As more and more tech startups encounter government regulators, understanding the what — and the who — behind those regulations and regulators has become increasingly important. In healthcare? Then you should know what the FDA is saying and what that means for your business. In fintech? Better know all about the latest from the SEC.
Yet despite federal agencies (like the Pentagon and Commerce Department) opening offices in Silicon Valley recently, there are still several lesser-known bureaus, agencies, and offices in D.C. that could be vital to a company’s success… or failure. So here’s a list of 10 (in no particular order) agencies and offices that you should know about if you’re in tech:
To use a Tolkien-ism, this is the one office “to rule them all”… at least when it comes to the regulations-behind-the-regulations that affect any business, including tech. Situated within the White House Office of Management and Budget (OMB), OIRA issues general purpose guidelines that direct how various federal regulatory agencies draft, issue, and enforce regulations. And they do so for almost every conceivable issue, from coal mining operations to how low airplanes can fly (the answer, by the way, is about 500 feet in congested areas).
OIRA also reviews every proposed Executive Order and draft regulation that is considered “significant” (related to the economic or budgetary impact of the proposed regulation), deciding which ones move forward and which ones are abandoned. As the Trump administration continues beyond its first 100 days, expect to see a lot of activity come out of OIRA. President Trump’s nominee to lead the office, law professor Neomi Rao, is considered a strong pro-innovation voice. Much of OIRA’s action will also be directed towards scaling back existing regulations, as with Trump’s recent “2-for-1” Executive Order — which mandated that for every one new federal regulation, two must be eliminated.
There is perhaps no institution in D.C. (other than Congress of course) that has as big an influence on the government’s procurement process as the General Services Administration, which oversees how the government buys goods and services. Not only is the government the world’s largest IT buyer, but procurement is how they do it. (This is not that different from how any large enterprise buys software, and therefore is one of the most important topics anyone who sells software must navigate.)
GSA is the one institution that could transform the way government buys new technology, and there are early signs that they may be moving in the right direction… for instance, the GSA started making the shift from Blackberries to iPhones for federal employees a few years ago (sigh, many government officials are still using BlackBerries). And last year, the GSA issued guidelines for federal employees to seek reimbursement for any ridesharing that constitutes official travel; previously, federal employees could only be reimbursed for taxi rides, so wouldn’t be covered if they took a Lyft or Uber. While very small, both of these shifts are still significant steps in the right direction. For tech companies looking to sell into government, they hint at more options, more practical thinking, and better services through more competition.
Of all the seemingly obscure agencies on this list, NHTSA (pronounced “nit-sa”) might be the one you’ve already heard of given all the buzz around driverless cars. Situated within the Department of Transportation (DoT), they’re the ones who released a set of guidelines on autonomous vehicles last year; note that these are “guidelines”, not “rules”.
NHTSA is intentionally providing a general framework for states to craft their own regulations around autonomous vehicles, from licensing drivers to drafting new traffic laws. However: the agency has reserved the right to adopt some of the enforcement role currently reserved for the states. This last point is key, because if driverless cars are indeed the next big platform shift, sooner or later there will need to be more standardized, federal-level regulations given the amount of interstate travel in the U.S.
The newest agency/office on this list — established in March by Presidential Memorandum — the OAI will make recommendations to the president on “policies and plans that improve government operations and services, improve the quality of life for Americans now and in the future, and spur job creation”. Translation: modernize government, and as quickly as possible.
The office, which is being led by Jared Kushner, former Microsoft CFO Chris Liddell, and real-estate developer Reed Cordish will seek to solve some of the most pressing technical and digital design challenges at agencies across the federal government (similar in some ways to the efforts of the U.S. Digital Service created during the Obama administration after turning around healthcare.gov). Expect a lot of the OAI’s firepower to be directed at the Department of Veterans Affairs (VA), which, like many other federal agencies, is struggling with decades-old IT infrastructure: The VA and other departments still run some of their systems on the COBOL programming language (yes, really). So tech companies — especially enterprise SaaS ones — should find plenty of opportunity to collaborate with the OAI as it looks for interesting new ideas on how to bring government into the 21st century (something which the Innovation Initiative, as described here, is also trying to do in other ways).
Housed in the Treasury Department, the OCC is best known for its role in regulating specific aspects of the American banking system such as bank liquidity, money laundering, and terrorism finance.
Late last year, however, it announced that it would be issuing a select number of “special-purpose bank charters” to certain fintech companies. Previously, bank charters had been reserved for corporations that planned to operate like traditional banks, with deposit and lending capabilities. This new development is significant for the tech industry, as it would allow fintech companies to launch simultaneously in all 50 states, rather than having to seek approval from individual state financial regulators (something that is prohibitively harder for small startups to do). Next up: influencing bitcoin- and blockchain related policy.
Broadly speaking, NIST is responsible for setting measurement standards for American industry — everything from the standard reference data in research to the metrics used for weight and physical distance. Sounds kinda boring, right? Wrong! NIST will play a critical role for some of the most exciting industries and products of the future, from driverless cars to the internet of things (IoT) and connected homes. They also played a role in defining other emerging tech, like cloud computing, in 2011.
It’s not a regulatory agency though, so why do such standards and definitions matter? Consider this: If driverless cars synch up with traffic lights, who ensures that every car has the same amount of lag time between when a light turns green and when a car automatically accelerates into the middle of the intersection? You guessed it: NIST. Similarly, in an effort to create a standard measurement of how safe IoT devices are from cybersecurity threats, NIST issued guidelines in 2015 for judging the resilience of a given connected device.
This is one of the most important agencies for healthcare startups, because the CMS — situated within the Department of Health and Human Services (HHS) and led by veteran health policy expert Seema Verma — controls the highly coveted reimbursement process for Medicare expenses. Many healthcare companies, including healthtech startups, seek those reimbursements as an important source of revenue.
Additionally, CMS is home to the Center for Medicare and Medicaid Innovation (CMMI), which aims to discover and support innovative models for both care delivery and care payment for recipients of Medicare and Medicaid — think “new-age nursing homes” and frictionless payment systems. For startups that are focused on disrupting the healthcare system, CMMI will be a valuable partner and ally.
The CFPB was created as part of the Dodd-Frank Wall Street Reform and Consumer Protection Act (aka “Dodd-Frank”) in 2010. As the name suggests, the bureau is charged with protecting consumers from usurious or predatory practices by financial institutions, specifically as they relate to financial products such as credit cards, student loans, and mortgages. (Dodd-Frank came on the heels of the 2007-2008 financial crisis, after all.)
While the CFPB was originally designed to monitor large banks and other large incumbents in the financial industry, it has set its sights on Silicon Valley as more fintech companies launch new, unproven products with little historical data. The CFPB’s future influence is in question, though, with Director Richard Cordray facing scrutiny from some members of Congress and a three-judge D.C. Circuit court decision in October 2016 ruling that the bureau’s structure is unconstitutional; the case is now being heard by the full DC Circuit, and would likely be appealed to the Supreme Court if upheld.
Whatever you think of the phrases “gig economy”, “sharing economy”, “crowd-based capitalism” and so on, there are a growing number of workers who provide services — such as ridesharing, homesharing, caregiving, and so on — to strangers on multi-sided online/mobile platforms. There’s been debate over how to classify workers on these platforms (as full-time employees, independent contractors, a third category?), which in turn relates to who qualifies for health benefits; who should be withholding taxable wages; and who helps manage retirement accounts. These are all important questions, and the Wage and Hour Division of the Department of Labor — which is responsible for enforcing all federal labor laws (including the Fair Labor Standards Act) — is largely responsible for answering them.
The WHD has been largely silent on the worker classification debate, however. Except for a decision under the Obama administration in 2015 to weigh in on the issue: The WHD issued guidance that would broaden the definition of “employee” to include more gig economy workers. (Note there is a good chance that the Trump administration and Secretary of Labor Alex Acosta may rescind that guidance). So far the current administration hasn’t changed existing rules around contractors, but the ability of gig economy workers to press for policy changes (such as the right to unionize) does remain in some places. Any startup that employs OR enables independent contractors on the platforms and marketplaces they build should definitely have the WHD on their radars.
For any tech company that operates in Europe and wants to transport its European customers’ data back to the U.S., getting something called a “privacy shield” certification from the International Trade Administration (ITA) is key. Previously known as Safe Harbor (before a showdown between the U.S. and E.U. in 2016 led to reframing and rebranding it), this certification signals that a company is safe to do business with. Privacy Shield ensures that companies maintain the integrity of data; are not collecting irrelevant personal information on their customers; and holds companies accountable for any customer data that is transferred to third parties and subsequently abused.
With the 2013 Snowden revelations and the ensuing skepticism of Europeans towards American companies’ ability to protect their data, the Privacy Shield certification, which is opt-in, is one signaling mechanism for American tech giants to say to their customers: You can trust us, do business with us.
Matthew Colford is an investment partner at Human Capital.