It’s not arrogance or too much money or stupid people. It’s simply that a 1,000+ person company is too big to take the same shortcuts that help startups achieve rapid growth. Many, many startups take shortcuts: you scrape sites in violation of TOS or ignore local regulations because you’re under the radar. If you get busted, maybe you get a cease & desist or a stern look by a regulator. A “my bad” usually suffices. This is part of what makes scrappy startups execute so much better than incumbents.
It’s entirely conceivable that the board didn’t know about Macro because it wasn’t considered material… just a productivity hack. The failure is that the transition from scrappy startup to significant entity didn’t bring with it additional controls – controls that would probably be viewed as friction by almost any industry outsider.
It’s hard to shift from “move fast and break the rules” to “dot i’s and cross t’s.” It slows down growth and it’s no fun. If there’s any failure on the board’s part (and it’s a extremely smart board), it’s that it took this long to get a chief compliance officer.