My thoughts are those professional providers, who have to comply with the SOX Act, know exactly what pain you have to go through every 90 days to ensure compliance within their respective organisations. Non compliance is very expensive indeed, which covers everything from infrastructure to application security.
Is the administration now asking providers to vet the intentions of the clients? I am not sure that further regulations will meet their goals at all.
Perhaps this is about ethics, and moral judgement of the Providers?