U.S. Securities & Exchange Commission
SEC Seal
Home | Previous Page
U.S. Securities and Exchange Commission

Speech by SEC Staff:
How Much Regulation Is Just Enough?


Ethiopis Tafara1

Director, Office of International Affairs
U.S. Securities and Exchange Commission

International Foundations for Sound Finance Conference
Prague, Czech Republic
February 28, 2006

Thank you for that kind introduction. It is wonderful to be in Prague, and the Czech Republic. Prague is, of course, one of Europe's great cities, but, for me, it always stands as a reminder of the strength of the human spirit against the harshest odds. It is no secret that the Czech and Slovak peoples suffered some of the worst that the Twentieth Century could throw. Yet Prague stands here today, with its beautiful art and architecture and vibrant business community a living testament that freedom, hope and the human spirit will prevail.

And that is one of the reasons that I am so glad that the World Bank agreed to host the conference here. Today, the financial community is witnessing some of the most significant changes since the Great Depression. Markets are globalizing in a manner not been seen since before the First World War — a time where international finance was unregulated and the providence of a handful of extremely wealthy families. Today, through the auspices of technology, the financial world has not just internationalized, it has also democratized. In the United States alone, fully half of all households are invested in our capital markets, either directly or through collective investment schemes. I understand this is the trend in Europe and Asia as well.

But before I go too far, I must first give the standard SEC disclaimer. That is, the United States Securities and Exchange Commission, as a matter of policy, disclaims responsibility for any private statement by any SEC staff member or Commissioner. These remarks express my own views and do not necessarily reflect those of the Commission, the Commissioners, or other members of the SEC staff.

With that said, I have been asked to speak on the very interesting topic of "how much regulation is just enough?" I've also been asked to say a few words about the Sarbanes-Oxley Act — an accidental juxtaposition, I'm sure.

How much regulation is "just enough" is a question we regulators grapple with every day. And we're not alone. Academics have written tomes on the subject. Newspaper editorial pages comment on it regularly. For those in industry, this is not just abstract philosophizing. The topic is of interest for two key reasons: (1) regulation is costly, and (2) at some point increasing regulation begins to experience diminishing returns in terms of fulfilling regulatory goals. In essence, we are all a bit like Goldilocks, the little girl from the well-known Western fairytale about three bears: we don't want too much regulation or too little. We want regulation that is just right.

Global markets have just witnessed a spate of regulatory reform. It started in the United States with the Sarbanes-Oxley Act in 2002 and the SEC's own regulatory reform initiatives following the wave of financial scandals that began even before Enron. It followed in Europe with the Parmalat scandal, and financial improprieties at Ahold, Vivendi and Royal Dutch Shell. It started in Asia even before the recent events surrounding Livedoor in Japan.

Regulatory reform, of course, tends to be a child of crisis, and in this regard, the Sarbanes-Oxley Act is no different from America's first federal securities laws. In the four years prior to the passage of the Securities Act of 1933, the value of share on the New York Stock Exchange fell from $90 billion to $16 billion, and, perhaps even more startling, approximately 50% of the initial public offerings in the ten years prior to the crash turned out to be worthless.

These first federal securities laws in the US — the 1933 Securities Act, the 1934 Exchange Act, and others — were revolutionary in many ways and sparked considerable criticism. For example, following passage of the 1933 Act, the US issuer community objected that the new law would drive up the cost of capital, push companies offshore, and make independent directors reluctant to sit on corporate boards. To my ear, of course, these criticisms sound surprisingly contemporary when paired with what has been said and written about Sarbanes-Oxley.

But my point is that regulatory reform, more often than not, is a response to an emergency. Very clear problems require urgent action to preserve the integrity of the market. Decisions are made quickly, and they are easily second-guessed later, when the crisis has passed. But, whether in time of crisis or later, before we can ask how much regulation is just enough, we must first ask what regulation is for.

In other words, what do we want to accomplish? What do we want to avoid?

Financial regulation is like a lot of other things in that there are innovations. Historically, the move to disclosure-based securities regulation was one - indeed it likely was a paradigm shift, in the real sense of the term. This approach to regulation started in Britain and was adopted whole-heartedly as the underlying philosophy of the 1933 and 1934 Acts in the United States. These laws tried to avoid the potential for market fraud, and sought to accomplish the development of the capital market in our country, through improved transparency. The fundamental idea is that, if given sufficient and accurate information, investors are in the best position to determine what to do with their money. The securities laws and the SEC are there to make sure that this information is available and not misleading.

The laws and the SEC are not meant to second-guess the wisdom of the market. As the late Louis Loss, perhaps our country's foremost securities law professor, wrote: "The federal securities laws do not deprive a man of his God-given right to make a fool of himself. They merely prohibit others from making a fool of him."

Risk-based regulation

Today, the new innovation is what is sometimes called "risk-based" regulation. The idea behind this approach is quite logical. While the resources of regulators will always be limited, the potential problems to the financial system are near infinite. It therefore makes sense to analyze and measure the risks inherent in the financial system, and dedicate resources where the risks to your mission are greatest, thus rendering regulation more cost effective for regulators as well as markets.

Of course, the SEC — like most financial regulators — has always taken a keen interest in both risk as well as the efficient allocation of regulatory resources. Managing reputational, legal, operational and financial risk has long played an important part in SEC regulation of financial institutions. Securities regulators function in the same world that investors, issuers and capital managers do — a world of finite information and finite resources. There are close to 15,000 public companies in the United States today, with a market capitalization of more than $17 trillion. And while, by global standards, the SEC is a large securities regulator, we have some daunting challenges in terms of the scale of the industry we regulate. For example, while we have approximately 900 personnel at the SEC dedicated to supporting inspections and examinations, they have to cover 30,000 investment companies, 25,000 advisers, and 6500 broker dealers that latter of whom collectively have 92,000 branch offices and 664,000 registered representatives selling securities to the public.

And the cross-border aspects of our capital markets has exploded. More than 1300 foreign companies are listed on US stock exchanges today, three times as many as in 1991. American retail investors now hold $2 trillion worth of foreign securities — nearly 10 times the amount they held just over a decade ago.

When something goes wrong in this enormous, fast-growing global market, people notice. These are the risks that keep securities regulators up at night.

But precisely because "risk-based" regulation is such a powerful tool, I wanted to make three cautionary observations so that it is not mistaken for a paradigm shift:

First, regulation should not rely solely on models, but be infused with an understanding of history and events, precisely because we are attempting to design a regulatory framework which can reflect the lessons that history has taught.

Second, in gauging either regulatory risks, the efficient allocation of regulatory resources or the development of cost-justified regulations, we must be careful not to fall into the trap of believing that everything can be quantified. There are always important, even crucial, considerations that, unfortunately, are not susceptible to being fully quantified, and thus necessitate the application of reasoned judgment.

The third point I would like to make is that a formal and rigid application of the "risk-based," cost-justified approach to regulation, runs the danger of becoming myopic, and thereby missing important clues as to the direction in which improved regulation might lie.

There are alternative approaches to a formalistic risk management approach that yet take full advantage of our scientific tool set. While I realize that you all are aware of these dangers, I think it is good to occasionally remind ourselves of them.

First, let me turn to the importance of learning from history. Regulatory regimes must be like well-built ships. They must be designed to weather different kinds of storms. There will be periods of steady growth and prosperity, and, typically, during these times market participants' own concern for their reputational capital will itself do a pretty good job of "regulating" the market. During these times, a "light" regulatory approach may seem to make the most sense.

But markets are rarely "steady" forever. Years of famine follow years of plenty. Moreover, bull markets can place so much stress on the market that reputational capital may be set aside in the interest of short term gains. As we have seen, when this happens, fraud is an ever-present danger.

A cost-justified regulatory framework must be one designed to weather all these storms. And any sense of the "risks" that a regulatory system must address has to have this historical perspective.

And this leads me to my second point, which is that narrowly quantitative efforts to assess such risks have limits. In a world where the 1997 Asian Financial Crisis seems like old news, the 1929 Stock Market Crash is ancient history. But a regulatory approach that relies on only recent data will not give you accurate information about large and important risks which strike only occasionally. Narrow quantitative approaches can underestimate the risks, if the underlying data doesn't capture occasional and historic events.

If, on the other hand, you do take a long view and attempt to quantify disruptive events over, say, the past 70 years, you no longer can be sure that the underlying characteristics of the market being measured are themselves stable over such a time period. That is, you can't be sure what you are measuring. The truth is that the market that exists today is not the market that existed in 1929. In this instance you run the risk of what scientists call a "frame error": coming to a wrong assessment because the evaluation takes place in an inappropriate context.

This reminds me of the story related by the great British philosopher Bertrand Russell to highlight the limits of inductive reasoning. A chicken living in a chicken coop noticed that everyday after the gate to the chicken yard swung open, the farmer would appear and scatter chicken-feed on the ground. Now this was a hungry chicken. And after observing this phenomenon time and again, the chicken decided — through a process of induction — that every time the gate swung open, chicken feed would appear. And so the chicken was always the first chicken out of the gate.

But one day an underlying condition — of which the chicken was unaware — changed. That is, the farmer became hungry. That day the farmer grabbed the first chicken out of the coop — our inductive friend — and had him for dinner. And this is always the danger with a narrowly quantitative approach — to wit, that an underlying condition may have changed of which we are unaware.

A narrowly-focused quantitative approach also runs the danger of easily overlooking important objectives. Like a police department that only polices rich neighborhoods — because only the rich have serious money to lose — a myopic focus on immediate costs risks inflicting on our smaller firms and smaller issuers the financial equivalent of urban blight, and ignoring that these may become the future economic powerhouses as well as an important source of new jobs and innovation.

Thus, while it is very important to engage in quantitative measurements, it would be a mistake to take a purely quantitative approach to assessing regulatory risk and the cost effectiveness of regulations. There remains an important role for the application of experience, rational discourse, and well-seasoned judgment. Indeed, this is why we have Commissioners making the decisions as opposed to a calculator. None of this is to say that we do not want to be well-informed by the best that economic analysis has to offer, but rather to simply recognize the limits — as all good economists do — of quantitative analysis.

What alternative approaches are possible? In the US, I believe that our process could be fairly characterized as one of open critical discourse informed by the tools of scientific inquiry. The approach is pretty successful in terms of identifying cost-justified means by which we may continually improve our regulatory framework. What drives this approach is the Administrative Procedures Act, which requires that the SEC submit its regulatory ideas to the public for criticism and then examines those criticisms in an effort to improve its regulatory ideas — all culminating in a final rule.

This process has its parallel in scientific discourse. Karl Popper the renowned philosopher of science, rejected the view of science as the accumulation of proven or highly probable truths. Rather, he saw science as a flawed process, where conjectures were always tentative and mistakes were possible. But this process of conjectures, criticism of those conjectures and theoretical adjustment brought forth continual improvement to science. I believe that the improvement of regulatory regimes — across time — involves a similar process. The most efficacious, efficient and creative improvements in regulation fall out of a rigourous, open, process of gathering together and sorting through the best of our thoughts, experiences, quantitative measurements and criticism.

What makes the adoption of an idea rational is not its source, but rather the manner in which we probe it, test it, subject it to criticism and search for alternatives to it. Therein lies the heart of both scientific (and regulatory) rationality.

In sum, while the underlying premises of a risk-based approach are sound, it is worth remembering that we should not be too formalistic or too narrow in its application or else valuable opportunities for improvement to our regulatory regime may be overlooked and even suppressed. In determining what amount of regulation is "just right," we should avoid na´ve positivism — the propensity to think that we can scientifically measure things which we cannot.

The Sarbanes-Oxley Act

Looking at regulation in this light, when the US Congress passed the Sarbanes-Oxley Act, what was the law designed to accomplish? And what are we trying to avoid?

If I had to use one word to summarize the underlying philosophy of the Sarbanes-Oxley Act, that word would be "accountability."

This is a bit of a simplification, of course. Sarbanes-Oxley covers a lot of ground. But, fundamentally, the issue that many financial scandals have uncovered, in the United States, in Europe, and elsewhere, is not that there are insufficient investor safeguards in our markets. Quite the contrary.

The substantive anti-fraud mechanisms that Sarbanes-Oxley relies upon to restore investor confidence are not new. Indeed, most have existed for decades or, in the case of auditors and boards of directors, even centuries.

The problem is that these safeguards failed. One concern was that they failed because responsibility for ensuring that they functioned properly had become diffuse. And a diffuse responsibility is the very definition of a moral hazard, particularly when conflicts of interest arise among those charged with looking after other people's money.

And if history has shown us anything, it is that conflicts of interest inevitably arise when other people's money are involved.

So, what does the Sarbanes-Oxley Act try to accomplish? The simple answer is that it is designed to address the moral hazards that the recent financial scandals have uncovered in our capital markets. It does this by delineating responsibility, because history also shows that sign-your-name-on-the-dotted-line accountability tends to focus the mind.

Getting regulation right, then, takes more than simply plugging numbers into a spreadsheet or asking if the immediately quantifiable benefits outweigh the immediately quantifiable costs. Investor protection is paramount because a regulatory system that is an effective model for addressing the needs of investors and consumers is very much in the best interests of the financial industry. Addressing first and foremost the concerns of investors may be costly, but issuers will be well compensated by paying less for investors' capital.

And that, really, is what we are all trying to accomplish.

Thank you.



Modified: 03/10/2005