A Start-up
guide to


SFG9: Highest ethical governance standards

Why is this important? Copy link

Did you know? Bad things can happen more easily where there is little or no proper corporate governance:

  • John J Ray III, in his first bankruptcy filing as the new CEO of FTX on 17 December 2022 said that in over 40 years of legal and restructuring experience, he had never seen “such a complete failure of corporate controls…”
  • In the UK, a publicly listed company saw its stock price drop, institutional investors sell their shares, and some analysts predicting UK sales growth could be severely impacted by bad publicity after poor governance allowed third-party suppliers to pay below the minimum wage to some of their UK-based workers.

Corporate governance is based on four generally accepted basic principles: fairness, transparency, accountability, and responsibility. These principles must be observed from the creation of the start-up, accompanying the development of the company's governance, even when it occurs gradually. The ethical and governance standards that you implement will underpin your company’s culture, the way it operates, and your team’s behaviours.

  • In some cases, having appropriate governance structures and policies is not optional: for example, for regulated businesses, these are likely to be a prerequisite.
  • The policies are also important to stakeholders other than just your employees, and may be of relevance to customers, suppliers, investors and regulators.
  • The board is responsible not only for setting, but also for monitoring the policies. Others (such as auditors) may also have responsibility for checking compliance with some of them, but the primary responsibility rests with the board (which may be collective and/or individual responsibility).
  • In addition to the benefits of having good governance, having appropriate policies in place and monitoring compliance (and taking appropriate steps to address non-compliance or remediate where necessary) will potentially help to mitigate any consequences where anything slips through the net. Conversely, not having an appropriate policy in place, or failing to monitor it are likely to compound any failing.

Where to start



  • Understand the key risks and regulations which apply to your business; engage specialist advisors early on.
  • Adopt board-like routines if not a formal board, i.e. a regular meeting between founders (and seed investor, if appropriate) to discuss business updates and key strategic deep dive topics.

Series A

  • Set up a formal board. Discuss your company’s ethics and governance framework with your board and leverage the experience of the board members.
  • Create and publish company policies e.g. a code of conduct, anti-harassment and discrimination policy, code of ethics, bribery policy, health and safety policy.
  • Communicate policies to the business with purpose. This is not a tick-box exercise, management should be involved in delivering the key takeaways from the policies.
  • Put in place systems and processes to monitor good governance (e.g. regular board meetings) and compliance (e.g. quarterly confirmations from employees) and take remedial action where necessary.

Series B onwards

  • Review the key risks and regulations which apply to your business; engage specialist advisors early on.
  • Discuss your company’s ethics and governance framework with your board and leverage the experience of the board members (and new board members as they join): ask questions such as what are our values? What behaviours do we want to promote or prevent?
  • Once your company has a clear pathway on these key issues, put pen to paper and create/update company policies e.g. a code of conduct, anti-harassment and discrimination policy, code of ethics, bribery policy, health and safety policy.
    • Policies should avoid legalese and be drafted so that they can be digested and understood by the whole business. There is no point in having a 100+ page policy that no one reads! Policies should be focussed on risks that are material to your business e.g., regulated activities/GDPR and data handling and should be proportionate to the relevant issue and its consequences.
    • Policies should be relevant and proportionate to your business and the risks it faces and should be periodically reviewed by the board and updated where necessary to ensure they stay relevant and proportionate as your company grows - what is relevant and proportionate to a business in the start-up phase will likely be different to what is relevant and proportionate in the scale-up and growth phases. Also, bear in mind that additional policies may be required as you scale.
    • Incoming investors will review your policies and procedures on successive investment rounds, and will require you to put in place missing policies or upgrade policies which are no longer fit for purpose. Try and stay ahead of the game by making sure you have reviewed your policies and upgraded where necessary ahead of being found out in a due diligence process.

Data collection

  • Employee acceptance of code of conduct and other compliance policies and procedures (%)
  • The annual number of policy breaches
  • Employee/Board member training rate (%)
  • Board actions completion rate (%)

Useful resources and further reading

Examples and testimonials Copy link

Merama set up a dedicated and comprehensive Compliance Program to implement appropriate processes, procedures, and policies, from writing new policies to establishing an Ethics Committee, implementing a whistleblowing channel, and delivering annual training alongside an ESG, cybersecurity, and compliance onboarding course. Merama’s commitment extends to its subsidiaries, having rolled out a Compliance program for Merchants.

“Our commitment to compliance and ethical behaviour forms part of the company’s core values and principles. We see this as inseparable from integrity and good judgement. We were well positioned to promote these values with our Merchants and to help them put effective compliance and ethical practices in place. We started the Compliance department in January 2022, and by the end of the year, we had 19 subsidiaries with active whistleblowing channels; 12 had implemented and communicated Compliance Policies; 7 had general Compliance Training sessions for all their collaborators; and 8 of the Ethics Committees - composed of members of Merama and the Merchants on an equitable basis - had held meetings to address received reports.” Copy link
Paz Mongelos, Compliance Director at Merama. Copy link

Ramp created an authority delegation matrix to clearly establish who within the business has authority to sign specified documents, which documents need to go to the Board for prior approval or just be reported to the Board after signature, and what to do with the documents once signed. This comprehensive policy creates efficiency within the business by enabling appropriate levels of delegation in order to streamline the process of negotiating and signing documents, whilst setting clear accountability and governance.

"At Ramp, we recognise that delegation of responsibility is essential for scaling any organisation. Our delegation authority matrix has been a key tool in achieving this, providing clarity and accountability while streamlining our operations." Copy link
Szymon Sypniewicz, Co-Founder and CEO at Ramp. Copy link