Once upon a time, rarely did startup companies—whether toiling away in a garage somewhere or moving their way up in the world—even consider a compliance program. It was a need only larger companies had, a point that startups would reach sometime in the future.
Many are starting to realize that the future is coming fast.
“We are seeing some of the largest privately held companies in the United States, as well as mid-sized and emerging companies, bring on chief compliance officers for the first time,” says Bob Barker, managing partner at BarkerGilmore, an executive search firm for the placement of general counsel and chief compliance officers.
Mary Bennett, vice president of advisory services for NAVEX Global, says that while more smaller companies are hiring compliance professionals, there “are still shocking lapses” among growing enterprises. One reason: Growth can come quickly and unexpectedly.
“A lot of times founders of companies, which naturally will start small, have this opinion that their own principles and values inform the operation as they hire people, and that people would just know the right way from working with them,” she says. “The biggest error founders make is to assume that is enough for too long. Pretty soon it is not enough, and if you are in one of the highly regulated industries like healthcare, all of a sudden you face a lot of regulation. If you don’t handle it right, no matter how small you are, it can get you into trouble and shut you down.”
The need for at least a basic compliance framework is illustrated by the speed some companies grow. It seemed overnight that companies like Uber, AirBnB, and Snapchat became household names. Even multibillion enterprises like Google, Apple, and Facebook were once just emerging companies.
“Success is a double-edged sword,” Bennett says. “It puts you into a new league where if you don’t have risk controls in place, that’s a big black eye and an open door for regulators to come in and rifle around. When you are a one- or two-man operation, you already know what your risks are and automatically control them; get beyond a few people and you can’t do it.”
Read the full article here (subscription required).