If transparency is the currency of trust, Wall Street's top regulator is going on a shopping spree.

The Securities and Exchange Commission is pushing for more transparency -- and though it's mostly setting its sights on hedge funds and private equity shops, other public and private companies won't necessarily be exempt. It's is an initiative that the agency has been vocal about for some time.

SEC Commissioner Allison Herren Lee last October aired concerns over the lack of financial transparency at unicorns (companies with valuations of at least $1 billion), not to mention decacorns ($10 billion) and hectocorns ($100 billion). 

Estimates from CB Insights, a research and analytics firm, suggests that there are upwards of 1,000 unicorns around the world today. That's up significantly from the 39 unicorns that Lee estimated were extant in 2013. 

Many of the requirements the SEC is pushing target large, private companies, hedge funds, or private equity shops. But that doesn't mean small and mid-size businesses are unaffected here -- especially considering that private companies are increasingly on the agency's radar. 

Widespread transparency precedents could gain traction if the agency has its way. And in some instances, measures the agency is weighing for large companies could trickle down to small ones.

Here are three areas where the SEC is seeking more clarity that could affect SMBs:

"Dark" Private Markets

The SEC was created in 1934 to regulate Wall Street in the aftermath of the stock market crash that set off the Great Depression. It primarily oversees publicly-traded companies, but private companies fall within agency scrutiny. 

Last October, Lee took aim at private companies and the "dark" fundraising that's helped them grow to inordinate heights. Lee pointed out that institutional investors could be exposed to risks that stem from lack of transparency since "more and more of the capital in private markets comes from pension plans, mutual funds, and other institutions." There's ample precedent. In 1998, the hedge fund Long Term Capital Management collapsed, threatening to take the financial system with it until the government organized a bailout.   

"The fact that more capital is now being raised in private markets means that a burgeoning portion of the U.S. economy itself is going dark," she added.

The agency wants to lift the veil that shields the identities of investors at some of these large firms. But it remains unclear where the agency will draw the line as to what it considers a large business subject to enhanced transparency rules. The SEC declined to comment on any scope for the potential measure.

Some are worried about the implications for funding opportunities and the effects that forcing a company's hand prematurely could pose to business innovation. 

Congress never empowered the SEC to mandate disclosures based on a company's valuation, according to Alex Platt, a law professor at the University of Kansas who specializes in financial and securities regulation. Instead, the SEC looks to another figure: the holders of record, or the registered owner of a security. Right now, the disclosure threshold is 2,000 shareholders or 500 individuals who are not accredited investors. Accredited investors can include high-wealth individuals, those with various financial professional licenses, and different cohorts of institutional investors, Platt says. 

Beyond that cap, the company is required to go public and make the disclosures required of public companies. Platt explains that if a venture capital fund invests in a startup, the fund is counted as "one" holder of record. But Platt says that the agency might be looking to propose a change to how that number is calculated.

He uses the example of a venture capital fund to make his case. Say Inc. Venture Capital invests in Startup A. Under current rules, Inc. Venture Capital counts as one holder of record. But if the SEC starts to look into who invested into Inc. Venture Capital and there are, say, 60 investors, that holder of record metric notches up to 60. 

But it could get more complicated. Suppose Pension Fund A is also invested in Inc. Venture Capital. The SEC, theoretically, could journey down the rabbit hole and look into how many investors are in Pension Fund A. "That is what I think the SEC is looking at as a way to force some of these large private companies into the light," Platt says. 

There could also be consequences from forcing a company into making public disclosures before it's ready to do so. Consider Moderna. With scandals and scientific failures under the Cambridge, Massachusetts-based health company's belt, it bore the hallmarks of a flawed unicorn -- and yet in 2020, Moderna helped save the day with its Covid-19 vaccine, Platt says. 

"What would [having to make disclosures] have meant for Moderna?" he questions. " Would this have disrupted their corporate development?"

Environmental Disclosures 

The SEC is also considering regulation around the environment. Climate change is a key focus for the Biden administration, especially in reducing greenhouse gas (GHG) emissions. Since coming into office, Biden's eyed the goal of reaching net zero emissions in the United States by 2050.

And as environmental, social, and corporate governance (ESG) criteria become increasingly adopted, more companies are shouldering their own environmental responsibilities by cutting down on emissions.

Emission admissions could fall under three different "scopes." Scope 1 pertains to a company's direct GHG emissions, while scope 2 includes a company's indirect emissions, the latter usually associated with electricity or heating and cooling. 

Scope 3 emissions are those that are linked to entities that are not directly owned by a company, such as a third-party supplier. It's also the scope that's most likely to cause businesses more grievances: According to the Environmental Protection Agency, scope 3 emissions usually make up the largest portion of a company's total emissions. 

More companies should be taking on this challenge -- at least in the SEC's perspective. The agency is already sizing up a proposed rule for publicly traded companies, which is expected sometime this year.

Any new SEC rules in this area are expected to affect all companies that make public statements about GHG emissions, according to David Slovick, a partner at Indianapolis-based law firm Barnes & Thornburg.

In Slovick's view, there's still the question of whether the SEC will give smaller companies a break on what they have to disclose, since their contributions to climate change pale in comparison to that of larger companies.

"That said, small and mid-sized companies will still be impacted disproportionately, both because they may not have the financial wherewithal to quantify the impact of climate change on their businesses, and because smaller companies typically have fewer resources to dedicate to preparing their public disclosures in the first place," Slovick says.  

Yet expanding transparency around emissions may potentially work out in a company's favor: Disclosing ESG-specific data could attract climate-conscious investors.

Data Transparency

Cybersecurity is another item atop the SEC's docket.

As cybersecurity attacks increase in both frequency and severity, the agency is looking to clamp down on how companies manage and report the cyberattacks they face. 

SEC Chairman Gary Gensler said this week the agency is planning to bolster cybersecurity protections. "We at the SEC are working to improve the overall cybersecurity posture and resiliency of our registrants," Gensler said.

Among other areas, Gensler said he asked staff to make recommendations for a rule called Regulation Systems Compliance and Integrity, which requires entities to do routine testing and back up their data. Public companies may also face future disclosure requirements related to ransomware attacks or data breaches that expose personal identifiable information (PII).

This, too, could prove to be a thorn in the sides of small businesses working with larger companies overseen by the SEC, according to Justin Daniels, an attorney at Baker Donelson who focuses on technology. Daniels explains that a business's largest threat may not be what it does internally, but rather the vendors or outside parties that it works with.

If the SEC requires more robust data disclosures from the companies it oversees, there could be a ripple effect. SEC-regulated companies could then demand stronger security hygiene from vendors or business partners, Daniels says. "The cost for that smaller business to do its work with the publicly traded SEC regulated company goes up significantly," he explains, adding that he wouldn't be surprised to see a proposed rule from the agency fairly soon. 

"Because we haven't had a law at the federal level and we're seeing a lot of unusual ways data is being used, I'd expect to see something similar happening in the privacy space as well," Daniels adds.