Getting compliance right before the regulator arrives.

This reflects the type of challenge our consultants are built to solve, drawn from real industry experience. The DPDP Act 2023 came into force and the company had 90 days to demonstrate readiness. The CTO's honest assessment in an internal meeting: 'We have no data map, no documented consent flows, and I don't know what data we're actually processing across all six product modules.' That was the starting point. Not a gap analysis. A blank page.

Six weeks of data discovery across all six modules, mapping every data flow, every processing activity, every third-party integration. The work produced what's formally called a Record of Processing Activities, but in practice it was the first time anyone in the company had a complete picture of what data they held and why. Consent architecture was redesigned end-to-end. A DPO function was established. A breach response protocol was tested via a tabletop simulation before anyone felt it was real enough to need one.

The company had secured its PA licence 18 months prior but had neglected to build the robust internal compliance infrastructure required to maintain it. With an RBI inspection looming within the next quarter and 14 open observations from their previous internal audit, the leadership team was facing high regulatory risk and a potential threat to their operating licence.

We conducted a rigorous gap analysis against the RBI Master Directions for Payment Aggregators. We developed a prioritised remediation roadmap that overhauled their KYC, transaction monitoring, grievance redressal, and cybersecurity controls. Each of the 14 prior audit findings was addressed, documented, and closed to ensure the company could present a clean track record to the regulator.

With SEBI making BRSR mandatory, the company faced a deadline they weren't prepared for. Their ESG data was fragmented across seven different systems, maintained by individual managers who were unaware of the reporting requirements. The company had never produced a formal sustainability report, and the existing sustainability team consisted of a single junior manager with no prior experience in ESG disclosures.

We delivered an 11-week intensive data collection and reporting programme. We built a custom data architecture to consolidate information from Finance, HR, EHS, and Procurement, creating a unified disclosure template. We managed the narrative drafting process, bridge-building between the sustainability team and the CFO to ensure the final report was both accurate and prepared for board-level sign-off.

This reflects the type of challenge our consultants are built to solve, drawn from real industry experience. A PE firm had invested ₹45 Cr in a fast-growing D2C brand but found that decision-making was entirely founder-driven, with no audit committee, no board-approved risk appetite, and no formal investor reporting structure. The 100-day post-investment period required a full governance uplift. The PE partner's specific concern was that two prior portfolio companies had experienced founder-investor conflict within 18 months of investment, both traceable to unclear decision rights.

A board committee structure was designed with three committees, audit, compensation, and risk, each with a charter tailored to the company's stage, not copied from a template. Decision rights were mapped across four dimensions: what the founder decides alone, what needs the CFO, what needs board notification, and what needs board approval. A monthly investor reporting pack was built, piloted for two months with the finance team before going live. A risk register was created and populated across five operational areas.

This reflects the type of challenge our consultants are built to solve, drawn from real industry experience. The group was managed by two brothers in their early 60s, with succession now urgent across a third generation of five family members with differing levels of involvement, and differing opinions about who should lead what. There was no formal board, no independent directors, no intercompany pricing policy, and no framework for making decisions when the two brothers disagreed. They'd been managing that last problem by avoiding certain conversations for years. A PE firm had paused due diligence after flagging these gaps.

A 14-week programme. The first four weeks were a governance diagnostic, mapping actual decision flows, which differed significantly from what either brother initially described. Three independent directors were identified and constituted in week 8: one with sector expertise, one with financial markets experience, one with family business governance experience. An intercompany pricing policy was drafted and approved. A family charter was developed across three family sessions that were, by all accounts, not easy conversations. The goal was not consensus on everything, it was a documented framework for handling disagreement.