Home » Governance - Compliance » The PRICE of REGULATION


Prescriptive mandates, critics charge, are often worse than the ailment.

O regulations! The warm and fuzzy comfort that Corporate America’s miscreants will be punished, and proof that Congress is earning its keep. But there’s another side to regulations – the economic distress they foster when they’re hastily slapped together, hampering business development, hammering investments and breeding other disastrously unintended consequences. In effect, a bad situation turns worse.

As example, we present the well intentioned Sarbanes-Oxley Act of 2002. Predicated on restoring investor confidence by preventing corporate malfeasance, SOX is the king of unintended consequences. Its litany of woes includes fewer companies listing on American stock exchanges, many corporations delisting, and others privatizing or remaining private. The law is blamed for hindering the ability of investors to build wealth and companies’ ability to raise money. Small public companies are disproportionately penalized by the costs involved in compliance, and all public companies are compelled to cut costs to similarly make the grade.

Just how costly is SOX compliance? Jerre Stead can provide a personal example. As chairman and CEO of IHS Inc., a global provider of market intelligence, Stead has been on an acquisition spree, buying 24 companies since IHS went public four years ago. He estimates that SOX compliance costs add two to three percent to an acquisition’s price tag. “If we spend $100million in cash to buy a company that produces $30 million in revenue, it will cost us at least $2million to $3 million to bring the company into compliance,” Stead says. “This is a hidden but factual cost. I can understand the good intentions behind SOX – the rush to do something after the WorldCom and Enron scandals – but to my knowledge since the act became law, no one has been arrested and found guilty of noncompliance. How can American companies be spending billions of dollars a year on something that seems to have little or no value?”

It’s a question resonating with other corporate leaders, business academicians and even former regulators.

With the nation on tap to absorb more regulations in the years ahead, their complaints are vociferous that SOX needs fixing now. Its constitutionality is being challenged in the U.S. Supreme Court, which must rule on the subject by June 30. Proposed changes to the law are under review by the Obama Administration. But, more important than any tinkering with SOX, these same people argue, are more fundamental changes in how regulations are effected and their continuing efficacy.

While regulations are created to serve a distinct and important purpose, many are a waste of energy -tying up time, production and money in a tangle of red tape. Laws that once seemed prudent stay on the books for years before someone realizes their lack of utility. Ernie Patrikis, former general counsel and first vice president of the Federal Reserve Bank of New York, recalls one particular regulation that no longer fulfilled a need. “Treasury Title 31USCwas a decades-old provision requiring the Treasury Department to launder money – literally,” Patrikis recalls. “The law actually required the Treasury to launder soiled currency in a washing machine. We finally rewrote that one.”

Patrikis says the law might still be on the books had not the New York Fed decided to take a look back. “It was the first and only time we did some cleaning up – like Hercules sweeping the Augean stables of you know what,” says Patrikis, who is currently global co-leader of the bank advisory practice at law firm White & Case. “That’s one of my key complaints about regulations – there are no sunset provisions, where you are required to review a law before it continues, ad infinitum.”

Back in the Day

To get a sense of the sheer mass of regulations, simply hoist a copy of the Federal Register. Better bring along a forklift because this repository of proposed and final federal rules and regulations added up to a back-wrenching 80,700 pages in 2009 – an all-time record. One can’t blame President Obama for the tome’s heft – its pages averaged about 75,000 during the Bush Administration, compared to a little more than 71,500 during the Clinton years. With hasty year-end Congressional passage of legislation overhauling financial regulations, next year’s register will be even heavier. “The sheer number of regulations that U.S. companies must comply with boggles the mind,” says Robert Swieringa, a professor of accounting in Cornell University’s Johnson School of Management. “No other society on Earth could tolerate the number of rules we have here.”

It wasn’t always this way. In the early 1900s, few government regulations existed. As industrialization spread and developed, regulation of industry in its early stages became necessary. The introduction and expansion of agencies empowered to investigate and punish wrong doers was gradual at first, but in the 1960s and early 1970s, inspired in part by books like Silent Spring by Rachel Carson, and Ralph Nader’s consumerist speeches, the number of regulations mushroomed. In the Nixon era, when the EPA, OSHA and a half-dozen other alphabetical agencies were established, the Federal Register doubled in weight. By the time Jimmy Carter entered the White House, the volume encompassed more than 70,000 pages.

Many laws were right on the mark, addressing social ills like unfair hiring practices, industrial pollution, and product and worker safety. Still, the number of rules kept growing, making compliance and risk management major corporate activities. A 2009 survey by Ernst & Young indicates that the average company in the U.S. spends about 4 percent of revenue managing risks and compliance issues. Fifty-two percent of survey respondents say their companies’ financial risks have increased in the past year, while 40 percent cite the same for their companies’ compliance risks.

Evidently, the federal government’s big stick has many companies crouching in fear. Despite the $35 billion annual price tag for complying with SOX(according to the American Electronics Association), 18.2 percent of business professionals across various industries say they are “more concerned” about their companies becoming a target of securities litigation than they were two years ago, according to an online poll by Deloitte in December.

Black SOX Scandal

While not the only regulation raising ire, Sarbanes-Oxley is the one most in the crosshairs at the moment. Its prescriptive mandates, critics charge, are worse than the ailment. “I’m a big believer that the vast majority of companies behave ethically and appropriately,” says Jeff Thomson, CEO of the Institute of Management Accountants, “but lawmakers have a tendency to rush legislation through, imposing a social tax on the companies that were behaving ethically and appropriately, and thereby deteriorating their economic value.”

Like many, Alex J. Pollock, resident fellow at the American Enterprise Institute, decries the law’s inability to control the risks that led to the financial crisis and consequent recession. He points to the many companies subject to SOX’s required audits that didn’t register a blip on the radar screen, such as GMAC, IndyMac, Freddie Mac, WaMu and Countrywide. “All we know about Sarbanes-Oxley is that it succeeded in creating huge cost, an elaborate bureaucracy, and a vast effort around identifying, documenting and managing risks,” he says. “But ‘Where’s the beef?’ – the benefits? Are we able to document an actual decrease in business fraud? About the only beneficiaries are the partners of accounting firms, who are raking in a financial bonanza.”

The irony that the failed accounting firm Arthur Andersen – Enron’s partner in duplicity – was the impetus for SOX doesn’t escape him. Still, when the Dow Jones was cruising to an all-time high of 14,164 a few years ago, few would argue that SOX hadn’t ignited the ride. “Back then, a lot of investors would have said that SOX was working, that it was a restoration of public confidence in the integrity of the books of American corporations,” says Prof. Terry Connelly, dean of the Ageno School of Business at Golden Gate University, and formerly chief of staff in Salomon Brothers’ banking operations. “SOX made it comfortable to invest and easier to do mergers and acquisitions because you had a reasonable prospect, in looking at the books of a company, that public disclosure was close to private reality.”

Joe Tarantino, president and CEO of global audit firm and consultancy Protiviti, perceives other benefits. “SOX pushed organizations to a point of higher discipline, higher accountability and more proactive demonstration of their internal control environments,” he says.  

Then came the unintended consequences. Says Connelly, “It killed the public offering market in the U.S., forcing a lot of offerings to shift abroad.” Last year, for the first time, the Hong Kong Exchange raised more money through IPOs than all of the exchanges across the U.S., including the New York Stock Exchange. In 2010, according to a study by Ernst& Young, the Shanghai Stock Exchange is expected to outpace both the Hong Kong Exchange and the NYSE. Public offerings are so dismal in the U.S. that Dealogic projects they will fall below the levels of the dot-combust of 2001–2003, even with the rebound in financial markets.

“There have been unintended consequences like fewer companies tapping into public equity markets in the U.S.,” says Lawrence A. Weiss, a partner at law firm Hogan & Hartson. “When entrepreneurial companies don’t tap the public equity markets, their growth opportunities are curtailed, which then affects job creation and the economy as a whole.”   

“The unintended ramifications of SOX have been stifling – grounding the wheels for venture-backed companies, closing the IPO window, making investors leery to fund new startups and forcing companies to document things that are common sense,” agrees Larry Harding, CEO of High Street Partners, a global advisory firm.

SOX’s “one size fits all” standard with respect to auditing internal controls has bred other disastrous consequences. Its notorious Section 404, requiring companies to implement internal financial controls and have them tested by outside auditors (followed by audits of the audit firms themselves by the Public Company Accounting Oversight Board), burdens public companies with huge compliance costs. Whereas larger firms can rely on their own personnel to assess and document their internal controls, smaller companies often must hire consultants. “It’s one thing for a company the size of General Electric to institute expensive controls, and quite another for a company with a $1 million profit,” Connelly says.

According to a study by the conservative Heritage Foundation, the cost of Section 404 compliance for a company with a market cap between $75 million and $700 million is $1.5 million, or 0.46 percent of its revenue. For a company with a market cap above $700million, the cost is $7.3million, or 0.09 percent of its revenue. The foundation concluded that SOX “punished” smaller companies “for deficiencies determined by their inherent disadvantages.”

Those cost estimates do not take into account the time spent by everyone from board directors to senior and middle management on compliance, charges Fariborz Ghadar, director of the Center for Global Business Studies at Penn State, and a senior adviser for the Center for Strategic and International Studies. Ghadar estimates that “thousands and thousands of hours are spent to justify everything the company is doing, thereby diverting management’s focus from becoming more competitive and profitable. Such indirect costs are unbelievable. The money spent on SOX compliance and effort is money that isn’t spent on the things shareholders would benefit from.”

That’s a position shared by Christine Jacobs, CEO of Theragenics, who recently penned a letter to the SEC’s Mary Schapiro arguing that the current regulatory climate is strangling small public companies like hers (see sidebar). “Our resources are limited and we cannot afford to carry an ever-increasing cadre of people whose only job (or primary focus) is regulatory compliance,” she wrote. “We estimate that regulatory burdens require our management team to spend up to 30 percent of its time on compliance issues.”  

Outcry over the compliance burden now shouldered by small public companies is swelling, as evidenced by this letter from Christine Jacobs, chairman and CEO of Theragenics, to the SEC’s Mary Schapiro. “We do not deserve to be burdened by oppressive, expensive rules,” she argues. “We are not Merrill Lynch, Bear Stearns, Lehman Brothers, Citigroup, General Motors or any of the other companies that have spectacularly imploded and destroyed untold wealth.”  

What’s more, recent events suggest there’s little to no return on that formidable cost. “So far, we haven’t seen anyone prosecuted,” notes Ghadar. “In the meantime we’ve experienced the greatest shocks to the financial system in decades. SOX completely failed to identify the culprits of the crisis.”

One of those culprits – Countrywide Financial – “actually received an award from the Institute of Internal Auditors for its superior SOX controls in 2007,” says John Berlau, director of the Center for Investors and Entrepreneurs at the Competitive Enterprise Institute in Washington, D.C. “Two years later their executives were being indicted for securities fraud. Somehow, all the internal controls didn’t uncover the alleged fraud.”

“The law has become a vast mechanism for documentation, so if something bad happens you can point to the fact that you did what you were supposed to, having checked the boxes and producing documentation that you adhered to the rules,” contends Shivan S. Subramaniam, chairman and CEO of commercial insurer FM Global. “This is an enormous effort on behalf of accountability, and not necessarily the same thing as good management practices.”  

A Better Process

On the bright side – for smaller public companies at least – President Obama is reviewing permanently exempting companies with less than $75 million in market capitalization from Section 404 compliance, while some in Congress push for a higher threshold. There is also the small possibility that SOX will be declared unconstitutional. But these are potential fixes after the fact. What about the fundamental process of rulemaking? Can the regulatory system be improved?

One idea is to slow down the pace at which laws are enacted – particularly those spawned by a crisis. Scandals are more likely to inspire dramatic press coverage than good lawmaking, notes Murray Weidenbaum, who chaired President Reagan’s first Council of Economic Advisors and is now a professor at Washington University. “Hearings dominate the process, but the actual time allowed for writing the law is scant,” he says. “There is disproportionate attention to the problem, and not enough time given to how you respond to it.”

The problem with many regulations is that they come after the fact, adds Michael Logan, president of data security consultancy Axis Technology.

“In normal economic periods regulations tend to be neglected, yet this is precisely the time that prudent regulatory actions should be undertaken to prevent possible abuse and fraud.”  

Another way to improve business regulations is to have business make the rules and enforce them. “If industries were more proactive in their self regulation it would obviate the need for many of the regulations,” Tarantino says. “Regulations are reactive to an event or systemic issue, driving home the point to an industry that something needed to be improved. SOX reacted to the large number of restatements and internal control issues that occurred in a short period of time. Had industry undertaken these control structures on their own, there might not have been the need for SOX. That is the message CEOs need to take away with them.”

It’s a message others also preach. “Good regulation often is not made on the floor of the U.S. Congress,” says Michael W. Robinson, chair of the corporate practice at Levick Strategic Communications, a crisis management firm. “Good regulations are not made in the hothouse of a political campaign or on the editorial pages. Good regulations need to look forward, not backward.”  

A final idea to eliminate or mitigate many laws’ unintended consequences is to tack on a sunset provision, or otherwise require periodic reviews of regulations. “The intent would be to improve the rules by eliminating aspects that are no longer relevant, overly costly or ineffective,” says Patrikis.  

In addition to sunset provisions and periodic assessments, Weidenbaum wants to require cost-benefit analyses of statutes before implementation. “I’ve seen all sorts of recommendations over the years to require the GAO or the Congressional Budget Office to do a cost-benefit analysis before a statute is passed and then to update these over time, but they all fell on deaf ears,” he says. “Comparative analyses are the starting place for reforming regulation.” 

Cost-benefit analyses would be a “blessing for America,” agrees Stead. “We CEOs do it all the time and the government should do it, too,” he adds. 

“Just yesterday I signed off on a revised corporate travel and expense policy. It had a three-year sunset and the time had come to review it. We made some changes and moved on.” 

About Russ Banham

Russ Banham
Russ Banham (russ@russbanham.com) is a contributing writer to Chief Executive