING UP TO THE JOBS ACT
The following, from research conducted in May by BDO USA, looked at how new regulations in the JOBS Act are working in terms of helping smaller, private companies go public.
Although only a slight majority (51 percent) of surveyed investment bankers believe the Act has had a positive impact on the number of businesses going public, this represents a major attitude change from two years ago when only 14 percent of the bankers thought legislative package was having a positive impact on offerings. When asked if the JOBS Act was the most prominent reason for the large increase in U.S. IPOs in 2013 and 2014, just under one-quarter (24 percent) agreed.
A majority (54 percent) of capital markets executives believe the lack of transparency brought about by the JOBS Act’s confidential filing process has had a negative impact on their ability to advise clients on their offerings due to a lack of information on potential competitors for investor dollars. In fact, more than two-thirds (69 percent) of bankers are in favor of the Securities and Exchange Commission providing confidential filing data on an aggregate and anonymous basis in order to provide increased visibility of the IPO pipeline.
The JOBS Act allows emerging businesses to provide less information and fewer financial disclosures in their IPO documents and subsequent filings. At the time of its enactment, some critics predicted the reduced disclosures would have a negative impact on the pricings of these IPOs, but three years later most bankers (59 percent) do not believe that it has.
Another criticism of the JOBS Act, when it was introduced, was that the rollback of regulatory requirements for newly public businesses could open the door to market manipulation and fraud. Today, less than half (48 percent) of capital markets executives believe the rollback of regulatory requirements has increased the chances of scandals at these businesses, and only 9 percent describe the increased risk as substantial.
Many startups may also have the goal of being acquired by a larger company to provide support or products. These companies will also find their compliance programs, or lack thereof, scrutinized. A bank that hires a technology company, for example, is held liable even if that service provider caused a regulatory lapse. A national retailer will similarly want to maintain a network of vendors that won’t cause them regulatory or reputation risk, especially given the focus placed on supply chains regarding worker conditions, human trafficking, and their use of so-called conflict minerals.
“A small business’ conduct does reflect on a big company too, and we are seeing the government pressing large businesses to carry that message,” Locaria says. “They are starting to look at smaller companies and asking about their compliance policies, code of conduct, and what training they offer employees so that they know they are doing business with a responsible company. They are vetting smaller businesses and kicking the tires about how they are going about managing their work. They want to know not just that they are doing good work, but how they are getting that work done.”
The advice for startups and emerging companies looking to build a compliance function, and perhaps add a CCO to their ranks, is to start small and focus on scalability.
“You have to have some way of understanding your risks and mitigating them,” Bennett says. “The formality of the compliance program should follow the maturity of the company. As the company matures, so should the compliance efforts you make. When you are small, the mitigations are easier than when you are big with a big problem. You can grow your controls, rather than just letting it be the Wild West until you have a problem.”
Foremost, startups looking for a compliance officer should focus on leadership and communication. Leadership, Barker says, goes beyond just understanding the role of compliance and includes having the skills and experience needed to be recognized as a peer by others in the C-suite and the board. Communication skills are needed to be able to speak to constituents and earn their trust—from regulators to employees to Wall Street. “You need to assure everyone that the company is doing everything in their power to do the right thing,” he says.
Until recently, Michael Kireopoulos was director of global operating regulations compliance for Visa, where he worked for 15 years. He has also held compliance leadership positions at Franklin Templeton and Citigroup. He recently joined Geoswift, a growing provider of cross-border payments between China and other countries, as global head of compliance. Although a smaller company can struggle with having adequate resources (both monetary and headcount), there can be advantages, he says.
“In a large and established payment service company, the CCO usually leads only one or two areas of compliance while taking a very high-level approach and focusing on strategy,” Kireopoulos says. “Compliance is siloed in divisions, such as product compliance, systems compliance, interchange compliance, risk compliance, and rules compliance.”
In a small company, the CCO also strategizes but “is more hands on,” he says. “The biggest difference is the CCO in a small company leads all facets of compliance and risk to safely facilitate secure and reliable payments. So, indirectly speaking, all divisions are better connected with each other and, as a result, compliance is much more transparent and better managed when protecting the company’s brand. The process is much more seamless, and decisions and approvals are much quicker to obtain versus a large company.”