Today, there seems to be a constant stream of changing rules and regulations for companies to keep up with. This dynamic regulatory environment can be increasingly difficult for emerging companies to navigate, particularly those in heavily regulated industries and those operating across borders. As startups lay out their plans for growth and development and contemplate potential exit strategies, it is important that they anticipate these changes and design compliance planning into their processes.
The SEC recently announced proposed rule changes that would require all public companies to include certain disclosures in their registration statements and periodic reports relating to climate-related risks and the companies’ oversight and governance of these risks. This announcement came on the heels of another set of proposals released by the SEC earlier in the month intended to “enhance and standardize” cyber-related disclosures of public companies. These new proposals add to the ever-growing list of disclosure items that registrants are required to include in their regular annual, quarterly and periodic reports for the SEC. While these rules would apply to public companies, any startup eyeing an IPO needs to take notice of these requirements.
Developments in cryptocurrency regulation are also unfolding. President Biden recently issued an executive order directing the U.S. government’s regulatory agencies to examine the risks and benefits of cryptocurrencies. The order sets forth a national policy for digital assets, including oversight of the industry and internal coordination among the government agencies. Similarly, the UK government recently revealed a detailed plan, establishing a dynamic regulatory framework for crypto, regulating stablecoins, and working with the Royal Mint to create a non-fungible token (NFT). Companies will need to monitor these new regulations closely to ensure they can continue to operate in this changing landscape.
Shifts in antitrust enforcement should be considered by companies as well. The EU’s Digital Markets Act, or DMA, targets big tech companies, requiring them to let their services interoperate with those of rivals. In the U.S., there has also been a great deal of action surrounding antitrust reform targeting the tech industry, with legislation introduced in Congress, an executive order by the President, and a focus at the FTC to overhaul antitrust enforcement (resulting notably in the failure of Nvidia’s acquisition of ARM).
Privacy is another area where it can be daunting to ensure compliance. With heightened consumer concerns about data privacy, regulators are moving quickly to protect their constituents’ data. Not only do companies have to monitor privacy regulations in other countries such as GDPR and PIPL, but the US has a patchwork of privacy regulations across states such as California, Colorado, and Virginia, with even more states now introducing their own laws. In fact, Utah just signed into law the Utah Consumer Privacy Act (UCPA), to protect the personal data of Utah residents, and to prevent businesses from inappropriately using that data.
Advancements in technologies are increasing the rate of changes in a regulatory environment striving to keep pace with company innovations. It is critical for startups to have a comprehensive understanding of any existing regulations governing their industry, as well as those that are on the horizon. A proactive approach to establishing a compliance framework strengthens a company’s business model, makes it more attractive to potential investors, and can help mitigate potential regulatory actions.
Understanding and keeping up with a changing regulatory landscape can be overwhelming, but having a great team of internal and external counsel will help emerging growth companies manage this challenge and design regulatory compliance into the roadmap for success and the various potential paths to exit.