Silicon Valley’s signature “move fast and break things” culture has propelled U.S. tech companies to the zenith of business success and financial markets. Investors and tech startup CEOs have seen business risks rewarded with global growth and billion-dollar valuations at dizzying speeds. This chutzpah has also landed some executives in hot water—and possibly jail, in the case of Elizabeth Holmes.

While business risks may bring rewards, compliance risks do not. And compliance should be treated differently: The business risk model taught in B-school cannot and should not be applied to environmental, social and governance risks like corruption.

Bribery can present itself in atypical ways in the tech industry, such as preferential hiring, pre-IPO stock options and investment opportunities. To build truly effective compliance functions, companies must consider and address the unique compliance risks they face based on their products, services and routes to market.

As with all industries, most corruption and human rights violations in the tech industry will be uncovered sooner or later. There are myriad ways legal enforcement agencies learn about compliance issues, amplified now by relatively recent Securities and Exchange Commission (SEC) whistleblower reward rules and increased due diligence by investors. Additionally, because interagency referrals are common among U.S. enforcement authorities, as more companies open their books for antitrust investigations, they may find themselves in legal trouble for adjacent issues such as bribery.

While tech giants and startups inevitably have different levels of resources to allocate to compliance, they can think similarly about avoiding and addressing compliance risks.

Grow the compliance function with the company. As companies grow, they should continually reevaluate and ensure that compliance resources are comparable against staffing, financial and other benchmarks.

Integrate proactive compliance into the company. Waiting until there’s a problem and throwing money at it isn’t an effective compliance strategy, and neither is hiring compliance personnel as an insurance policy. Compliance can’t operate effectively in a silo, and the U.S. Department of Justice and SEC have repeatedly emphasized that senior personnel in charge of compliance should have a seat at the decision-making table and should be empowered within the company.


Publicly demonstrate commitment to compliance with adequate anti-corruption and human rights requirements through policies, a code of conduct, certifications and public statements.

Think of the unique compliance risks your company faces. This should include a comprehensive corruption risk assessment that analyzes government touchpoints, routes to market, geographic risks, a review of third party intermediaries your company works with, and an assessment of risks specific to your company’s product or industry. Put safeguards in place to address these risks, such as ongoing monitoring, contractual protections and regularly administered training.

Government investigations and enforcement actions spell trouble: blacklisting, costly internal investigations, disruptive monitorships, delays in mergers and acquisitions, massive fines and penalties, criminal prosecution and immeasurable reputational damage. It’s better to prevent compliance problems in the first place and to have a plan ready for any issues that do arise. If you can find and identify incidents—and demonstrate an effective compliance program, proactivity and ethical commitment—you’ll be in better shape in the event that enforcement authorities come knocking.