US Regulatory Agency Directory
The United States regulatory landscape spans more than 100 federal agencies and dozens of state-level bodies, each with distinct statutory authority, enforcement mechanisms, and subject-matter jurisdiction. Understanding which agency governs a specific activity, industry, or transaction is a foundational step in building any compliance program. This directory-style reference maps the major federal regulators by functional domain, describes how their authority operates in practice, and identifies the boundary conditions that determine which agency — or combination of agencies — applies to a given situation.
Definition and scope
A regulatory agency is a government body created by statute and delegated authority to establish rules, issue guidance, examine compliance, and impose penalties within a defined subject-matter domain. At the federal level, agencies derive authority either from an organic statute (the law that created them) or from a specific enabling statute that grants rulemaking power over a sector. The Administrative Procedure Act (5 U.S.C. §§ 551–559) governs how federal agencies promulgate rules, conduct adjudications, and interact with the public (U.S. Government Publishing Office, eCFR).
Federal regulatory agencies are broadly classified into two structural types:
- Executive agencies operate within a cabinet department and report to the President. The Occupational Safety and Health Administration (OSHA), housed within the Department of Labor, is one example.
- Independent agencies are governed by multi-member commissions and are partially insulated from direct executive control. The Securities and Exchange Commission (SEC) and the Federal Trade Commission (FTC) operate under this structure.
State regulatory agencies add a parallel layer. Each state operates its own environmental, labor, financial services, and consumer protection bodies. In regulated domains like workplace safety compliance, states with OSHA-approved plans — 29 as of the most recent Department of Labor count (DOL, State Plans) — administer standards that must be at least as effective as federal OSHA requirements.
How it works
Agency authority flows through a three-phase cycle: rulemaking, examination or investigation, and enforcement.
- Rulemaking — Agencies publish proposed rules in the Federal Register, accept public comment during a defined comment period (typically 30 to 60 days), and issue final rules that carry the force of law once codified in the Code of Federal Regulations (CFR).
- Examination or investigation — Many agencies conduct scheduled examinations (common in financial regulation under the Office of the Comptroller of the Currency, or OCC) or complaint-driven investigations (common at the FTC and Consumer Financial Protection Bureau, or CFPB).
- Enforcement — Agencies may issue civil monetary penalties, consent orders, license suspensions, debarment, or criminal referrals to the Department of Justice. The mechanics of these actions are covered in depth at compliance enforcement mechanisms.
Rulemaking authority is not unlimited. Courts apply the Chevron doctrine — or, following Loper Bright Enterprises v. Raimondo (2024), a revised standard of independent judicial review — when evaluating whether an agency acted within its statutory mandate. This judicial constraint shapes how agencies draft rules and how regulated entities may challenge them.
Common scenarios
Different industries encounter distinct primary regulators, though overlap is common. The following breakdown maps major domains to their lead federal agencies:
| Domain | Primary Federal Agency | Key Authority |
|---|---|---|
| Securities and capital markets | SEC | Securities Exchange Act of 1934 |
| Banking and credit | OCC, FDIC, Federal Reserve, CFPB | Dodd-Frank Act (12 U.S.C. §§ 5301 et seq.) |
| Workplace safety | OSHA | Occupational Safety and Health Act of 1970 |
| Environmental protection | EPA | Clean Air Act, Clean Water Act |
| Food and drug safety | FDA | Federal Food, Drug, and Cosmetic Act |
| Antitrust and consumer protection | FTC, DOJ Antitrust Division | Clayton Act, FTC Act |
| Export controls | Bureau of Industry and Security (BIS), OFAC | Export Administration Regulations (15 CFR Parts 730–774) |
| Healthcare privacy | HHS Office for Civil Rights | HIPAA (45 CFR Parts 160, 164) |
| Telecommunications | FCC | Communications Act of 1934 |
| Energy | FERC, NRC | Federal Power Act, Atomic Energy Act |
Healthcare compliance requirements and export control compliance each involve multi-agency coordination — for example, a pharmaceutical exporter may face simultaneous oversight from FDA, BIS, and OFAC.
Decision boundaries
Identifying the correct regulatory authority requires evaluating four criteria:
- Subject-matter jurisdiction — Does the agency's organic statute cover this activity? OSHA covers most private-sector employers, but the Mine Safety and Health Administration (MSHA) has exclusive jurisdiction over mining operations under 30 U.S.C. § 801 et seq., regardless of the employer's general industry classification.
- Entity type — Some agencies regulate by entity charter. National banks are supervised by the OCC; state-chartered banks that are Federal Reserve members fall under Federal Reserve supervision; state-chartered non-member banks fall under FDIC authority.
- Transaction type — The CFTC regulates derivatives and futures; the SEC regulates securities. Whether a financial instrument is a security or a commodity contract is a threshold legal question that determines which agency has primary jurisdiction.
- Geographic nexus — Federal jurisdiction typically requires an interstate commerce nexus. Purely intrastate activity may fall exclusively under state agency authority, though federal preemption can override state rules in specific sectors (e.g., federally chartered banks and state consumer lending laws).
Where two or more agencies assert authority over the same activity — a situation called concurrent jurisdiction — a memorandum of understanding (MOU) between agencies typically establishes the lead regulator. The FTC and CFPB, for instance, share consumer financial protection jurisdiction for certain non-bank financial entities and have coordinated their enforcement priorities through interagency agreement.
References
- Administrative Procedure Act (5 U.S.C. §§ 551–559), via eCFR
- U.S. Securities and Exchange Commission (SEC)
- Federal Trade Commission (FTC)
- Occupational Safety and Health Administration (OSHA) — State Plans
- Consumer Financial Protection Bureau (CFPB)
- U.S. Environmental Protection Agency (EPA)
- HHS Office for Civil Rights — HIPAA
- Bureau of Industry and Security (BIS) — Export Administration Regulations
- Mine Safety and Health Administration (MSHA), 30 U.S.C. § 801
- Office of the Comptroller of the Currency (OCC)