Do you use the words "compliance and risk program" in the same sentence as "business strategy"? You should. If you think it's too early for your start-up to create and implement a compliance program, you are wrong. "If you don't have a plan, someone might have a plan for you," says Fabiana Lacerca-Allen, president of Ethiprax LLC, a US-based compliance consultancy. "Being the owner of your own destiny is very important for all companies and their executive teams."
Lacerca-Allen says that a compliance program is as much about adhering to regulations in the industries and regions in which your business operates as it is about the size, culture, and protecting against potentially expensive or lethal risks to the strategy of your business and its executive team.
Without a compliance program, you are putting your business at risk. Period, end of story. Why? For every decision you make for your business, there is a potential risk to regulatory compliance, operations, and even your business strategy. The risk assessment and mitigation plan lays the foundation for a robust compliance program that directly contributes to your startup's ability to outperform the competition and deliver on customer value in the short-, mid, and long-term.
"Having a compliance program says a lot about a startup executive team," says Lacerca-Allen. "If the risk assessment and plan is done well, the compliance program will provide a strategic advantage."
Lacerca-Allen shared three compliance considerations for entrepreneurs:
1) It is never too early to start a risk assessment. In fact, she urges that the risk assessment and mitigations be part of any strategic plan. If you have outside investors, chances are, they will want to see a risk and mitigation strategy in your plan. Depending on your market, your board may decide to form a risk audit committee to support the executive team and protect investors.
2) It should not be expensive. The risk assessment and mitigation plan should be tailored to the needs of your startup. A pragmatic plan that is rolled out over time and with clear expectations and visibility into potential operational and regulatory vulnerabilities will provide greater success for adherence and control than a big-bang approach. Treat a risk and compliance program like any other investment strategy; make decisions that grow apace with the needs of your business.
3) It should include a people plan. Having the right people in place to contribute, evangelize, and execute will make or break any strategic plan. A compliance program is no different. Including the influencers, decision-makers, and early adopters who share the cultural values will foster the compliance environment you are building. A great compliance program embeds in a culture by informing how daily work is done and how decisions are made.