Get your free personalized podcast brief
We scan new podcasts and send you the top 5 insights daily.
To prevent corporations from diffusing blame, compliance frameworks intentionally create personal liability. Regimes like HIPAA require a named compliance officer, while SOC 2 involves the board. This forces specific, wealthy individuals to be personally accountable for the company's representations, piercing the corporate veil of diffused responsibility.
Related Insights
Horowitz argues that a board's primary function isn't just strategic advice, but to legally protect the CEO. Running material decisions like equity grants past the board shields the CEO from personal liability and lawsuits—a danger many founders underestimate.
To ensure market integrity, Kalshi maintains a strict information wall between its business and compliance teams. The market surveillance function reports directly to the board, meaning CEO Tarek Mansour is intentionally not privy to details of specific investigations to prevent business pressures from influencing outcomes.
To combat diffused responsibility, starting a committee at Coinbase requires explicit CEO or COO approval. This forces the assignment of a single "Directly Responsible Individual" (DRI), ensuring clear ownership, accountability, and faster decision-making.
A crucial function for humans in an AI-driven economy is to serve as a target for lawsuits. Because you can't easily sue a data center, regulated professions will require a 'human in the loop' to take legal responsibility. This creates a valuable economic role for humans: being a legally accountable entity.
Horowitz argues that forgoing a board is a massive legal risk for CEOs. A board's primary function is to provide a legal shield. Running material decisions, like equity grants, past the board protects the CEO from personal liability and lawsuits from shareholders. Without this process, founders are dangerously exposed.
Compliance frameworks such as SOC 2 and HIPAA are designed to spread virally. Once a company becomes compliant, it contractually requires its vendors to do the same. This creates a cascading chain reaction that rapidly expands the standard's adoption across an entire ecosystem, far beyond its initial targets.
MSPs often avoid selling compliance services due to their complexity and perceived liability. However, 'human risk' is a required part of most frameworks and is far more tangible and easier to sell than technical controls. It acts as a wedge, allowing MSPs to enter the lucrative compliance market with a simpler, more relatable offering.
Inexperienced founders often misinterpret a SOC 2 requirement as a minor administrative hurdle, like paying for a registered agent. This fundamental misunderstanding that compliance is just a low-effort "tick box" creates the demand for vendors who promise a cheap, fast, and ultimately fraudulent, solution.
A potential multi-billion dollar verdict is framed as a signal for accountability, not just a financial penalty. The goal is to influence corporate behavior regarding pharmacovigilance, transparent engagement with the FDA, and creating internal documentation that prioritizes patient welfare over revenue.
For Outbound Sync founder Harris Kenney, SOC 2 was more than a sales checkbox. As a non-technical founder, the process imposed engineering discipline and best practices his team might have otherwise skipped, improving the product and covering his own knowledge gaps.
