Governments and regulators won't let the recent financial crisis "go to waste". The crisis has brought calls for more rules and better enforcement. The risk is that the swift reaction seemingly demanded by the public will mean hasty, yet not necessarily effective, change and a proliferation of new rules which will be costly to implement and monitor. There is an added risk that knowledgeable regulators and market participants will be followers, not leaders, in changes that are dictated by public reaction.

The last major regulatory reaction was the introduction of Sarbanes-Oxley (SOX) in the U.S. in response to Enron and other corporate scandals. The "fix" then was to require more reporting and, particularly, personal certification of certain information by CEOs and CFOs. Questions persist as to the effectiveness of these measures.

The challenge in regulation arises in that honest and careful executives and directors may be burdened by excessive rules while the dishonest or reckless ones will disregard or manipulate new rules of any kind. Some critics of reform argue that existing principles and rules are adequate; we simply need a better culture of compliance and diligence coupled with faster, tougher enforcement to stop and deter the dishonest or reckless.

From an enforcement perspective, people who breach securities laws or other financial/market regulations generally fall into one of two categories: (i) true fraudsters - the people who knowingly breach the law and who are generally not concerned about the harm they cause or (ii) law-abiding market participants who want to comply with the law but unintentionally fail to do so.

This latter group is quite distinct - it is motivated and deterred differently and poses different threats to investors and market integrity. Where the latter group breaches the law, it is often from misunderstanding or careless (as opposed to deliberate) disregard of the law or from a failure of existing compliance/supervision systems. Ordinarily, this group will also compensate for harm caused. Such breaches merit regulatory intervention and solutions but the heavy "stick" approach needed to deter a fraudster is not usually required. Enforcement is effective if it is timely and proportionate to the breach of law and the harm caused. Arguably, precious enforcement resources are wasted if cooperative, generally law-abiding market participants are treated in the investigative and proceedings process as if they are fraudsters.

With these general principles in mind, what kind of new regulatory hammers, and how much force, will be required to minimize the risk of a future crisis similar to what has recently been experienced? In response, various regulations and regulatory ideas have been proposed, including:

  1. The Canadian Securities Administrators ("CSA") published proposed new corporate governance guidelines (National Policy 58-201 and related Instruments) for comment; the comment period ended on April 10, 2009. The CSA response is not yet known as securities commissions continue to review comments received. Some debate has arisen as to the need for new guidelines and concern has been expressed about the associated cost of implementation measured against arguably marginal improvements. Among other changes, these proposals include a requirement for systems to manage conflicts of interest and frameworks for risk oversight and management as well as independence requirements which are not contained in the current guidelines.
  1. Broad consideration is being given to the regulation of previously unregulated markets and products. For instance, the International Organization of Securities Commissions ("IOSCO") Technical Committee published its consultation paper titled "Unregulated Financial Markets and Products" in May, 2009. Comments are being sought by June 15, 2009. IOSCO's work is being done in support of the Group of Twenty (G20) goal to review "the scope of financial regulation" with emphasis on unregulated institutions, instruments and markets. Recent U.S. proposals to regulate derivatives arise from similar concerns about inadequate reporting, transparency and the resultant failure to understand both institutional and systemic risks.
  1. As part of the CSA consultation paper titled "Securities Regulatory Proposals Stemming from the 2007-08 Credit Market Turmoil and its Effect on the ABCP Market in Canada" a broad basket of proposals and ideas have been raised regarding the need to regulate credit-rating agencies, the role of intermediaries in recommending structured products, and regarding poor disclosure and poor risk management. Solutions to many of these issues in Canada require coordination among not only international securities commissions, particularly the SEC, but also with other regulators like IIROC.
  1. Many governments and regulators are assessing the merits of simplifying or consolidating financial market and securities regulators and coordinating international standards.  

"Systemic risk" appears to be the most used phrase coming from this crisis notwithstanding there is no real consensus on its definition, scope, or the plausibility of regulatory systems that can assess and enforce parameters or limits on systemic risk. It captures a broad concept of "inter-relationships", often "inter-dependencies", in transactions and players in the financial markets. Hindsight, coupled with common sense, has shown us the clear lessons of the failure to consider the hidden or semi-transparent risks of inter-related factors and transactions (and the fallacy that mathematical models alone could see us safely through these risks).

One critical question is whether regulators are ahead or behind industry in understanding the problems and finding solutions. The general challenge is to find an effective regulatory balance, moving in a considered way that hits the mark intended without unnecessarily expanding the regulatory maze, and not moving so slowly as to be irrelevant to the markets and investors now. What is new in the current dynamic is the desire to regulate "systemic risk". Will any of the proposals above effectively regulate "systemic risk", deter the fraudsters or prevent breaches by the law abiding market participants who are lost in the regulatory maze? At minimum, regulating "systemic risk" will break down some of the silos among regulators and encourage welcomed harmonization both in regulation and enforcement. Regardless, the maze needs to be simplified and regulators, with input from market participants, have an opportunity in coming months to lead us to effective and balanced regulation.