Startup Law A to Z: Regulatory Compliance
Startups are but one species in a complex regulatory and public policy ecosystem. This ecosystem is larger and more powerfully dynamic than many founders appreciate, with distinct yet overlapping laws at the federal, state and local/city levels, all set against a vast array of public and private interests. Where startup founders see opportunity for disruption in regulated markets, lawyers counsel prudence: regulations exist to promote certain strongly-held public policy objectives which (unlike your startup’s business model) carry the force of law.
Although the canonical “ask forgiveness and not permission” approach taken by Airbnb and Uber circa 2009 might lead founders to conclude it is strategically acceptable to “move fast and break things” (including the law), don’t lose sight of the resulting lawsuits and enforcement actions. If you look closely at Airbnb and Uber today, each have devoted immense resources to building regulatory and policy teams, lobbying, public relations, defending lawsuits, while increasingly looking to work within the law rather than outside it – not to mention, in the case of Uber, a change in leadership as well.
Indeed, more recently, examples of founders and startups running into serious regulatory issues are commonplace: whether in healthcare, where CEO/Co-founder Conrad Parker was forced to resign from Zenefits and later fined approximately $500K; in the securities registration arena, where cryptocurrency startups Airfox and Paragon have each been fined $250K and further could be required to return to investors the millions raised through their respective ICOs; in the social media and privacy realm, where TikTok was recently fined $5.7 million for violating COPPA, or in the antitrust context, where tech giant Google is facing billions in fines from the EU.
Suffice it to say, regulation is not a low-stakes table game. In 2017 alone, according to Duff and Phelps, US financial regulators levied $24.4 billion in penalties against companies and another $621.3 million against individuals. Particularly in today’s highly competitive business landscape, even if your startup can financially absorb the fines for non-compliance, the additional stress and distraction for your team may still inflict serious injury, if not an outright death-blow.
The best way to avoid regulatory setbacks is to first understand relevant regulations and work to develop compliant policies and business practices from the beginning. This article represents a step in that direction, the fifth and final installment in Extra Crunch’s exclusive “Startup Law A to Z” series, following previous articles on corporate matters, intellectual property (IP), customer contracts and employment law.
Given the breadth of activities subject to regulation, however, and the many corresponding regulations across federal, state, and municipal levels, no analysis of any particular regulatory framework would be sufficiently complete here. Instead, the purpose of this article is to provide founders a 30,000-foot view across several dozen applicable laws in key regulatory areas, providing a “lay of the land” such that with some additional navigation and guidance, an optimal course may be charted.
The regulatory areas highlighted here include: (a) Taxes; (b) Securities; (c) Employment; (d) Privacy; (e) Antitrust; (f) Advertising, Commerce and Telecommunications; (g) Intellectual Property; (h) Financial Services and Insurance; and finally (i) Transportation, Health and Safety.
Of course, some regulations may touch on multiple regulatory areas, for example, the “Fair Credit Reporting Act” is a law ultimately about privacy, but it impacts many financial and employment-related services as well. Certain laws may therefore be cross-listed in more than one regulatory area. Also, since we can’t look at every U.S. state and city, this article will focus primarily on the federal and California state laws.
After you focus on the particular regulatory areas that may implicate your business, next reference the short quotations and links to relevant primary and secondary sources below, then work to identify the specific compliance risks you face. This is where other Extra Crunch resources can help. For example, the Verified Experts of Extra Crunch include some of the most experienced and skilled startup lawyers in practice today. Use these profiles to identify attorneys who are focused on serving companies at your particular stage and then seek out any further guidance you need to address the regulatory matters pertinent to your startup.
With that as context, the Startup Law A to Z – Regulatory Compliance checklist is below:
Taxes
- Federal
- California
Securities
- Federal
- California
Employment
- Federal
- Affordable Care Act
- Age Discrimination in Employment Act of 1967 (ADEA)
- Americans with Disabilities Act of 1990 (ADA)
- Civil Rights Act of 1964
- COBRA Requirements
- Employee Retirement Income Security Act of 1974 (ERISA)
- Equal Pay Act of 1963
- Federal Fair Labor Standards Act (FLSA)
- Genetic Information Nondiscrimination Act
- Immigration Reform and Control Act
- National Labor Relations Act
- Pregnancy Discrimination Act
- California
Privacy
- Federal
- California:
- Consumer Privacy Act of 2018
- Online Privacy Protection Act of 2003 (Cal-OPPA)
- Confidentiality of Medical Information Act
- Consumer Credit Reporting Agencies Act
- Electronic Eavesdropping, Invasion of Privacy Act
- Insurance Information and Privacy Protection Act
- Privacy Rights for California Minors in the Digital World
- Shine the Light Law
- Student Online Personal Information Protection Act
- International:
Antitrust
- Federal
- California
Advertising, Commerce and Telecommunications
- Federal
- Federal Trade Commission Act
- Clarifying Lawful Overseas Use of Data Act
- Communications Decency Act, Section 230
- Computer Fraud and Abuse Act
- Controlling Assault of Non-Solicited Pornography & Marketing Act (CAN-SPAM)
- Electronic Communications Privacy Act
- Export Administration Regulations
- Restore Online Shoppers’ Confidence Act
- Telecommunications Act
- California
Intellectual Property
- Federal
- Anticybersquatting Consumer Protection Act
- Copyright Act, Copyright Revision Act of 1976
- Digital Millennium Copyright Act
- Defend Trade Secrets Act of 2016
- Economic Espionage Act of 1996
- Electronic Communications Privacy Act of 1986 (ECPA)
- Prioritizing Resources and Organization for Intellectual Property Act of 2008
- Lanham (Trademark) Act of 1946
- Leahy-Smith America Invents Act
- No Electronic Theft Act
- Patent Act
- California
Financial Services and Insurance
- Federal
- California
Transportation, Health & Safety
- Federal
- California
Before diving into further detail, it may be helpful for some readers to note the distinction between a law and a regulation. Simply put, regulations provide more detailed direction on how certain laws should be followed. So regulations are not technically laws, but they carry the force of law (including penalties for violation), since they are adopted by governmental agencies under authority granted by statute. Beyond that, understanding how laws and regulations are actually enacted is helpful to illustrate the extent to which the process is politically driven.
In the U.S., a bill must first pass both legislative branches of government, then, if signed by the executive branch, it will be codified in statute as law (Schoolhouse Rock anyone?). Once codified, the legislative branch will authorize the relevant executive department or agency to determine whether specific regulations are necessary to give the law effect. If so, those executive departments or agencies will determine what further rules are needed, and in turn, work to enforce them.
At the federal level, for example, proposed regulations are developed first through a “Notice of Proposed Rulemaking,” listed in the Federal Register and filed in the corresponding executive agency’s official docket (available at Regulations.gov). This affords the public an opportunity to comment on the regulations. After receiving comments, the filing agency may revise the proposed regulation before final rules are issued, which again will be published in the Federal Register and then filed in the agency’s official docket at Regulations.gov, before they are codified in the Code of Federal Regulations (CFR).
At nearly every step in this process then, institutions, government, and interest groups are working – sometimes at cross purposes – to shape what the law will be and how it will impact your startup.
The Startup Law A to Z – Regulatory Compliance reference guide is below:
No comments: