HOW MIGHT CBA OF FINANCIAL REGULATION WORK?
In this Part, I outline how the kind of quantified CBA/FR envisioned by its proponents might work in practice. The goals of this Part are to illuminate what we might expect of CBA/FR policy, to advance the substantive research project of developing CBA/FR, and to provide a better empirical basis for evaluating CBA/FR law in Part IV.
To accomplish these goals, I outline the CBA/FR that was performed for four specific rules: (1) SEC regulations under Sarbanes-Oxley Act section 404 (SOX 404); (2) the SEC's 2002 mutual fund governance proposals; (3) Basel Ill's enhanced capital requirements for banks; and (4) the Volcker Rule. These analyses are followed by a review of two rules that have been subject to CBA/FR and have been held up as the "gold standard" by CBA advocates: (5) the SEC's cross-border swap rules and (6) the UK/FSA's mortgage market rules.
The first, third, and fourth case studies represent the kind of significant rulemakings that CBA/FR proponents agree should be the focus of CBA/FR, (153) and because they are clearly "economically significant rules," they would trigger the highest degree of interagency review under the CBA Executive Orders and OMB Guidance if the independent agencies were brought under those process requirements. The second case study focuses on rules that led to the D.C. Circuit decisions reviewed above and stimulated the SEC's Chief Economist to publish two extensive CBA/FR-related memos that provide one of the better (if imperfect) examples of what CBA/FR as conducted by a financial agency could look like.
In each case the analysis draws on the best research by economists, finance scholars, and legal scholars, all using the kinds of methods that are closest to the idealized vision of quantified CBA/FR that its proponents are asking financial agencies to pursue. (154) This review illustrates that guesstimated CBA/FR of each of the rules reviewed would (or did) require the same kinds of macroeconomic or political models used to set monetary policy, or entailed causal inferences that are unreliable under standard regulatory conditions, or both.
These case studies were also chosen to reflect representative types of major financial regulations. They focus on regulations promulgated by a variety of financial regulators: the SEC, the Federal Reserve, the Office of the Comptroller of the Currency (OCC), the Federal Deposit Insurance Corporation (FDIC), the CFTC, and the UK's Financial Services Authority (FSA). The regulations employ a range of the kinds of regulatory instruments that are commonly analyzed or proposed for the financial markets: disclosure, governance regulations, capital requirements, activity restrictions, and transactional restrictions and process requirements. The regulations address a variety of market failures: fraud, asymmetric information more broadly, conflicts of interest, externalities (systemic crises arising from the effects of transactions on third parties), and the absence of competition. But they also give rise to a typical array of regulatory costs: compliance costs, constraints on potentially optimal private governance arrangements, smaller or less complete markets, and prohibition of potentially optimal transactions, possibly reducing economic activity and surplus. And, finally, most of the regulations were adopted following at least some conceptual CBA by the relevant agencies, and two were adopted after at least some efforts at quantification of the relevant costs and benefits.
Case Study #1: Control Disclosures for Public Companies (155)
The first case study is of the Sarbanes-Oxley Act (SOX). SOX was Congress's response to the widespread fraud at Enron, Tyco, Worldcom, and other corporations. The core of SOX consisted of two parts (156): (1) the creation of a quasi-public regulatory body to oversee public company audit firms--the Public Company Accounting Oversight Board (PCAOB)--and (2) the requirement of new disclosures by public companies about "control systems." (157) Among other things, the case study illustrates the way that a common goal of financial regulation--the reduction of fraud--implicates important externalities, as well as non-market goods (such as psychological effects of fraud), which cannot be reliably reduced to precise monetary estimates, given current research technologies.
The SEC's CBA of Rules Implementing SOX 404
SOX required the SEC to enact regulations to carry out the goals of SOX 404. (158) The SEC did this in August 2003, a year after SOX's passage. (159) In its adopting release, the SEC included a 1400-word CBA, which, as noted above, was not a legal requirement for the SEC. (160) The release contained a separate 500-word analysis of the rule's effects on efficiency, competition, and capital formation, (161) and a longer analysis under the PRA and RFA. (162) In its CBA, the SEC provided a qualitative listing but no quantification of the rule's benefits. The benefits identified were: (1) generally to (a) enhance the quality of public company reporting and (b) increase investor confidence, and (2) specifically to (a) improve disclosure about management's responsibility for financial statements and controls and how management discharges that responsibility, (b) encourage companies to devote adequate resources and attention to controls, (c) help companies detect fraud earlier, and (d) deter fraud or minimize its effects. The bottom-line benefit, then, was to reduce fraud. (163)
The SEC also provided a qualitative listing of the rule's direct costs (administrative burdens and fees to attorneys and auditors). The SEC noted that companies were already required to have a control system under the Foreign Corrupt Practices Act (FCPA) and that many issuers were already voluntarily providing the required disclosures, raising conceptual issues (discussed below) for what baseline and set of effects to assume in any CBA/FR of the rule--issues that the SEC did not explicitly address. The SEC provided a partial quantification of the costs of its rules under SOX 404. That estimate focused exclusively on the requirements of subsection (a) of SOX 404, disclosures by management, which the SEC estimated would cost covered companies an average of $91,000 per year. (164) The SEC explicitly noted it had no information that would allow it to quantify the costs created by subsection (b) of SOX 404, the auditor attestation requirements, which it acknowledged could be large. (165)
Of note for assessing CBA/FR's effects on public understanding, the SEC has been strongly criticized for the CBA/FR in its release--but only for the part of its CBA/FR that provided a quantitative estimate of costs, which one commentator has claimed is "off by a factor of over 48." (166) However, this critique of the SEC's CBA/FR is demonstrably mistaken. The SEC's estimate was solely for SOX 404(a), while the FEI/FERF estimate was for both SOX 404(a) and 404(b). (167) For several reasons, auditor attestation costs can be expected to exceed internal costs by a multiple (as in fact has been the case). (168) The SEC explicitly acknowledged this gap in its cost estimate, (169) but the criticisms of the SEC ever since--including by SEC Commissioner Gallagher himself--have mistakenly claimed the estimate was for SOX 404 as an entirety. (170) CBA/FR advocates, in other words, have publicly and repeatedly criticized the SEC for underestimating the cost of apples and oranges when the SEC's estimate was for the cost of apples alone. The spectacle may undermine an observer's faith in the value of public discourse stimulated by CBA/FR.
A better critique of the SEC's CBA/FR of SOX 404 is that it failed as conceptual CBA/FR for not identifying indirect costs of the rule. Indirect costs include potential reductions in risk-taking, dilution in strategic focus, and the opportunity costs of devoting excessive management time to compliance and working through the initial control attestation process with outside auditors, internal audit staff, and members of companies' audit committees (which SOX required to be wholly independent for the first time). (171) While quantifying these costs would have been nearly impossible for the SEC at the time (as discussed below), the SEC could have pointed to the possibility of these costs in its rulemaking.
Conversely, the SEC in 2006 did not identify (much less quantify) increased fraud as a possible cost of the deferral of SOX 404 requirements for small and newly public companies, nor did it identify (much less quantify) increased fraud as a possible side effect (cost) of the relaxation of the SOX 404 requirements in (2007). (172) While these efforts were deregulatory in nature, they would be just as subject to CBA under Executive Order 12,866 for an executive agency as would the imposition of new regulations. (173) The fact that the more prominent CBA/FR proponents (174) do not mention these gaps in the SEC's deregulatory rulemaking process under SOX tends to undermine their general depictions of CBA/FR as a politically neutral procedure for improving regulation generally.
An Overview of CBA/FR of SOX 404
Now that ten years have passed since its adoption, how might SOX 404 fare under a CBA/FR? Quantifying the costs and benefits of the rule would require multiple research tasks. These include (1) establishing better estimates of the incidence and direct costs of fraud, (175) (2) securing consensus on how to treat "transfers" for purposes of analyzing fraud, (3) generating new models and data on fraud's externalities, (4) creating better instruments for estimating the rule's causal effects, (5) developing better models and data on the chilling effects that the rule could have on legitimate activity, and (6) promoting better understanding of how compliance costs vary across firms and over time. Each task will be difficult and likely require a separate stream of research before any...