Risks Are Everywhere – I Will Likely Go to Prison If I Miss Something And It’s A Miracle We Are Still in Business
Do you know what almost all compliance officers REALLY want?
They want to work on cool innovative projects, they want to work with simple tools, they love learning new things and they want to be appreciated for what they do. It’s that simple.
But…
What do they believe? What shapes their reality? – They often believe that most of the following statements are true:
- Solving regulatory problems take a long time.
- Technology is confusing.
- I need a lot of money and a lot of people to do what I need to do.
- It’s too complicated.
- There are too many regulations and they are too complex.
- It’s hard to find good people to help me.
- My management (in fact – nobody) understands how hard it is.
- I don’t have enough time.
- I need to know exactly what is required by all the regulations otherwise I cannot act.
- Auditors are here to kill and destroy my reputation.
- Risks are everywhere and I will likely go to prison if I miss something.
- It’s a miracle we are still in business.
No wonder compliance feels costly and confusing and takes forever if that’s your attitude.
How to solve it? – You need a special kind of a compliance officer who thinks differently and who (potentially) has different incentives, such as:
- Compliance is simple and helpful, actually – it’s a lot of fun.
- I want to solve business problems and I care about what happens to customers.
- I don’t need to know everything, I need to know very few things to make the next step and then we will evaluate again.
- Making mistakes is no big deal because most actions are reversible, and most mistakes are not really mistakes.
- I can do much with fewer resources taking one step at a time.
- Auditors and regulators are great, they offer feedback and they are not scary because they know less than I know about my business anyway.
So how do you elevate the compliance function and make progress?
Here are the typical stages FinTech startups go through:
Age of innocence: Ignore any compliance issues until you hit a roadblock.
Throw money at the problem once: Hire expensive lawyers to draft your T&Cs, Privacy Policy, or legal opinion without understanding what they wrote (but hoping it’s ok).
Stone age: DYI compliance, usually done by the CEO/CFO/founder in their spare time combined with email-based rudimentary customer-facing processes.
Firefighting: Lots of overwhelmed people randomly using lots of tools with lots of bugs; the company has plenty of backlog issues and a long to-do list, but without a clear strategy on how to fix it or what’s working and what’s not.
Leverage: When you can grow your business, launch new products, enter new markets without adding people or significant resources, using an existing team, technology, and minimal external help (if any).
I know, easier said than done but most of my clients and companies I work with are making tangible progress along those lines, so it’s definitely a possibility.