Compliance Culture

Practical insights for compliance and ethics professionals and commentary on the intersection of compliance and culture.

Inexperienced CEOs and immature compliance cultures

It is never too early, or too burdensome, to create a fundamental business compliance program.  Small businesses, new businesses, and experimental businesses can all benefit tremendously from the foundation and organizational structure that a basic risk control framework can bring.  A disruptive or innovative company does not have to eschew everything about traditional business in favor of transformative and novel ways of working.  It is fair that some strategies or philosophies may be seen as staid or unlikely to keep pace with the competitive and development pressures these businesses face.  However, the common sense responsibility (values-based) and implementation of legal and regulatory guidelines (rules-based) impact of a corporate compliance culture encourages and supports business sustainability.

All too often, however, start-up companies lack this structural backbone.  They do not have adequate policies and procedures in place, are unable to cope with the employee and supervisory demands that emerge in their workplaces and marketplaces, and grow into business practices without the controls framework and governance, risk management, and compliance structures that they find they need.  Most concerningly of all, with their attention span devoted to survival and then growth, these companies find themselves without genuine and integrity-supporting corporate cultures, and attempts to impose them over the top of the existing environment are artificial and difficult.

This challenge becomes only stronger when the company without a confident hold on compliance and ethics building blocks is dominated by a founder or CEO who is,  him or herself, on unproven ground.  Inexperienced CEOs may have amazing, ground-breaking ideas and new ways to develop and market them, but if they are not effective as either leaders or managers, then they may fall into leaning on personality ethic.  These are the leaders whose individual credibility and identities dominate every aspect of their business, to investors, colleagues, employees, customers, and the public in general.

Without a prevailing independent corporate culture that relies on a collective character ethic and mature organizational integrity, these situations do not make for long-term viable business strategies.  Instead, these companies all too often slip into misconduct, fraudulent practices, and an overall culture of non-compliance.   Risk from regulatory non-adherence, corner-cutting in basic business operational requirements, and other malfeasance is not controlled by the appropriate and thoughtful defense strategies that a compliance program could create, implement, and monitor.

There are a number of examples of companies which grew impressively and then suffered due to insufficient leadership or immature management.  In each case these businesses are known for a prominent figurehead whose personality attracted the press and the public and whose ideas were exciting to the markets and enticing to investors.  However, legal and regulatory inadequacies of these businesses and their cultures have hobbled these companies’ lasting ascent:

  • Apple – Steve Jobs – The ouster of Steve Jobs at the company he created, Apple, led by the mentor he brought on to guide him to the next level as CEO, John Sculley, is the stuff of Silicon Valley legend. While this often seen as an epic example of corporate disloyalty and executive board politics, the more powerful lesson here is for business values and sustainable practices.  At the time Jobs was fired from his own company, emotional intelligence, inner success, and business mission statements were not part of the popular parlance.  Perhaps if they had been, Sculley and Jobs wouldn’t have found themselves permanently estranged: Former Apple CEO John Sculley admits Steve Jobs never forgave him, and he never repaired their friendship, before Jobs died
  • Nasty Gal – Sophia Amoruso: The retail entrepreneur and self-proclaimed “girl boss” may beg to differ with her inclusion in this list, but Sophia Amoruso is a classic example of personality ethic over character ethic.  Amoruso developed a company in her own image, and then turned her image into a personal brand that both transcended and hindered Nasty Gal.  Amoruso is a polarizing personality, and the whimsical approach she embraced in her life may be great for a career as a motivational speaker and writer where people who need inspiration can take a few tips from her for self-development.  However, a business that succeeded due to Amoruso’s successes was also vulnerable to fail due to her failures, without its own corporate identity and developed business culture, and this led to the ultimate undoing of her brand (to be rescued by a larger corporate entity, away from Amoruso’s control), rather than its longevity:  What Comes After Scandal and Scathing Reviews? Sophia Amoruso Is Finding Out
  • Uber – Travis Kalanick – Travis Kalanick’s tenure at Uber started in idolatry around the industry, when everyone with an idea for app wanted to imitate and one-up his path to success. Starting in 2016, however, cracks in the pedestal Kalanick was up on began to show.  Once his public relations woes began, they never ended, even after he was ousted as CEO of Uber for countless issues with the company’s corporate culture for employees, regulatory adherence in critical markets, and legal risks.  All of these problems came out in a powerful confluence at least in part because Uber’s quick rise to the top was enabled by non-compliance via omission at its origins:  Uber Scandal Timeline: Why Did CEO Travis Kalanick Resign? 
  • Thinx – Miki Agrawal – Check out this post for a comprehensive take on the inappropriate conduct modelling of Miki Agrawal and the destructive impact it had on corporate culture at her innovative female hygiene apparel company, Thinx.
  • Theranos – Elizabeth Holmes – Check out this post for a look at the cult of personality created by Elizabeth Holmes at the blood-testing device company Theranos, and the fraudulent business practices and misrepresentations that were enabled by it.
  • Tinder – Sean Rad – Check out this post for a detailed discussion of the emotional un-intelligence that dominated the start-up culture of Tinder due to the influence of its CEO, Sean Rad, and the absence of a burgeoning compliance program to match the booming dating app business.

For an interesting counterpoint, check out the post on Eric Schmidt at Google:  Google is not without its corporate culture challenges, particularly as shown in 2017 by the loud public discussion over diversity and engagement in its ranks and the company’s clumsy and performative handling of this bad publicity.  However, Google has often portrayed Eric Schmidt at the grown-up in the room, not to prevent or obstruct innovation and success, but to steward and support these efforts while still taking care of the underlying business operations must-haves.  Check out this Wired article on how this management structure enabled Google’s development into one of the major digital companies in the world:  At Google, Eric Schmidt Wrote the Book on Adult Supervision

For similar discussions to this one, check out this post on essential compliance tips for small businesses, and this post on challenges faced by start-ups in Silicon Valley and other disruptive industries.

READ MORE

Compliance challenges for start-ups in disruptive industries

In today’s fast-paced business world of innovation and advanced technologies, every company seems to offer the next in-demand disruption. Ever since the days of the dot-com boom and bust in the late 1990s and early 2000s, in the infancy of e-commerce and internet-based or networked products and services, companies have been striving to identify revolutionary items and ideas to market to consumers eagerly awaiting the next life-changing thing to buy. Start-ups in Silicon Valley and entrepreneurial communities all over the world want to develop the next iPhone that will transform every aspect of modern human life. Companies that provide services instead of making products all want to be the next Airbnb, the Uber of their industries, and so on.

But are those companies, and those goals of disruption for the sake of itself, anything to which companies should aspire? Companies in all business sectors are trying to emulate technology companies, and they may not be the best role models in terms of regulatory compliance, risk control frameworks, and business integrity fundamentals. Disruption and sustainability aren’t necessarily mutually exclusive, but many of the companies that were visible pioneers in the current wave of technological innovation and development cut ethical or foundational corners to focus on growth, sales, and branding. Companies in the new generation which seek to copy their success and single-minded commercial focus will run into legal and supervisory obstacles sooner rather than later, now that their predecessors have overstayed the honeymoon period of lax regulatory attention and are running afoul of legal, tax, and compliance concerns all over the world.

The start-up community’s response to public exposure of fraudulent or insufficient business practices – such as companies buying their own products to falsify sales success for partners and investors, or violating straightforward business operations rules like participating in mandatory state insurance programs to maintain company licensure – is to go on the defensive and blame the media. Worse yet, they want to claim stand-out corporate misconduct from their start-up peers are the exception, not the rule, and distance themselves from it, without doing any self-examination or risk assessment to feed-forward into their own continuous improvement.

However, the venture capital firms that are keeping these start-up companies striving toward their disruptive ambitions have a fiduciary duty to their funders to contain reputational risk that could stem from these companies’ public relations and legal problems. The “bad apples” theory cannot win the day in identifying why so much goes so wrong at so many start-ups that were once ambitious and backed by prestigious funders and now have failed, and are being sued by fraud, investigated for investor abuse, accused of forgery or inappropriate accounting practices, and have otherwise missed out on reaching disruption and instead fallen into disrepute.

In any business dominated by private companies getting rich quick, delving into areas which are within loopholes or blind-spots to current legal and regulatory enforcement agendas, transparency is the victim to innovation and doing things the right way, with respect to ethical concerns or compliance requirements that could pop up further down the road from the beginning, is subverted in favor of making money, attracting more investors, and bringing a product or service to market first and with the most attention. “Fake it till you make it” is a toxic approach to management and is no kind of leadership whatsoever. Ignoring legal and regulatory requirements cannot go on forever, as the many bans and service stoppages Uber has experienced in the last year well show. Companies may be able to grow quickly this way, but they cannot keep their business running or have much hope of holding onto their ill-gotten gains unless they tread carefully with regulators and supervisors from the start.

The cultural forces at work here are strong, and disconcerting. Founders with no experience as CEOs and even less experience as functional managers or ethical leaders are given millions of dollars by investors and pressured to be geniuses, redefine business and whatever it is they have to offer to the market in everything they ever do, and succeed at all costs. Liberties are taken, misrepresentations are made, and not every brilliant troublemaker with a crazy idea and a team of engineers turns out to be any good at actually running a legal, functioning, mature business.

The hope, supposedly, is that people will merely bend or flaunt the rules, and not break them, but who’s making the distinction? The moral hazard is great of creating an incentive for behavior that would even lead incrementally to a company that is not in simple compliance with the legal requirements for operating a business in the city, state, or country where it is located. Cautious onlookers assume that maybe if a few corners are cut at the beginning when things are small, it will all work out okay because by the time the company gets big, someone who likes paperwork or understands laws will stumble along and lend a hand. This is immature and short-sighted thinking.

Even if some philanthropic compliance officer did intervene, it would be too late to fix the cultural decay that grows at companies that do not have adequate business values and controls from the beginning. When people ask how it’s possible that business fraud and misconduct went on for years at some companies, or permeated every level of the organization seemingly without detection or interruption – this values void is the answer. To avoid a culture where cheating, misrepresenting, and making unethical decisions are all common, the foundations of the company must include cultural values where that conduct is expressly defined as unacceptable, and business governance structures to prevent, identify, and punish it when it happens.

For more on the challenges to ethical decision-making, and pitfalls for fraud and non-compliance, faced by start-ups, especially in the highly competitive advanced technology world of Silicon Valley, check out this article in Fortune from December 2016:  The Ugly Unethical Underside of Silicon Valley.

For further thoughts on the challenges that start-ups and emerging enterprises face with prioritizing compliance risk management, see this post on Tinder’s corporate culture and the role compliance can play in fostering professionalism in start-ups.  For practical tips, check out this post on compliance foundation must-haves for small businesses. And, check back next Wednesday, January 3, for a post on inexperienced (even if visionary) CEOs and the immature compliance cultures they cultivate by omission.

READ MORE

Tinder and the role of compliance in fostering professionalism in start-ups

Tinder is a well-known dating app which matches users based on location and social media profile compatibility. It is infamous for its “swipe” interface where users register their reaction to potential matches by swiping right on the screen to register an interest in connecting or swiping left to dismiss.

Tinder was founded by a group of childhood and university friends, most prominent among them Sean Rad. The spirit during the early days of Tinder is presented as rowdy, social, creative, and disruptive – a start-up with a millennial energy where the fun and approachability embodied in its product was inspired by its corporate identity.

Eventually, however, friendships began to sour, the novelty started to wear off, and controversy began to take seed. One of the co-founders, Whitney Wolfe, fell out with Rad and another co-founder, Justin Mateen and filed a lawsuit alleging discrimination, sexual harassment, and retaliation. Wolfe has gone on to found a competitor dating app, Bumble, in which only women can initiate communicate with their male matches. Gender imbalance, public health, personal security, and data privacy are all major concerns which have been raised against Tinder’s operating model.

In all cases, Tinder has only been able to be reactive to these issues, not to preventively address them. This goes down directly to the fact that Tinder has no native culture of compliance. Tinder has a start-up culture as described above – entrepreneurial, excitable, informal, and innovation-focused. In these dynamic cultures there is a tendency to eschew traditional foundations as staid, too likely to impose restrictions or rules that will stunt growth and prevent transformative achievements. All the focus goes on being fast-moving.

Indeed, the image of the plucky entrepreneur starting a business by maxing out personal credit cards and taking customer calls from the garage at home is an endearing and enduring one. However, when this start-up gets some cash and energy and scales up, often the investment is concentrated on people who will bring the product to market – engineers, designers, marketing and sales staff.   The below the line functions – HR, operations, finance, and indeed compliance – often stay with the principals or outside vendors for as long as possible, to the detriment of the development of compliance values at the core of the organization. This may be practical to achieve profit objectives, but it’s not professional.

A forced culture of compliance will never be a natural one. In the complex business and regulatory environment today, it would be wise to include among the early employees someone who can set the stage for a genuine culture of compliance from the beginning. A company that grows up aware of compliance and ethics obligations and has an authentic, competent champion for employee integrity will not have to try to develop this later on when it may be too late for it to take genuine hold.

For a deeper look into Tinder’s roots and Rad’s growing pains, check out this story by Nellie Bowles for The California Sunday Magazine.

READ MORE

Theranos and the clash of financing emerging high-tech enterprises and regulatory compliance

The mysterious corporate life of Theranos illustrates many of the challenges that a disruptive business model faces when competitive ambitions take precedence over business foundations. A corporate environment that tolerates, or indeed relies, on a lack of ethical controls develops a culture where misleading and non-compliant conduct becomes the unsustainable norm.

Theranos is a technology company in the health care industry. It has become well-known for its eccentric, charismatic founder Elizabeth Holmes, a precocious and provocative entrepreneur who began developing the blood testing technology Theranos purports to be producing while she was a student at Stanford University. Theranos received tremendous attention from the media, undertaking several successful fundraising rounds and winning prized corporate partnerships and awards for its innovations on the basis of this publicity, all before any of its devices were ever proven effective.

Typical of many high-tech startups, Theranos operated in secrecy, with Holmes acting as its chief evangelist and marketer but speaking always in aspirational terms. Confidentiality, of course, has its place in launching new products to market – especially in the highly competitive and fast-changing technology industry. Beating other firms developing in the same space can make or break disruptive products and the companies that market them. However, these companies and their products have to be real, and an overemphasis on secrecy can also be a red flag for a pervasive fraud.

Unfortunately, all that glitters does not seem to be gold with Theranos. Despite huge valuations and capital raises, the blood testing technology has been criticized for lack of peer-review and has failed to stand up to validation studies. FDA inspection reports necessary before the devices could be sold on the commercial market indicated that the devices were not validated or approved. The media and scientific community turned skeptical of Theranos as time went on, and corporate partners have suspended or cancelled their engagements with the company, which is under criminal investigation by the U.S. government. Laboratories have failed inspections, lost their licenses and certificates to operate, and been closed. A whistleblower came forward regarding design defects in the blood testing technology, leading to a storm of negative publicity and investigations. The future viability of Theranos, and possible liability of Holmes herself for potential wrongdoing, remains uncertain.

Theranos and Holmes, who created a cult of personality around herself which even if briefly convinced the media, investors, the board, and the employees of Theranos to accept her at her word, perfectly illustrate the integrity pitfalls of financing a new company about which the investors are only allowed to know what they are told. Traditional critical review and the studied analysis of outside observers shouldn’t be abandoned in the heat of the venture capital moment due to the persuasion of a person who seems ambitious and charismatic. To do so could be as serious as enabling fraud at the expense of due diligence.

For more insight on the case of Theranos, Nick Bilton’s investigative report for Vanity Fair is an excellent resource.

READ MORE