Kick off compliance at your startup, NOW
- Opinion
- August 29, 2022
Success stories of homegrown unicorns have found a spot in management lessons and entrepreneurial aspirations alike. A 2017 CB Insights report suggests that outside the US, India has the second highest number of unicorn startups in the world.
Over the past few years, India has witnessed an unparalleled rise in the growth of startups and has become one of the coveted destinations for starting a business in the world. Efforts of the government to nurture innovation and encourage entrepreneurship have provided an impetus to the ecosystem. The launch of Startup India Action Plan in January 2016 and more recently, the proposed move to set up regulatory regime for VC funds in the Union Budget 2018 have been well-received by the industry. Other announcements pertaining to focus on technology (like artificial intelligence), strengthening of digital infrastructure in rural areas, etc., are likely to provide further stimulus to the ecosystem.
While support by way of providing a robust infrastructure, favourable regulatory regime, or other benefits are much needed, the onus to keep compliance right on track is a priority that startups need to set high in their agenda. Generally, a startup psyche is inclined heavily towards fundraising and break-even, and over a period of time creating a business that can manage cash flows and is ultimately scalable, to go beyond a startup. Little knowledge is a dangerous thing and compliance, more often than not, is wrongly perceived to be restricted to documentation or procedures to make inroads into registering a company, filing returns and other aspects of legal or statutory compliance. Other components of driving compliance, which have a far reaching impact on the survival of any firm, is unfortunately, an oversight.
Pitfalls of Being Non-compliant
This attitude is increasingly being (at least) acknowledged as incongruous to the health of a startup. There have been instances of global startups being slapped with fines by regulators for being non-compliant. In addition to regulatory repercussions, investor confidence is shaken and as the business grows, it becomes difficult to instil a culture of compliance which was missing from the very beginning. Compliance is a must to mitigate risks and complexities of doing business, given the diverse industry and regulatory requirements in India. Needless to say, it is way beyond a “check box” of meeting the requirements of doing business only.
Typical Compliance Requirements for Startups
Lack of adequate knowledge around what constitutes compliance and governance is one of the biggest roadblocks faced by startups. The ambit of compliance surpasses legal or statutory compliance or requirements pertaining to “set up and operate” business only. Compliance must be at the heart of any business, and stay so for as long as the business exists. Practices relating to internal controls and processes, risk management, ethics, etc., are some of crucial aspects in this regard.
Compliance goals in a startup’s prospective journey can be chartered as below. Depending on the industry of operation itself, the transition may be different.
Over the past few years, India has witnessed an unparalleled rise in the growth of startups and has become one of the coveted destinations for starting a business in the world. Efforts of the government to nurture innovation and encourage entrepreneurship have provided an impetus to the ecosystem. The launch of Startup India Action Plan in January 2016 and more recently, the proposed move to set up regulatory regime for VC funds in the Union Budget 2018 have been well-received by the industry. Other announcements pertaining to focus on technology (like artificial intelligence), strengthening of digital infrastructure in rural areas, etc., are likely to provide further stimulus to the ecosystem.
While support by way of providing a robust infrastructure, favourable regulatory regime, or other benefits are much needed, the onus to keep compliance right on track is a priority that startups need to set high in their agenda. Generally, a startup psyche is inclined heavily towards fundraising and break-even, and over a period of time creating a business that can manage cash flows and is ultimately scalable, to go beyond a startup. Little knowledge is a dangerous thing and compliance, more often than not, is wrongly perceived to be restricted to documentation or procedures to make inroads into registering a company, filing returns and other aspects of legal or statutory compliance. Other components of driving compliance, which have a far reaching impact on the survival of any firm, is unfortunately, an oversight.
Pitfalls of Being Non-compliant
This attitude is increasingly being (at least) acknowledged as incongruous to the health of a startup. There have been instances of global startups being slapped with fines by regulators for being non-compliant. In addition to regulatory repercussions, investor confidence is shaken and as the business grows, it becomes difficult to instil a culture of compliance which was missing from the very beginning. Compliance is a must to mitigate risks and complexities of doing business, given the diverse industry and regulatory requirements in India. Needless to say, it is way beyond a “check box” of meeting the requirements of doing business only.
Typical Compliance Requirements for Startups
Lack of adequate knowledge around what constitutes compliance and governance is one of the biggest roadblocks faced by startups. The ambit of compliance surpasses legal or statutory compliance or requirements pertaining to “set up and operate” business only. Compliance must be at the heart of any business, and stay so for as long as the business exists. Practices relating to internal controls and processes, risk management, ethics, etc., are some of crucial aspects in this regard.
Compliance goals in a startup’s prospective journey can be chartered as below. Depending on the industry of operation itself, the transition may be different.
Phase 1: Developing Minimum Viable Product
Often, with investments from friends and family, a team of 3-4 members including the founders, work towards building the Minimum Viable Product (MVP) and strategise subsequent phases of developing the final product. Once MVP is ready, only then startups consider hiring a professional (CA/CS/lawyer) to legalise the entity and protect the intellectual property (if any). Considerable investment in terms of time and money has been put in at this stage, and this calls for establishing a robust compliance foundation as the ethical tone set by the core members is a benchmark for future incumbents and employees.
Compliance Goals: Typically, this phase involves determining the form of business entity like Partnership/Limited Liability Partnership, Corporation or Limited Liability Company, etc. This follows compliance with the Companies Act or LLP Act to file financial statements and returns, audit compliance, carrying out general meetings, board organisation, etc. Further, as applicable procedures to register trademarks, patents, copyrights and other measures to protect intellectual property (IP) are taken.
Phase 2: Seek Investment & Formalise Operations
Once the legal entity is formulated, a due diligence report is presented to investors in the quest for investment. This report focuses on the business model, financial modelling and anticipated growth over time, feasibility tests of the product and echoes market research to assess demand. Businesses which receive requisite funding go on to expand operations and achieve economies of scale over time.
Compliance Goals: Maintaining clear and up to date financial records, Compliance of Reserve Bank of India (RBI) and Foreign Exchange Management Act (FEMA) regulations, Compliance of Income Tax, Goods & Service Tax (GST), Employee State Insurance, Provident Fund, Gratuity, and other applicable corporate and labour laws.
Phase 3: Period of Growth
Successful execution of operations sets the business on an ascending growth path. Investors keep a close watch on bottom line numbers to assess break-even and return on investment and advance strategies for a future exit or continued investment.
Compliance Goals: Set up internal control framework and draft policies that resonate with principles of a sound ethical culture including industrial certification of the product for quality assurance, if applicable. At the same time, as the business grows, challenges to be tackled with the increased size and complexities, whistle-blower complaints, vendor/customer disputes, improve financial performance, etc.
Phase 4: Sustained Growth
During this period, the business is no longer a startup and has a strong foothold with sizeable revenues and employee strength which make it a strong market player and susceptible to challenges faced by the large corporations.
Compliance Goals: Continue to monitor internal controls, code of conduct, risks in view of the dynamic environment, local training programs for employees as well as third parties, etc.
In a nutshell, any startup would require to address concerns relating to established business and legal, tax, statutory compliance, third party risks, cultural issues, policies and procedures, etc. However, a one size fits all approach isn’t recommended as compliance needs vary depending on the business model, industry, etc. For instance, for tech startups, educating end users about third party applications may be an integral part of its compliance programme. Therefore, the compliance programme must be designed keeping in mind the unique requirements of the business.
Key recommendations
Recommendations for startups to address common challenges in this space include:
• Set the Compliance Framework
Establish an all-inclusive policy framework that includes an anti-bribery and anti-fraud policy, code of conduct, third party risks and lastly, the cultural issues, especially given the dominance of cultural norms in a developing country like ours.
Another critical aspect where founders play a critical role is setting the tone at the top. Leading by example makes others follow suit. A founder willing to initiate production at a manufacturing unit prior to receiving requisite permits from regulatory authorities indicates “acceptability” of corrupt practices.
• An “Active” Training Programme
Developing training programmes while staying conscious of compliance challenges faced on the ground level is important. A training program must facilitate making employees conscious of appropriate code of conduct, set the right expectation, and guidance to make the right choice when in a tough spot. Continuous evaluation and feedback on the training needs is imperative.
Secondly, issues faced by leadership vis-à-vis a blue collared employee or a factory worker may be contrasting, therefore, customising training needs keeping in mind the target audience must not be ignored.
Lastly, this audience must extend to all levels across the organisation and externally, as applicable.
• Remember Your Accountability to Stakeholders
o An investor, if provided with erroneous financial reports, can pull the plug on funds owing to mistrust and false representation leaving the startup in the lurch. Similarly, the Companies Act provides protection to shareholders from being defrauded. Strong financial reporting is therefore critical and stems from sound internal controls and effective risk framework.
o Treat all employees in a fair and equitable manner to ensure they contribute positively to the growth of the firm. HR and payroll policies go a long way to take care of this aspect
o Well documented contracts with vendors and customers safeguard the business and provide these individual entities the ease of doing business. It accelerates the process of building a long term relationship with the company as well.
• Meet Legal and Statutory Compliance Requirements
Being mindful of any changes in the existing regulatory policies and procedures is a must. Given the dynamic business environment we operate in; it is wise for start-ups to seek expert advice with respect to applicable statutes to ensure the requirements are in line with what is required by law.
• Establish Risk Management
A formalised risk management process safeguards against the potential vulnerabilities and risks which threaten business continuity. However, it is important that this framework in addition to strategies and practices to monitor and measure risk, provides actionable insights to strengthen the company’s approach towards mitigating them. It must be able to stand the tests of time and facilitate timely identification of potential red flags.
Large enterprises incur considerable expenditure to implement their risk management programmes. However, early on, any business must implement a basic framework that facilitates identification of risks and its impact and adequate controls.
Conclusion
The startup ecosystem is infused with innovation, technology and capability. It thrives on disruptive ideas which hope to shape a better tomorrow. However, non-compliance can, like in any other business, cost an aspiring firm dearly. The entrepreneurial DNA must not set compliance aside as a “checkbox” for future, but integrate into its day-to-day operations, a definite sign of any forward looking enterprise.
About the author
Samir Paranjpe is Partner at Grant Thornton India LLP
Often, with investments from friends and family, a team of 3-4 members including the founders, work towards building the Minimum Viable Product (MVP) and strategise subsequent phases of developing the final product. Once MVP is ready, only then startups consider hiring a professional (CA/CS/lawyer) to legalise the entity and protect the intellectual property (if any). Considerable investment in terms of time and money has been put in at this stage, and this calls for establishing a robust compliance foundation as the ethical tone set by the core members is a benchmark for future incumbents and employees.
Compliance Goals: Typically, this phase involves determining the form of business entity like Partnership/Limited Liability Partnership, Corporation or Limited Liability Company, etc. This follows compliance with the Companies Act or LLP Act to file financial statements and returns, audit compliance, carrying out general meetings, board organisation, etc. Further, as applicable procedures to register trademarks, patents, copyrights and other measures to protect intellectual property (IP) are taken.
Phase 2: Seek Investment & Formalise Operations
Once the legal entity is formulated, a due diligence report is presented to investors in the quest for investment. This report focuses on the business model, financial modelling and anticipated growth over time, feasibility tests of the product and echoes market research to assess demand. Businesses which receive requisite funding go on to expand operations and achieve economies of scale over time.
Compliance Goals: Maintaining clear and up to date financial records, Compliance of Reserve Bank of India (RBI) and Foreign Exchange Management Act (FEMA) regulations, Compliance of Income Tax, Goods & Service Tax (GST), Employee State Insurance, Provident Fund, Gratuity, and other applicable corporate and labour laws.
Phase 3: Period of Growth
Successful execution of operations sets the business on an ascending growth path. Investors keep a close watch on bottom line numbers to assess break-even and return on investment and advance strategies for a future exit or continued investment.
Compliance Goals: Set up internal control framework and draft policies that resonate with principles of a sound ethical culture including industrial certification of the product for quality assurance, if applicable. At the same time, as the business grows, challenges to be tackled with the increased size and complexities, whistle-blower complaints, vendor/customer disputes, improve financial performance, etc.
Phase 4: Sustained Growth
During this period, the business is no longer a startup and has a strong foothold with sizeable revenues and employee strength which make it a strong market player and susceptible to challenges faced by the large corporations.
Compliance Goals: Continue to monitor internal controls, code of conduct, risks in view of the dynamic environment, local training programs for employees as well as third parties, etc.
In a nutshell, any startup would require to address concerns relating to established business and legal, tax, statutory compliance, third party risks, cultural issues, policies and procedures, etc. However, a one size fits all approach isn’t recommended as compliance needs vary depending on the business model, industry, etc. For instance, for tech startups, educating end users about third party applications may be an integral part of its compliance programme. Therefore, the compliance programme must be designed keeping in mind the unique requirements of the business.
Key recommendations
Recommendations for startups to address common challenges in this space include:
• Set the Compliance Framework
Establish an all-inclusive policy framework that includes an anti-bribery and anti-fraud policy, code of conduct, third party risks and lastly, the cultural issues, especially given the dominance of cultural norms in a developing country like ours.
Another critical aspect where founders play a critical role is setting the tone at the top. Leading by example makes others follow suit. A founder willing to initiate production at a manufacturing unit prior to receiving requisite permits from regulatory authorities indicates “acceptability” of corrupt practices.
• An “Active” Training Programme
Developing training programmes while staying conscious of compliance challenges faced on the ground level is important. A training program must facilitate making employees conscious of appropriate code of conduct, set the right expectation, and guidance to make the right choice when in a tough spot. Continuous evaluation and feedback on the training needs is imperative.
Secondly, issues faced by leadership vis-à-vis a blue collared employee or a factory worker may be contrasting, therefore, customising training needs keeping in mind the target audience must not be ignored.
Lastly, this audience must extend to all levels across the organisation and externally, as applicable.
• Remember Your Accountability to Stakeholders
o An investor, if provided with erroneous financial reports, can pull the plug on funds owing to mistrust and false representation leaving the startup in the lurch. Similarly, the Companies Act provides protection to shareholders from being defrauded. Strong financial reporting is therefore critical and stems from sound internal controls and effective risk framework.
o Treat all employees in a fair and equitable manner to ensure they contribute positively to the growth of the firm. HR and payroll policies go a long way to take care of this aspect
o Well documented contracts with vendors and customers safeguard the business and provide these individual entities the ease of doing business. It accelerates the process of building a long term relationship with the company as well.
• Meet Legal and Statutory Compliance Requirements
Being mindful of any changes in the existing regulatory policies and procedures is a must. Given the dynamic business environment we operate in; it is wise for start-ups to seek expert advice with respect to applicable statutes to ensure the requirements are in line with what is required by law.
• Establish Risk Management
A formalised risk management process safeguards against the potential vulnerabilities and risks which threaten business continuity. However, it is important that this framework in addition to strategies and practices to monitor and measure risk, provides actionable insights to strengthen the company’s approach towards mitigating them. It must be able to stand the tests of time and facilitate timely identification of potential red flags.
Large enterprises incur considerable expenditure to implement their risk management programmes. However, early on, any business must implement a basic framework that facilitates identification of risks and its impact and adequate controls.
Conclusion
The startup ecosystem is infused with innovation, technology and capability. It thrives on disruptive ideas which hope to shape a better tomorrow. However, non-compliance can, like in any other business, cost an aspiring firm dearly. The entrepreneurial DNA must not set compliance aside as a “checkbox” for future, but integrate into its day-to-day operations, a definite sign of any forward looking enterprise.
About the author
Samir Paranjpe is Partner at Grant Thornton India LLP