So after developing processes and purchasing governance, risk and compliance tools based on the old rules for years, how much GRC disarray will the JOBS Act cause? Experts say not that much -- at least in the short term.
You can still have good controls and good governance without complying with every single step of Sarbanes-Oxley.
“The JOBS Act won't immediately compel small and emerging companies to license new compliance tools, and we won't have a true glimpse into the long-term effects until the SEC decides how it will regulate this new capital market,” said Chris McClean, a senior analyst at Forrester Research Inc. “If anything, it appears that the JOBS Act will reduce the regulatory burden for smaller companies that were planning to establish full SOX programs.”
The JOBS Act is designed to give an economic boost to emerging companies -- defined as those with at most $1 billion a year in revenue -- by cutting back regulatory requirements. The act exempts these companies from external auditors’ review of internal controls as stipulated under Section 404(b) of Sarbanes-Oxley requirements, for example.
Another huge (and controversial) section of the act is the "crowdfunding" provision that allows these companies to sell up to $1 million worth of stock without registering with the Securities and Exchange Commission (SEC). But if the SEC ends up placing the compliance onus on the crowdfunding service providers, these companies may each require a different set of controls and documentation for startups seeking funding, McClean said.
“That may steer the market more toward compliance management software, but even then these startups will be looking for streamlined, probably SaaS applications,” McClean said.
High-profile business GRC
The sometimes paranoid business environment after scandals such as Enron and WorldCom in the past decade has contributed to the newfound importance of GRC processes, said MetricStream Inc. CEO Shellye Archambeau. Companies strive for better internal controls and transparency to improve overall business performance, and rolling back requirements under the JOBS Act will not cause companies to regress, she said.
“I think that even though the law won’t require SOX reporting in the first five years for billion-dollar companies, investors still want to remain confident the company is run well and there is good governance because we’ve gotten used to better accountability,” Archambeau said. “You can still have good controls and good governance without complying with every single step of Sarbanes-Oxley.”
This increased compliance focus extends to GRC tools, Archambeau said. Because compliance regulations are constantly being developed or modified, or the interpretations are changing, they required flexible GRC tools that won’t need to be reset under the JOBS Act, she added.
“Companies with the better solutions or flexible solutions are not scrambling to make changes to their overall software -- we’re not changing our roadmap as a result of the JOBS Act,” Archambeau said.
Sara Hanks, securities attorney and co-founder of CrowdCheck, approved of the JOBS Act efforts to expand crowdfunding investments. She did caution that entrepreneurs and investors should still need vigilance against possible fraud in the marketplace.
The JOBS Act creates a good balance between boosting business while protecting the nascent market from fraud, she added. As for a sea change in GRC attitudes? Not so much.
More about compliance standards
“I'm not sure that much is really going to change in the long term,” Hanks said. “Maybe emerging-growth companies will delay compliance tool purchasing by a bit, but I don't think the JOBS Act will change their ultimate intentions.”
The JOBS Act provisions will be a good opportunity for consulting firms that guide new and emerging companies on strategy, McClean said.
But it's too early for software vendors to determine whether or not the JOBS Act creates a big enough market for them to address with completely new GRC tools and solutions, he added.
“Most likely, companies will be looking for tools that can help them manage their entire funding strategy, including documenting their strategies, market analysis, financials and any required controls,” McClean said. “For startups looking for crowdfunding, they would ideally find all of these capabilities in a single provider.”
McClean concluded that if companies were already on the right track when it came to GRC tools and regulatory compliance decisions, the JOBS Act won’t create turmoil.
“If a company was already moving in the direction of SOX compliance, they'll probably find themselves with a little more breathing room than they had previously,” McClean said. “At the same time, the GRC tools that help companies meet SOX compliance should be easily able to help support programs to comply with JOBS Act rules and related requirements.”