Why is this important? Copy link

Did you know? Bad things can happen more easily where there is little or no proper corporate governance:

• John J Ray III, in his first bankruptcy filing as the new CEO of FTX on 17 December 2022 said that in over 40 years of legal and restructuring experience, he had never seen “such a complete failure of corporate controls…”
• In the UK, a publicly listed company saw its stock price drop, institutional investors sell their shares, and some analysts predicting UK sales growth could be severely impacted by bad publicity after poor governance allowed third-party suppliers to pay below the minimum wage to some of their UK-based workers.

Corporate governance is based on four generally accepted basic principles: fairness, transparency, accountability, and responsibility. These principles must be observed from the creation of the start-up, accompanying the development of the company's governance, even when it occurs gradually. The ethical and governance standards that you implement will underpin your company’s culture, the way it operates, and your team’s behaviours.

• In some cases, having appropriate governance structures and policies is not optional: for example, for regulated businesses, these are likely to be a prerequisite.

• The policies are also important to stakeholders other than just your employees, and may be of relevance to customers, suppliers, investors and regulators.

• The board is responsible not only for setting, but also for monitoring the policies. Others (such as auditors) may also have responsibility for checking compliance with some of them, but the primary responsibility rests with the board (which may be collective and/or individual responsibility).

• In addition to the benefits of having good governance, having appropriate policies in place and monitoring compliance (and taking appropriate steps to address non-compliance or remediate where necessary) will potentially help to mitigate any consequences where anything slips through the net. Conversely, not having an appropriate policy in place, or failing to monitor it are likely to compound any failing.

Where to start

Pre-seed/seed

• Understand the key risks and regulations which apply to your business; engage specialist advisors early on.
• Adopt board-like routines if not a formal board, i.e. a regular meeting between founders (and seed investor, if appropriate) to discuss business updates and key strategic deep dive topics.

Series A

• Set up a formal board. Discuss your company’s ethics and governance framework with your board and leverage the experience of the board members.

• Create and publish company policies e.g. a code of conduct, anti-harassment and discrimination policy, code of ethics, bribery policy, health and safety policy.

• Communicate policies to the business with purpose. This is not a tick-box exercise, management should be involved in delivering the key takeaways from the policies.

• Put in place systems and processes to monitor good governance (e.g. regular board meetings) and compliance (e.g. quarterly confirmations from employees) and take remedial action where necessary.

Series B onwards

• Review the key risks and regulations which apply to your business; engage specialist advisors early on.

• Discuss your company’s ethics and governance framework with your board and leverage the experience of the board members (and new board members as they join): ask questions such as what are our values? What behaviours do we want to promote or prevent?

• Once your company has a clear pathway on these key issues, put pen to paper and create/update company policies e.g. a code of conduct, anti-harassment and discrimination policy, code of ethics, bribery policy, health and safety policy.
  • Policies should avoid legalese and be drafted so that they can be digested and understood by the whole business. There is no point in having a 100+ page policy that no one reads! Policies should be focussed on risks that are material to your business e.g., regulated activities/GDPR and data handling and should be proportionate to the relevant issue and its consequences.
  • Policies should be relevant and proportionate to your business and the risks it faces and should be periodically reviewed by the board and updated where necessary to ensure they stay relevant and proportionate as your company grows - what is relevant and proportionate to a business in the start-up phase will likely be different to what is relevant and proportionate in the scale-up and growth phases. Also, bear in mind that additional policies may be required as you scale.
  • Incoming investors will review your policies and procedures on successive investment rounds, and will require you to put in place missing policies or upgrade policies which are no longer fit for purpose. Try and stay ahead of the game by making sure you have reviewed your policies and upgraded where necessary ahead of being found out in a due diligence process.

Data collection

• Employee acceptance of code of conduct and other compliance policies and procedures (%)
• The annual number of policy breaches
• Employee/Board member training rate (%)
• Board actions completion rate (%)

Useful resources and further reading

• On Board with Balderton: The 101 guide to board meetings - Balderton Capital
• Lack of governance is what is keeping CEOs up at night - Startacus

Examples and testimonials Copy link

Merama set up a dedicated and comprehensive Compliance Program to implement appropriate processes, procedures, and policies, from writing new policies to establishing an Ethics Committee, implementing a whistleblowing channel, and delivering annual training alongside an ESG, cybersecurity, and compliance onboarding course. Merama’s commitment extends to its subsidiaries, having rolled out a Compliance program for Merchants.