Dear Auditors… P.S. We Love You
I’ve never had a bad audit outcome or negative regulatory inspection results… even though I often work with and represent early-stage startups who are far from being 100% perfect. In fact, when I go into an audit or an inspection, I already know with 95% certainty what the outcome will be.
However, so many founders and peers tell me that one of the major reasons why they spend time producing useless documentation or delaying product launches or building extra controls that are completely redundant is because of auditors and regulators who are “incompetent, too formalistic, look at everything too strict, don’t understand my business, don’t listen and are out to get you”.
Unnecessary fears of auditors and regulatory inspections have had a profound negative impact on so many FinTechs (and banks) because people believe this fear is real and may kill their business (or send everyone to jail).
Great projects are being abandoned or rejected and massive resources are wasted on totally irrelevant activities because of this fear.
People feel like if they take less risks and produce more documentation and deploy more resources and tools, they will protect themselves from negative outcomes and avoid negative findings… But it does not work… Oftentimes, the more resources you dedicate to getting compliant, the more audit issues and deficiencies are found.
Just think about it: major banks and unicorn FinTechs dedicate enormous resources to compliance and employ hundreds of compliance and risk and legal offices who are very competent and work very hard… Why with all these resources and people can’t they get it right, build decent processes, explain what they do, and prepare for an audit?
And how is it even possible that auditors and regulators who know much less about your business than your team can find mistakes or deficiencies that you did not know about?
In my experience, these unwanted outcomes rarely have anything to do with regulatory knowledge and have everything to do with judgment and communications.
- If you have tons of clients' files and transactional documents, but you cannot explain in 2 sentences why this client is not risky and does not require extra attention or even more documentation you will get an audit finding, even if you know all the regulations in the world.
- If you cannot summarize why your compliance priorities over the last year focused on projects A, B&C, and not on projects X, Y&Z, you will get a finding and will be asked to do more projects as a remediation requirement.
- If you cannot explain why the tools that you have are sufficient and how they mitigate various risks, your tools will be assessed as inadequate and you will be asked to build more tools.
Auditors and regulators and other inspectors with power and authority may not always be knowledgeable and they can even be incompetent, but they are completely harmless if you really prepare well and know your business.
This is exactly why during the months of November and December of 2020, as a part of Compliance That Makes Sense Helpline case studies, we are focusing on and talking more specifically about how to prepare for audits and how to answer regulatory questions and how to manage your overall audit processes, so that next year you spend your compliance resources on what your company needs instead of what auditors or inspectors told you.
And just so you know, my successful audit/inspection preparedness strategies won’t require you to hire more people or work weekends. It’s all about “do less better”.
Click here to learn more about Compliance That Makes Sense Helpline and reach out if you’d like to talk more about how it can be of service to you. Our doors will close on November 16th at midnight and will not reopen until 2021, so you have to make this decision in the next 2 weeks.
