regulatory compliance

Auto Added by WPeMatico

What’s the board’s role in an early-stage startup?

What’s the board’s role in an early-stage startup?

Startup founders frequently ask me about the role of a board of directors. A board can be a crucial asset in an early-stage startup.

Here’s a framework for how it can help drive success at your company: Strategy, People, Image, Finance and Systems for compliance, or “SPIFS.”

What is a board of directors, anyway?

The board of directors helps with governance of the company. U.S. law requires that any company have one, though does not require how big it should be. By generic definition, the board of directors consists of elected individuals that represent shareholders. It is the governing body that provides company oversight and helps set business policy and strategy.

On a more practical level and in a startup environment, the board can aid in creating a successful business strategy, putting together the right management team, developing branding, building good financial habits, and avoiding legal and compliance issues. The needs and composition of the board will change depending on the startup’s stage, management and financing history (e.g., if there are preferred shareholders, investors that require a board seat and more).

Investors often ask founders about their board: It says a lot about their character, their judgment and their willingness to be challenged.

Investors often ask founders about their board for two reasons. First, it says a lot about their character, their judgment and their willingness to be challenged. The founder can typically choose who is on their board (through careful selection of investors and advisers) and negotiate a board structure they prefer.

Typically, a healthy board will have a good balance between common shareholders, preferred shareholders and independents. It also helps investors and analysts understand who will ask critical questions and give important advice to the company’s executive management, especially when the going gets tough (it inevitably does!).

What exactly can a board help you do?

After 20 years as a venture capitalist and board member, I boiled down the value of a board into five main pieces under the acronym SPIFS: Strategy, People, Image, Finance and Systems for compliance.

SPIFS matrix that describes the role a board of directors plays in an early stage startup

Image Credits: Dell Technologies Capital

Strategy

Setting business strategy is one of the main ways that the board helps founders, especially if it’s their first time running a business. It is a valuable sounding board for validating that you have taken a sober account of the market and have the right plan to develop your product and acquire customers.

The board should ask these questions when guiding founders through setting strategy:

  • How do I win?
  • What problem am I solving?
  • Why is my product the best to solve that problem?
  • How do I differentiate against my competitors?
  • Do I have the right go-to-market strategy?

Powered by WPeMatico

Where is suptech heading?

Technology plays a huge role in nearly every aspect of financial services today. As the world moved online, tools and infrastructure to help people manage their money and make payments have burgeoned the world over in the past decade.

With much of the finance world now leveraging technology to conduct business, predict trends and deliver services, financial services regulators are also developing new technologies to monitor markets, supervise financial institutions and conduct other administrative activities. The emergence of purpose-built technologies to facilitate regulator oversight has, over the past few years, garnered its own moniker of supervisory technology, or suptech.

Interest in suptech is proliferating across the globe thanks to a diverse set of prudential and conduct regulators. A sampling of regulators developing suptech include the FDIC, CFPB, FINRA and Federal Reserve in the U.S.; the U.K.’s FCA and Bank of England; the National Bank of Rwanda in Africa; as well as the ASIC, HKMA and MAS in Asia. Several “super regulators” are also engaged in suptech efforts such as the Bank of International Settlements, the Financial Stability Board and the World Bank.

The strides in suptech demonstrate that creative thinking coupled with experimentation and scalable, easily accessible technologies are jump-starting a new approach to regulation.

In this post, we’ll examine a few core suptech use cases, consider its future and explore the challenges facing regulators as the market matures. The uses are diverse, so we’ll focus on three key areas: regulatory reporting, machine-readable regulation, and market and conduct oversight.

A quick general note: Nearly every financial services regulator is engaged in some type of suptech activity and the use cases discussed in this article are intended as a sample, not a comprehensive list.

But what exactly is suptech?

As a preliminary matter, we should quickly survey a few definitions of suptech to frame our understanding. Both the World Bank and BIS have offered definitions that provide useful outlines for this discussion. The World Bank states that suptech “refers to the use of technology to facilitate and enhance supervisory processes from the perspective of supervisory authorities.” It’s a little circular, but helpful.

The BIS defines suptech as “the use of technology for regulatory, supervisory and oversight purposes.” This is a similarly loose definition that describes the broader scope better.

Regardless of differences on the margins, the “sup” in these suptech definitions acknowledges the primacy of the idea that regulators’ objectives are to oversee the conduct, structure, and health of the financial system. Suptech technologies facilitate related regulatory supervision and enforcement processes.

Regulatory reporting

Regulatory reporting refers to a broad swath of activities such as financial firms providing trading data to regulatory authorities and regulators’ analysis of financial data or corporate information to determine the projected health or potential risks facing an institution or the market.

The MAS and FDIC are incorporating transactional and financial data reported by firms as a means to assess their financial viability. The MAS, in conjunction with BIS, has run tech sprints soliciting new ideas relating to regulatory reporting, while the FDIC has “a regulatory reporting solution that would allow ‘on-demand’ monitoring of banks as opposed to being constrained by ‘point-in-time’ reporting. This project is particularly targeted at smaller, community banks that provide only aggregated data on their financial health on a quarterly basis.”

The HKMA recently outlined its three-year plan for the development of suptech, which includes developing an approach to “network analysis.” The HKMA will analyze reporting data related to corporate shareholding and financial exposure to bring them “to life as network diagrams, so that the relationships between different entities become more apparent. Greater transparency of the connections and dependencies between banks and their customers will enable HKMA supervisors to detect early warning signals within the entire credit network.”

These reporting initiatives touch on a theme regulators have continuously struggled with: How to regulate markets and firms based on a reactive approach to historical data. Regulation and enforcement are often retrospective activities — examining past behavior and data to decide how to sanction an organization or develop a regulatory framework to govern a particular type of activity or financial product. This can result in an approach to regulation too rooted in past failures, which might lack the flexibility to anticipate or adapt to emerging risks or financial products.

Powered by WPeMatico

Hyperproof wants to make it easier to comply with GDPR and other regulations

As companies try to figure out how to comply with regulations like GDPR, ISO or Sarbanes Oxley, they face a huge challenge just getting started. Hyperproof, a Bellevue, Wash. startup, is launching a new product to help companies build a workflow to get them in compliance in a more organized way.

Company co-founder and CEO Craig Unger says most companies struggle with the complexity of compliance. It involves a lot of different activities and often requires the cooperation of employees, who typically aren’t involved in compliance.

Hyperproof wants to provide a single place where companies can undertake their compliance activities. “In reality, there’s no single place where if you’re a compliance officer, you can say, ‘here is where I do my work.’ Here is the equivalent of my SAP system for a CFO or my CRM system for a head of sales or head of marketing — and Hyperproof is just that,” Unger explained.

He says most companies do compliance today in a fairly ad hoc way, relying on technology like spreadsheets to track tasks, and email to make requests for needed information. What Hyperproof does is package all of that into a single program. You indicate which compliance regimen you want to work with, and Hyperproof builds a workspace for you with all of the requirements you need for that compliance framework.

Unger says at this point, the company is simply putting all of the tasks in a single workflow to simplify and organize your activities around this compliance framework.You can also import a spreadsheet to get that information inside Hyperproof, or outline the requirements in your own language in the program.

“Once you have a defined program in place, you can start working with the rest of the organization in a collaborative way by sending emails. The evidence that comes back gets put inside Hyperproof as an immutable record with an audit trail around this data collection,” Unger explained. Should you get audited, you have a central place to show the auditor your work.

The company has concentrated on building the workflow part of this, but in the future wants to add automation and APIs to connect directly to other systems to automate many of the activities. The goal with the initial release was to get companies a compliance framework workflow, and then build on that in the future.

The company was founded last year and has raised $3 million from 23 angel investors in the Seattle area where they are based. In fact, Unger is a former Microsoft employee and also helped found Azuqua, a workflow startup he sold to Okta this year for $52.5 million.

Powered by WPeMatico

The startups creating the future of RegTech and financial services

Marc Gilman
Contributor

Marc Gilman is General Counsel and VP of Compliance at Theta Lake. He is also an Adjunct Professor at Fordham University School of Law.

Technology has been used to manage regulatory risk since the advent of the ledger book (or the Bloomberg terminal, depending on your reference point). However, the cost-consciousness internalized by banks during the 2008 financial crisis combined with more robust methods of analyzing large datasets has spurred innovation and increased efficiency by automating tasks that previously required manual reviews and other labor-intensive efforts.

So even if RegTech wasn’t born during the financial crisis, it was probably old enough to drive a car by 2008. The intervening 11 years have seen RegTech’s scope and influence grow.

RegTech startups targeting financial services, or FinServ for short, require very different growth strategies — even compared to other enterprise software companies. From a practical perspective, everything from the security requirements influencing software architecture and development to the sales process are substantially different for FinServ RegTechs.

The most successful RegTechs are those that draw on expertise from security-minded engineers, FinServ-savvy sales staff as well as legal and compliance professionals from the industry. FinServ RegTechs have emerged in a number of areas due to the increasing directives emanating from financial regulators.

This new crop of startups performs sophisticated background checks and transaction monitoring for anti-money laundering purposes pursuant to the Bank Secrecy Act, the Office of Foreign Asset Control (OFAC) and FINRA rules; tracks supervision requirements and retention for electronic communications under FINRA, SEC, and CFTC regulations; as well as monitors information security and privacy laws from the EU, SEC, and several US state regulators such as the New York Department of Financial Services (“NYDFS”).

In this article, we’ll examine RegTech startups in these three fields to determine how solutions have been structured to meet regulatory demand as well as some of the operational and regulatory challenges they face.

Know Your Customer and Anti-Money Laundering

Powered by WPeMatico

How to handle dark data compliance risk at your company

Lisa Hawke
Contributor

Lisa Hawke is VP of Security and Compliance at Everlaw, and Vice Chair of Women in Security and Privacy.

Slack and other consumer-grade productivity tools have been taking off in workplaces large and small — and data governance hasn’t caught up.

Whether it’s litigation, compliance with regulations like GDPR or concerns about data breaches, legal teams need to account for new types of employee communication. And that’s hard when work is happening across the latest messaging apps and SaaS products, which make data searchability and accessibility more complex.

Here’s a quick look at the problem, followed by our suggestions for best practices at your company.

Problems

The increasing frequency of reported data breaches and expanding jurisdiction of new privacy laws are prompting conversations about dark data and risks at companies of all sizes, even small startups. Data risk discussions necessarily include the risk of a data breach, as well as preservation of data. Just two weeks ago it was reported that Jared Kushner used WhatsApp for official communications and screenshots of those messages for preservation, which commentators say complies with record keeping laws but raises questions about potential admissibility as evidence.

Powered by WPeMatico

Cognigo raises $8.5M for its AI-driven data protection platform

Cognigo, a startup that aims to use AI and machine learning to help enterprises protect their data and stay in compliance with regulations like GDPR, today announced that it has raised an $8.5 million Series A round. The round was led by Israel-based crowdfunding platform OurCrowd, with participation from privacy company Prosegur and State of Mind Ventures.

The company promises that it can help businesses protect their critical data assets and prevent personally identifiable information from leaking outside of the company’s network. And it says it can do so without the kind of hands-on management that’s often required in setting up these kinds of systems and managing them over time. Indeed, Cognigo says that it can help businesses achieve GDPR compliance in days instead of months.

To do this, the company tells me, it’s using pre-trained language models for data classification. That model has been trained to detect common categories like payslips, patents, NDAs and contracts. Organizations can also provide their own data samples to further train the model and customize it for their own needs. “The only human intervention required is during the systems configuration process, which would take no longer than a single day’s work,” a company spokesperson told me. “Apart from that, the system is completely human-free.”

The company tells me that it plans to use the new funding to expand its R&D, marketing and sales teams, all with the goal of expanding its market presence and enhancing awareness of its product. “Our vision is to ensure our customers can use their data to make smart business decisions while making sure that the data is continuously protected and in compliance,” the company tells me.

Powered by WPeMatico

Why Startups Should Leverage Compliance

woven Business Insider recently reported that “The Clearing House, an advocacy group owned by the world’s largest commercial banks, is gunning for payment startups.” Not surprisingly, the banks don’t enjoy being the only ones told to play by the rules. More to the point, though, forcing Wall Street regulations onto Silicon Valley is their approach to dealing with the threat… Read More

Powered by WPeMatico