Thinking about a liquidity event? Click here to book your FREE strategy call.

Aug. 15, 2022

Nalini Kaplan On How To Be A Benchmark Of Trust To Increase Enterprise Value (#151)

Nalini Kaplan On How To Be A Benchmark Of Trust To Increase Enterprise Value (#151)

“Hard work is worthwhile and it's good.” - Nalini Kaplan

Nalini Indorf Kaplan is the CEO of Cultiva Partners and creator of DataProtection DynamiX™ and reThink Privacy. She works with mission-driven leaders to deepen customer trust. Nalini brings 30+ years of expertise in customer strategy, ethics and technology and has held executive positions at MasterCard, Deloitte and AMS (acquired by CGI).

Click here to subscribe to The Sell My Business Podcast to save time and effort.

SELECTED LINKS FOR THIS EPISODE

nalini@cultivapartners.com

Cultiva Partners LLC

Nalini Indorf Kaplan - Principal - American Cyber Security Management | LinkedIn

The Deep Wealth Sell My Business Podcast

Cockroach Startups: What You Need To Know To Succeed And Prosper

FREE Deep Wealth eBook on Why You Suck At Selling Your Business And What You Can Do About It (Today)

Book Your FREE Deep Wealth Strategy Call

Deep Wealth LINKS FOR THIS EPISODE

The Deep Wealth Experience

FREE Deep Wealth eBook on Why You Suck At Selling Your Business And What You Can Do About It (Today)

Book Your FREE Deep Wealth Strategy Call

 

Did you enjoy this episode of The Sell My Business Podcast? 

Please leave a review. Reviews help me reach new listeners, grow the show, and continue to create content that you'll enjoy.

Please click here to leave a review on The Sell My Business Podcast.

 

This podcast is brought to you by Deep Wealth. 

Your liquidity event is the most important financial transaction of your life. You have one chance to get it right, and you better make it count. 

But unfortunately, up to 90% of liquidity events fail. Think about all that time, money and effort wasted. Of the "successful" liquidity events, most business owners leave 50% to over 100% of their deal value in the buyer's pocket and don't even know it.

Our founders said "no" to a 7-figure offer and "yes" to a 9-figure offer less than two years later. 

Don't become a statistic and make the fatal mistake of believing that the skills that built your business are the same ones for your liquidity event. 

After all, how can you master something you've never done before? 

Are you leaving millions on the table? 

Learn how the 90-day Deep Wealth Experience and our 9-step roadmap helps you capture the maximum value for your liquidity event.  

Click here to book your free exploratory strategy session.

Enjoy the interview!

Transcript

[00:00:00] Jeffrey Feldberg: Welcome to the Deep Wealth podcast where you learn how to extract your business and personal Deep Wealth.

I'm your host Jeffrey Feldberg.

This podcast is brought to you by Deep Wealth and the 90-day Deep Wealth Experience.

When it comes to your business deep wealth, your exit or liquidity event is the most important financial decision of your life.

But unfortunately, up to 90% of liquidity events fail. Think about all that time and your hard earned money wasted.

Of the quote unquote "successful" liquidity events, most business owners leave 50% to over 100% of the deal value in the buyer's pocket and don't even know it.

I should know. I said "no" to a seven-figure offer. And "yes" to mastering the art and the science of a liquidity event. Two years later, I said "yes" to a different buyer with a nine figure deal.

Are you thinking about an exit or liquidity event?

Don't become a statistic and make the fatal mistake of believing the skills that built your business are the same ones to sell it.

After all, how can you master something you've never done before?

Let the 90-day Deep Wealth Experience and the 9-step roadmap of preparation help you capture the best deal instead of any deal.

At the end of this episode, take a moment and hear from business owners like you, who went through the Deep Wealth Experience.

For over three decades, Nalini Kaplan has focused on business strategy, customer relationship management, and data privacy. Nalini combines the discipline of the big four consulting as she was formerly a partner with Deloitte Consulting, where she created and led several global practices with an entrepreneurial passion, interdisciplinary approach, intellectual curiosity, and a strong drive for results. Nalini helps business owners and CEOs build and manage their data privacy programs so that they not only comply with the law, but lower risk, manage compliance and grow revenue, even if they don't have the staff to run a program. She works with organizations on how to create and maintain trust, security, and digital privacy. Nalini specializes in linking data protection to business strategy and building data privacy programs using an agile approach that saves time, money, frustration, and over-engineered solutions.

Welcome to the Deep Wealth Sell My Business Podcast and I have someone who is not a stranger, but a friend to the Deep Wealth community. And we've had Nalini on a number of times, and she's our trusted go-to person when it comes to your reputation and protecting cybersecurity and your enterprise value and all those good things that go with that. So all that said Nalini, welcome back. And our community continues to grow. So for our listeners who are hearing you for the first time, and by the way, I will put our previous episodes in the show notes.

But why don't you start with the story behind the story Nalini? There's always a story behind the story. What's your story? What got you to where you are today?

[00:03:32] Nalini Kaplan: Sure. I've been in management consulting for over three decades. And back when I was working in New York, I was affected by 9 11. Those of us who are old enough to remember that. And it really got me thinking about a couple of things. One is in terms of life purpose. as it relayed to my business it was how do we prepare for such things that are unexpected?

And that led me to a career of service in pastoral care and chaplaincy. Which led to ethics and that in turn led to data ethics, because I wanted to bring my skills back into technology, into business. It's proven to be very prescient in terms of what's relevant today and also just much more meaningful.

And throughout the course of my life, I've wanted to blend, you know, trusted relationship with good business. I think that's fair to say. And so for the last decade, I've been working on building out data privacy practices, data management practices, along with customer strategies. You know, I'm starting to figure out the Rubik's cube of what makes companies really excel in the trust-making business.

[00:04:47] Jeffrey Feldberg: Well, I like what you're sharing there and you've put a few things out there that really are getting my wheels turning. So Naliniwhy don't we go back to what we started off with and that's where we're talking about being a benchmark of trust out there. Why is that important and then to round it out, how does that tie into enterprise value?

[00:05:08] Nalini Kaplan: Okay. So, you know, there are a lot of initiatives out there for businesses, including let me just take something that I'm focusing on quite heavily in the world of data protection, privacy programs, and governance platforms. And it's good to put those programs in place. I would contend though that's shallow if we leave it there.

And in order to go deeper, if you really wanna be a benchmark of trust, you need three key things. You need to have strategic compliance, true operational control, and trustworthy connection. And to end in your business and to locate this, we need to be able to answer three key questions. So in terms of strategic compliance, How do we ensure that we transform our compliance as part of our business strategy? So most people traditionally look at compliance as an albatross something that needs to be satisfied begrudgingly. And I wanna turn that on its head and say, you can use that as an instrument of competitive advantage if you do it well, hence strategy with compliance. The second dimension, operational control.

How can we ensure that we're in real-time control of our data and our systems and most organizations, it's an ongoing process? Very few truly have real-time control of all of that for a variety of reasons. And the third element is what I've characterized is trustworthy connections. And that means we can answer how can we design every process so that we deepen trust and create enduring relationships. If you were to answer those three questions in the affirmative, you would be able to demonstrate your replaceable customer trust and be untouchable in the marketplace. And that's the holy grail. That's what I'm going for with my clients.

[00:07:16] Jeffrey Feldberg: And Nalini, let's look at that from a few different lenses, but all the lenses really lead to the same place. You know, what's interesting is, you know, Nalini, and as you've shared with the Deep Wealth community before, when you're preparing for a liquidity event, you're really doing double duty with the strategies on the one hand, the preparation is for your liquidity event, but on the other hand, the same strategies of preparation are the strategies of growth.

So your business really benefits on all the fronts. So when you're talking about the different strategies or three questions as an example, or really what does it take from a business owner's perspective to go out there and impress a future buyer? Because as you've spoken about before you have buyers who are regularly calling you up and saying, hey Nalini,, I'm looking at making an acquisition.

Can you do a deep dive on this company and tell me what's going on? So for the business owners out there, it would be terrific Nalini. With what you've been doing out there in the M and A space with becoming a benchmark of trust for our clients, but also for a future buyer, what would be some areas that business owners typically are dropping the ball and it's getting them into problems?

[00:08:29] Nalini Kaplan: The inordinate amount of energy spent on customer acquisition at the expense of customer retention. So, customer, client acquisition is critical. However, it's the customers at the end of the day that you keep and deepen the value that you provide deepen the trust. And hopefully, they're buying more from you because the value exchange is that much that's that much richer.

So that would be number one. Number two is because many businesses, especially when they're in the small to medium space. So I'm talking about 500 million and less and revenues for most types of companies. Value protection is secondary. And that's a shame because the longer you wait, one, the more costly it becomes.

But secondly, if you're not in that operational control, you're not giving assurances to a prospective buyer that are really required now. And this takes us to, I wanna talk a little bit about the evolution of due diligence and IT due diligence over the last few years. So it started with enterprise entities and now I'm seeing a lot more emphasis in the middle market because it affects the quality of earnings, because it affects the enterprise value. And so we're now seeing increased focus and implementation of business systems and processes, things that are repeatable and verifiable. You see this also in terms of companies investing in certain kinds of certifications in the audits that go with them like SOC two and ISO 27001 and 2. And the key thing here is value protection. So a perspective buyer wants to make sure that there are no cyber issues. And that they're aware and that the seller is aware of what their risks are and it's okay to have risks, but then they wanna make sure that the seller is clear about what they are and what the mitigation or remediation strategies are post-close what they're doing about it.

So it's now quite common, for example, for acquirers to issue a compromise assessment. It's known as a threat hunt because they wanna make sure they're not buying a rent-free hacker along for the ride. They want a clean asset, a clean business.

That's something that I see. Secondly, because the notion of data privacy is becoming increasingly important to individuals in the US. As well as companies that wanna extend into markets outside of the US, where data protection in my estimation is more focused on individual rights than it is in the US currently.

And I would submit it's a bit more sophisticated in some cases you have to pay attention to data protection laws and look at everything from your contracts, as well as your customer base. To answer that second question about real-time control of data and systems.

And even with all of that, cause that's a lot of operational focus. It's limited in its value unless you translate it into behaving well with your customers, with your employees, with other stakeholders, including your vendors and regulators, and that's where things often fall down that I see.

So let me leave that there and we can explore further.

[00:11:49] Jeffrey Feldberg: Nalini, you said one thing that would be very easy to gloss over, but it really says a lot. And that is that in the middle market. This is now becoming more of an issue than it ever was before, because I know when I'm speaking to other business owners that aren't 500 million in sales or saying, you know what, Jeffrey.

I'm too small for a future buyer to really be worried about compliance and cybersecurity and everything that goes along with that. And being a benchmark of trust, that's, let's leave that for the bigger companies that have higher revenues and the hundreds of millions of dollars, not me. And you alluded to that.

That's now changing. So what's behind that change? And what are you seeing?

[00:12:29] Nalini Kaplan: Well, a couple of things. One, you don't wanna churn and burn, right? So spending the care upfront, along with the investment of time and energy for building relationships and having relationships be equally important to your products or services is always a better payoff in the long run. I would submit that this is timeless and we've lost sight of that.

So it's especially important when you're small because you can't afford to spend more money than larger organizations in some cases to acquire customers or to reinvent the wheel when it comes to operational controls, like cybersecurity and data protection. And even though there are thresholds with different regulations and statutes on the books.

No one can afford at a minimum, the distraction, a data breach, a personal data breach would cause, but at a maximum, especially for smaller entities, it can bankrupt you. And the reputational loss might be irrecoverable, even if you're not bankrupt.

[00:13:35] Jeffrey Feldberg: And so when looking at that, I mean, all of these are big concepts on the one hand. And on the other hand, it may sound more complicated than really what's going on behind the scenes, particularly when you have somebody like yourself as a subject matter expert who's coming on in. So Nalini, what would be happening if a business owner brings you on board and they're saying Nalini, you know what?

I wanna make sure that I'm gonna be compliant in all these areas that a future buyer. Who's gonna be kicking the tires and seeing what's under the hood is gonna be walking away, all smiles and not running away or crying, you know, because, hey, it's not what I thought. What would need to happen for that?

[00:14:13] Nalini Kaplan: The first thing is to take a look at your risk profile. Where are you? Let's have some context because context gives everything meaning, right? So where are you operating? What's the industry? If you're in the US what's sectoral laws particularly if you're in finance or FinTech or healthcare, it becomes pretty evident in terms of legislation and regulations that drive you. But even for manufacturing, what applies, where do you operate? Where are your employees? Where are your customers? then you array a trust grid with the regulations so that you hone in on the scope that you wanna focus on first. And I've had good success with public-facing systems, for example as opposed to internal first they're all important. Then you figure out what's impactful protection. What does that look like? And it's generally only a handful of practices and the key is to have the standard, the policy, and then what you're doing about it, which translates into processes and work instructions and get everybody on board. I think one of the challenges we all face is we have way too many inputs coming at us and we don't discern what are the three things.

And then of that, what's the first thing I'm gonna focus on? And then the second, and then the third, and I recently reinvigorated the term steel thread test. It's figure out what you need to do end to end. So for example, if you don't have a updated privacy disclosure, notice on your website, They're often referred to as policies, but they're really about notices. Trace it back, figure out what your obligations are, and then build out your internal policy, how you're going to allow respectful rights management for people who are asking for information from you, and how you're protecting the data that you collect.

There's a bit more to it than that, but that. That's a good starting point. You know, you have to make sure that whatever you have in your position, you have the right to have it's for the intended purpose. And if you no longer need it, you should think seriously about getting rid of it. And I don't know if I mentioned this the last time we talked Jeffrey, but it still seems to hold true.

That 60% of data collected is accessed only once and never again. And that's quite expensive, both in terms of storage, even though storage costs have gone way down, it's expensive because it's a potential liability to these companies. So I've had great success in finding those one to three things within say a 90-day timeframe that can make a big difference going forward.

And size of organization doesn't seem to matter much in terms of results.

[00:16:58] Jeffrey Feldberg: And so when you're going through this process, and I know in other episodes, we've touched upon this before, but it's certainly worth reviewing, you're coming in, you're looking at data privacy, you're looking at the best practices you're looking at, how can you make this as part of their strategy in terms of the data protection and all those other things?

You know what, from start to finish Nalini, how long would that typically take for a company? Who's let's just say isn't all that organized? It's kind of been half hazard over the years, a little here, a little there, but nothing, all that great. When all is said and done, what do you think is going on with that?

[00:17:34] Nalini Kaplan: Realistically, it can take anywhere from 12 months to 36 months. The longer side, if things are super messy and or the end game is to put in an information security system with certifications and audits, for example on the shorter timeframe for, you know, we just wanna make sure that we can navigate well, and that we translate that into marketplace actions so that we don't say your privacy is very important to us, or we care about making things simple and easy.

You actually reengineer your processes to make things better for your customers and give them choice. So I think planning on 12 to 18 months is a starting point is a fair timeframe.

[00:18:19] Jeffrey Feldberg: And, you know, what nudge, nudge wink, wink for your listeners out there when you're going through the nine-step roadmap and the Deep Wealth Experience, you know, you're also looking at 12 to 18 months. And so when you're preparing for your liquidity event and you can also be working with Nalini and just preparing your company to make sure that you can check off all the right boxes, preparation, and the time going into it.

Really protects your value. And so let's talk about that Nalini in terms of the protection of value. Because since we last spoke in the us, there's been a whole number of new laws and regulations that have taken place. And I'm wondering, how does all this fit in terms of protecting the enterprise value? Are there any stories from the trenches that you can share with us?

A buyer who perhaps is looking at a company, all things were looking great, brings you in perhaps a law change that the business wasn't aware of and the value just goes in the wrong direction or other marketplace changes that have gone on that. It either impacted the deal negatively or perhaps even no deal at all.

[00:19:22] Nalini Kaplan: Yeah, unfortunately, I've had a couple where there was no deal at all. Due in large part to what I call information security and privacy washing. So they may have had a good set of paper policies. But when push came to shove and we went in our due diligence to see, okay what do you really have? They didn't, they weren't able to demonstrate that they were actually complying. In other words, living those good practices day to day. So it is becoming greater issue and it's predominantly a legal issue. Privacy assessments are still not always done, but M&A law firms when I'm called in, we do review contracts and we're looking at the transferability of those contracts. And we are looking now more closely at data protection issues. Particularly since every business has service providers or processors. So SaaS companies that are performing services on behalf of a company and the momentum is growing. There are now 5 US laws that will take effect between January and the end of December next year, 2023.

And there's even federal legislation that's out of committee in the house. It's not clear if it's gonna die on the vine in the Senate or not, but it's gotten more momentum than it has in previous years. And I think we're gonna see more back and forth of this nature. The key elements, are you being clear about what you're doing with data to individuals? In the US it's still largely around B2C, so consumer-based businesses, but if you're B2B, if your customer, your client is B2C, you are going to be swept up in this as well. Can you justify what data you have about individuals? Can you give them an updated report about the data and can you delete it if requested and so on and many businesses in the US have never been architected?

They haven't been engineered to be able to handle those kinds of data requests, because we have data about an individual that could span scores of systems. So that suddenly coming into sharper focus for companies. But I think that it remains to be seen where this will go. And now it's much more about legal obligations, contracts, and data management from a value protection standpoint within the entity itself.

Not necessarily for individuals or what are called data subjects in legalese and protecting those rights.

[00:22:04] Jeffrey Feldberg: And in those areas, let's call those areas. The ones that are really impacting the value, the enterprise value of the business. You've highlighted a few of the areas. And one of those things that you mentioned what was interesting, it was, you know, I could be doing everything right, but I'm partnering or I have a vendor or a supplier who perhaps isn't.

And now unintentionally, if they do something off base that they can drag me into a situation where it harms me. Can you talk to us a little bit about that? Because out of sight, outta mind, isn't such a good thing. When it comes to liquidity event?

[00:22:40] Nalini Kaplan: I agree wholeheartedly. And third party management vendor management is probably the most critical area because it's the one as you just highlighted with the most vulnerability. And so what that requires most companies send out questionnaires and they come back. Hopefully in a sensible way and complete, but more often than not sadly incomplete, incorrect, or not at all. I have not seen many companies that in the course of their risk management and procurement process say, Nope, we're not using you because you didn't pass our cybersecurity. There's often an executive that says yes, make this work. And I believe that's going to change in the future because of the liability that ensues.

But let's say that you have done a good risk management process before purchasing a particular system. Then it's important that you actually go back on a periodic basis, based on the risk profile. So sometimes that's a few months. Sometimes that's annually. Usually, it doesn't go longer than that, but you need to go back and verify that your processor, your vendor is doing what they committed to do on your behalf in terms of protecting the data. And there, I see a lot of variability. I'm excited to see a number of privacy tech and cyber companies trying to solve this problem. It's like, how can we do it in a more automated way, but there's still a lot of manual work to be done.

[00:24:15] Jeffrey Feldberg: And you know what, as you're talking through this, I'm having these images in my mind, Nalini of business owners are saying, you know what, I'll just do it on my own or I'll speak to my IT person. They will get it done. We've got it covered. And you can correct me if I'm off base here. That's almost like saying, you know what, I'm gonna do my own tax return business-wise or personal-wise with all these complex laws that are taking place.

And I'm not really doing this day in day out. Can you walk us through why that on the surface, it seems obvious, but you know why that wouldn't be the way to go? What's at risk here? If either you're not doing it or the second to worst thing is we'll just do it on our own. We don't need somebody like a Nalini.

[00:24:54] Nalini Kaplan: A couple things, one is it tends to get relegated to the bottom of the pile of priorities. Secondly, there's a couple of nuances here we should talk about. So if you're developing software, your engineers likely have some exposure and training in how to code, how to develop software with good security in mind.

And I'm encouraging and hopeful that companies will continue that specialized training specifically for software developers and engineers. In other parts of the business, you know, you wouldn't have a sales executive responsible for operations typically. So this is no different. And particularly in cybersecurity information security on the one hand and data privacy, on the other hand, they are evolving disciplines that are vast on their own. I don't even purport to be a cybersecurity expert. I work with additional colleagues who are do white hat, pen testing, penetration, testing of systems, network, security, experts, and so on because it saves time. It also reduces risk because we've got people who don't need on-the-job training.

They bring their expertise with them and can help me sleep at night, in terms of the cadre of services that we perform. And in the area of data, privacy, data management, things are changing all the time and it's a full body of work just to keep up with those changes and then apply them to a business.

So I think your analogy of tax returns in the US anyway is a very aptly analogy. Disregard the downside of thinking that you can do it on your own. One it's gonna take a boatload more time. Secondly, if you go in the wrong direction, the rework would take additional expense and even more time. And it's a distraction from the essence of the business, which is how do you wanna build and deepen enduring trust with customers. So it behooves people to bring in the right set of experts on the team to do that. It's more expedient to tap into expertise. And then as the business owner and the leadership team, you can connect those dots and say, because we have operational control here's how we show you can trust us, here's exactly what we do with our data. And I would look to companies like base camp has a wonderful manifesto. They've used their security practices and their privacy practices to stand out in a very crowded marketplace and project management tools, for example. So that's where I think we're headed in terms of trust building.

And that's why you should use experts on your team.

[00:27:41] Jeffrey Feldberg: And you know what? It seems that every time I'm reading a newspaper or listening to the news or just some kind of newsfeed that's coming in. You hear it yet again, of a company that's gone, offsite and customers are having all kinds of issues. So, Nalini going back to what you're talking about earlier of how can you be a benchmark of trust to increase your existing business, but also your enterprise value today is more topical than ever.

And let me ask you this we've really been going into different areas here in the episode. For someone who's coming out of this episode and they're they wanna do something practical here, what would be your top three action items that can be done right now? So episode ends before they go back to the voicemails, the emails, the meetings, and all those endless other distractions that are gonna be there.

What would be your top three list of action items as it pertains to what we've been talking about, that a business owner could follow?

[00:28:41] Nalini Kaplan: Job one would be, do you have an up-to-date, data inventory and what we call an asset inventory? It's a bit tedious and it's so critical. It's a cornerstone of operational excellence and any compliance program. And if you don't, get to work in terms of data inventory, you don't have to boil the ocean of your systems that you know about your databases. And then I'll get to unstructured information in a minute. What if that is actually personal information? And personal information is that data that can be attributed to a named natural person or in combination can identify a person. So it's a name John Smith by itself is actually not personal information, but if it's John Smith, age 61, born in Missoula, Montana, then we know it's a particular John Smith by example. Of that, what is sensitive information? Because often you have to safeguard it in more profound ways. There are greater penalties of sensitive information gets out the door and this varies by jurisdiction, but are in the us it's things like health information. So think about that for your employees, social security numbers, and so on. So that would be number one. Do you have a handle on your data and in particular, your personal data? Now, many folks have a handle in their databases, but they don't realize that many elements are in spreadsheets. They're in Google docs of various kinds. They're in email the universe of unstructured data so you have to think about that as well.

Secondly, most smaller businesses, and smaller I'm defining here as under a hundred million dollars. Don't have a privacy management capability and you can have privacy as the key driver of Information security and trust so many organizations, I would post it most, have some kind of security practices in place.

And if you don't, that's where you start. But having privacy management, it's let's get clear on what our privacy stance is. We're gonna use it as a differentiator or we just wanna be mainstream. We wanna understand how to comply with laws and regulations that apply to us that we talked about earlier here in our conversation today.

That's fine. So that would be number two. And then the third thing is do an assessment of what is it like to be a customer with us. And actually, look at your customer service processes. Start with lead generation and customer acquisition, are you funneling people? Are you giving them choices?

If you care about trust, you're doing that because trust depends on consistency, reliability, right? Integrity. So there are different ways to design an assessment like that. But typically, those are big payoffs, because if you simplify the exchange that you have with customers, if you increase your consistency, you're getting from RO to refreshing because people say one thing and do another that's a no-no in the trust-building exercise.

And here's something that's untapped people often ask for feedback. Where I see it falling down is companies don't take that feedback, put it into production and test it and then talk about how they tested it. And what's working and what's not. So that would be number three.

[00:32:17] Jeffrey Feldberg: You know, what's interesting about that Nalini, in the top three, one of the items that you were speaking about, item number three, really reminds me of a secret shopper exercise and a lot of businesses before they have a liquidity event will do that. They'll have a secret shopper exercise. Hey, where are we hitting it outta the park?

Where are we having some issues? And to take that concept now and apply it to what we've been talking about. Seems really powerful in an effort to really highlight. Okay. Where are those hidden skeletons in the closet that we know about today that we can clear up and well in advance of our liquidity event, really have a clean slate going into that?

What I'm wondering is, things have been progressing because I know since the last time we spoke, we were saying, you know, what a quality of earnings report not too far ago was unheard of. It was more the exception than the rule and today you don't have a liquidity event unless there's a quality of earnings report.

And in the areas that we've been talking about with data, privacy, cybersecurity, becoming that trusted benchmark every day, it seems more and more. It's becoming more the standard as opposed to the exception. What are you seeing? You're in there day in, day out. What's been the tempo of change with this?

[00:33:29] Nalini Kaplan: There are a few things that are coming to the fore. One is I'm being asked much more readily in due diligence to focus specifically on data privacy in the US even for organizations that don't have a market overseas, either across the border in Canada, Latin America, or In Asia, or the EU so that's number one. Secondly, I am seeing where it's interesting, even with the focus on customer experience, still, over 70% of customer experience leaders, struggle to design projects that increase customer loyalty and achieve results. And compliance is left off the table completely. So what I'm seeing in companies that are taking the lead that are becoming truly mainstream.

Which I don't think is sufficient, but it's really better than firefighting, being mainstream and systemic is that they're going, oh, for trust. We need to bring in what's impactful protection for them. How are we demonstrating respectful rights of our customers? So it is about customer choice and taking an opt-in approach, you know, at every turn, meaning Jeffrey, if I wanna do something with you, I'm gonna ask your permission.

I'm gonna do it in my marketing. I'm gonna do it in a sales scenario. I'm also gonna do it in customer service, and I'm gonna let you know how long I'm gonna keep information that relates to our relationship and I'm gonna get rid of information. So that's something that I wish I would see more often than not in companies, but what I am starting to see is a designated person responsible for data privacy in ways that I haven't seen before.

 A few years ago it was having a CISO, a Chief Information Security Officer. And now I'm seeing privacy officers in smaller entities as well. Cause the bigger enterprises are focused on environmental sustainability governance now is the next big thing. So I have a feeling we're gonna see scorecards that take trust factors, you know, based on these enterprises into the small and mid-market.

[00:35:41] Jeffrey Feldberg: And Nalini as the marketplace continues to change, and as these issues become more of a forefront kind of thing that you need to know before you go to market, or even to keep you in business. I've put the liquidity event aside you've been responding. And I know you've changed up a few things on your side, in terms of different packages of helping businesses to be able to deal with this.

Can you walk us through some different options of what you do with businesses? When they say, hey, Nalini heard about what you're doing, we need some help. Why don't you coming in and talk to me about how you can help us and what that looks like?

[00:36:17] Nalini Kaplan: I've actually spent the last several years developing a methodology in response to the fact that the US has state privacy laws coming. Now we're on number five and it's anyone's guess whether the federal government will actually put something in place that will be seen and a good compliment.

To the regulations in place today that we can live with. And this methodology starts from principles of good data management, data protection, and privacy, but translate into four key areas around Business operations. So it takes into account the business and regulatory environment. So setting the context and the strategy, focusing on employees, because businesses typically have employees and contractors would go into that sphere as well.

And then various forms of data management throughout operations and information security. The one element that I think is unique and I've added into my methodology is around organizational change. Nothing really happens unless everyone is on board, steering in the rowing in the same direction, and making pronouncements about compliance.

Doesn't make it real. So I emphasize what does it really take to get folks on board and what are the desired behaviors that you need and how do you reinforce that in ways that are empowering rather than scary? So that's been very exciting and I would work with a company to assess and evaluate how are they doing, with respect to those four areas.

And then let's pick, one to three to five areas to focus on. And we would begin building out that end-to-end process that I described because you do want to implement what are called controls and to make them actionable needs. You have to have some standards. So what's your risk level?

What's the landscape that you operate in both in terms of opportunities? For trust building with customers. But the reality is also, we need to look at potential threats and risks and mitigate those. And then it's about a tailored action plan based on just good business process, re-engineering in this space to actually translate it out to what does it mean when you interact with a person who may be a prospective customer client, or a current customer or client.

And then the same holds true with vendor management. So depending on the organization that would lend itself to a different specific set of strategies to implement.

[00:38:52] Jeffrey Feldberg: And Nalini, what I really like in what you're doing there is you're coming in really top level. And I know I may be oversimplifying things, but really you're doing a threat analysis. Okay, big picture wise, what right away are the low-hanging fruits that can Jeffrey, this can put you outta business.

Forget a liquidity event. This here, if not dealt with you didn't know about it. It's a blind spot. It's a skeleton. Is gonna be a danger zone for you. And then you're focusing in on that right away and getting that going. And really like we've spoken about before Nalini, as we talk through this, most of us or all of us really should be going and getting an annual checkup with the doctor for our health each year.

The business is no different. Why not have an annual audit as a minimum? In terms of the cybersecurity data privacy and the list goes on and on in these areas. And it sounds like that's exactly what you're doing when a company brings you on in, and then based on what you're seeing you chart a very specific and custom path on a business by business basis.

[00:39:50] Nalini Kaplan: That's correct. And I first look for things that are the gotcha. Skeletons as you characterized, what do we need to do to fix those? Then, the next level would be all right. What are the things that we can do operationally that help us prevent something that we know would lead us down an unwelcome outcome?

And then for a select few, cause they benchmarking is hard to become the pinnacle or the benchmark. What are those things that are truly transformative and for mission-driven businesses, I think that's gonna become more prevalent than it is today because simply keeping up with regulations and compliance it's barely table stakes.

You've gotta stand out from the noise of the marketplace. And one of the few things that's been immutable is to compete on trust. And we start with the fixing then the preventing, and then it's all about transforming. And how do we accelerate that on a known pathway, I've got nine accelerators that can help an organization get there.

The three pillars that we talked about early on strategic compliance, operational control, and trustworthy connection. And then we tailor it. As you mentioned to the context and all in a rapper of empowering, rather than scaring because the truth is data breaches are continuing it's easy to focus on bad news.

However that doesn't sustain enduring anything in terms of behavior, you need to have meaning that makes sense. That has a purpose that helps drive people towards a better outcome. And that's what I've hoped to achieve with my rethinking trust framework with my data protection dynamics methodology and so on.

[00:41:30] Jeffrey Feldberg: And Nalini, thank you so much for doing that. And you know what? We could just talk for episodes and seasons of all these different things that are there. But I think you've done just a terrific job of going into a deep dive in some of the different areas. And at the same time, giving us an overview of what's changing out there and what we need to know about just to protect ourselves both today and going forward for tomorrow.

So as we begin to wrap up this episode, you're no stranger to this thought experiment and I'm privileged to really get to ask every guest on the Deep Wealth summit business podcast, this question. And so we're gonna continue that tradition and maybe you'll share the same answers before. Perhaps it'll be a different one time will tell momentarily where you take us with this, but here's the question for you.

I'd like you to remember the movie Back to the Future. And in the movie, you have that magical DeLorean car that can take you to any point in time. So imagine now it's tomorrow morning and you look outside your window and not only is the DeLorean car there, but it's door is open. It's waiting for you to hop on in and you can now go back to any point in time, perhaps it's Nalini as a young child or a teenager, whatever point in time it would be.

What are you telling your younger self in terms of life, wisdom or lessons learned or, hey, Nalini do this, but don't do that. What would that sound like for you?

[00:42:52] Nalini Kaplan: I think right now I would go back to high school. And I would remind my young self of the importance of focusing on enduring relationships because those really hold steady no matter what circumstances. And I couldn't predict where my life was gonna go. Even though I had a very strong sense of what I wanted to study in college and I did and the whole world of technology and the ins and outs.

And as I reflect back now over my career, I would tell my young self. Yep. It really is all about the relationships that I've carried through. And by doing that, I've been able to live my values. My strongest one being about being in integrity and it's hard. And hard work is worthwhile and it's good.

So I would also mention that to my young self.

[00:43:45] Jeffrey Feldberg: Some terrific words of wisdom, not just for your younger self, but for all of us as well. Listening in on our fireside chat here and Nalini, as we wrap up this episode, I will put this in the show notes. If somebody would like to learn more and find out what you're all about online, what would be the best place to reach you?

[00:44:05] Nalini Kaplan: It would be to go to cultivapartners.com.

[00:44:08] Jeffrey Feldberg: Terrific. And again, for listeners, we'll put that in the show notes. It'll be an easy point and click well, Nalini, we're gonna officially wrap up this episode, and a heartfelt thank you for taking part of your day and spending it here with us on the Deep Wealth Sell My Business Podcast and as always, please stay healthy and safe.

[00:44:26] Nalini Kaplan: Thank you, Jeffrey. It's always a delight to be here with you and our wonderful community in the Deep Wealth area.

[00:44:32] Sharon S.: The Deep Wealth Experience was definitely a game-changer for me.

[00:44:35] Lyn M.: This course is one of the best investments you will ever make because you will get an ROI of a hundred times that. Anybody who doesn't go through it will lose millions.

[00:44:45] Kam H.: If you don't have time for this program, you'll never have time for a successful liquidity

[00:44:50] Sharon S.: It was the best value of any business course I've ever taken. The money was very well spent.

[00:44:56] Lyn M.: Compared to when we first began, today I feel better prepared, but in some respects, may be less prepared, not because of the course, but because the course brought to light so many things that I thought we were on top of that we need to fix.

[00:45:12] Kam H.: I 100% believe there's never a great time for a business owner to allocate extra hours into his or her week or day. So it's an investment that will yield results today. I thought I will reap the benefit of this program in three to five years down the road. But as soon as I stepped forward into the program, my mind changed immediately.

[00:45:34] Sharon S.: There was so much value in the experience that the time I invested paid back so much for the energy that was expended.

[00:45:45] Lyn M.: The Deep Wealth Experience compared to other programs is the top. What we learned is very practical. Sometimes you learn stuff that it's great to learn, but you never use it. The stuff we learned from Deep Wealth Experience, I believe it's going to benefit us a boatload.

[00:45:58] Kam H.: I've done an executive MBA. I've worked for billion-dollar companies before. I've worked for smaller companies before I started my business. I've been running my business successfully now for getting close to a decade. We're on a growth trajectory. Reflecting back on the Deep Wealth, I knew less than 10% what I know now, maybe close to 1% even.

[00:46:16] Sharon S.: Hands down the best program in which I've ever participated. And we've done a lot of different things over the years. We've been in other mastermind groups, gone to many seminars, workshops, conferences, retreats, read books. This was so different. I haven't had an experience that's anything close to this in all the years that we've been at this.

It's five-star, A-plus.

[00:46:43] Kam H.: I would highly recommend it to any super busy business owner out there.

Deep Wealth is an accurate name for it. This program leads to deeper wealth and happier wealth, not just deeper wealth. I don't think there's a dollar value that could be associated with such an experience and knowledge that could be applied today and forever.

[00:47:02] Jeffrey Feldberg: Are you leaving millions on the table?

Please visit www.deepwealth.com/success to learn more.

If you're not on my email list, you'll want to be. Sign up at www.deepwealth.com/podcast. And if you enjoyed this episode of the Sell My Business podcast, please leave a review on Apple Podcasts. Reviews help me reach new listeners, grow the show and continue to create content that you'll enjoy.

As we close out this episode, a heartfelt thank you for your time. And as always, please stay healthy and safe.

Click here to book your free exploratory strategy session.

Enjoy the interview!