|
The Meridian
The bi-weekly compliance newsletter delivering practical insights on risk, regulation, and responsible innovation from veterans and builders in finance.
|
|
|
Hi Equinox Community π
The compliance automation market got a wake-up call. A Y Combinator-backed startup raised $32 million, earned a $300 million valuation, and promised to make companies compliant in days. Then, YC ousted them. We broke it all down, plus what your team should be asking any vendor before signing. Also in this issue: fractional compliance leadership, the fintech-bank governance gap, and a full breakdown of every major bank charter path.
|
|
|
On our radar π‘
In March 2026, Delve, a compliance automation platform backed by $32 million in venture capital, was publicly accused of systematically misleading hundreds of customers into believing they were SOC 2, ISO 27001, and HIPAA compliant when the underlying controls were allegedly never implemented.
The allegations are serious: pre-fabricated evidence customers could adopt with a single click, audit reports pre-written by the platform itself, and certification firms described as offshore operations that rubber-stamped results without independent review. Some of the fastest growing companies including Lovable, Bland, and Wispr Flow were convinced to use their services. Even companies processing protected health information for millions of U.S. consumers were among those affected. The story has raised urgent questions about how organizations evaluate the vendors they trust with their most sensitive compliance programs.
We wrote the full breakdown, including 7 questions every compliance team should ask before trusting a vendor with SOC 2, ISO 27001, HIPAA, or PCI DSS. Read more ββ
|
|
|
From the blog π
π₯ Benefits of using a fractional compliance officer versus a full-time officer. Regulators expect named, qualified compliance leadership. Not every organization needs a full-time hire to get there. Read more ββ
π€ The fintech-bank governance gap: who owns model oversight? Banks canβt rely on fintech testing, and fintechs canβt assume bank approval means compliance. David Stickney breaks down the shared responsibility model. Read more ββ
ποΈ Bank charter types explained: de novo, OCC, state, fintech, and ILC paths. Choosing the right charter is a business strategy decision with regulatory implications that compound over decades. Hereβs what each path requires. Read more ββ
|
|
|
Watch and learn π€
π½οΈ Building an AI Model Governance Program that Scales | On-demand Webinar
Join Amber de Volk and David Stickney in a practical session for compliance, risk, and technology leaders who need to move beyond policy documents and build operational model governance that holds up under examination.
|
|
|
Upcoming events π
π΄ Finovate Spring. San Diego | Register here ββ
π Building Trust in Crypto and AI. May 6 | San Diego | RSVP ββ
|
|
|
Have a question or want to connect? Reach out to us!
Follow our blog and LinkedIn for more content updates.
See you in two weeks,
Emily
|
|
|