• Print
Press Releases

LeClairRyan Attorney: Startups Should Plan for Regulatory Challenges from the Outset

--Fast-growing companies should prepare now for what the government might throw at them in the future, writes veteran counselor with the national law firm.

Rapid growth can trigger the need to comply with complex regulations, but smaller companies often fail to plan ahead for these challenges, notes LeClairRyan attorney Brian C. Lansing, in a newly posted column at

“Whether the business is small or medium-sized, public or private, when it goes through a period of rapid expansion, it is likely to cross various thresholds that trigger new legal requirements,” writes Lansing, Senior Counsel in the national law firm’s Richmond, Va., office and leader of its General Counsel and Secondments team. “Suddenly, a startup that had operated with freewheeling autonomy finds itself subject to new regulatory demands related to employment/HR, employee health care, data privacy and security, or intellectual property. Depending on the company, laws such as Sarbanes-Oxley, Dodd-Frank or the Foreign Corrupt Practices Act could apply as well.”

In the Sept. 5 column (“Be Prepared”), Lansing notes that relatively few startups create detailed compliance plans for regulations they believe will not apply to them for years to come. The problem, however, is that this can lead to the company getting caught flat-footed.

“The pro forma for a fast-growing company might call for, say, 100 employees in two years based on the current growth trajectory,” he writes. “But if that plan omits the role of regulatory requirements that kick in at that scale, the directors and officers could be shocked to discover that proper compliance with state and local regulations actually will require many more people on the payroll.”

Indeed, significantly larger payrolls themselves can carry a certain amount of potential risk, the attorney notes in the piece. “For example, employment risk, such as discrimination or wrongful termination claims, happens to be one of the top risk-management concerns for any business,” Lansing writes. “The more people you hire, the more likely you are to run into a problematic individual or workplace situation — things like sexist, biased or harassing supervisors, or unethical employees whose actions create problems for the company.”

Something similar could be said of cyber risk: As the company scales up, Lansing notes, it will have more technology, more digital interactions with vendors and customers, and more potential risk of personnel falling prey to devastating phishing or “social engineering” schemes perpetrated by hackers.

Lansing encourages executives to make detailed, predictive compliance-planning a top priority for their companies. “Here, it pays to be optimistic with projections,” he writes. “If you grow twice as fast as you think you will, will the company still be ready to handle what government throws at it?”

He also emphasizes the value of open communication between officers and directors; creating a strong culture of “walking the talk” and leading by example on regulatory compliance; maintaining accessibility and a willingness to listen on the part of management; and conducting careful training of employees at all levels.

“With a forward-thinking culture of compliance firmly in place, the company can grow into its regulatory responsibilities with less stress and, ideally, reduced risk,” Lansing writes in the conclusion to the piece. “Rather than playing an unfortunate game of catch-up after, say, being hit with an enforcement action or employee complaint, why not give compliance the consideration it deserves from the very beginning?”

The full column is available at: