Future proofing compliance for fast-growing businesses: Move away from costly, reactive approach

Fast-growing startups, today, are rapidly entering new global markets and geographies. With ongoing financial transformation, increased regulations and growing complexity, finance organizations must ensure capabilities and processes in place to handle the vast array of regulatory, operational and compliance requirements. An effective compliance program requires a system of controls around people, processes and technology.

What are the governance and compliance risks associated with high-growth startups? How can governance, risk and compliance gaps be identified? How to become audit ready?

To explore and respond to such pertinent questions, ETCFO and Oracle NetSuite organized a virtual roundtable on “Future-Proof Compliance: Strengthening Regulatory Maturity and Becoming Audit-Ready”, with panelists — Mandeep Mehta, Group CFO, PB Fintech; Mayank Gupta, Group CFO, CarDekho; Mehul Turakhia, Group Finance Head, Zeta Suite; Rajendra Jhawar, Senior Director – Finance, BrowserStack; Chieh Suang K, Business Development Leader – VC & PE, Oracle NetSuite; and Girish Butaney, General Manager, Oracle NetSuite — discussing the theme.

The session was moderated by Pulkit Goyal, CFO, Honeywell Automation India.

Pulkit set the context and started the discussion with a common question to all panelists:

What constitutes an effective compliance program for high-growth organizations?

Mandeep said, “High-growth organizations, to me, means business first and process later. An effective compliance program for such organizations should articulate tone at the top, so that decision making is faster and very clear.”
He further added, “Companies should also identify the mission-critical and the emergent issues, the cost of compliance risks, and also the opportunity to interact with regulators, as most of them are, probably, the first business in their segments.”

Furthering discussion, Mayank talked of building a kind of distributor framework as “compliance management is considered to be a problem of the compliance team only rather than the company as a whole”. “So, how can you involve everybody and make it a DNA of the company to do business? That should be built with trainings and technology tools. In regards to monitoring, if there’s any gap, the program should devise remedial actions.”

To Mehul, high-growth companies miss out on the compliance aspect in a hurry to expand their business and this could be really ‘expensive’. “In this complex global environment, companies need to have a well-balanced strategy, so that growth, compliance and risk-mitigation strategies go hand in hand — one should not be done at the cost of the other.”

As per the Group Finance Head of Zeta Suite, people happen to be an important cog in the effective-compliance-program wheel for high-growth enterprises. “A company needs to ensure that it hires the best talent; people who are qualified and competent in the respective domain and also have the relevant knowledge about compliances to be done.”

He emphasized on the need to have a ‘checklist’ in place, to have the right procedures and policies in place and also to minimize the chances of slippage, if there are any.

“Till you don’t get compliance on the planning sheet, the compliance will always run two steps behind, especially in the high-growth companies; and bringing compliance right at the planning stage enables business-partnering rather than compliance-policing,” opined Rajendra.

Chieh Suang, on the other hand, provided a reality check and put forth, “The affairs at high-growth companies are highly messy and, I think, there needs to be a ‘culture of transparency’ at the top level” adding, “We make lots of mistakes, we will make lots of mistakes – as we experiment things –, but we need to own it up and correct it quickly.”

Girish added, “In simple language, one needs to look broadly at governance, risk and compliance; and also a system of control around three pillars – people, process and technology.

The program should span across critical business functions and apply to areas as financial management, reporting, auditing, IT controls and security. This is relevant for organizations across the spectrum, from Fortune 100 multinationals to fast-growing companies aiming for international expansion, an IPO or a buyout

What are the governance and risk challenges for high-growth companies and how to prioritize them?

PB Fintech Group CFO elaborated, “To me, the first challenge is, getting the sponsorship right from the top – this makes clear to the organization what is tolerated and what’s not vis-a-vis compliance aspects. Secondly, drawing and getting a business case for compliances settled in the minds of decision-makers.” As per him, one should know where to stop pushing the boundary and “again this is a judgement, which comes with experience.”
Imagine you set the priorities of the governance and compliance framework, how would you realize there are no gaps? CarDekho Group CFO responded, “The gaps can be easily identified when you set up the process and monitoring mechanism becomes the norm.”

“I have worked with several early-stage companies,” as said Chieh Suang, “and there are a lot of gaps. It’s very difficult to get accurate financial data for such companies.” She suggested, “Mapping all data and who has accessed what data will give clarity in fixing the gaps. Next is reporting. If companies come with the right reporting at the right time, that will address much of their issues.”

There are companies launching subsidiaries overseas. Chieh advised, “Such companies should ponder: do they have a license for running that business overseas and what are the compliance and tax liabilities?”

How crucial is it to digitalize compliance and selecting the right systems?

Girish GM Oracle NetSuite said, “Digitalizing compliance is a must-have for entities. The traditional approach of managing risk in silos across different functions—internal audit, internal controls and compliance—and reacting to risks as they occur puts many companies at a disadvantage. Today’s environment demands a more agile and innovative approach to GRC. Modern Cloud ERPs are equipped with features that help growing organizations ensure compliance. You need a system that supports where your business is going”.

“If we look at modern-day technologies, they make the life of CFOs comfortable in various functions,” he added.
Echoing Girish, BrowserStack’s Rajendra said, “Obviously, there’s no one tool to solve compliance problems of an organization. Deep dive to find the right set of digital tools vis-a-vis your company’s compliance requirements. Lastly, find out if each tool can be integrated into your mother sheet, that is, financial ERP, as it will help give compliance certificate to a CFO or a CEO. The auditor will have a glimpse of your entire system, rather than asking for evidence for every bit of compliance framework.”

Summing it up, Mehul had a piece of advice for modern CFOs to help them navigate compliance in their organizations seamlessly. He said, “You need to know your known-knowns, known-unknowns and unknown-unknowns. Only when you define them clearly, you know the right strategy to be implemented in your organization. Known-knowns mean you know the pain points; known-unknowns mean you know there’s some risk lying somewhere, but you do not know the exact pain point; and unknown-unknowns are the most dangerous, so have 360 degrees feedback or some insurance, etc.”

Learn more on how Oracle NetSuite, #1 Cloud ERP, helps growing companies thrive: www.netsuite.com/in

Read more at: https://www.netsuite.com/portal/products/erp/financial-management/governance-risk-compliance.shtml

(Brand Connect Initiative)