The compliance company that started with a fine - and grew into a single operating system for governance, risk, and the unglamorous work of never missing a deadline again.
Here is a fact about compliance software that the compliance software industry would rather you not dwell on: nobody wants it. Not really. Nobody wakes up excited to attest to a policy, collect evidence for an auditor, or confirm - for the fourth quarter running - that yes, the fire extinguishers were inspected. Compliance is the vegetables of corporate life. It is the thing you do so that a regulator does not do something worse to you later.
VComply's founding insight is that this is exactly why it should be software. Harshvardhan Kariwala did not set out to build a governance, risk, and compliance company. He was running a different business, missed a compliance filing, and paid a fine for it. This is the sort of thing that happens to people who keep their obligations in their heads and their deadlines in a spreadsheet - which is to say, almost everyone. The fine annoyed him enough that he built an internal tool to make sure it never happened again. The tool worked. Other people wanted it. In 2019, that tool became VComply.
It is worth pausing on how unlikely a founder this makes him. By his own account, Kariwala started the company without a background in compliance, without a background in SaaS, without a background in enterprise software, and without a co-founder. In the mythology of enterprise startups - where the founding team is usually two ex-Salesforce architects who have Opinions about multi-tenancy - this is close to heresy. What he had instead was the one credential that actually predicts whether you will build a useful compliance product: he had personally been burned by the problem.
Compliance isn't paperwork anymore. It's infrastructure.— Harshvardhan Kariwala, Founder & CEO
The reframe in that quote is the whole company. If compliance is paperwork, it lives in a filing cabinet, gets touched once a year, and is somebody's miserable side quest. If compliance is infrastructure - like electricity, or the accounting ledger, or the thing that keeps the servers on - then it needs to be owned, monitored, and always running. VComply is a bet that the second framing wins, and that the mid-market companies most exposed to regulatory risk are the ones with the least infrastructure to handle it. They are regulated like large enterprises and staffed like small ones. That gap is the market.
What VComply sells into that gap is, at bottom, a system for making forgetting impossible. A spreadsheet does not send a reminder. It does not escalate to your boss when a control lapses. It does not remember, in November, that someone promised in March to renew a certification. VComply does all three. Every obligation, control, and task gets tracked, assigned to an actual human, and closed out in one system - which means leadership gets real-time visibility and the team gets a path that ends in "done" rather than "we'll circle back."
VComply organizes its platform into four modules, and the naming is not an accident. Each ends in "Ops," because the pitch is that compliance is an operation you run continuously, not an event you survive annually. In 2025 the company began framing the whole suite as a Compliance & Risk Operating System - CROS - which is either a meaningful shift in how buyers should think about GRC, or a very good piece of category branding. In enterprise software, those two things are frequently the same thing.
Centralizes regulatory obligations and controls, automates reminders and escalations, and collects evidence across 20+ frameworks.
Risk registers, scoring models, and real-time monitoring so risk assessment becomes an ongoing program, not a one-off audit.
Policy authoring, distribution, and attestation workflows with automatic change tracking and transparent reviews.
Incident and case management to log, investigate, and resolve compliance events with a defensible audit trail.
VComply is a private company, which means the financial picture comes from third-party trackers and should be read as approximate rather than audited. With that caveat: the trajectory is the boring, healthy kind. Estimated annual recurring revenue climbed from around $2.7M near the start of 2021 to roughly $4.3M by 2024 - up about 39% year over year - on a reported average contract value near $1,100. That is a mid-market motion: lots of customers, modest deals, steady compounding.
The funding story is short by design. A $6M Series A in January 2021, co-led by Accel and Counterpart Ventures, sits atop roughly $8.5M in total capital. The company has not, as of this writing, publicly raised since - unusual restraint in a category where competitors have hoovered up nine-figure rounds. Fewer dollars, more discipline.
Figures are external estimates, not company-audited. Directionally: steady mid-market growth.
The customer list is where VComply gets quietly interesting. You would expect a compliance platform's wall to be banks and insurers. VComply's has those - but it also has Coca-Cola, Burger King, and Costa Coffee sitting next to fintech Altruist and visa-services firm TLS Contact. The through-line is not industry; it is regulated operations. A fast-food franchise and a regional bank look nothing alike until you notice they both have obligations, checklists, owners, and auditors who show up asking for evidence.
Under the hood, VComply spans the industries where a missed control has real teeth: healthcare, financial services, higher education, nonprofits, energy and utilities, manufacturing, food & beverage, and auto dealerships. It supports evidence collection and mapping across more than 20 standards - the ISO, SOC, NIST, PCI DSS, SOX, and CIS alphabet soup - so a company chasing several frameworks at once can do it from one place instead of maintaining a separate spreadsheet-shaped headache for each.
An internal compliance-tracking tool, built after a costly missed filing, becomes a company in Sunnyvale on early angel funding.
The product adds risk assessment, laying the groundwork for a multi-module GRC suite.
Accel and Counterpart Ventures co-lead a round to accelerate US market expansion.
ComplianceOps, RiskOps, PolicyOps, and CaseOps mature into distinct but connected modules.
Third-party data shows continued revenue and customer growth across regulated mid-market industries.
VComply positions its suite as a Compliance & Risk Operating System and publishes its "operationalizing trust" thesis.
For product demos, customer stories, and the founder's own take on why compliance is infrastructure, VComply's own channels are the primary source. Search links below open the latest videos and walkthroughs.
VComply is a cloud-based GRC platform that centralizes compliance obligations, risk assessments, policies, and incident cases so teams can track, assign, and close every task in one system - and stay audit-ready without the annual fire drill.
It was founded in 2019 by Harshvardhan Kariwala, Founder and CEO, after a costly missed compliance filing at a prior business inspired him to build an internal tracking tool.
About $8.5M in total, headlined by a $6M Series A in January 2021 co-led by Accel and Counterpart Ventures.
Regulated mid-market organizations in healthcare, financial services, education, energy, manufacturing, nonprofits, and food & beverage - named customers include Altruist, Burger King, Coca-Cola, and Costa Coffee - across 100+ countries.
Four connected modules: ComplianceOps, RiskOps, PolicyOps, and CaseOps, now framed together as a Compliance & Risk Operating System (CROS).