Corporate Compliance In The Startup Industry


(Editor’s note: A conscience is consistently lacking in the startup industry.  Compliance may be that conscience.  I have more to write about compliance as a conscience, and this essay is a good foundation.  This is in thesis form for a writing credit in my second law degree, a post-doctorate Master of Laws (LL.M.) at Delaware Law School.  My professor was Aleksandra “Ola” M. Tucker, JD, ACAMS, an expert in Corporate Compliance in the Financial Services Industry and founder of Compliance Notes.)

Disruption of traditional industries by companies in the startup industry leads to new innovative solutions to existing problems, but that innovation also results in consequences to society by ignoring existing laws and regulations.  The startup industry consists of new companies, often just a few co-founders and an idea, and the investor network that funds those companies.  Traditional companies compete on a level playing field that is made up of well-established laws and regulations in their industry.  Startups, unlike traditional companies, take new approaches that often ignore those laws.  Sometimes the result of ignoring laws and regulations is innovative solutions and the creation of wealth.  However, ignoring laws often has costs both predictable and unpredictable.  A comprehensive compliance program is the solution to allowing startup companies to innovate while also complying with the laws and regulations that apply to everybody.


What Is A Startup

A startup company, often just called a “startup”, is defined as a company that starts small (usually just a few co-founders and an idea) with the goal of very quickly establishing itself as a big business.  Startup companies are often perceived as innovative and revolutionary.  Founders, and other startup personnel, are celebrated in the media as brilliant innovators that can seemingly do no wrong.  Indeed, startups are typically founded by risk-takers and entrepreneurs willing to take new approaches to solving existing problems.  Even when they don’t succeed, startup companies do often create real value in various forms like jobs, research, and intellectual property.

Startups generate a lot of attention in the news.  Every week there is discussion in the press about companies like Uber, Lyft, Airbnb, and Theranos.  Early in their existence, the only news reported about startups involves big problems they are trying to solve and the startups’ long-term ambitions.  As startups grow, however, the problems those companies solve for society results in unintended new issues that are also unpredictable.  The management find themselves inexperienced, and unprepared, to properly address the challenges they confront as the business develops.  Those challenges can be serious, including ethical dilemmas and legal liability.  Certainly many of the challenges confronted by startups as they grow involve compliance with laws and government regulations.

Venture Capital and The Startup Ecosystem

The startup ecosystem, or “startup industry”, includes not just startups themselves, but also the venture capital system that funds those startups.  Venture capitalists, consisting of the firms and their personnel, are modern prospectors not unlike miners during the Gold Rush, willing to commit money, experience, and other resources in hopes to stake a claim in “The Next Big Thing” like a Google or Facebook.  Staking that claim usually involves not only investing resources in a startup, but also governing that company through one or more seats on its board of directors.

Venture capital firms vary in deal size and investment type.  Some firms only invest smaller dollar amounts in many startups, while some make large investments in just a few late-stage companies that are planning on making an initial public offering (“going public”).  Some venture capital firms invest very broadly in startups in many industries, while some firms specialize in working with companies in particular industries like communications or healthcare.

The role of venture capital in legal compliance by startup companies is important.  Many startups are heavily dependent on their investors, and the personnel and professional network provided by those investors, in making management decisions and growing their business.  Venture capitalists provide important domain expertise and the ability to form strategic partnerships.  Their role in working with startups also places venture capitalists, who often sit on the board of directors of multiple companies, in the unique position where conflicts of interest arise that could impact their ability to provide appropriate advice.

Compliance Is Fundamental

The need for compliance extends to all aspects of what can be considered “the startup industry”.  Those aspects include the industries in which the startups conduct business, venture capital system that fund new companies, and startups themselves.  Rapid growth often results in situations where the startup company, and persons managing that company, are not at all aware if, and when, laws and regulations apply.

The legal landscape for startups includes, but is certainly not limited to, general laws involving employment, regulations that affect traditional companies in the startup’s market, and bureaucratic matters involving specific jurisdictions where the startup conducts business.  The startup industry needs compliance programs to address preventable issues that could result in legal liability both civil and criminal.  Compliance programs also protect investors from unnecessary risk by addressing matters that could affect the startup and result in investors losing money and the startup going out of business.

Compliance programs would have a positive long-term impact on the entire startup industry by forcing startups to behave more responsibly.  Requiring the management of startup companies to make a conscious effort to behave responsibly is to everybody’s benefit.  Startups benefit by avoiding unnecessary business risk and potential legal liability, positively affecting the company’s reputation and longevity.  Personnel benefits by having ethical jobs and careers.  Entire markets and their customers benefit in the form of responsible companies that provide better products and services.

The safety and well-being of the general public must also be acknowledged and addressed.  Startups serve a vital function in the economy, creating wealth and innovative new products and services.  However, irresponsible behavior ultimately doesn’t do anybody any good regardless of the short-term outcome.  Compliance exists to serve the function of a framework for responsible ethical behavior that benefits everybody.


Traditional Industries

Traditional industries, in contrast to startup companies, typically have extensive histories that include a well-developed body of laws and regulations.  Any discussion of the role of compliance with startups should begin with the traditional industries those startups strive to disrupt.  The body of laws and regulations in traditional industries is the result of decades, sometimes centuries, of controversies and legal disputes involving many stakeholder interests.  The legal environment that applies to traditional industries includes, but is certainly not limited to, employment law, privacy issues, and industry-specific regulations.

Employment law that affects traditional industries includes classification of personnel as employees versus contractors, occupational-safety rights, immigration issues, and equal-opportunity employment.  Specific laws include the Fair Labor Standard Act, Occupational Safety and Health Act, and Title VII of the Civil Rights Act.  An example of a traditional business that deals with employment issues is the taxi service industry.  The taxi industry has a history that goes back more than a century to horse-drawn carriages.  Drivers are typically classified as independent contractors and rent vehicles from the dispatch service.  Drivers must meet certain qualifications, like valid citizenship in the country and passing a criminal background check.  The vehicles rented by taxi drivers have certain characteristics, including safety features, that are often defined by law and intended to protect the driver, passengers, potential passengers, and general public.

Privacy issues affect many industry, but certainly every aspect of healthcare is heavily regulated for the protection of patient information.  One set of laws is the Health Insurance Portability and Accountability Act (“HIPAA”), established by Congress for the express purpose of maintaining doctor-patient confidentiality not just with the physician, but also with other medical personnel and insurance providers.  All traditional businesses that operate within the healthcare sector are required to strictly follow HIPAA regulations.  There are also enforcement procedures for business entities and persons that do not follow HIPAA protocols.

Industry-specific regulations apply to many different types of traditional businesses.  Just one example of industry-specific regulations is the hotel industry.  Hotels are often regulated by state and local governments for various reasons.  Those reasons include regulation of hotel location, through zoning ordinances that facilitate growth of city infrastructure, and taxation that is used to fund essential government services and other municipal projects.

Competition in Traditional Industries

Individual businesses in traditional industries all compete on the same lawful field because they are governed by the same set of laws and regulations.  Employment practices are similar between companies like taxicab dispatch services because they understand that the same  background checks and methods of compensation must be followed by all companies.  All healthcare companies implement consistent policies and procedures to protect patient privacy because there are strict federal laws that require such policies.  Hotels and other hospitality-related businesses collect hotel taxes from guests and conform to ordinances regarding their locations because not respecting those laws will result in losing their ability to conduct business.

Competition in traditional industries affects stakeholders other than the competitors themselves.  Customers are assured some standard of safety and reliability in the products and services they use because competitors are forced to comply with legal requirements to protect their safety.  Governments are provided with compensation in the form of taxation to offset the costs associated with regulation. Society itself also benefits from traditional competition in the form of a fair opportunity to enter a competitive market that does not unfairly bar new entrants.

Startups in the Competitive Landscape

“Disruption” is the specific word used in the startup industry to describe the unique approach startup companies utilize to redefine existing industries.  That disruption results in new technology, new business models, and sometimes even entirely new industries.  However, “disruption” often also means simply ignoring the laws and regulations that apply to traditional businesses.  That wanton disregard for the laws gives startup companies an unfair advantage over any competition.  The cost of a complete lack of legal compliance also includes the controversies and damage to society that resulted in those laws in the first place.

Many media outlets have already begun to acknowledge the growing need for startup companies to fully embrace “systems of governance” and a “paradigm for stakeholder accountability” early in their existence.  A recent article by the Harvard Business Review titled “The Era Of Move Fast And Break Things Is Over” is just one example.  Questions about social impact must be asked by everybody in the startup industry, including venture capitalists to the founders of startups, to prevent little problems before they become big problems.  The goal for new early-stage companies needs to be augmented from “minimum viable product” to “minimum virtuous product” so that startups, and their products and services, remain a benefit to society rather than a detriment.

To use our previous examples involving traditional businesses, startups have disrupted industries affected by employment law, privacy laws, and industry-specific regulations.  Well-known startups in these market include, respectively, Lyft/Uber, Theranos, and Airbnb. 

Startup Example – Lyft & Uber

Lyft and Uber are two startups that disrupt traditional taxicabs and chauffer services by facilitating regular people to pick-up passengers and drive them to their destination, so-called “ride-sharing”.  For both startups, vehicle drivers and potential passengers each install an app on their smartphone.  The passenger app sends a message to Lyft/Uber that indicates the passenger’s name, location, and payment details.  Lyft/Uber then relays that message to the app used by nearby vehicle drivers.  The result is that regular people, acting as drivers, earn extra income and passengers get a better experience than that of a traditional taxi service.

The startups Lyft and Uber have generated new wealth for themselves and their drivers, jobs through their business model, and also made it difficult for traditional taxicabs and chauffer services to compete.  One cost to that disruption is that authorities now want the services’ drivers classified as employees versus contractors.  Ignoring employment laws has resulted in Lyft/Uber drivers not obtaining the compensation and benefits that they would be entitled to receive with traditional jobs.  Many states, and local governments have already started passing new laws that require services like Lyft/Uber to classify their drivers as employees.

Another cost of disruption in ride-sharing services is safety.  Services like Lyft/Uber got their start by not requiring any background checks on drivers.  That reckless disregard for the safety of passengers has resulted in countless lawsuits, along with bad press, of incidents where the services’ drivers have committed various assaults, including sexual assaults, on passengers.  Those incidents all collectively serve to prove why laws and regulations, like background checks, exist in the taxicab and chauffer industry. 

Startup Example – Theranos

Theranos was a blood-testing startup founded by Elizabeth Holmes, a student at Stanford University that dropped out after having completed only two years of her undergraduate education.  Over the course of the next decade, Theranos would raise more than $900 million dollars from investors, grow to more than seven hundred employees, and then file for bankruptcy protection.

The company’s goal was to revolutionize blood-testing by enabling patients to draw several drops of blood using a tiny lancet that could be inserted into a machine the approximate size of a microwave oven.  The blood tests would then be submitted by the machine across the Internet to a secure server, where the results were analyzed and compared with blood tests consistent with certain medical conditions.  The comparison would then be delivered in the form of a report to the patient regarding any potential illness or diagnosis.  While certainly an ambitios idea, Theranos never released a completely functional blood-testing device.  Patients that also took additional blood tests using other methods discovered that the results from Theranos were completely inaccurate, often reporting the presence of illnesses completely nonexistent in the patients.  Theranos and its blood-testing device ultimately resulted in “nearly a million blood test results voided or corrected.”

It was changes to privacy laws and regulations, along with changes to state medical laws, that enabled Theranos to engage in blood testing using an experimental and unreliable device.  The State of Arizona made changes to its regulations, which Theranos had lobbied for, that made it possible for patients to participate in blood testing without a physician’s orders.  Those changes to the laws also effectively made it possible for companies to engage in the business of blood testing without any formal medical training or professional oversight.

A good question to ask about Theranos is: How was Theranos, and Elizabeth Holmes, able to continue a massive fraud for an entire decade?  The answer to that question is that Theranos did not have even one medical professional on its board of directors at any stage of the company’s life.  John Carreyrou, Wall Street journalist and author of the best-selling book Bad Blood: Secrets and Lies in Silicon Valley, concluded while researching Theranos that “bad management and nonexistent ethics” are what allowed Theranos co-founder Elizabeth Holmes to raise $900 million dollars for a blood-testing machine that simply didn’t work.  Instead, Elizabeth Holmes relied on the legal advice of attorneys and other non-medical personnel that had clear conflicts-of-interest and encouraged her to make countless misrepresentations to investors in order to hype the valuation of Theranos stock.

More than any other individual startup, Theranos demonstrates that startup companies impact real people and that real lives can be at stake based on the conscience of the startups, their personnel, and the motivations of those people while they attempt to create a business.

Startup Example – Airbnb

Airbnb is a controversial startup founded in 2009 that serves as a marketplace for short-term subletting as an alternative to hotels for travel guests.  The Airbnb service allows people, called “hosts”, to rent out homes and apartments by the night.  Hosts can be in any location in the world and can rent any type of property, from large mansions to small treehouses.  Airbnb places no requirements on hosts, in the form of licensing or background checks, ownership of the properties they list on the service, nor are there any safety requirements on the properties listed by hosts.  Guests using Airbnb can book stays in host properties for as little as one night or longer than a month.

Until very recently, in what is still playing out and being referred on social media as “Airbnb Collapse”, the startup has been reputed to be a long-term threat to the hospitality industry and major hotels.  Airbnb has enabled regular people to make additional money by renting out rooms in their homes or rental properties that would otherwise remain empty.  Guests are able to save money on their travel by avoiding expensive hotel stays.

But the cost of disrupting the hospitality industry is complete disregard for the laws that govern traditional hotels, like zoning restrictions, collection of hotel taxes, and even respect for basic property ownership rights.  Over the course of its ten year history, Airbnb has gone through one major public controversy after another.  Hosts have been accused of falsely imprisoning guests.  The company has been through multiple state-wide investigations regarding collection of hotel taxes and zoning violations.  It was recent news that five guests were murdered in an Airbnb “party house”.  The latest controversy is an investigation by the Wall Street Journal that revealed that one-third of Airbnb’s global hosts each have at least twenty-four listings.  Those listings typically consist of apartments that the hosts have rented through fraudulent claims that they would be residing in those properties.  Through all of these controversies, Airbnb has shown a complete and total disregard for any law that may apply to it.

Startup companies like Airbnb prove that so-called “disruption” is easily obtained by ignoring laws and regulations that are honored by traditional companies.  But companies like Airbnb also raise the serious question of whether their approach is truly “innovative” and “disruptive”, or just merely an attempt to make easy money through flagrant disregard for the rules that apply to everybody else. 


Federal Sentencing Guidelines

Startups, as has been discussed, typically have no knowledge or understanding of the laws and regulations that apply to them.  Those companies likewise have no grasp of the consequences for violating those laws and regulations.  All recommendations for startups concerning their integration of compliance policies and procedures need to be based on the potential fines and penalties including, at minimum, consideration of the Federal Sentencing Guidelines.

The U.S. Sentencing Commission has established, and maintains, the Federal Sentencing Guidelines to provide uniformity and consistency in sentencing of criminals convicted in the federal court system.  The Federal Sentencing Guidelines (“FSG”) are advisory for judges and apply to both individuals and organizations.  The FSG mitigate penalties for organizations that have implemented an “effective compliance program”.  An effective compliance program is defined as having seven elements.  Those elements include established standards and procedures, high-level oversight, effective education/communication/training, effective auditing/monitoring systems, reporting/investigation/background checks, appropriate enforcement/disciplinary measures, and appropriate response to incidents combined with modification of prevention measures.  Implementation of these elements must be tailored for the specific organization in order to have any criminal sentence mitigated by the Federal Sentencing Guidelines.

Strategy That Is Comprehensive

Every business endeavor requires commitment from all stakeholders, including all organization departments, in order for it to be successful.  Compliance is no exception to that requirement.   A compliance strategy for every startup should also start with collaboration from everybody involved beyond the organization, including customers, suppliers, and other business partners.  That collaboration should include the costs and benefits to the individual stakeholders.

In addition to collaboration with all stakeholders, every compliance strategy should be comprehensive and not merely one-off solutions to individual problems.  Due diligence should be performed within the organization to consider every aspect of the compliance program.  Organization-specific priorities should be considered, along with department-specific objectives.

A comprehensive compliance program for a startup, or any organization, should have multiple elements.  Those elements include, but are certainly not limited to, a chief compliance officer, creation of other compliance-related positions, a code of conduct, confidentiality,  customized compliance training, and possibly also a chief conscience officer.

Chief Compliance Officer

The most essential thing every startup can do to prevent compliance-related issues is establish, and maintain, the position of a chief compliance officer in their organization.  If nothing else, compliance needs to be somebody’s actual job.  One duty of a chief compliance officer, sometimes called a chief compliance and ethics officer, is to implement and monitor the organization’s compliance program so that it fulfills the seven elements required by the Federal Sentencing Guidelines.  The chief compliance officer is also responsible for consistently reviewing, and modifying, the organization’s compliance program to remain effective.

Communication with the organization’s board of directors is another important duty of the chief compliance officer.  The role of chief compliance officer serves the purpose of allowing that individual to communicate openly and candidly with the board of directors without risk of interference by senior management.  That direct communication with the board of directors is absolutely essential in the checks-and-balances of organizational compliance.

Creation of Compliance-Related Positions Generally

Creating positions within organizations that include a compliance function should require a formal education and qualifications specifically related to the startup’s underlying business, not just a skillset in the law and formal compliance training.  Startup companies, and the “startup industry”, affect every type of traditional industry.  Before they were multi-billion dollar publicly-traded companies, startups like Facebook and LinkedIn disrupted traditional communications.  Companies like Lyft and Uber disrupt personal transportation.  Companies like Theranos, a high-profile failure in Silicon Valley, attempt to disrupt personal medicine.  All of those startups are examples of companies that require training of not just compliance functions generally, but a fundamental understanding of the company’s underlying industry.

Startups should embrace the career requirements for compliance positions in traditional industries.  The majority of existing compliance-related positions in traditional industries require a legitimate formal education from an accredited university, consisting of at least a bachelor’s degree and often a graduate degree.  Most require multiple years of actual experience in matters that the compliance-related job would be overseeing.  That experience typically includes finance and specific information systems like PeopleSoft and Oracle.  A practical understanding of “SOX requirements”, for Sarbanes-Oxley reporting, is also often a requirement for companies that issue stock and required to file disclosures with the Securities and Exchange Commission.  Healthcare-related startups required experience with Food and Drug Administration (FDA) regulations, state-specific statutes like Business and Professional Codes, and lab certification standards.  “A good attitude” and “curiosity” are often specifically mentioned in many job listings as being desirable qualities.  “Deadline-driven”, “flexible”, and “high attention to detail” are also common.

Interaction with co-workers, and collaboration with other departments, essential for any career that is compliance-related.  Particular emphasis is often made by employers on being able to function in a fast-paced environment, prioritization skills, as is an ability to write/ revise detailed policies, procedures, and other documentation.  “Working conditions” are usually described for many compliance-related positions and frequently involve visiting other company sites, or customer sites, to observe whether policies/procedures are being adhered to at those locations.

At traditional companies, the reporting structure for many compliance positions fortunately often involves both subordinates in addition to senior reports.  The purpose for the subordinates meant that a management role was required for the position.  The compliance job’s subordinates were typically described as direct reports that assist with matters like data analysis and auditing.  The compliance jobs listed on employment websites often report to either the senior manager of a team, project, or department, but not to senior management, the board of directors, or a specific board committee.

Many of the compliance-related positions listed on employment services like appear to offer the possibility of escalating in the organization based on job performance.  My conclusion is that the ability to do any compliance-related job, and move upward on that career path within any organization, would require time and professional experience in a specific industry for a specific type of startup.

Code of Conduct

Many startups lack any written code of conduct.  An effective code of conduct should reflect the unique innovative nature of the organization while still addressing every important topic.  The code of conduct should also be viewable on the company’s public website and posted in its offices.  The code of conduct may be written in a tone that is informal, yet contains sections that summarize every major set of legal challenges that the company encounters.

An effective code of conduct typically contains specific sections for such topics as Non-Retaliation, Privacy, Equal Opportunity Employment, Trade Controls, and Conflicts of Interest.  However, the code should also contain sections that address the company’s unique culture, like its values including policies for co-worker relationships and possibly even its pet policy.

Policies and procedures for raising compliance and ethical issues must be directly addressed in an organization’s code of conduct.  Personnel should be instructed to the appropriate department to discuss particular issues.  In some circumstances, personnel are addressed in the code of conduct to contact the human resources department.  In other situations, the code instructs personnel to refer to the employee handbook or report to an “ethics & compliance” office.

While not required, the code of conduct used by some startups explain in plain English the reasoning for some of the organization’s policies and the possibility of inadvertently violating some of the policies without realizing it.  Such explanations are not strictly necessary, but they at least provide personnel with some understanding of the company’s values.

Confidentiality Policy

A conscious, consistent, and proactive approach to managing confidential data should be a part of any compliance plan at a startup.  Confidentiality is a fundamental aspect of every startup company.  All early-stage organizations begin with some unique approach to a problem that they intend on exploiting for financial gain.  The company’s strategy, technology, and human resources all typically require execution at the most confidential level for the company to succeed.  The compliance issue that often crops up with startups is that insiders usually have stock, and stock options, in the company.  Achieve a return on their stock requires information, even rumors, to circulate to non-insiders about the startup.  That sometimes leads to a conflict-of-interest where insiders are leaking company information that puts personal interest ahead that of their employer.

Addressing improper dissemination of confidential company information is a complicated issue to investigate.  Startups are often close-knit communities with few personnel that are each responsible for multiple roles within the organization.  Conducting an internal investigation places personnel in the position of investigating their coworkers, which can permanently impact employee morale and team dynamics.  However, allowing consultants to conduct the investigation risks making the matter worse by allowing outsiders access to confidential startup internal data.

My approach to addressing confidentiality issues would be to conduct the investigation entirely internally.  A trusted employee with management skills, that works outside of the department(s) where information could’ve leaked, would be the ideal person to lead the investigation.  That one person, reporting only to the chief execute officer directly, would be responsible for coordinating the investigation and any information obtained.  No other departments, or outside assistance, would be involved to avoid the risk of making the matter worse.

The steps I would take, if I were the chief executive of the startup, would first be to meet with the trusted employee privately to explain to them the situation, the need to keep the matter strictly private between me and them, and initiate the investigation.  The discussion would involve the matters leaked, departments where the information could’ve originated, and all specific personnel that should be interviewed.  Then I would discuss with that trusted employee how they intended on approaching the investigation and establish a tentative time-table for reporting results.

The ideal resolution for any investigation of leaked internal company data is the names of all specific persons involved.  Those specific persons include both personnel within the company and all individuals outside of the organization that obtained the leaked information.  Additionally, the investigation’s resolution should include the exact scope of information leaked and a timeline of when the leaks occurred.  If necessary, and proper, all individuals involved should be pursued by the company in both civil court and criminal court for damages resulting to the company and its stakeholders.

Customized Compliance Training

Customized compliance training makes sense, but startups need to take the time to make a full assessment of what they would even be training.  Training is one of the seven elements of an effective corporate compliance program.  An effective corporate compliance program itself, as stated, is a standard set of guidelines considered by federal courts as part of the Federal Sentencing Guidelines.  Comprehensive compliance training program should therefore exist in every organization that wants to avoid unnecessary legal liability.  Making a training program comprehensive necessarily involves tailoring compliance training specific to the organization.

Training can be customized by considering compliance matters that are relevant generally, relevant to the industry of the organization, and relevant to the specific organization.  Compliance matters that are generally relevant are matters that every organization should follow that can be integrated within the specific organization.  Those matters may include documentation of certain matters, internal reviews, and auditing requirement.  Industry-specific training may include regulations like privacy laws, required disclosures to personnel and customers, and accounting matters like coding of billing line items.  Specific organizations should also consider compliance matters based on the organization’s own unique business model, like issues that could foreseeably potentially give rise to compliance issues or legal liability.

The benefits of customizing compliance training include that an organization can avoid unnecessary legal liability of all kinds, whether compliance-related involving regulators, civil liability, and criminal lability.  Customizing compliance training also results in more competent personnel, better products/services, and potentially a better business reputation.  In-person training, as opposed to online training, provides the additional benefits of an understanding of how the training will be used in that specific work environment and possible issues associated with that.  The cons, if any, associated with customized training include additional costs of time, money, and other resources to develop a customized program.

Training of all kinds, compliance and otherwise, should always be done throughout the employment life cycle.  New employee training provides the new personnel with an upfront understanding of how to avoid common issues.  Training beyond initial onboarding creates opportunities to understand, and address, issue that are specific to particular departments and roles within the organization.

Many companies exist that offer compliance training.  Some of those companies unique in that they attempts to create a custom compliance program that mixes the unique culture of the specific business with regulatory requirements.  Almost all compliance training consultants develop a custom compliance program by researching the company’s specific goals and objectives, and then integrating relevant compliance training with that.

Chief Conscience Officer

A Chief Conscience Officer is an innovative concept that is already being applied at some startups.  “Move fast and break things.”  That was Facebook’s mantra in its early days.  Implied in that phrase is the lack of consideration for doing what’s right.  Many startups build their business fast by entering new industries that have no rules.  Other startups grow by taking new approaches to existing industries and “innovate” by simply ignoring the existing regulations.  Whether they are in a new industry or existing industry, most startups simply have no position responsible for ethics or compliance.  The Chief Conscience Officer senior-level compliance position is an innovative new concept that is most beneficial to the “startup industry” as a framework for mindfully explaining “why”.

Of the many compliance-related jobs at startups on job-listing sites like, all of the positions are at companies either publicly-traded or with extremely high valuations.  The Chief Conscience Officer doesn’t differ from the position currently in place in the startup industry because no position for any form of ethics or compliance usually exists at all in startups.  The Chief Conscience Officer takes a step back and considers why the startup should do what is right, how that could be best implemented, and whether the end result is not merely what’s best for the company but also achieves some greater good.

The duties of a Chief Conscience Officer would include conducting research into approaches taken at other companies, and other industries, for social betterment and corporate social responsibility.  Studies consistently show that companies with a record of corporate social responsibility do better financially than companies that don’t make that effort.  Considering what’s right also allows the company to avoid potential public relations issues.  Working as a direct report to the Chief Executive Officer would allow the Chief Conscience Officer to be effective at integrating doing what is right into all levels of the organization.

To use another phrase startups at least implicitly adopt, “It’s easier to ask forgiveness than to get permission.”  However, eventually people outside of the company get wise to this approach.  Those people include customers, the general public, competitors, and also regulators.  “Move fast and break things” might lead to big success in the short-term, but can have permanent long-term implications that might not be in anybody’s best interest .  The role of Chief Conscience Officer is intended to address the implications of possible courses of actions, consider why the company should do what it does, and influence the company to do what is right.

Ongoing Review of Compliance Policies

All compliance programs require ongoing review by both the board of directors and management to remain effective.  Ongoing review is also required across the seven elements of the Federal Sentencing Guidelines.  The seven elements of the FSG include high-level oversight, effective auditing/monitoring systems, appropriate enforcement/disciplinary measures, and appropriate response to incidents combined with modification of prevention measures.  Ongoing review of the company’s compliance policies should integrate the oversight, auditing/monitoring, enforcement, and response/prevention of specific incidents.

As the company grows and changes, the compliance policies should continuously be tailored to the unique structure of the organization.  That tailoring is not only important for the policies to remain effective, but also required to fulfill the Federal Sentencing Guidelines.  Aspects of the compliance program that may need to be tailored include consideration of communication between personnel in different departments or multiple company offices, regulations and ordinances that apply to particular customer markets, compliance with industry-specific billing requirements, modifications to privacy laws, and compliance training of personnel.


Startup companies serve an essential purpose in our society.  Taking unique approaches to solving big problems often results in a higher standard of living and the creation of new wealth.  However, startup companies should not be allowed to ignore the laws and regulations that apply to traditional companies.  The laws and regulations that are honored by traditional companies in their industries are the result of many years of controversies and disputes.  Those laws and regulations create a fair playing field for competition and also serve other benefits to society.

The laws and regulations that apply to traditional companies, as well as startups, are myriad.  Some of those laws and regulations relate to employment law, privacy issues, and industry-specific regulations.  Employment law issues include classification of personnel as employees versus contractors, occupational-safety rights, immigration issues, and equal-opportunity employment.  Privacy issues are an increasing concern as companies attempt to innovate in highly-regulated markets like healthcare.  Industry-specific regulations and ordinances, like zoning restrictions and local taxes, are a growing concern for startups that compete in areas like travel and hospitality.

All startup companies are recommended to establish, and maintain, a comprehensive compliance program.  Startups usually don’t have any compliance program at all.  A comprehensive compliance program is one that considers the Federal Sentencing Guidelines and all stakeholders.  Those stakeholders include not just the startup, but customers, business partners, and society.  A comprehensive compliance program absolutely includes a chief compliance officer to coordinate compliance efforts and communicate candidly with the board of directors.  The compliance program also likely includes other compliance-related positions, a code of conduct, confidentiality policy, and organization-specific customized compliance training for all personnel.  A chief conscience officer is one innovative concept that some companies are beginning to utilize.  Ongoing review, and modifications, of the company’s compliance program must also be performed on a routine and consistent basis to maintain the program’s purpose and effectiveness.

Startup companies can innovate just as effectively as they always have while also following the same laws and regulations that apply to traditional businesses.  All that is required from the board of directors and management of the startup is upfront consideration for those laws and regulations.  A comprehensive compliance program, consistently reviewed and modified to remain effective, facilitates that consideration.  Companies that take this proactive approach benefit themselves and society.



Holland &Knight LLP. (2019). Corporate Compliance Answer Book. United States of America: Practicing Law Institute.

Compliance 101: How to build and maintain an effective compliance and ethics program. D. Troklus (2019).  Society for Corporate Compliance and Ethics.

Compliance Management: A How-to Guide for Executives, Lawyers, and Other Compliance Professionals, 1st Edition.

“How Austin’s failed attempt to regulate Uber and Lyft foreshadowed today’s ride-hailing controversies”.  Retrieved from on February 2, 2020, from .

“Theranos isn’t the only diagnostics company exploiting regulatory loopholes”.  Retrieved on February 2, 2020, from .

“The New COO: Chief Conscience Officer”.  Retrieved on February 15, 2020, from .

“The Chief Conscience Officer”.  Retrieved on February 15, 2020, from .

“AllenComm – Risk, Regulatory, and Compliance Training”.  Retrieved on February 23, 2020, from .

Gibney, A.  Magnolia Home Entertainment (Firm). (2019). The Inventor: Out for Blood in Silicon Valley. Los Angeles, Calif: Magnolia Home Entertainment.

Albrecht, C.O., Zimbelman, M.F., Albrecht (2015). Fraud Examination.  Cengage Learning.

Share this post: