Login  |  Register  |  Contact

Let’s Play: Name That Regulation!

What do you think our new financial law will be? What piece of legislation will be enacted by our government to protect us from the greed that caused this current financial crisis? Last time it was Sarbanes-Oxley. Who will be the poster child for our current financial crisis? Who will be the "Keating 5" this time around? You know it is coming. It has every other time greed has torpedoed our economy. And it is an easy target for any politician when there is only one side to an issue. I mean, how many voters are pro-financial crisis?

I am actually asking this as a serious question. I am really at a loss for a plan of action that would be effective in stopping financial institutions from making bad loans, or how the government could effectively regulate and enforce. The typical downside to bad business practices (falling stock value, bankruptcy) have been nullified with mergers and government funding. In this case the greed seemed to be evident from top to bottom, and not just within a company or region, but the entire industry. Financial institutions to the buyer and most of the parties in between. Yes, lenders skirted process and sanity checks to be competitive, but it took more than one party to create this mess. Buyers wanted more than they could afford, and eagerly took loans that led to financial ruin. Real estate agents writing the deals as fast as they could. Mortgage brokers looking for any angle to get a loan or re-fi done. Underwriters in absentia. Appraisers 'making value' to keep business flowing their way. You name it, everyone was bending the rules.

So that is really is the question on my mind: what will comprise the new regulation? How do you keep businesses from saying 'no' to new business? How do you keep competitive forces at bay to reduce this type of activity from happening again? My guess about this (and why I am blogging about it) is that enforcement of this yet-to-be-named law will become an IT issue. Like Sarbanes-Oxley, much of the enforcement, controls and systems, along with separation of duties necessary to help with fraud deterrence and detection, will be automated. Auditors will play a part, but the document control and workflow systems that are in place today will be augmented to accommodate.

Let's play a game of 'trifecta' with this ... put down the name of the company who you think will who will be the poster child for this debacle, the name of the politician who will sponsor the bill, and the law that will be proposed. I'll go first:

Poster Child: CountryWide

Politician: John McCain

Law: 3rd party creditworthiness verifications and audit of buyers

If you win I will get you a Starbuck's gift card or drinks at RSA 2010, but something.

—Adrian Lane

Posted at Tuesday 30th September 2008 6:42 am Filed under: it auditkeating 5s&lsox

Previous entry: Oracle DBAs and Security | | Next entry: Clickjacking The Network Security Podcast

Comments:

If you like to leave comments, and aren't a spammer, register for the site and email us at info@securosis.com and we'll turn off moderation for your account.

By ds  on  10/02  at  01:17 AM

You guys should really stick with security and not securities (Yeah, that’s funny, I know). 

To put the blame on greed is kindergarten simple.  This "crisis", like most, was caused by the same feckless government that is now trying to fix it. 

First, this all has to do with the subprime crisis.  To find the root of that, don’‘t look to greed, look to liberal egalitarianism.  Thank Jimmy Carter and the CRA, which gave low income folks incentives to get loans they could ill afford. 

In 1995, Clinton revised the CRA, forcing banks to issue these sub prime loans.  He made it palatable by mandating by law that good old Uncle Sam would back these bad loans.  *Poof*, about 1 trillion in new subprimes were issued.  Remember the number. 

McCain explicitly warned 4 years ago that this was a looming crisis, that Freddie and Fannie were at the core of it and, since they were essentially government agencies, that steps must be taken then to fix the problem.  The liberal chattering class was, of course, outraged and denied that the problem existed (you can read the congressional record and see for yourself).  Now they blame anyone else, when they should be focusing on themselves.  Sure, banks share the blame, they didn’‘t complain and stood to make safe money with federal backing, but they were the horse, not the rider. 

Also consider that for the last nearly decade, our "friends" in the Fed have kept interest rates insanely low, making normal "safe" markets unattractive.  So, these mortgages were bundled up and sold as securities.  Seems like a good idea, housing was booming and these were "can’‘t lose" investments.  Even insured.  Unfortunately, now no one wants them (except, I guess, us as taxpayers, since we are buying nearly a trillion dollars worth of them). 

Long story short, blaming greed is a nice little bromide, but it rings hollow, misses the point, and has nothing to do with this blog!

By Tom.W  on  10/03  at  05:32 AM

I find it interesting that we need to "regulate" when risk is understated. Currently regulations and government intervention (PCI,SB1386,etc) are being implemented because business don’‘t see the financial incentive to secure themselves. Business look at the cost of losing data verses the cost of securing it, if the cost of loosing data is lower guess what the business does. Unfortunately they often don’‘t evaluate the inconvenience to the owner of the lost data. (And I just got a letter from CountryWide that they lost my PII, errr!). I suppose this is a valid reason to have oversight. The difference I see with the mortgage crisis is that business thought they were adequately evaluating risk. After all originating and buying loans is all about evaluating risk (borrower credit histories, loan-to-value ratios, and borrower income). The reason for the foreclosures is poor evaluation of these risks. I don’‘t think the government or the CRA is the major blame, the majority of the subprime loans were not even made by banks fully governed by the CRA.

By Rafal  on  10/07  at  07:39 AM

Alright… I’‘ll bite…

Poster Child: CountryWide (I totally agree with you here)
Politician: Barack H. Obama (He’s the "regulate everything" guy… he needs a cause)
Law: Federal Data Privacy and Security Statute - Makes data security a federal mandate and establishes more regulated, audited federal guidelines for data security. 

Page 1 of 1 pages

Name:

Email:

Remember my personal information

Notify me of follow-up comments?

Submit the word you see below: