Compliance and risk management startup Certa raises $35M

Certa, a compliance, governance and risk management platform for enterprises, today announced that it raised $35 million in a Series B round co-led by Fin Capital and Vertex Ventures, with participation from Tru Arrow Partners, Point72 Ventures, BDMI, The Chainsmokers-backed Mantis VC and GOAT Capital.

The tranche brings Certa's total capital raised to "just over" $50 million, according to founder and CEO Jag Lamba, who wouldn't reveal the valuation -- saying only that it was the "standard Series B valuation for a round of this size."

"Every relationship with a third party introduces new risks to a business, and even one bad relationship can be catastrophic," Lamba told TechCrunch in an email interview. "Risks range everywhere from data privacy and finance to climate, environmental and regulatory risk types ... Certa’s vision is to make it easier for firms to work with third parties globally."

Lamba, a Wharton alumnus who spent 10 years at McKinsey, says he was inspired to found Certa after running into issues with procurement teams working with new, unvetted third parties.

"As organizations expand their global footprints, they're exposed to diverse compliance requirements and increased security risks," Lamba said. "With disparate systems, data silos can become a major challenge."

That certainly appears to be the case. According to MetricStream, 48% of organizations have difficulty tracking third-party compliance. Moreover, 58% of compliance teams report that gauging vendor responsiveness is their top challenge with third-party risk management.

Noncompliance is an expensive proposition. One source finds that a single "non-compliance event" can cost a company an average of $4 million in revenue, and that the cost of noncompliance has risen nearly 50% within the last 10-15 years.

So how does Certa solve this? With an orchestration engine that brings stakeholders involved with a risk-exposed business process onto the platform, Lamba says.

Specifically, Certa offers a platform where all third parties -- vendors, partners and clients -- can share data and internalize a company's rules and policies around compliance and risk. Certa provides risk scoring reports, templates and modules in addition to third-party validations and questionnaires to analyze risk and keep up with regulations, plus integrations that allow users to create risk management reports for their larger organizations.

Recently, Certa launched an environmental, social and governance (ESG) suite to help organizations with supply chain-related ESG requirements and a no-code "studio" that allows users to personalize risk-exposed business processes through a drag-and-drop interface.

"Certa’s automation capabilities can significantly reduce manual tasks, offering tangible cost savings and improving speed-to-market," Lamba said. "Gathering, centralizing and standardizing data from multiple sources, each with its own format and standards can be challenging. For enterprise companies, third-party risk management is typically a siloed and manual process. Data is siloed across multiple systems, spreadsheets and emails with significant room for risks to fall through the cracks."

Certa has competition in spades. There's Hyperproof, a compliance and risk management startup, which recently raised $40 million. Cypago, which aims to automate compliance and governance for companies, nabbed $13 million not long ago. And Kompliant, which focuses on the financial side of compliance, secured $14 million.

But Lamba thinks there's plenty of cash to go around -- and he's not necessarily wrong. Research and Markets estimates that the global enterprise risk management market will be worth $6.38 billion by 2027.

Certa, which employs a staff of around 200 people, claims to have 170,000 users.

"Certa's strategic approach positions us strongly to navigate potential headwinds," Lamba said. "Our focus on essential areas in managing third parties remains steadfast ... Burn rate is not something we can share, but this latest funding round will give us several years to accelerate the business."