Compliance: When Should You Take Action?
After your Series Seed and Series A financing rounds, your new company will be well on its way to gaining a foothold in the marketplace and achieving success. Company long term goals may vary depending on the nature of the business, but at least after these early rounds, founders can typically begin to focus on building the business instead of fundraising.
With that in mind, the completion of Series Seed, and Series A (or B) financing offers the perfect place to pause, reset, and focus on compliance. Take some time at this point to make sure you’ll be ready when auditors come to call, both legal, financial and technical. Here are some things to think about:
Securities compliance -- As part of your Series A and Series B financing, your investors will probably have already requested that the company warrant that it is in compliance with securities laws. Nonetheless, it can sometimes happen that securities compliance is overlooked or simply forgotten, evey by companies with sophisticated counsel. After the rush of the financing, make sure to double check that stock plans and all securities sales fit into a recognized exemption from registration from U.S. securities rules, and comply with any applicable state “Blue Sky” rules. If you intend to take the company public, you will absolutely need to be compliant with all applicable securities rules.
Information controls -- If you are a SaaS provider or otherwise handle confidential information, consider looking into compliance with various information and security standards. For example, SOC 2 compliance may provide a good start in ensuring that sensitive data and information is being handled in a proper manner. Larger customers may require SOC 2 compliance or some other standard.
If your company creates, maintains or uses proprietary information and trade secrets as a key means of success in the marketplace, you should put in place information controls to make sure that you can check your employees’ access to such sensitive information. When employees depart, have them document that they will not take confidential information with them, and you should make sure that they have no more access to company information (such as on cloud drives) after their last day. In the event of a dispute about whether or not trade secrets were taken or misappropriated, this type of compliance is critical in convincing a court that the company took all necessary steps to protect its sensitive confidential information.