Uh, that's not how it works. Legitimate veto power is usually based on a board and/or shares of the company. Not to mention most CFOs are appointed positions in startups, because they are usually not roles filled in the early days of a tech startups life (as opposed to CEOs and CTOs).
Note - it is worth saying, CFOs are, generally speaking consider extremely important positions for many companies, even more-so than the CEO. But this isn't because they make policy decisions or conduct external communications, but rather because they control the lifeblood of any company - the money.
"Oh, you're wanting to implement more 'privacy' for our users? Well it turns out that we've just done a reorg, and your whole department has no budget for the rest of the year."
As you say, whoever controls the money flow, ultimately controls the people, and can shut down any activity they desire...
Sure it's not "legitimate veto power", but ultimately it is the same thing.
Sorry. I was paraphrasing your " ... but rather because they control the lifeblood of any company - the money." rather than directly quoting you there. I think my point stands.
that the board failed to stop this (or was bypassed) is telling, but this doesn't seem like a failure of the corporate governance model or anything. money is basically essential to a corporation; engineering staff shouldn't be on the level of C suite, despite what many here would have you believe
Although I think the person is getting too much grief for this, I have to say that if a CFO is allowed to make decisions in an area where he lacks understanding, simply because his title starts with a "C", that counts as a failure of the governance model.
"Sadly" because in this instance, it appears there's a CFO in power who's championing selling user's privacy out. Not a comment of whether or not a CFO in general has more influence than engineering (or other) staff, but that an ethically challenged CFO is potentially a toxic influence to a company culture and direction.
