Regulatory Policy 2.0 – The Alternative

[Second of a two-part Blog Post]

Yesterday I suggested that our existing 3-legged approach to regulation (separation, compliance, transparency) not only failed to prevent Madoff, but positively enabled him.

Today I’ll talk about an alternative.

Until last weekend, when the world discovered Madoff hadn’t bought stocks for 13 years (TrustMatters readers heard about it 5 weeks earlier here), the consensus was Madoff was so sophisticated no one could follow him.

Turns out sophistication itself was the ultimate scam. Madoff built a Potemkin village. He knew what a trading system and a hedge fund should look like, and gave us the appearance of one.

In fact, it was just another Nigerian Ministry scam.  Give me your bank account numbers. and I’ll make you rich. Trust me.

The SEC, like all regulators, relied largly on three mechanical approaches:

• structural separations
• compliance processes
• disclosure.

All were built around the modern sophisticated financial world. What they entirely missed was the human element of any great scam. Hide stuff in the most obvious of places. Utterly believe your own lies. Get the con to focus on your spiel while you swap the pea out of the walnut.

They missed the “man” in con man.

If past is prologue, as unfortunately it usually is, there will be a firestorm of protest and we will end up, through the best efforts of Congress, Fox News and the tabloids, with More of The Same. The same trio of regulations that Madoff manipulated. And it will cost billions and billions more in regulation and in stifled economic sub-optimization.

So what’s the answer?

Human-based regulation–beyond structure, processes, disclosure. Regulation 2.0.

Human-based regulation recognizes and embraces three human traits:

1. We live up (or down) to expectations
2. People are infinitely creative–regulators must be as well
3. Selective audits plus severe consequences both inform and deter people.

Set clear expectations. We cannot allow confusion between “ethics” and “compliance.” The phrase “but it was legal” cannot be permitted to be the end of conversation. Regulators have to continue dialogue with non-lawyer citizenry, stay in touch with norms and mores. Most important—they must have a visceral sense of the “rightness” that their agencies were built on in the first place, and unflinchingly convey that sense of mission and expectations to their industries.

Harness Creativity. Regulators can find role models in the audit profession, the IRS, and the GAO. They can look farther afield at successful police departments, e.g. New York City’s counter-terrorism operation. The ultimate objective can never be to just ensure compliance—it must be to fulfill mission.

Visiting RIA offices to review papers too easily becomes a bureaucrat’s exercise. We need regulators who think like cops, who are inherently suspicious, who demand proof, who creatively out-think the Madoff du jour. (Harry Markopolis’ testimony in Congress—the second part—gives excellent examples of this, epitomized by the simple, “is something funny going on around here? Here’s my card—call me if you see anything suspicious.”)

Selectively audit, severely penalize. Auditors and the IRS have excellent track records doing selective audits. You don’t need to examine every book—just let every bookkeeper know that their books might be the ones examined next.

Combined with the public announcement of severe consequences, this approach both tells the industry what behavior is expected, and says they are accountable to the public they serve. It’s like a police perp walk—it publicly shames and humiliates.

(From this point of view, the continued absence of a perp walk for Mr. Madoff, together with the absence of any consequences thus far, sends the wrong message. It says “old” regulation still holds sway: he can stay in his comfortable digs until the legal process grinds its way to some determination of whether or not he has committed a violation of a particular law).

Madoff’s scam was old-school, Nigerian-Ministry, thuggish. That doesn’t mean the SEC employs incompetent people. It does mean, however, that they are toiling under an inadequate philosophy of regulation.

We will not regain trust in our institutions until we remember that trust is, at its heart, a human thing—and begin to act that way.

Regulation 2.0 is a good start.

Regulatory Policy 2.0 : The Real Meaning of Madoff

[First of a two-part Blog Post]

Madoff has been a late-night TV comedy staple for some time now. While his victims surely don’t appreciate the humor, most of use have relegated him to cafeteria conversation, alongside Lindsay Lohan and the Oscars.

That would be a big mistake.

L’affaire Madoff will dramatically affect our approach to regulation. And in this case, our first instincts—can you say, ‘Sarbanes-Oxley 2.0’—would be the worst. We need Regulatory Philosophy 2.0. Here’s why, and how.

The Latest on Madoff. The headlines this past weekend screamed one thing: Madoff Bought No Stocks for 13 Years. ‘Look how brazen he was, how could the SEC miss that, no way his sons weren’t in on it all along, etc.’

It was no surprise to readers of this blog.

On January 17, I wrote, in a blogpost titled Madoff—Investment Fund or Virtual Reality Game

It’s beginning to look like Bernie Madoff’s business model had less in common with a hedge fund or investment management firm than it did with an online virtual reality game. Sort of a Sim City for investors. The money sent in was real: everything thereafter was from Oz…
…[It] was bupkus. Virtual reality money. Sim City money. Monopoly Money. In the real world, it didn’t exist except in Bernie’s bank account and a computer program.

This was not a case of sophisticated hedge fund managers in Greenwich or rogue currency traders in Hong Kong. The SEC was not out-gunned, outsmarted, or out-manned. This was not a Danny Ocean operation.

This was as simple as a Nigerian inheritance email spam scam. Gimme your bank account number and I’ll send you money. A garden variety mugging. Like a good magician, Madoff got us to look one way, while he swapped card decks.

Overnight, this recasts the regulatory task facing the SEC. We can no longer rely on traditional regulatory philosophy: we must get personal, human, and trust-based.

Regulatory Philosophy 1.0. Regulation (and not just in the financial industry) has become driven by three models—separation, compliance, and transparency. None of them stopped Madoff—in fact, they enabled him.

Separation. Think building walls—to legally and physically separate potential co-conspirators. Think traditional anti-trust laws. Think separating accountancies and consultancies. It is a heavy-handed, expensive, and sub-optimal way to regulate.

Madoff used this to his benefit—claiming his brokerage and investment management businesses were separate because, ‘after all, they had to be.’ Therefore FINRA could claim “it wasn’t my job.” Madoff knew FINRA would make that claim; in fact, he depended on it.

Compliance. This approach turns legislation into a blizzard of administrative processes, which must be complied with. Think check-boxes, filed copies, no-later-than dates, renewal requirements. All monitored and tracked in the latest systems. This approach is less heavy-handed, but equally oppressive—and mind-numbing to boot.

Madoff used this also to his benefit. You want forms? I’ve got forms. But the data was itself bogus.

Transparency. Lawyers, financiers, mortgage brokers and credit card operators love transparency-as-panacea. Coupled with a convenient belief in efficient market theory, this enables people to blame those who didn’t read the small print (Rick Santelli, are you listening?).

Madoff used this to his benefit too—blitzing investors with day-trader-like “records” of trades (bogus). We have come to measure “transparency” by the pounds of documents “disclosed,” rather than by their truth or import.

If we focus only on outrage at Madoff and at government bureaucrats, our politicians will do what they’ve always done: legislate more structural boundaries, design more and more checkbox procedures, and require publication of more minutiae. And thus we’ll enable Madoff 2.0–even faster this time.

Regulation 2.0.  There is a better way.

It is based on a simple fact–people are human. People are good and bad, trusting and non-trusting, sometimes all at the same time. Systems don’t commit fraud, people do. In this case, one Bernard Madoff.

Yet our existing regulatory processes are entirely non-human. Walls, processes and transparency are mechanical things. Devised by people, they can be broken by people. And being inhuman–we don’t trust them.

Our existing Philosophy of Regulation does not engender trust. To trust our institutions, we have to return to a simple principle: trust is inherently human. We have taken the human part of trust out of regulation, and we’re paying the price.

Tomorrow’s BlogPost: Why we need to build regulatory policy more around personal trust.

Wanted: Executives with Integrity, or At Least a Sense of Shame

I spoke a few days ago with a thoughtful, intelligent ex-management consultant who understands the financial big picture very well. What was his take on the crisis, I asked him?

“The whole thing comes down to a serious misalignment of incentives of all the major players,” he said. “Low interest rates and rising asset prices led banks, lenders, ratings agencies, credit insurance and other markets astray–everyone’s incentives got way out of whack.”

As a description, I buy it. But as a diagnosis, I don’t know whether to be disgusted or depressed. I think I’ll be angry.

“The incentives are out of whack” is the language of behaviorism—appropriate for a Skinnerian stimulus-and-response study of rats and cheese in a maze. Looking at the world through Skinnerian lenses has many virtues—not, however, including the concepts of responsibility or integrity.

In a time of financial faltering and blooming Ponzi schemes, this matters enormously. We have a once in a decade chance to alter the trustworthiness and ethics of the financial industry.

Will our new financial regulators view this as a chance to redraw the maze and manage the cheese distribution? Or will they also focus on restoring integrity?

How bad is it? Another friend told me about a conversation between an investment banker and a regulator—the banker said, with a sly wink, “You know, you folks shouldn’t be letting us get away with this.”

“Letting us get away with this?” Who put the gun in your hand? Who raised the drink to your lips? Who do these people think is responsible for their actions? The chief behavioral scientist at the SEC?

Just 7 years ago, post-Enron, Samuel diPiazza, tCEO of PricewaterhouseCoopers, and Robert G. Eccles, a former HBS professor, wrote, in Building Public Trust:

…even transparency and accountability are not enough to establish public trust. In the end, both depend on people of integrity. Rules, regulations, laws, concepts, structures, processes, best practices, and the most progressive use of technology cannot ensure transparency and accountability. This can only come about when individuals of integrity are trying to “do the right thing,” not what is expedient or even necessarily what is permissible. What matters in the end are the actions of people, not simply their words…without personal integrity as the foundation for reported information, there can be no public trust.”


Trust, integrity, and ethics are essentially about the link between individuals in society. Not between rats and cheese.

It must be tempting for Mary Schapiro, new SEC head, to respond to the political howling with a new Sarbanes-Oxley. Please don’t. As Jim Peterson says, “Any law that passes the US Senate 99 to 1 has got to be seriously flawed.”

What we don’t need more of is behavioralism–more paperwork, detailed regulations, disclosures, and Chinese walls. What we need more of is what diPiazza said—trustworthiness and integrity. On the regulatory side, that means better enforcement and sanctions.

But politics are critical too, and fulminating politicians can be as short-term focused as any banker. The public has a big role to play.

May I suggest shame, humiliation, and public shunning. Maureen Dowd has made a nice beginning  but everyone needs to pile it on.

Consider two contrasting headlines yesterday:

Ford Has Worst Year Ever But Won’t Ask For Aid


What Red Ink? Wall Street Paid Hefty Bonuses.

Which one is about mice, and which about men?

Get mad as hell about this.  Go shame a Wall Street banker today–we expect people to feel shame, not rats, so their response should tell us something.



Terrorists and Convenience Stores: When Social Trust is Threatened

Many years ago, I consulted to a Texas-based convenience store chain.

They had a 150% store manager turnover rate. They wanted to identify characteristics of higher-tenure store managers, so they could hire more people like that.

Turns out that they also administered lie detector tests every month to every store manager about whether or not they were stealing. After about six months, managers figured, “I guess they’re expecting me to steal, and someone must be getting away with it—I’ll give it a try.”

And there’s your turnover.

A massively expensive approach to management. Note the cost of tests, the cost of theft. More importantly, the cost of forced turnover, and of the suspicion and paranoia in the system.

That’s what happens when the only response to a trust violation is to treat everyone like a suspect.

That explains one of the most expensive solutions to low trust in the world today—airport security systems. Imagine the savings if we could figure out how to target terrorists—savings in time, money, personnel, equipment—not to mention the general levels of suspicion and paranoia.

One reason for the cost is that we value fairness over efficiency. No matter it’s your next-door neighbor grandmother and her grand-daughter flying to Dubuque—she goes through the same x-ray machines as a sweating, furtive, cash-paid one-way ticket holder. Anything short of perfect screening isn’t sufficient for us to violate a core set of values around fairness.

So—treat everyone like a terrorist.

Another value is the cultural resistance to monetizing human lives. “If screening saves only one disaster,” we say. But outside the bright lights of the public, others have to make serious trade-off decisions all the time—doctors, public policy makers, safety engineers. The only way we can face those decisions is to hide them from public view.

Once in the public view—treat everyone like a terrorist.

Sarbanes Oxley is the result of a similar logic. Anyone could be an ethical terrorist, the logic goes. Better to realign entire industries to remove temptation rather than to make tough individual decisions about who to prosecute and imprison.

Treat everyone like a terrorist.

But the biggest reason of all may be a tendency to rely on systems rather than people. Seduced by technology and the siren song of metrics, and fueled by paranoia about people we don’t know, our social response to a connected world has been to systematize the human networks—instead of humanizing the systems.

If “everybody’s a terrorist” is our only solution to socially-hostile acts in a networked world, we quickly become hostage to the very thing we tried to prevent. We drown in costly solutions, trying to boil the ocean.

We need social solutions that:

• delegate accountability
• allow for human judgment
• recognize and deal with ambiguity and variance among people and situations
• allow a reasonable level of non-perfection of outcomes

and that do so in a socially acceptable manner.

You can’t trust everyone. That doesn’t mean you can’t trust anybody. But our social policies—and our norms—are blind to this simple truth.