Welcome And Why Trust Matters

Rob 0:00

Welcome to the Ban Rhine Compliance Podcast with Rob and Don. We help growing teams reduce risks, build trust, and stay audit ready without the overwhelm. Don and I wanted to kick off June by talking about something a little more personal this year. What it means to be a founder-led, family-owned compliance company, helping other founder-led companies protect what they're building.

Dawn 0:24

That's right, Rob. And why compliance is not just paperwork with your name, your clients, your team, and your reputation attached to the business.

Rob 0:32

So why are we leaning so heavily into founder-led compliance this month, Don? Do you know?

Dawn 0:38

Yes. Well, we work with many founder-led companies all the time, different industries. And uh we enjoy working with them. And we thought this would be great to kick off June, kick off summer. Yep.

Rob 0:52

Yep. And many are growing past their informal stages. We also have a lot of companies that are family-owned and they're generational businesses, and a lot of people rely on those. A lot of their clients are asking harder, tougher uh cybersecurity and uh

Founder-Led Compliance Feels Personal

Rob 1:06

certification questions from HIPAA to ISO to SOC, even high trust. And compliance is continuing to become part of the trust and sales.

Dawn 1:15

Yes, absolutely. And what does being a husband-wife founder team teach us about risk and operations? It teaches us a lot. Patience.

Rob 1:24

Patience is a big one.

Dawn 1:25

Patience.

Rob 1:26

Yes.

Dawn 1:27

Well, business feels personal, you know, and it it it is. It's a relationship. When you build a relationship, a partnership, we call them partnerships with clients and with those that um, you know, third-party suppliers, if you will. We want to build partnerships. Uh, reputation matters. You want to know who you're working with and what their reputation is. Have they been recommended by others in the industry or um just um other clients? And the process matters as well. Um, what kind of process um do they do they do? Do we trust the process? Do we believe in the process? Do they believe in their process? And just the operations and accountability to protect the business. Um that, you know, making sure that they trust you, they know that your your framework is going to work, is going to help their business, is going to be shaped to fit their business.

Rob 2:17

Yeah. And really look at compliance as protection, right? It's not just paperwork. It's not about just checking the box. It's about how do you protect the business that you've built. Um, and how do you protect a business that is 10, 20, 30, 40, 50 years old? And how do you help it and protect it to go another 10, 20, 30, or 40 or 50 years. Because we really want to focus and make sure that our clients talk about their trust with their clients, right? It's not about vendors, it's about being that true partner, ensuring that uh your clients can can trust you with their data, right? Uh it protects the team, it protects the payroll, it protects the foundation of the business and the founder's reputation. All this, yes, it does tie into sales, it is makes you a brand that you can trust in the world, right? Um, but also prepares a company for audits, questionnaires, incidents, and growth. Those are the key pieces. And especially now that we're kind of waiting for the next round of HIPAA regulations to be actually approved and governed into law, these are the things that your clients are gonna be asking you, and things are changing.

unknown 3:27

Yeah.

Dawn 3:27

So there is a, there is a, I guess, a founder problem and and basically opportunity. Yes, yes, opportunity, yes. What changes when a company uh, you know, grows past the early stages? So, you know, a company that's only one or two years old, what what changes? You're you're obviously gonna grow. So it used to just be Rob, and then it was Rob and I. I mean, it was always Rob and I, but I was kind of in the background. But what happens? You hire an employee when you get a system, a, you know, go on, go on our, you know, training platform, our audit platform. Oh, we're using, you know, utilizing um this partner to do, you know, certain services or an external auditor, that type of thing, or we're getting client demands, if you will, a request. I won't say demands, requests for additional services, which means all this what this means is there's more data, there's more risk, there's, you know, we're we're we're adding, we're adding, we're adding, right? Well, we have to have, you know, the structure, the framework. We have to, if you will, operationalize.

Rob 4:29

Yeah.

Dawn 4:30

I know that's kind of a word that's used a lot, but that is really the truth.

unknown 4:33

Yeah.

Rob 4:34

No, it is. You gotta be able, that helps you. The other word is scale, right? Helps you scale, be able to serve more people in a in that high caliber, high-touch way that not only have we built Van Ryan, but a lot of our clients that are family-owned businesses have built themselves because we know that family-owned business is the backbone of America. We know that uh that you know, that is defined by 500 or less employees, and that's that's about almost 90% of all business in this country. That's a lot. It's not the big corporations run everything. It's the it's the family-owned businesses.

Common Gaps As Teams Grow

Rob 5:05

And with that, there are some of the common gaps, some of the common problems we see uh within family-owned and founder-led businesses is you're getting going, you're getting started, you're getting things rolling. So we see a lot of outdated policies. We'll see things that haven't been touched in 10 years. We'll look at the privacy policies on the websites and we're like, oh, we haven't touched that since 2009. Okay, what have you been doing? Oh, we tripled our business. That's exciting. But um, auditors, lawyers, and your clients are looking out there. They're checking, seeing what's going on. Inconsistent training is another area we're seeing. It's like people that don't have the most up-to-date training, plus the laws changing from a federal standpoint and a state standpoint in just an industry, even the NIST frameworks, those are changing. We're seeing a lot of training that is not, does it hit the right mark, right? So we've built that training. We got to make sure that that customers have the right training for that. The the partnership review process, this is that vendor review process, is really key and important to all. The base rest of your business is third and fourth parties that are utilizing your data, providing a service, but how are they using utilizing the data? Are they actually, you know, ingesting the data internally and using that data? Are they farming that off to their own third or fourth party? What are they doing with that? You need to know that direction of where they're going. And then, you know, really the risk analysis. That's the key, is you have to have an audit. You need to understand where the risk is in your business to really understand the gaps, to understand the vulnerabilities to the business and what can take it down from a cyber attack standpoint, from a data breach of regulated data, be it financial data, or be it health information, or be it personal identifiable information or GDPR-related regulated information if you're within Europe, and understanding that. NA, yaddy, yaddy, yaddy. Because as an auditor, when I see that, when you see NA's and stuff there, that tells me you have nothing. So I'm going to dig deeper. And your clients are going to continue to dig deeper as well. Those are the key pieces that we're saying.

AI Use And Succession Planning

Dawn 7:17

Right. And the big one The big one, Don. The AI tools being used without approval.

Rob 7:24

That's it.

Dawn 7:25

AI, AI, AI. We've been hearing about that a lot.

Rob 7:28

We're not even real today.

Dawn 7:30

Yeah.

Rob 7:31

Generally.

Dawn 7:32

And the bigger piece of this is I wanted to touch on this is when you have a family-run business, a legacy business, you need to make sure that you've got a plan. And and you know, this I'm not talking disaster recovery plan. I'm talking about a secession plan. I'm talking about an estate plan, a business plan. Do you have an operational agreement with partners? Do you have who does it go to? Is it your kids? What does that look like? Who's going to run payroll if you're not around? Who has access to what? This is really important. We we did one at the start of our business and we just updated ours this year. And it is really important and things change. You should, you should have a really good business or a state attorney, you know, that is reviewing this with you on a yearly basis. Um, we do it quarterly, but I think it's or I think biannual, excuse me. It's important. It's important to know if something happens, who's who's going to take over and who's in charge. Um so I can't I can't press on that enough because we work with, you know, a lot of legacy, a lot of family run businesses, and most of them have things in check, but some of them don't.

Rob 8:42

Yep. Think about it like taxes. You know, tax day. Yep.

Dawn 8:46

So that that's one thing I will, yeah. That's one thing. I, you know, I know that that is it's hard to do. And then, you know, I said that right after saying AI, which AI everyone's freaking out about because where's my data? What's going on? You know, um and and so I know that's a whole nother piece of it. But this is this is really getting down to your business, everything in your business. This is employees, pay, this is everything. So uh it's very important. So I just wanted to add that to the list.

Operational Ownership And HR Compliance

Rob 9:13

And diving into that, Don, you know, your your lens is more the operator's lens. You're the operating officer and co-founder, right? And so how the business runs, the processes, decisions, the HR, the bits and pieces like that. As founders are listening today, what should they take away from from that? When you put your Van Ryan trucker hat on, which these are new, these are exciting.

Dawn 9:34

These are on our merch store.

Rob 9:36

As a CO what should people take away from that?

Dawn 9:40

Yep. Well, it you know, in your operations, like I was saying, operational agreements, that type of thing, you have to have compliance has to live within that. And in compliance, we're not just talking HIPAA compliance, we're talking compliance in general. There's also HR compliance. You've got employees probably in different parts of the country. There are different employee laws in different states. There are different requirements that employees that you have to, you have to provide employees in different states. There's different taxes in different states. Compliance is all around us. Compliance is, you know, insurance. Like what are you offering your employees? What are you, what do you have coverage in your business? Do you have do you have business insurance? Do you have an ENO policy? Do you have a general liability policy? Do you have WorkComp? All this stuff. This is this is this is important as a business. Uh, because you don't want to be behind the eight ball if something happens and you don't have coverage or you don't know who does what. So compliance has to live in the operations piece. Someone has to own it. We realize that some of these compliance officers, some of our customers that are owners, they are the compliance officer, the business owner, the HR director. They're everything.

Rob 10:50

They're everything.

Dawn 10:51

So it's really important if you're everything or you have someone to delegate to, who's got what and is it documented? This is really where policies, procedures, all this comes into play. It can't just be told someone something. It can't just be a handshake and good intentions. We know how that ends up. We, you know, we're not mobsters here where we can just shake our hands and agree to something. This is easier. It has to be in writing.

Rob 11:16

Right.

Dawn 11:16

And in writing, you know, and it has to be documented so everyone knows what everyone's supposed

M&A Risk And Security Due Diligence

Dawn 11:22

to be doing.

Rob 11:22

So the other thing, too, is I've I've I've talked to a lot of folks, and so have you, Don, about um acquisitions. There's always acquisitions going on. MAs every day. That's why I always say. And everybody's very good as a founder level at looking at PLs and the financials and the revenue and sales books and all that. But a lot of people forget is the risk of compliance and data security. Do you know that company that you're buying or the company that's trying to acquire you? Have they had data breaches? Have they had data incidents? Have they had security issues? Have they had problems like that sort? Are you taking on that responsibility, that liability on your company, making sure that you do the due diligence is just as critical, if not more, than the PL. Because what happens if there's a litigation or lawsuit sitting out there? What if there has been a breach that you still have to pay for and deal with down the road? Those are the key pieces and items like that. So make sure that you're really going through those steps and making sure that you actually get through like an actual, you know, cybersecurity and compliance audit, everybody that you're acquiring or about to be acquired. Those are the kind of key pieces.

Dawn 12:31

Because we've heard the stories. I acquired someone I've known for a long time and everything was a mess. Do your due diligence. There's definitely companies that do valuations of businesses to come to evaluation, but there's also you also can go in and do compliance review. You know, happy to do a compliance review. Hey, I'm looking at this company. Hey, we can do a quick little gap assessment, something like that, you know, to kind of review what what security measures they have in place before you actually purchase them. You don't want to purchase a lemon because you probably won't be able to return it. You know, it's not like a car. Yeah, I don't think there's lemon laws.

Rob 13:09

Yeah.

Dawn 13:10

And of course, yeah, you don't want to get into a litigation and all this kind of stuff because you said this and I said this. So it's really having your your business, you know, operations and you know, your kind of like packaged up with a bow on it. As if you do go to sell it or you hand it down to your kids or to their kids or to a friend. You want it to be, you know, pretty organized. And it's and it's not to say get organized for that. It's saying just get it organized for now in the present. Um don't wait for something to happen. You know, don't wait for that, you know, well, we have to sell it or, you know, whatever. Do it now. Take those steps to get things operationalized and organize it. And, you know, as founders, sometimes we get, you know, we we're visionaries. Rob's a visionary and more operations. We get caught into what's next, what's fun, what's shiny, what's this and that. But you really have to focus on, you know, where you're going, where you're at, and where you want to go and and set those goals and get everyone on the same page and and work together. And obviously Rob and I are, you know, we're we're partners in business and personally, you know, and and we and not everyone can do what we do. I mean, we get that. We do have customers that are are also husband and wife. And it it can work. I mean, it it works out great for us. But even that, if we were just partners in business, you've got to have clear expectations and clear, you know, uh, you know, roles and responsibilities. So it's it's really important to keep to make sure your business is healthy and you're on the same page and your partner isn't, you know, skimming off the top or anything and and to be successful.

Rob 14:46

So and you said it earlier is compliance is not overwhelming, but it needs ownership. It is up to you as a founder, it is up to you as a family-to-run business, it's up to you, even if you have other investors. Maybe it's still a family business, but you have other people that have invested. And I'm talking the big VC firms, the PE firms, there could be other people, just silent investors.

Dawn 15:07

Yeah.

Rob 15:08

You need ownership and they can hold you accountable for that. And that's kind of where why we are focused on this

How To Get A Founder Review

Rob 15:14

summer. It's summer family travel time, right? Is we're founders helping founders protect what they're building. And you have questions on HIPAA, SOC, ISO, HITRUST, all of those, how to build it, just simple data security, reach out to us. Put us in the chat, send an email to hello at Van Ryan Compliance.com, and Shay will grab that and we'll schedule time to do a founder compliance review. So, with that, we appreciate everybody's time. It's good to be here, Don, with our new trucker hats.

Dawn 15:44

Yes, yes. Go grab one yourself.

Rob 15:46

That's it. Alrighty.

Dawn 15:48

Bye bye. Bye bye.