In his zeal to make good on campaign promises to repeal or simplify banking and other regulations, President Donald Trump should be careful not to toss out what’s working. Instead, any revisions to Dodd-Frank should recognize the critical role of enforcement and effective oversight to strike the right balance.

In the nearly nine years since depositors rushed to withdraw billions from a failing IndyMac Bank in July 2008, over 700 U.S. banks failed or were sold to avoid failure. The causes span the spectrum from incompetence to cooking the books. That history tells us that the stability of U.S. banking requires both reasonable regulation and rigorous enforcement. Indeed, FDIC deposit insurance carries with it the necessity of government oversight and, when appropriate, meaningful enforcement.

While perhaps appealing in principle, the goal of less regulation should not divert us from continuing to pursue rigorous enforcement to maintain the public trust. The active and successful enforcement activities of the Consumer Financial Protection Bureau, the Federal Deposit Insurance Corp., the Office of the Special Inspector General for the Troubled Asset Relief Program (SIGTARP) and others remind us that there are no “unknown” risks in banking. Economic fluctuations are inevitable on both a macro level and in regional markets. While not predictable, they are a known risk. So, too, are fluctuations in housing, trade and interest rates. These risks are amplified with asset concentrations, tight liquidity, and aggressive sales and underwriting practices. Indeed, nearly all risky banking practices result from disregarding known risks in favor of short-term returns and a sales culture that overshadows prudent risk management.

Prudent bank practices, unlike the markets, should not be seasonal or cyclical.

The familiar banking adage that "all bad loans are made in good times" captures the tension between sales and profit, on the one hand, and prudent risk management on the other. But here’s the real challenge with picking and choosing whether to scale back portions of Dodd-Frank or other regulatory schema: In addition to the limitations of risk models and market uncertainties, practitioners carry a strong motive to minimize the appearance of risk. They do so in a variety of ways, from failing to recognize impaired assets to relying on the appearance of asset diversification to shady accounting.

Much of the criticism of Dodd-Frank stems from the sheer volume and complexity of the rules, and the resulting costs of compliance. One productive avenue of common ground, however, has already been identified — when pursued, enforcement works. Recent enforcement actions have focused on: 1) dangerously overstating the value of a bank’s assets, 2) lax underwriting and 3) sharp consumer banking practices. Departing from safe and sound practices in any of these areas places a financial institution at serious risk — departing from prudent standards in all of these areas could be ruinous, both for the institution and the banking system.

Consider SIGTARP prosecutions: As of Jan. 4, 2017, SIGTARP investigations resulted in criminal charges filed against 374 individuals, convictions of 269 defendants, and prison sentences for 192, with others awaiting sentencing. In addition, $10 billion has been recovered for taxpayers through this same period. In what the special inspector general for TARP described as “the most significant prosecution for crimes arising out of the bailout,” the former chief credit officer of United Commercial Bank was convicted and sentenced to eight years in prison. His crime? The CCO attempted to hide the bank’s declining financial condition that resulted from the bank’s precrisis aggressive growth strategy. By failing to adjust the bank’s allowance for loan losses (or, reserves), which generally requires the timely and accurate identification of impaired loans, senior management was able to obtain $300 million of TARP funds, all of which was lost when the bank failed.

Similarly, lax underwriting of commercial real estate loans, including acquisition, development and construction loans, plagued many U.S. community banks in the run-up to the financial crisis. True risks went unrecognized or unaddressed or, worse, were concealed. The Professional Liability Unit of the FDIC brought over 100 suits, and has recovered hundreds of millions, against executives approving or permitting loans that violated rules of prudent lending. In the IndyMac trial, for example, jurors saw firsthand the impact of weak underwriting and excessive incentive compensation on the bank’s portfolio of homebuilder loans. And they returned a $169 million verdict against the executives who failed to follow the bank’s loan policy. Similar enforcement actions for failed banks from Seattle to Tampa, Florida, have also highlighted the pitfalls for executives and board members who approved risky loans in pursuit of growth, often with little or no diligence as to the borrower, the project, or even the current value of the collateral.

There is a basic rule of risk management that should not be ignored in the current environment: Prudent risk management understands that risk identification is, by definition, an imprecise science. While the types of risks may be identified, the actual frequency of a bad outcome occurring within a defined period cannot be predicted. That’s why, neither industry leaders nor regulatory bodies can handicap or even precisely define the most threatening risks facing the economy. And that’s why, prudent regulation and enforcement require clear standards; just as pilots must always review carefully their preflight checklist, bankers must faithfully and consistently address liquidity, leverage, asset valuation and underwriting — standards that have withstood the test of time.

There is little question that rigorous, consistent and visible enforcement serves to modify risky behaviors, and exacts a measure of justice from those who break the rules. And the converse is true: Take away the traffic cops and highway speeding doubles. That’s one reason bank stocks soar when deregulation covers the front page.

Any rewrite of Dodd-Frank or other schema must recognize not only exogenous risks, but the behavioral aspect of risk and risk-taking, and the role of enforcement in limiting these behaviors. As is now well-known, discrete transactional decisions can, in aggregate, geometrically multiply risk at the institutional level, and again at the systemic level. As a leading economist observed in 2009, the financial crisis was caused by the “greed, short-term thinking, and poor judgments of [banking] practitioners” themselves.

Short-sighted practices can be expected to continue under any administration — but the extent matters. When weak and risky practices become the norm, we reach a tipping point. When the perception of lax government enforcement pervades an industry, dangerous behaviors increase. Executives, regulators and market participants can then point to quarterly growth and profits to justify loose risk management, whether making weaker loans or bigger bets. As the Financial Crisis Commission concluded: “It was the failure to account for human weakness [such as greed and hubris] that is relevant to this crisis.”

Those who criticize Dodd-Frank’s implementing regulations as either unnecessary or overly complex — pointing to rules regarding conflict minerals in the Congo, disclosure rules for oil companies’ dealings with foreign governments, or expensive stress testing — cannot ignore the unique and central role of regulated banking for the American economy.

Regulatory reformers should therefore seek to expand rigorous and consistent enforcement of clear standards, and should expressly enhance enforcement for both operating banks and against the executives of failed banks. That can and should be a threshold goal of any attempt to revisit operative banking regulations. Visible and effective civil enforcement should continue to be an important tool in maintaining the effective balance of risk, rules and personal responsibility.

Simplification that enhances rather than curtails enforcement, and simplification that strengthens rather than weakens our banks, makes good sense. But the allure of a quick fix linked to a perception of current safety unquestionably presents a trap. Congress and the president would therefore be well-advised to use a scalpel rather than a chain saw when it comes to revisiting the nation’s banking regulations. The conflict between prudence and profit reflected in effective risk management doesn’t end when regulation eases; it just strikes a new and riskier balance. And just because a practice is widespread doesn’t mean it’s safe. Indeed, a consensus of safety — as arises in more benign economic times — is often a prerequisite for financial catastrophe. As Warren Buffet once famously observed, “The five most dangerous words in business are ‘Everyone else is doing it.’”