Article body


These remain early days to try to assess the impact of the global financial crisis (GFC) and subsequent regulatory reform efforts on national and transnational financial markets regulation. That said, it is important to continue to assess events “on the fly” given how quickly reform efforts are evolving, how uncertain the future continues to be, and how pressing the need is to implement reforms in Canada and abroad.

This paper considers a particular aspect of regulatory design: principles-based regulation. It seeks to re-examine (and indeed to restate the case for) principles-based securities regulation, in light of the GFC and related developments. It argues against an overly hasty rush to more rules-based formulations. Prior to the onset of the crisis, the concept of more principles-based financial regulation was gaining traction in regulatory practice and policy circles.[1] In Canada, steps were being taken to develop more principles-based securities regulation under the leadership of a proposed new national securities regulator. The federal government’s Expert Panel on Securities Regulation (Expert Panel), chaired by the Honourable Tom Hockin, was struck in February 2008 with a mandate to provide independent recommendations on how to improve the structure, content, and enforcement of securities regulation in Canada. It released its final report on 12 January 2009, recommending inter alia that Canada adopt a more principles-based approach.[2] On 22 June 2009, Doug Hyndman, long-time Chair of the British Columbia Securities Commission (BCSC), was appointed to a two-year term as chair of Canada’s transition office for a new national securities regulator.[3] Hyndman, along with Vice Chair Brent Aitken, has been the driving force behind the BCSC’s principles-based approach and this experience will inevitably inform his approach to his new role.

In the interim between the Expert Panel’s creation and its final report, of course, global credit markets froze, stock market values went into free fall, Wall Street investment banks collapsed, major financial institutions were bailed out on an unprecedented scale, and financial regulatory systems internationally were cast into doubt.[4] A flurry of ambitious reform proposals followed. In March 2009, Lord Adair Turner released the Turner Review: A Regulatory Response to the Global Banking Crisis in the United Kingdom,[5] and major regulatory reform for financial markets has been proposed in both the United Kingdom and the United States.[6] Several major domestic and international policy bodies[7] and a number of scholars[8] have contributed to the conversation. Along with such reform proposals came a turn, in some quarters, against principles-based regulation.[9]

This paper argues that the GFC does not discredit principles-based regulation, as this form of regulation is properly understood. On the contrary, principles-based securities regulation remains a viable and even necessary policy option: it offers solutions to the practical and theoretical challenges that the GFC presents to contemporary financial markets regulation. What the crisis actually demonstrates is how damaging a laissez-faire mindset on the part of the regulators can be to any form of regulation, including principles-based regulation. Adopting principles-based regulation does not mean doing away with rules. Rather, it is a particular approach to structuring regulation that includes rules. It gives legislatures the power to set high-level regulatory goals and outcomes, and leaves the articulation of processes and details to front-line regulators in collaboration with industry itself. Fundamental to principles-based regulation is the development of a functional and effective “interpretive community” that includes industry participants, regulators, and other stakeholders in ongoing communication around the content of regulatory principles.

The experience of the GFC is a lesson about what happens when regulators fail to participate actively and skeptically in that interpretive community. Principles-based regulation is premised on concepts of “co-regulation”, or “enforced self-regulation”, but the GFC illustrates how such models can slide into bare self-regulation in the absence of meaningful regulatory oversight and engagement. Our response should not be to re-embrace more rules-based regulatory approaches. Financial markets are too fast-moving and complex to be regulated in a command-and-control manner, and the risk of inviting Enron-style “loophole behaviour” associated with rules is too great. Instead, we can draw on the lesson of the GFC to identify three critical success factors for effective principles-based securities regulation.

First, regulators need to have the necessary capacity in terms of numbers, access to information, expertise, and perspective to act as an effective counterweight to industry as the content of principles is developed. Second, regulation needs to grapple with the impact of complexity on financial markets and their regulation. Effective regulation should reflect an appropriately granulated understanding of different kinds of complexity and their effects, and reject the notion that innovation is by definition beneficial. It may also mean considering whether some regulatory requirements (e.g., capital requirements) are best cast as bright-line “prophylactic rules”, which at least in the short term may limit complexity and conserve regulatory resources. Finally, this paper suggests that the lack of diversity and independence among regulators and industry may have contributed to conflicts of interest, overreliance on market discipline, and “groupthink” in the run-up to the GFC. The appropriate response may be a move away from an expertise-based, technocratic model toward a more broadly participatory one. The paper closes with a call for a continuing commitment to principles-based regulation, accompanied by the indispensable implementation piece—meaningful enforcement and oversight.

I. Principles and Rules in Theory and Practice

Principles-based capital markets regulation has been a salient policy topic in recent years in many jurisdictions including Canada, the United States, and the United Kingdom.[10] In terms of actual practice, the U.K. Financial Services Authority (FSA) has been a thought leader on principles-based financial regulation.[11] In Canada, the province of British Columbia tried to promulgate a new, more principles-based Securities Act in 2004. Although that proposed act has not been brought into force, the BCSC has since adopted a more principles-based approach to how it administers its existing act.[12] Derivative products in the United States and Canada also tend to be regulated in a more principles-based manner.[13] Most recently in Canada, as noted above, the Expert Panel chaired by the Honourable Tom Hockin has recommended that a proposed national securities regulator adopt a more principles-based approach to securities regulation.[14]

At the theoretical level, the distinction between rules and principles, and their relative advantages and disadvantages, have been quite well canvassed.[15] Generally speaking, rules are considered to have the advantages of being more precise and certain, but the consequent disadvantages of being potentially rigid, reactive, and insensitive to context and therefore inevitably over- or underinclusive. They may also promote or permit “loophole behaviour”, and be more easily “gamed” by sophisticated actors. In comparison, principles are more flexible, more sensitive to context, and therefore potentially fairer when applied. On the other hand, principles can be uncertain, unpredictable, and difficult and costly to interpret. Because they allocate substantial decision-making to front-line decision-makers, they can also permit arbitrary conduct and regulatory overreaching.

A simple example that has been used to illustrate the difference between rules and principles involves speed limits.[16] A speed limit framed as a rule will prohibit driving faster than a precise numerical limit (e.g., ninety kilometres per hour). The rule sets out, in advance and with precision, the boundary of acceptable conduct. This leaves very little discretion to the front-line decision-maker, who needs only to determine whether the car in question was exceeding that predetermined and non-negotiable limit. By contrast, a speed limit framed in principles-based terms would be something like a prohibition on driving faster than is “reasonable and prudent in all the circumstances.” This was, in fact, how the state of Montana framed its speed limits for several years. The non-numerical “reasonableness” standard has the ability to take context—road and environmental conditions, time of day, driver’s experience, etc.—into account. As a consequence, it also allocates substantial decision-making power to the front-line decision-maker, who must use her judgment to determine what “reasonable and prudent” driving constitutes in all the circumstances. It should be emphasized that speed limits involve very different background conditions than securities regulation does in terms of (among other things) the complexity of the subject matter, the scope for and fluidity of potential wrongdoing, and the expertise of the front-line decision-maker.[17] The two are not really analogous. That said, it is noteworthy that Montana repealed its principles-based speed limit in 1999, after the Montana Supreme Court held it to be so vague as to violate the Due Process clause of the state constitution.[18]

The terms are also useful at the systemic level, for describing practical regulatory approaches.[19] No workable system consists entirely of rules or of principles, but different systems can be comparatively more rules- or principles-based—a point the FSA has made by calling its world-leading approach simply “more principles-based”.[20] Statutory drafters and regulators can choose to regulate the same issues by way of different proportions of detailed checklists, bright-line rules, or open-ended statements of objectives.[21] In the context of statutory drafting, principles-based regulation means legislation that contains more directives that are cast at a higher level of generality. A principles-based system looks to principles first and uses them, instead of detailed rules, wherever feasible. When confronted with a new situation, a principles-based system first determines whether it can be regulated under existing principles, and it resists the temptation to create new, purpose-built rules.[22] Yet even within a system that is generally principles-based, rules will always serve an essential purpose in enhancing clarity at key junctures, and buttressing ex post enforceability.

Rules and principles are also best understood as points on a continuum rather than discrete concepts, and there is a good deal of overlap and convergence among them.[23] Any complex regulatory system will be (and should be) an amalgam of rules and principles. Here, the public perception of “principles-based regulation” exhibits considerable confusion. For example, around eighty-eight per cent of the seventy-five written submissions from stakeholders to the Expert Panel were in favour of principles-based regulation.[24] But of these submissions, a substantial number seemed to assume that principles-based and rules-based regulation were at opposite extremes, and that a move to a more principles-based system meant substantially eliminating rules no matter how efficient or necessary they might be. Several stakeholders argued forcefully against exclusively principles-based or rules-based approaches, even though no such drastic move was being proposed.

A. A Time for Principles, A Time for Rules

Almost three decades ago, Colin Diver discussed what he called the “optimal precision” of administrative rules—meaning, the degree of specificity in statutory or regulatory drafting that would best avoid the worst problems of either imprecision or rigidity.[25] He identified three elements of regulatory precision: transparency (i.e., the words chosen have well-defined and universally accepted meanings within the relevant community); accessibility (i.e., the law can be applied to concrete situations without excessive difficulty); and congruence (i.e., the substantive content communicated by the words produces the desired behaviour). Not surprisingly, Diver found that no single “sweet spot” of precision exists. On some questions, flexibility and sensitivity to a particular context will be more important than certainty or the need to limit discretion. More general, principles-based drafting would make sense in that context. Elsewhere, a different mix would be called for. Diver also pointed out that these qualities are difficult to measure, and there are often direct trade-offs between them. Therefore, settling upon a particular mix between rules and principles requires that choices be made, and public priorities be established.

In particular, where these lines are drawn depends on public priorities that the legislator has the mandate to establish. For example, a legislator who is concerned about regulatory overreach or lack of transparency in a particular area would see to it that the regulator had very little discretion (i.e., that expectations are cast as rules rather than principles and are enshrined in a statute) when it comes to such things as access to information, the handling of complaints, or accountability to Parliament. A legislator concerned about individual rights would limit discretion (i.e., would craft rules not principles) regarding hearings, procedural fairness, and participation or consultation rights. A legislator concerned about ensuring that the regulator can keep up with fast-moving events would give that regulator principles, not rules, to work with, and would devolve substantial decision-making to the regulator’s rule-making power. A legislator concerned about ensuring a high correlation between regulatory goals and effective application to particular cases would ensure that the regulator had the power to flesh out the content of principles on a rolling basis, rather than trying to draft specific details in advance.

Important external considerations also come into play. For example, how much scope does the legislator want to leave to the interpretation of regulators, courts, or tribunals? Where does existing regulatory practice (whether principles-based or rules-based) seem to be well-established, to be working well, and to have created expectations on which stakeholders rely?[26] Would a particular drafting approach foster harmonization between existing regulatory regimes, or nudge regulatory practice in a desirable new direction? Are some issues particularly important to the proper functioning of Canadian capital markets (i.e., regulating effectively the many small, closely held public companies, or addressing the rumoured Canadian “market discount”[27]), which call for well-tailored and highly adaptive—that is, principles-based—solutions? On what specific issues does the political will exist to move decisively away from the status quo? What messages does Canada, through its regulatory regime, want to send internationally? All of this requires that policy-makers develop a set of criteria reflecting policy calculations for deciding when to use rules and when to use principles.

Context also matters. An appropriate balance between rules and principles in securities regulation may look quite different from the appropriate balance in other regulatory arenas. The nature of the industry being regulated, the roles of the various players in it, and the risks associated with that area of conduct will inform the regulatory design process.[28] It is relevant that securities regulation is a disclosure-based system that relies heavily on ensuring reasonable access to information as a means for protecting investors. This suggests that congruence is important in this context: core definitions of materiality and disclosure should be broad and principles-based. Preventing fraud and minimizing “cosmetic” compliance and “loophole behaviour” are other areas where the over- or underinclusiveness of rules is particularly problematic. This is the rationale for broad statutory definitions of fraud and commissions’ sweeping public interest powers.[29] Financial markets are also complex, fast-moving environments marked by constant product-level innovation. Principles are preferable in this environment when underpinned by effective information-gathering and analytical mechanisms,[30] since detailed rules may only add to complexity and opacity.[31] Principles also make sense where a flexible approach is needed to ensure good corporate conduct—for example, with regard to internal compliance processes, corporate culture, or risk assessment by management. Like the deference accorded to securities commissions under administrative law,[32] principles-based regulation also reflects legislative faith in regulatory expertise, objectivity, fairness, and capacity.

One can also identify situations where rules may make particular sense in securities regulation. Consistency in form is important in disclosure documents, for example, to make it easier for potential investors to compare investments.[33] Prospectus requirements should therefore contain detailed form requirements. Securities commissions are also powerful administrative agencies, with broad mandates and the ability to impose heavy sanctions. To uphold the rule of law, process requirements associated with investigatory powers and enforcement conduct should be clearly set out. Provisions around notice, rights to hearings, time limits, and procedural fairness should presumptively be more rules-based. Rules also make sense where the sheer cost of applying a principle outweighs the principle’s flexibility benefits—for example, where the regulator needs to manage large numbers of relatively small matters.[34] Accessibility is also important if lay individuals will be interpreting the law on their own. This is a concern in capital markets like Canada, within which many small actors with limited compliance resources operate.[35] During a transitional stage between rules-based and principles-based regulation, for example, maintaining legacy rules may help keep compliance costs down. Finally, rules may be appropriate in situations where the regulator or statutory drafter is confident that it can devise an easy-to-describe, easy-to-verify, and fairly stable rule-based requirement that will serve as an effective proxy for a broader regulatory goal, such as ensuring good corporate conduct.[36]

B. Actual Principles-Based Securities Regulation: Key Characteristics

In producing a research report on principles-based regulation for the Expert Panel,[37] I reviewed and compared the following statutes with a view to determine how principles-based regulation differed from more rules-based regulation at the level of statutory drafting: (1) the Ontario Securities Act (OSA);[38] (2) Bill 38, the proposed British Columbia Securities Act, and associated proposed securities rules (collectively, the “B.C. Model”);[39] (3) the Quebec Derivatives Act (QDA);[40] (4) the United Kingdom Financial Services and Markets Act (FSMA);[41] and (5) the United States Commodity Futures Modernization Act (CFMA).[42] The OSA was chosen to represent the legislative status quo across Canada. The Quebec statute and the B.C. Model are generally understood to be more principles-based. The FSMA was not explicitly principles-based when it was drafted, but the FSA adapted its statutory mandate to develop a world-leading model of principles-based regulation.[43]

Without claiming to be comprehensive, the report identified some overarching themes at the level of statutory drafting.[44] There were several commonalities across regulatory schemes, regardless of whether the regime was more rules- or principles-based, and the “Draft Securities Act” issued by the Expert Panel (based as it was on the existing Alberta Securities Act)[45] reflects the same choices. For example, disclosure and fraud provisions tend to be drafted in a more principles-based manner because these are areas where congruence is essential (i.e., the definition of fraud must be able to capture even novel forms of fraudulent behaviour), and loophole behaviour cannot be tolerated. Compliance provisions also tend to be principles-based, for they require registrants to maintain effective systems and controls to manage the risks associated with their businesses, and prevent and detect internal wrongdoing.[46] More detailed rules cover topic areas where power is uneven and transparency is not otherwise ensured, or where fairness and basic administrative law underpinnings are at stake. For example, every securities scheme has provisions that govern administrative proceedings such as hearings and investigations, and they are all substantially process-based and rule-oriented.[47] The statutes are less detailed in areas that change quickly or that require specialized expertise. In general, these overarching commonalities accord with the Diver analysis as to where transparency, flexibility, or congruence should be the dominant concerns.

The Expert Panel research report also identified particular ways in which principles-based and rules-based regimes differ. Some differences are essentially stylistic. For example, principles-based regulation is consistent with a move toward plain-language drafting. Other differences, while consistent with a principles-based regulatory philosophy, are not essential to it. In particular, the proposed B.C. legislation originally imagined much more streamlined processes in its proposals for firm-only registration and continuous market access.[48] Another element common to the principles-based statutes considered is the inclusion of a small number of high-level principles guiding the conduct of regulated entities.[49] Consistently with the principles-based approach, these principles are left to be translated into specific business-conduct expectations in context through techniques such as administrative guidance, enforcement example, the incorporation and dissemination of good or best practices, and ongoing communication between regulator and registrant.[50]

The most profound structural differences between the principles-based and rules-based statutes are found in two areas: (1) the proportion of decision-making and interpretive power that is explicitly left to be filled in through the rule-making function rather than statutory drafting; and (2) the proportion of outcome-oriented versus process-oriented statutory requirements.

All four of the statutes studied grant rule-making power to the regulator in question.[51] To be clear, securities law statutes in every jurisdiction contain notable principles-based provisions.[52] In contrast to regulators in other fields, securities regulators already have extensive notice-and-comment rule-making powers and enjoy substantial deference from courts on judicial review.[53] As between rules-based and principles-based systems, however, the difference lies in how much detail is provided in the statute, and how much is left to be filled in through the Authority’s or Commission’s rule-making. The difference between a traditional, rules-based approach to statutory drafting, and the B.C. version of principles-based drafting is strikingly illustrated in the Table of Concordance prepared by BCSC staff in September 2004.[54] Large portions of the Securities Act currently in force simply have no equivalent in the proposed B.C. legislation, in large part because the proposed legislation allocates the authority over more context-specific, detailed decision-making to the Commission, pursuant to its rule-making power.[55]

Consider, for example, Canadian prospectus requirements. Both Ontario and British Columbia (under both the existing Securities Act and the proposed legislation) require that issuers file a prospectus and obtain a receipt for it before distributing or offering a security. The statutes’ overarching provisions are quite similar:[56]

-> See the list of tables

Where the rules-based and principles-based approaches diverge, however, is in the additional details provided in the statute itself. In the OSA and the existing BCSA, the general requirement above is accompanied by additional provisions concerning, inter alia: amendments to preliminary and final prospectuses (each of which receives distinct treatment); certification requirements for issuers, directors, officers, underwriters, etc.; receipts; waiting periods; and distribution.[60] By contrast, the proposed B.C. legislation locates many of those issues within its proposed Securities Rules, instead of in the proposed statute.[61] A similar shift toward greater reliance on Commission rule-making powers is evident in the proposed B.C. legislation around takeover and issuer bids, proxies, continuous disclosure, and primary market civil liability.[62]

The second major distinguishing feature of more principles-based legislation is that it tends to be structured in a more outcome-oriented, as opposed to process-oriented, manner. The notion of outcome-oriented regulation is so connected to the principles-based approach that in its submission to the Expert Panel, the BCSC expressed a preference for the term “outcomes-based” rather than “principles-based” to describe its approach.[63] Outcome-oriented regulation measures performance against regulatory goals, whereas process-based regulation measures compliance with detailed procedural requirements.[64] For example, both the OSA and one part of the B.C. Model (its Code of Conduct for dealers and advisers)[65] contain provisions that try to ensure that customers receive timely disclosure of trades conducted on their account. The OSA establishes a strict procedure, whereas the B.C. Code of Conduct specifies only an outcome.[66] We see similar differences in their approaches to dealer conflicts of interest.[67]

Another example is account supervision by broker-dealer firms. In 2004, the BCSC commissioned a regulatory impact analysis that compared the detailed, process-based account supervision requirements established by the Investment Dealers Association (IDA) (as it then was) with the more outcome-oriented requirements imagined under the proposed B.C. Code of Conduct for dealers and advisers.[68] The Code of Conduct would have required a firm to “[m]aintain an effective system to ensure compliance with this Code, all applicable regulatory and other legal requirements, and [its] own internal policies and procedures,” and to “[m]aintain an effective system to manage the risks associated with [its] business.”[69] The four firms studied were of the view that the IDA rules,[70] which mandated transaction-based daily and monthly reviews, contributed significantly to their regulatory burden without providing meaningful investor protection. From their perspective, the reviews were duplicative, rigid, and (worst of all) not effective in detecting abuses characterized by patterns of behaviour—where they thought the biggest compliance risks arose. As a result of these perceived limitations and in response to what the firms described as concerns about civil liability, reputation, and good business practice, each of the firms had already, by the time of the study, developed its own parallel risk-based supervisory system.[71] The regulatory impact analysis concluded that relative to the existing system, British Columbia’s proposed Code of Conduct would, by permitting firms to focus their energies on their effective internal risk-management systems, improve investor protection, allow firms to innovate to achieve regulatory objectives in the ways that were most efficient for their businesses, and reduce compliance costs.

We return to some of the difficulties associated with reliance on internal risk models below.[72] The point here is that outcome orientation has important implications on how regulators approach their task, and understand their mandate. By definition, outcome-oriented regulation accepts that there may be more than one means or process to achieve a regulatory goal. It transfers decision making about process from regulators to industry. The essential assumption underlying both principles-based and outcome-oriented regulation is that legislators and regulators are in the best position to develop regulatory goals, but may not be in the best position to devise process-based means for achieving those goals. One of the reasons that outcome-oriented regulation is attractive is that it establishes a more direct relationship between regulatory goals and regulatory requirements. Outcome-oriented regulation translates regulatory goals directly and transparently into the outcomes that industry is required to meet. By contrast, process-oriented requirements that are developed by regulators in advance may not be perfectly tailored to regulatory goals, even though regulators possess less contextual information than industry actors do. Process-oriented regulation can also permit market participants to abide by the letter of the law while ignoring its spirit. This is especially the case when it comes to highly complex instruments, or in areas where events are fast-moving and regulators on their own could not hope to keep up with the pace of innovation.

Fundamental to an outcome-oriented system is the existence or development of an “interpretive community”[73] that collectively develops, on a rolling basis, the detailed content of statutory principles. In order to function transparently and predictably, a principles-based system must build in mechanisms that allow regulators to communicate with industry about their expectations, and that both allow and require industry to speak openly and regularly with regulators about their processes. Communication can take place through a number of channels including official administrative guidance, speeches, “no action” or “Dear CEO” letters, compliance audits, comments on industry standards, or specific enforcement actions. Over time, such communication can help develop an interpretive community that understands regulatory expectations, and can usefully interpret regulatory pronouncements about “reasonableness” or “effectiveness” in different situations.

Principles-based securities regulation is thus a particular way of structuring regulation, not a decision to do away with rules. Principles-based regulation is based on the conviction that while legislators and statutory drafters have the public legitimacy to establish broad regulatory goals, they are not in the best position to develop detailed guidelines for industry conduct, especially in fast-moving arenas like securities regulation. Those powers are allocated to front-line regulators at the securities commissions whose expertise derives from their proximity to industry and whose accountability derives from the notice-and-comment aspect of their rulemaking powers. Moreover—and this is the crucial point today—even those front-line regulators are limited in their access to information by comparison to the industries they regulate. In order to remain relevant and informed about fast-moving industry practice, to keep regulation sufficiently flexible, and to avoid inhibiting productive innovation, regulators need to establish open and perpetual communication lines with industry. They need to use industry’s own good and best practices to add the “meat” of detail to the “bones” of their principles-based regulatory expectations.

Described another way, principles-based regulation is a two-tiered approach, in which principles-based legislative drafting provides flexibility, and constantly evolving industry experience and regulatory rules add certainty on a rolling basis. In this formulation, principles-based regulation, as applied, avoids the biggest problems associated with both principles and rules at the level of theory. Moreover, it can produce more effective regulation by ensuring that the party that has access to the best information is the one that provides the detail on any particular issue. What the GFC may suggest to us is that this “beyond theory” perspective is still idealized, and that its promise was not achieved in practice. How real-life experience fell short of expectations is described in the next part of this paper, followed by a discussion of three large lessons learned.

II. The Global Financial Crisis

At least three major arguments contend that the GFC does not represent even a superficial challenge to principles-based securities regulation. First, the most alarming problems originated with complex securitized products that were distributed through exempt private-market placements, entirely bypassing the public securities markets where the full panoply of regulatory safeguards would have applied. Second, the GFC has to do with gaps in regulation, far more than with drafting choices. Gaps in regulation, especially around prudential regulation of players in the so-called “shadow banking system” of the United States, were surely the most obvious and consequential aspect of regulatory failure.[74] The asset-backed commercial paper crisis in Canada in August 2007 revolved around paper sold under an exemption from securities regulation.[75] Credit-rating agencies, which failed utterly as gatekeepers,[76] were drastically underregulated.[77] Third, the GFC was a global event. The complex securitization technology that increased risky lending, decreased transparency, and multiplied and spread risk was not unique to principles-based jurisdictions.[78] Even within the core concerns of securities regulation, national systems traditionally described as rules-based—specifically, that of the United States—demonstrably fared no better than the more principles-based system at the United Kingdom’s FSA. While many specific components of financial and securities regulation (ranging from prudential regulation and systemic risk analysis to the basic usefulness of the existing disclosure-based model[79]) are legitimately being re-examined, they are being re-examined globally.

A. Risk and Reward: Devolution of Details to Industry

Where the GFC should provoke reflection, however, is with regard to the role of devolution to industry. Here, the GFC does represent a challenge (though I would argue not a fundamental one) to principles-based regulation. Principles-based regulation works by devolving the details of regulation to industry, on the assumption that industry has the best information and is in the best position to both assess and bear its own risks. While not essential to principles-based regulation, this devolution is a central reason for the advantage of principles-based regulation over rules-based regulation in fast-moving environments. Devolution of the details to industry, however, went on to play a central role in enabling some of the most painfully aggravating conditions associated with the U.S. subprime mortgage meltdown. This need not have been the case. Crucially, devolution does not automatically imply weak public oversight. Nevertheless, devolution accompanied by an ideology of self-regulation contributed to insufficient oversight of the massive expansion of the over-the-counter market for derivatives within which credit default swaps traded, following the passage of the CFMA.[80] Other past examples of devolution include Basel II[81] and, correspondingly, the United States Securities and Exchange Commission’s (SEC) approval in 2004 of alternative net capital requirements for the leading investment banks under the Consolidated Supervised Entities Program (CSE Program).[82] These initiatives allowed banks and investment banks to maintain capital reserves based on their own internal risk-assessment models, with very little scrutiny from regulators.

Regulatory faith in industry actors’ competence, if not literally their bona fides, proved to have been misplaced to catastrophic effect. George Soros has charged that the GFC reflects a “shocking abdication of responsibility” on the part of regulators.[83] Investment banks and others engaged in originating, structuring, and selling financial products engaged in breathtakingly bad behaviour. There was real dishonesty.[84] The firms also made grave errors in safeguarding even their own interests. In the hands of in-house financial economists, academic caveats about the limitations of efficient markets theory models[85] as well as limits of valuation models were ploughed under.[86] Predictable psychological irrationalities seem to have been at work within firms, including groupthink, overconfidence, self-serving biases, and excessive faith in “hard” numbers, which were not accounted for in the regulatory decision to devolve the details to industry. There is also a strong public-choice narrative: banks had little incentive to behave prudently in building tranches of consumer debt-based securities because they sold them to third parties, in a market eager to buy them.[87] At a structural level, banks may have focused on short-term gain at the expense of long-term value because they were public corporations, not partnerships, and because bank CEOs were compensated based on short-term earnings.[88]

Regulators also seem to have underestimated the degree to which industry actors would try to avoid or circumvent regulatory oversight. Whether out of short-term self-interest, economic pressure, or simple lack of understanding,[89] firms within the CSE Program that applied the alternative net capital requirements valued illiquid assets too generously, underestimated long-tail risks, and maintained inadequate capital buffers, all the while arguing that their behaviour was reducing rather than exacerbating risk. Firms innovated in structured products, not only to reflect increasing sophistication or in order to make their product more attractive to purchasers, but also sometimes to avoid regulation.[90] They avoided comparability in order to reduce transparency and make it harder for regulators to understand what they were selling.[91]

Each of these factors, even in isolation, represents a considerable challenge to what Julia Black has termed the “regulatory Utopia”, within which the self-examining, responsible firm, possessing the greatest contextual information, helps to elaborate the content of principles-based regulation through ongoing dialogue with a flexible and outcome-oriented regulator, in the service of the mutual goal of optimized regulation.[92] What follows below is a dissection of the ways in which the self-regulatory regimes that gained so much traction in the past decade differ from principles-based regulation when buttressed by an active regulatory presence. Only after we have a sense of the underlying structure of the principles-based project can we assess what it has slipped to in recent practice, and what aspects of it remain vital.

B. Enforced Self-Regulation and Principles-Based Regulation

Principles-based regulation is not the same thing as self-regulation. Nevertheless, the distinction between principles-based regulation and self-regulation has not always been adequately emphasized. Competition between jurisdictions for increasingly mobile global capital played a role in obscuring this distinction. Large financial firms’ ability to relocate to more “competitive” regulatory environments provoked regulators and policy-makers to focus on the costs of substantive regulation. The rhetoric of principles-based regulation became enmeshed with the rhetoric of efficiency and the need to control the regulatory burden. Arguments in favour of principles-based regulation from Henry Paulsen, for example, tended to emphasize the free-market benefits and the reduced regulatory burden associated with the FSA approach—not its asserted regulatory oversight benefits.[93] Some, concerned about London’s increased capital market share in the last few years, asserted that its success with principles-based approach was the result of lower standards and lax oversight under principles-based regulation, especially in its junior market.[94] London-based regulators naturally disputed this assessment.[95]

The March 2009 Turner Review insightfully describes the regulatory world view that failed to anticipate the problems identified above.[96] Lord Adair Turner, now FSA Chairman, was commissioned by the Chancellor of the Exchequer in October 2008 to review the causes of the financial crisis and to make recommendations about regulatory changes. According to the Turner Review, the FSA did not fail because it embraced principles-based regulation. Indeed, principles-based regulation is barely mentioned.[97] Instead, Lord Turner ascribes blame to flaws in FSA philosophy—that is, to a hands-off, market-based regulatory approach that assumed that: markets were generally self-correcting; market discipline could be trusted to contain risk; the primary responsibility for managing risk lay with senior management, not regulators, because senior management had better information; and consumers were best protected through unfettered and transparent markets, not product regulation or direct intervention.[98]

Lord Turner is correct to draw a distinction between the FSA’s stance in favour of industry self-regulation and its principles-based approach. To equate principles-based regulation unequivocally with self-regulation would be to misunderstand both. The two are not inconsistent, nor are they synonymous. Self-regulation refers to the degree of public intervention in private industry. Neither principles-based nor rules-based regulation guarantees any particular stance toward self-regulation. Principles-based regulation is a particular regulatory approach that may or may not be highly interventionist, depending on how it is implemented, even though its effectiveness relies on pulling industry’s own experience and information into regulatory expectations. Indeed, some opponents of principles-based regulation are primarily concerned about the possibility that such an approach would allow regulators to overreach, especially in the enforcement context.[99] Whether a principles-based approach amounts to lax regulation, overzealous regulation, or (impossibly) pitch-perfect regulation is a function of how, and how well, it is implemented.

Principles-based regulation as properly understood inevitably requires a robust and capable public role, including meaningful enforcement.[100] Principles-based regulation is not code for a position that promotes allowing industry to do an end run around the regulator. It is a conceptually consistent outgrowth of the loose group of regulatory perspectives variously known as new governance,[101] co-regulation,[102] enforced self-regulation,[103] or “responsive regulation”.[104] New governance and its variants are not the same as self-regulation.[105] According to its proponents, new governance scholarship exists explicitly for the purpose of making the public state more, not less, central and relevant.[106] To use Jerry Mashaw’s recent formulation, new governance represents a different balance between the available public, market, and social mechanisms for ensuring accountability, putting greater emphasis on the latter two.[107] It imagines a different role for the regulator than rules-based, command-and-control regulation does. However, it does not suggest that public accountability, in the form of state action, could ever be ignored.

How exactly to best enforce self-regulatory models is a matter of some debate. Different models exist. Ex post enforcement actions play a much larger role in U.S. securities regulation than they do in the United Kingdom, where the focus is more on ex ante supervision and compliance work.[108] The impact of civil liability also needs to be considered.[109] When it comes to principles-based regulation, Black is probably correct when she writes that “principles need enforcement to give them credibility but over-enforcement can lead to their demise.”[110] A growing body of scholarship considers how to make enforced self-regulatory systems effective and credible using supervision, outcome-oriented problem solving, negotiated compliance, and firm penetration through compliance audits.[111] Enforcement in a principles-based system (including referral for criminal prosecution if necessary) likely works best as the culmination of a series of such interactions with an industry actor, ratcheted up through an enforcement pyramid approach.[112] Once at the enforcement stage, especially when dealing with cases based on violation of a principle alone, successfully bringing enforcement actions calls for substantial confidence and fortitude on the part of regulators. Enforcement staffers must also be watchful for potential procedural fairness concerns.[113]

The GFC represents an important lesson for some new governance scholarship, some of which has not always been particularly interested in how theory plays out in practice.[114] Indeed, the shortfall between the promise of an inspiring theoretical model and its application to real-life regulation makes the problem more (not less) important to solve. What was missing from many aspects of financial regulation, in retrospect, was meaningful accountability. The pressing questions now are why pre-GFC systems did not incorporate adequate public accountability mechanisms, and how principles-based securities regulation in Canada might avoid similar pitfalls. What follows are three recommendations for charting a path forward for principles-based regulation in Canada in the wake of the GFC. These recommendations take as a starting point that principles-based regulation must be buttressed by meaningful regulatory oversight, and then they move beyond that to a closer review of what accountability demands. The recommendations focus on problems of complexity and capacity, and the compromising effect that a lack of diversity and independent-mindedness can have on effective regulatory oversight.

III. Lessons Learned and Steps Forward

A. Four Points on Regulatory Capacity

It turns out, though there was no doubt, that how principles are implemented is at least as important as how legislation is drafted.[115] As observed earlier, certainty in a principles-based regulatory regime has less to do with how a particular provision is drafted and more to do with the development of an interpretive community that defines the content of that provision.[116] What is required is a regulator who is capable of functioning as an independent and credible member within that interpretive community—that is, a regulator who has a clear sense of her distinct role as a voice on behalf of the public interest. Moreover, because so much interpretive discretion rests in the regulator’s hands, regulatory capacity, training, judgment, and philosophy are critically important to effective implementation. It is therefore crucial to think carefully about the structure through which principles will be translated into regulatory practice.

Working well with principles-based regulation requires considerable changes to traditional regulatory culture. Moving to a new model would take time and training.[117] A principles-based regulator focuses on defining broad themes, articulating them in a flexible and outcome-oriented way, accepting input from industry, and managing incoming information effectively. This requires expertise, a more ongoing communicative relationship with industry, restraint in providing administrative guidance, and the continued use of notice-and-comment rule-making where appropriate.[118] Principles-based regulation relies on good and best practices emerging from industry to help define the content of principles-based regulatory requirements. Using good and best practices (which evolve) as opposed to potentially static industry standards allows regulatory expectations to evolve and remain flexible. It also builds in a learning process for both regulators (who are learning from industry about what works in different contexts) and regulatees (who are learning from each other). This shift in emphasis does not, however, require that regulators “roll over and play dead” in the face of industry demands.

1. Lesson One: Effective Regulatory Capacity Requires Adequate Number of Staff

At the first and most fundamental level, regulatory capacity in this new environment requires an adequate number of staff. As Black has pointed out, principles-based regulation (like risk-based regulation) may be more hands-off in its approach to the details, but this does not mean that it requires fewer regulatory resources. Depending on choices about implementation, principles-based regulation may actually require intensive interaction with firms, at least around certain issues or situations.[119] Yet, as the Northern Rock debacle in the United Kingdom highlighted, the FSA was far from adequately staffed.[120] Its Major Retail Groups Division was reduced by some twenty staff between 2004 and 2008, notwithstanding the division’s responsibility for substantial and complex FSA priorities such as Basel and the Treating Customers Fairly initiative, in addition to its core firm risk-assessment work.[121]

The example of the SEC’s CSE Program is even more striking.[122] Its Division of Trading and Markets had only seven staffers and no executive director, yet since March 2007, it was charged with overseeing five otherwise unregulated major broker-dealer firms that formed the backbone of the American-based shadow banking industry, based on an alternative capital adequacy method. One of the effects of understaffing was that Trading and Markets staff had not completed any inspections of the division’s subject firms in the eighteen months prior to the collapse of Bear Stearns in September 2008.[123] This lack of oversight would have been problematic in any event, but it was even more catastrophic in an outcome-oriented system where so much of the detailed procedural design for achieving regulatory goals had been delegated to industry. As we all now know, the firms’ models, which assessed largely illiquid assets operating in the absence of both price discovery and backstop prudential regulation, proved woefully inadequate.

2. Lesson Two: Regulators Must Have Transparent and Reliable Information about Industry

Second, regulators must have the ability to obtain transparent and reliable information about the industry actors they oversee. Even today, there can be no disputing that industry actors have better and more up-to-date information on their operations than regulators could hope to obtain. The larger firms also have far superior resources. Yet these same actors have an interest in casting facts to their advantage, in making their products look as attractive as possible, and in reducing regulatory oversight where possible. Again, as hard experience at the FSA and the SEC demonstrates, simple information collection is a crucial first step. The post-mortem account of regulatory failure in the Northern Rock case identified a number of instances in which the FSA failed to collect, or did not have access to, the information necessary to assess accurately the risk that the bank posed. Supervisors were found not to have been “proactive in ensuring there was a robust process allowing them a complete picture of issues.”[124] The post-mortem analysis of the CSE Program recorded similar weaknesses. Among other things, the analysis identified instances in which the CSE staff failed to adequately track material issues in regulated firms, approved changes to capital requirements before completing full inspections, and failed to exchange information with other SEC divisions.[125] In a system where information is power, such as in the regulation of the sale of complex derivative instruments, a regulator without the ability to obtain direct information effectively cedes the field to those it regulates.

Principles-based regulation in conditions of complexity requires that regulators have and use robust investigatory powers where necessary, and that they conduct regular and adequate compliance audits. Like staffing adequacy and information-gathering capability, effective compliance mechanisms are even more central in a principles-based environment. Compliance efforts give regulators access to essential, fine-grained information about particular firms, and promote regulatory credibility and engagement with industry. They are an important tool for developing and communicating the precise content of principles-based requirements to industry actors. As noted above, they are also part of a coordinated, multifaceted oversight approach for public companies and regulated entities, based on a carefully designed “enforcement pyramid” approach that also includes other supervisory strategies, as well as civil and criminal enforcement.[126]

3. Lesson Three: Regulators Must Independently Scrutinize Information

Third, regulators in a principles-based system must have the capacity to scrutinize information independently.[127] This requires considerable capacity in terms of information management systems. It also calls for quantitative expertise and industry experience. The FSA’s responses to Northern Rock, and its challenges in meeting them, may be instructive to Canadian securities regulators as they contemplate moving toward more principles-based regulation. The FSA plans to enhance its supervisory teams through increased staff, better training, a mandatory minimum number of staff per high-impact institution, and closer contact between senior staff and the biggest firms. It also plans to improve the quality of its staff, hiring risk specialists to support front-line supervision teams by focusing on the complex models used by banks to gauge financial risk.[128] As one commentator observed, the regulator will now be pursuing “the same PhD rocket scientists the banks are chasing. ... As Northern Rock shows, it’s not just about evaluating the problems, but having the people who can follow them up and forcefully make the case to the bank.”[129]

The need to hire “PhD rocket scientists” may seem peculiar, given that flawed quantitative analysis by in-house bank economists so drastically exacerbated the GFC in the first place.[130] The fact that quantitative analysis has been abused, misapplied, and overgeneralized in the past, however, does not mean that banks will not use it in the future. In spite of its theoretical limitations and the recent catastrophe, quantitative analysis continues to have substantial predictive value, and it will continue to serve as a central tool for financial industry actors. Securitization has brought too many benefits, and too much profit in good times, for modern financial markets to eschew it in the future. Indeed, financial innovation continues.[131] A regulator who does not have the capacity to challenge firms’ models will not have the capacity to engage in an important ongoing conversation.

4. Lesson Four: Regulators Must Have Healthy Skepticism about Industry

Finally, in addition to having the numbers, the information, and the analytical skills, regulatory staffers must have sufficient confidence in their own judgment and a healthy degree of skepticism about industry. This difficult problem is discussed further below.[132]

B. Complexity and Prophylactic Rules

One of the striking lessons of the GFC has been the impact of complexity on the financial markets, and the degree to which existing regulatory structures failed to manage those effects. Steven Schwarcz even suggests that complexity is plausibly the “greatest financial market challenge of the future.”[133] He first describes the complexity in the assets that underlie modern structured financial products, which are overladen with complexity in the design of the structured products themselves and exacerbated by complexity in modern financial markets. He then examines how these multiple complexities can lead to inappropriate lending standards, failures of disclosure, a lack of transparency and even comprehensibility, and—perhaps most difficult to manage—the creation of a complex system characterized by intricate causal relationships and a “tight coupling” within credit markets, where events tend to amplify each other and move rapidly into crisis mode.[134] Prior to the GFC, there was a general failure by all concerned to appreciate the myriad interrelated ways in which complexity can impair markets and financial regulation.

It is unrealistic to think that we can now unwind complexity from our financial markets. Instead, we must develop a more comprehensive and fine-grained understanding of how complexity manifests and for what reasons. Schwarcz’s incisive analysis of the sources of complexity is a first step. We should also be evaluating varieties of complexity in terms of their costs and benefits, both to real economies and financial markets as a whole and to various constituencies.

Some of the complexity deriving from innovation in structured product design is the result of increasing sophistication and fine-tuning, and has considerable beneficial effects for investors. After a certain point, however, either by design or in effect, the overall benefits flowing from ever-increasing complexity become outweighed by their overall costs. As suggested in the Turner Review, the GFC has challenged the “underlying assumption of financial regulation in the US, the UK and across the world ... that financial innovation is by definition beneficial, since market discipline will winnow out any unnecessary or value destructive innovations.”[135] In retrospect, some recent forms of financial innovation delivered few benefits but permitted rent-seeking and contributed to significantly increased systemic risk.[136] As noted in the Turner Review,

it seems likely that some and perhaps much of the structuring and trading activity involved in the complex version of securitised credit [over the last ten to fifteen years], was not required to deliver credit intermediation efficiently. Instead, it achieved an economic rent extraction made possible by the opacity of margins, the asymmetry of information and knowledge between end users of financial services and producers, and the structure of principal/agent relationships between investors and companies and between companies and individual employees.[137]

One of the common arguments in favour of principles-based regulation is that it supports innovation. While this continues to be an important value, more thought needs to go into precisely how it supports innovation, to what point innovation confers net benefits, and to whom those benefits flow. A fundamental risk associated with principles-based regulation is that, in the absence of the (at least putatively) immovable markers that rules represent, there will be “creep” around the meaning of a term.[138] Without regulatory oversight to ensure that terms are interpreted in a reasonable and accountable manner, self-interested actors can be expected to define terms in their own interest. Where there is already underlying uncertainty (e.g., around a new or extraordinarily complex product or line of business) or where there is no metric for evaluating something across institutions (e.g., a compliance program, a product, or a risk), the problem can be exacerbated.[139] “[R]isky shift” can occur,[140] especially when markets are experiencing a bubble or when competitive pressures push actors toward greater risk-taking.[141] Without countervailing, independent-minded regulatory power to push back against self-interested industry conduct, the “creep” may run downwards—toward more risk, less transparency, less systemic stability, and less consumer protection.

Meaningful regulatory oversight is therefore an important consideration, and complexity makes that oversight harder to achieve. We know now that our financial regulatory approaches were not built to handle the effects of complexity and constant innovation that characterize modern financial markets. Principles-based and collaborative regulation is, of course, a response to those very phenomena. But as Jack Coffee and Hillary Sale have argued, even an optimal regulatory model will not work if it is too complex for regulators to implement.[142] In terms of the rules-versus-principles debate, this means taking into account both theory and implementation when deciding how to structure particular regulatory provisions. Ease of implementation by regulators may be an important consideration. This consideration may weigh especially heavily where we can identify that additional complexity resulting from structured product design innovation is of diminishing marginal utility. There may be contexts in which (subject to the caveats below) rules’ greater ability to contain complexity helps justify a rules-based formulation over a principles-based one, notwithstanding the significant costs to flexibility, innovation, congruence, and prospectivity.

Capital requirements are a concrete example of where firms with more rigid requirements weathered the acute phase of the fall 2008 credit crisis better.[143] As has been well documented, Canadian capital requirements for financial institutions are comparatively high, and tend to be even exceeded by the actual practice of Canadian banks. Asset-to-capital ratios are capped at a comparatively low level.[144] Canadian financial institutions’ overall success in weathering the GFC has been often attributed to these regulatory restrictions.[145] Another example, beyond the rules-versus-principles conversation, is contract term standardization. Especially with respect to derivative contracts, standardization can help rein in complexity, subject innovation to a degree of price discovery and oversight, and make derivatives easier to regulate.[146]

To use Colin Diver’s terms, capital requirements may be an area in which, taking into account all the factors (e.g., poor regulatory oversight, gaps in regulation, etc.), transparency and accessibility prove to be more important than perfect congruence. In other words, if there is no clear and forceful regulatory voice in the interpretive community around a regulatory principle, then the (ultimately superficial) certainty provided by (inevitably imperfect) rules will still prove more valuable than the flexibility and contextuality provided by principles. This is especially the case when one considers to whom benefits have flowed. The benefits of flexibility will flow to those in a position to apply the principles. When there is no close conversation with regulators about, for example, what constitutes meaningful disclosure with respect to complex structured products in the retail market, then firms developing those products will decide on the meaning of disclosure principles in light of their own interests.

We should also consider the role that particular regulatory requirements play in overall systemic stability and efficiency. Rules around capital requirements, like much of prudential regulation, are so fundamental to effective functioning of the system that they should not necessarily be subject to contestation, innovation, and potential “creep” through collaborative regulatory practice. The analogy in democratic theory would be to participation rights, which are seen by some to be so fundamental to deliberation that they should not themselves be subject to the risk of erosion in the process of that deliberative exercise.[147]

We should be careful not to overstate the lesson here. The fact that systems with rigid, mandatory capital requirements performed better during the financial crisis does not mean that such capital requirements will necessarily be better than a more flexible alternative, or that we can generalize from capital requirements to other areas of financial regulation. We did not learn that rigid capital requirements are better than any mechanism we could possibly imagine. They may not even be better than the CSE Program might have been, had it been buttressed by adequate regulatory capacity. Rigid requirements impose costs, too. What we learned is that rigid capital requirements worked better than the flawed and basically unaccountable capital adequacy system that was in place under, for example, the SEC’s CSE Program.

It is helpful to see our current struggles with complexity as epistemological ones.[148] Complexity is worrisome right now in part because, as was the case in the frozen credit markets in the autumn of 2008, we do not know what we do not know. In time, based on greater understanding, we may be able to develop a more sophisticated approach to complexity (with more and different safeguards in place) that does not seem to force us to choose so starkly between flexibility and systemic stability. In other words, existing bright-line capital requirements should be seen as prophlylactic, not permanent, rules. Prophylactic rules are clear and generally overdrawn requirements, like the Miranda rights-reading requirement for police in the United States, which serve as placeholders to protect an important interest until and unless a better, more tailored method for achieving the same end can be implemented.[149] A “better” approach to capital requirements would have to improve flexibility and congruence, but not at the expense of the transparency, accountability, and ease of application that rigid requirements provide in this crucial aspect of financial markets regulation.[150]

Prophylactic rules are helpful in keeping essential systems functioning and in conserving regulatory resources. However, under conditions of underlying factual uncertainty, rigid rules cannot resolve that uncertainty. Rigid rules will paper over uncertainty, forcing difficult interpretations underground—or alternatively forcing rule revisions through legislative processes that are far too cumbersome to be serviceable in “live”, fast-moving systems. Principles-based regulation is a more promising long-term response to extreme complexity and consequent uncertainty, because it allows us to examine and discuss its effects explicitly, directly, and openly. New governance generally is about designing the problem-solving architecture required for handling situations of extreme uncertainty, in which neither the precise ultimate goal nor the means for achieving it can be determined in advance.[151] This is the kind of environment in which it makes sense to enlist the context-specific knowledge of a broad band of stakeholders in a collective, comparative, learning-by-doing regulatory project, while not being naïve about the impact of self-interest and power.

To summarize this paper’s recommendations thus far, principles-based regulation requires considerable regulatory capacity in order to be credible. It requires greater regulatory capacity in terms of numbers, resources, and expertise than has been allocated to it in some of the infamous examples of regulatory failure in the past two years—the failure of Northern Rock in the United Kingdom, and of the SEC’s CSE Program in the United States. At the same time, one should be realistic about regulatory capacity when designing a regulatory regime. One should not design a system that is too complex for actual regulators to implement. Bright-line prophylactic rules, along with contract term standardization and other similar techniques, can help to conserve regulatory resources. Such rules around capital requirements, for example, will be useful in the near future as we continue to grapple with the implications of complexity in the financial markets. Over the long term, however, a credible, principles-based, collaborative structure will be more robust and effective.

C. Building Independence and Diversity into the Regulatory Architecture

A principles-based approach also has repercussions for the deep structure of regulation. For many, the GFC represents a fundamental challenge to the efficient market hypothesis, and indeed to the very place of economic theory in developing public policy.[152] This paper suggests that we should instead consider recent lessons about macro-level regulatory design. The task now (the completion of which is beyond the scope of this paper) is to identify the structural and dialogical components that are essential to ensuring that the principles-based regulatory architecture is robust and credible. Chief among these components are mechanisms to ensure parties’ accountability and to validate information.

Principles-based regulation replaces many tightly defined, statutorily entrenched, and hard-to-revise legislative requirements with an ongoing, information-based, pragmatic dialogue about good practices and regulatory goals.[153] The shift itself is not determinative of choices between, for example, industry self-regulation or intensive supervision.[154] Nevertheless, it has practical implications for these policy choices. Under principles-based regulation, many of the bulwarks of detailed statutory law are replaced by more easily revisable requirements. Recall the Table of Concordance[155] between British Columbia’s existing and proposed Securities Acts. It serves as a clear illustration of the volume of detailed decision-making that is moved out of the statute and into rule-making under a principles-based approach. At its best, principles-based regulation therefore makes possible a more sophisticated, informed, collaborative, flexible, and transparent development of regulatory goals and means. At the same time, such a deliberative, iterative process increases the number of “moving parts”, and makes the act of law-making more porous to external social forces and trends. What must replace detailed statutory precommitments is serious attention to the capacities, predispositions, and situation of front-line decision-makers, and to how the various participants in the interpretive community can be expected to function together.

One way to think about the GFC is as a product of the marginalization of overarching regulatory design considerations in favour of overly broad faith in market discipline. There were obvious gaps in shadow banking industry regulation. Great weight was placed on the shoulders of credit rating agencies, without adequate thought to ensuring that those agencies were impartial and accountable.[156] Regulators were not an effective counterweight to the banks in the Northern Rock[157] and CSE Program examples.[158] In retrospect, programs like the CSE are paradoxes. On one hand, regulators delegated risk assessment to firms explicitly because they did not and could not possess the knowledge those firms had about their own operational risks. Yet, the compensatory steps that might have reduced the knowledge gap and ensured more meaningful oversight—compliance audits, close supervision by adequate numbers of well-trained staff—were not taken. Whether because the regimes’ regulator-level architects accepted too unthinkingly the laissez-faire ethos of recent years,[159] or because they had no choice given their lack of regulatory mandate from legislators[160] (and these two are connected), regulatory programs like the SEC’s CSE Program lacked a commitment to a robust public role in either design or implementation.

Both the conflict of interest story and the overreliance on market discipline point to a troubling question that applies not only to the Northern Rock failure or the CSE Program, but also to much of the bond and securities markets. The question is: from which quarter, exactly, was the independent critical thinking supposed to come? Jack Coffee’s memorable insight that the “gatekeepers” were one of the weak links that led to the Enron debacle resonates again today,[161] but it needs to be generalized. These are industries that are tightly enmeshed with their regulators and reputational intermediaries. Credit rating agencies were remunerated handsomely for giving good ratings to mortgage-backed securities. British regulatory and financial services communities are characterized by considerable social overlap.[162] Much has been written in the United States about the positions of public power occupied by individuals formerly working in the private sector, and the potential adverse effects on public policy.[163]

In a provocative article in The Atlantic magazine, Simon Johnson has argued that one of the causes of the financial crisis in the United States was that the financial industry was dominated by oligarchs with ties to government.[164] Drawing on his experience working with developing nations at the International Monetary Fund, Johnson predicted that the power of the oligarchs would also impede economic recovery because the necessary bold steps to regulate industry would not be taken. The author concludes that a destabilizing total collapse could be the “cleanse we need” and that piecemeal steps taken to avoid confrontation with the oligarchs would only prolong the pain. Without accepting that a “cleanse” is the necessary course, Johnson’s experience underscores how damaging the lack of an external, skeptical perspective can be when operating on an industry-wide (or even economies-wide) scale.

This paper does not argue that individuals with industry experience should be barred from assuming positions of responsibility overseeing those industries. The benefits of employing regulators with industry experience (in terms of expertise), perceived legitimacy with industry, and persuasive force are irreplaceable. Nor does this paper focus on the possibility that industry-regulator ties will consistently compromise prosecutions and enforcement actions.[165] Beyond these important arguments about agency capture is a subtler worry about perspective. As Joseph E. Stiglitz has observed, “[i]f those who are supposed to regulate the financial markets approach the problem from financial markets’ perspectives, they will not provide an adequate check and balance.”[166] Neither gatekeepers nor regulators will serve their function effectively if they are not firmly rooted in an independent source of authority and meaning that is in active tension with their allegiances “within the circle” of those they oversee. Such anchors help them resist the pull of groupthink, cascades, and collective confusion that can take hold within a particular community—phenomena that are especially dangerous in principles-based regulation because of the degree of built-in fluidity.

An absence of diversity in perspective may also have implications for an industry’s ability to self-regulate. Leaving aside regulatory failure, one may ask why investment banks themselves did such a poor job of quantifying and managing the risks they were running. In multiple and intricately connected ways, firm culture can affect the degree to which a firm is capable of acting independently in the face of competitive pressures and behavioural cascades. Goldman Sachs famously managed to avoid some of the worst excesses in mortgage-backed securities, arguably as a result of its culture of “contrary thinking” relative to the rest of its industry.[167] Internal diversity may also influence a firm’s stance toward risk-taking, as suggested by Michael Lewis’s analysis of Icelandic banks and culture,[168] as well as studies of the influence of gender in the financial services industry.[169] Enforced self-regulation also stands the best chance of success when industry actors genuinely care about their broader reputations, which requires commitments and allegiances beyond one’s own firm and industry.[170] All of this should lead us to wonder whether institutions that draw on a broader range of perspectives may be better able to maintain some cognitive distance from group pathologies to both their own advantage and the advantage of an enforced self-regulatory approach.

This suggests a few specific reform recommendations. To begin with, careful thought needs to be given to how the various pieces of a principles-based regulatory approach will function together, where each actor’s strengths and vulnerabilities lie, who is or is not participating in the interpretive community, and what is required to build checks and balances into the system’s functioning.[171] Credit rating agencies are an obvious example. If they are to continue to fulfill a central role as reputational intermediaries, they need to be more independent and better regulated than they recently have been. Regulators should also consider making hiring decisions based not only on applicants’ relevant industry and legal expertise, but also on whether applicants seem to have sufficient confidence and independence of mind (however obtained) to keep them mindful of their distinct public role in the face of well-resourced and coordinated action from industry. Regulators in a principles-based or enforced self-regulatory regime should also watch for groupthink and behavioural cascades within their industry, and they may want to give additional recognition or leeway to the views of industry outliers when a cascade appears to be developing.[172] This may ultimately call for a richer description of the relationships between capital markets actors and the other crucial social, institutional, and historical milieus in which they are embedded, to understand which actors might “keep their heads” and how to ensure their participation to that end.

Finally, a diversity of perspectives is important to principles-based regulation at the macro level. Principles-based regulation will not function well if it is purely technocratic, closed, and expertise-based. Technical expertise is not necessarily politically or socially neutral, and expertise-based models can shut down useful discussion. By contrast, principles-based regulation is a system whose evolution depends not on modelling, but on ongoing dialogue with stakeholders based on their real-life experience. Principles-based regulation is actually a different model from that based on technical expertise: it derives its legitimacy from its collaborative, dialogic experience, and it operates on the basis that pragmatic, learning-by-doing experience is a more reliable foundation than abstract theory for regulatory policy development.[173] The quality of the decisions that emerge from its collaborative process, as well as the basic legitimacy of that process, require broad participation. It also matters whether the interpretive community that is engaged in filling in the details around a principles-level regulatory requirement is sufficiently inclusive and diverse. That community must have enough common ground that its constituent parts can speak to each other and a certain degree of trust can exist. At the same time, too much homogeneity limits the range of imaginable possibilities.[174] This calls for a regulatory architecture that specifically builds in opportunities for all key stakeholders to participate.

For Julia Black, principles-based regulation at its fullest is a polycentric process that pulls in a wide variety of stakeholders.[175] For the Expert Panel as well, principles-based regulation needs to be supported by greater investor participation guarantees in the form of an independent investor panel and dedicated investor issues groups.[176] Broader stakeholder participation does not guarantee good regulatory outcomes, of course. The FSA’s Consumer and Practitioner Panels did not prevent the Northern Rock debacle.[177] Stakeholder participation also introduces its own significant challenges.[178] At the same time, one may ask what might have happened had the secret “war games” that revealed the risks that Northern Rock posed to systemic stability been made public back in 2004.[179]


The GFC contains cautionary lessons about the risks associated with principles-based regulation when it is not reinforced by a meaningful regulatory presence. However, the response cannot be a knee-jerk reversion to either a more rules-based or a more command-and-control approach. Principles-based regulation accompanied by input from industry was a direct response to a situation where regulators were underinformed, always playing catch-up, and made fools not only by Enron-style corporations engaging in “loophole behaviour”, but also (to harken back to the negative image of 1970s bureaucracies) by their own rigid, seized-up processes. The costs of a system that is too rule-based are also considerable: it can stifle innovation, create loopholes and loophole-oriented behaviour, drive uncertainty “underground” and make problem-solving less explicit, and impose costs related to inflexibility. Principles-based regulation needs to be understood as a response to those very real problems.

Furthermore, we should not imagine that a return to older regulatory strategies will avoid future frauds. There is no hope of putting the genies of financial innovation and complexity back into the bottle. Under conditions of such extreme uncertainty, ongoing interpretation of underlying principles is the only feasible option. Facially straightforward rules cannot make a complex situation simple. Detailed rules will be out-of-date by the time they are drafted. Principles are attractive because they can adapt to emerging events, and can adapt in a transparent and accountable way. By contrast, rules must evolve either through time-consuming statutory amendment, or through selective or no enforcement that conceals the exercise of substantial regulatory discretion.

However, thought needs to be given to how principles-based regulation perpetuates or even amplifies existing structural flaws in regulation. To be effective, principles-based regulation must increase regulatory resources, develop a thoughtful response to complexity (including a place for prophylactic rules), and consciously incorporate a broader and more independent range of perspectives into the regulatory discussion. As Canada’s Expert Panel well appreciated, careful implementation and meaningful enforcement are everything in building a strong principles-based approach to securities regulation.[180]