Compliance…it doesn’t matter until it does…and then it’s too late

As was recently reported by major news outlets everywhere, Zenefits founder and CEO, Parker Conrad, was forced to step down from the helm after it was discovered that his company was allowing unlicensed brokers to sell health insurance.  Technically, this was reported last fall, but the fallout came to a head earlier this week with Conrad’s resignation and subsequent promotion of COO David Sacks to CEO.

I think what is most important to acknowledge is not that people broke the rules but that breaking the rules is becoming more costly.  In fact, there are countless examples of companies, especially in the startup arena, who frequently venture into uncharted territory and overstep along the way to be competitive in industries ripe for disruption.  Uber is probably the most obvious example.  Operating a taxi service outside of a regulator’s purview was illegal in every city that Uber began operating…whether they should be held to the same standards as municipal-regulated taxi services is a different argument for another time, but make no mistake, they were breaking the rules, knew it, and did so anyway.

What we have learned from recent discussions with many of our clients and industry experts is that compliance is increasingly becoming a critical component of any business’s operations, regardless of industry or geography.  However, if you operate in a heavily regulated industry to begin with, such as healthcare or financial services, strict controls and risk management practices are a must have because, regulators in these industries are (1) increasing enforcement efforts, and (2) increasing the scrutiny of and the actions against individuals responsible for compliance.  By way of example, in the first half of 2015 alone, there were nearly $2bn of fines and penalties levied against healthcare companies and providers in the U.S.  As further evidence, earlier this year (Jan 2016), a U.S. District Court in Minnesota ruled that compliance officers and other individuals can be held responsible for AML control failures under the Banking Secrecy Act, thus clearing the way for Treasury’s FinCEN to continue pursuing its case against MoneyGram’s former compliance chief, Thomas Haider; mind you, Mr. Haider left MoneyGram in 2008 but is facing a $1mm civil penalty and banishment from the financial industry today (the penalties were initially pursued in late 2014).  Not only are regulators pursuing investigations at unprecedented levels but if you’re a hot startup raising hundreds of millions of dollars at unicorn-level valuations, you are an easy target; regulators don’t expect you to have all your ducks in a row.  If you run a car sharing service, that’s one thing, but if you’re tasked with providing health insurance benefit options to people and their families (Zenefits), offering DNA tests to predict future diseases (23andMe), testing people’s blood and providing medical-based feedback (Theranos), allowing sports fans to gamble on games and player performance (DraftKings), or operating a virtual currency exchange platform (Ripple Labs), the consequences for non-compliance are steep and the penalties can be crushing.

For the reader out there who is thinking, “No kidding, of course companies should be compliant,” it’s important to understand that in emerging businesses when every cost matters, tough choices have to be made and, unfortunately, compliance is an area that historically has not been a top priority. What we are arguing, however, is that the compliance landscape has shifted significantly in the past two to three years and its importance is highlighted by recent events such as the Zenefits example.  As we have highlighted in our recent Compliance Monitor, the M&A and financing landscape in the Compliance space is beginning to heat up and we expect this trend to continue.  While we know that all businesses will require robust compliance controls, the most active financing and M&A activity remains in heavily regulated industries such as financial services and healthcare; companies that can help streamline and/or simplify compliance processes in those arenas are receiving the most attention.

The good news is, as the compliance industry itself becomes more mature, companies will realize that the benefits of implementing sound practices vastly outweigh the costs.  In fact, in many instances, the mere existence of a compliance department is enough to appease regulators…the only sure-fire path to consequence is ignoring the problem.