Delve into compliance theatre

Patrick McKenzie (patio11) explains how compliance regimes designed to be viral brought many more firms into the scope of frameworks like SOC 2. This created a market demand for compliance-on-the-cheap by companies like Delve. Delve has been accused in an anonymous bit of investigative journalism as engaging in Potemkin compliance.

Patrick contrasts what real audits look like with what Delve allegedly delivered. He argues that selling compliance theater as compliance is fraud, not the sort of benign rule-breaking celebrated in startup culture.

–
Full transcript available here: https://www.complexsystemspodcast.com/delve-into-compliance-theatre/

–
Presenting Sponsors: Mercury, Meter, Granola & Framer

Complex Systems is presented by Mercury—radically better banking for founders. Mercury offers the best wire experience anywhere: fast, reliable, and free for domestic U.S. wires, so you can stay focused on growing your business. Apply online in minutes at mercury.com.

Networking infrastructure has a way of accumulating technical debt faster than almost anything else in IT. Meter handles the full stack (wired, wireless, and cellular) as a single integrated solution: designed, deployed, and managed end-to-end so there's only one vendor to call when something goes wrong. Visit meter.com/complexsystems to book a demo.

If meetings consistently leave you with hazy action items and lost context, Granola handles the transcription so you can actually participate and gives you searchable notes afterward. Try it free at granola.ai/complexsystems with code COMPLEXSYSTEMS

Building and maintaining marketing websites shouldn’t slow down your engineers. Framer gives design and marketing teams an all-in-one platform to ship landing pages, microsites, or full site redesigns instantly—without engineering bottlenecks. Get 30% off Framer Pro at framer.com/complexsystems.

–
Links:
Fake Compliance as a Service - Part 1: https://substack.com/home/post/p-191342187
Editorial independence episode: https://www.complexsystemspodcast.com/episodes/editorial-standards-and-independence/
Dan Davies episode: https://www.complexsystemspodcast.com/episodes/dan-davies-organizations-fraud/

–
Timestamps:
(00:00) Intro
(02:14) The taxonomy of compliance
(04:11) Why compliance is viral
(09:08) Defense in depth
(14:19) Accountability and liability
(16:05) The allegations against Delve
(19:53) Sponsors: Mercury | Meter
(22:41) The allegations against Delve (cont'd)
(24:31) The response and evidence
(29:38) Implausible patterns
(38:22) Heuristics for truth
(40:10) Sponsors: Granola | Framer
(42:52) Heuristics for truth (cont'd)
(44:28) Naughtiness vs. fraud
(51:16) A voice in the startup community
(53:05) Advice for the exposed
(56:38) Wrap