Compliance and governance are essential for all companies to operate legally, efficiently and sustainably, to manage their risks effectively, and to build trust with customers, investors, and other stakeholders.

Not only are there legal requirements for companies, but it is also in the business’s best interest to avoid any reputation damage and maintain investor confidence.

In this article, Commercial Contracts and Corporate Advisory partner Nick Watson and Commercial and Intellectual Property partner Jon Moorhouse outline why compliance and governance are important for businesses as they grow, and how to get them right.

Why is a compliance and governance framework important?

A good compliance and governance framework allows businesses to:

 Preserve value

  • It supports engagement with investors and, eventually, buyers. Gaps and deficiencies can undermine valuations, put a brake on negotiations, or even deter interested parties all together.
  • It is a selling point to customers and clients. By demonstrating rigour and maturity, you build trust and confidence and have a better chance of getting through their onboarding process.

Protect the business

  • It acts as a defensive shield by reducing the risk of claims from individuals, business partners or regulators, and helping you respond to regulatory interventions.
  • It reduces external costs – such as legal bills when things go wrong, and insurance premiums.

Do the right thing

  • It promotes good behaviours at both corporate and individual levels.
  • Parts of the framework can also be passed on to suppliers to reduce your risk, create better levels of assurance, and enhance your customer proposition.

Businesses must also consider concepts such as proportionality, risk management, and prioritisation as necessary components of managing all businesses – especially ones looking to scale.

Compliance with relevant laws and regulations is an inescapable requirement for any business. Anti-bribery and anti-corruption, competition, and data protection often grab the headlines with eye-watering fines and, potentially, criminal sanctions for individual directors. But in order to succeed, businesses need to understand their risks as well as their obligations and must consider what is realistic and achievable for them. Can you afford the legal advice? Do you have the resources to drive forward a governance or compliance project and implement the recommendations? Will processes have to change? What about culture?

Large, listed companies are in the public eye and are incentivised and sufficiently well funded to develop and implement market-leading compliance and governance frameworks.

Smaller companies, however, sometimes struggle to know how far they have to go as they scale up. They may lack the confidence or experience to assess what they need to do right now and what can follow in due course.

Investors will look increasingly closely at what compliance and governance policies and processes the business has in place as it moves through Series A, B and C investment rounds. It will help to close those if you are on the front foot and can point to a cohesive compliance and governance plan.

How to get compliance right

Much of the work is internal and cannot be outsourced to your advisers. However, lawyers with in-house experience will have a good understanding of operational needs and constraints and of how to partner with you to achieve the right outcomes for your business.

There is also a cultural dimension to compliance and governance improvements, which cannot be overlooked. Behavioural change is as important as creating / refining policies and procedures. You will need to secure top-down support from your executive team and work hard to get buy-in from the bottom up.

Gap analysis: identifying the risks

Given the finite budget and limited resources of an early-stage business, adopting a risk-based approach is a necessity.

Understanding the organisation’s current status and being pragmatic about major risks, setting priorities and realistic goals are all essential. The challenge is to carry out this ‘gap analysis’ in a proportionate, business-friendly way.

Information gathering by initially interviewing the executive team and other staff helps to build up a clear picture of the key risks. The business needs to identify what compliance and governance documents and processes are already in place and then ask: are they good enough? You may already have some form of risk register. What does that tell you? Is it up to scratch?

Gap analysis: understanding the risks

Risks should be framed in a digestible, actionable way. A tabular format works better and can also be aligned with your risk register.

The gap analysis will show the current state of play, state the destination, and will explain what must be done to get there.

A simplified Gap Analysis Table for illustrative purposes

Next steps

Once the risks have been identified and are understood, you must decide what to prioritise. Recommendations will flow from the Q&A and resultant gap analysis.

Using the gap analysis, work with the senior management team to develop an action plan for phased improvements. This will allow you to build up a compliance and governance framework that is practical and ‘good enough’ for the company now, and on track to improve as the business expands and evolves.

Assess the risk associated with each gap. How likely is it that the issue will arise? What impact would it have if it did? As part of this process, you should try to establish what appetite the business has for any of these risks – refer to your risk register if you have one.

Weigh this analysis against your budget and required resources to help implement the recommendations in a practical and proportionate way. Work with advisers to decide what can/must be done now and what can be planned as part of a further phase of compliance and governance work.

If you take your business through these steps, your policies and processes will quickly become good enough. It is not about cutting corners; it is about cutting your coat according to your cloth. For smaller businesses, compliance (much like any aspect of business growth) is about the art of the possible.

If you would like any help with compliance and governance in your business, please contact Nick Watson and Jon Moorhouse.

For further information please contact:

This article is for general information purposes only and does not constitute legal or professional advice. It should not be used as a substitute for legal advice relating to your particular circumstances. Please note that the law may have changed since the date of this article.