Can’t we just ask the regulator?
|
It is well-known and widely reported that regulations have grown in scope, density, interrelation and complication since those mad, dreamy Eighties days when rules were for birds and the Randian spirit of Aleister Crowley was the dominant fingerpost showing the way towards market governance.
“Do what thou wilt shall be the whole of the Law”.
The world of modern finance was unexplored: broken-fenced frontiers everywhere you looked, and you were free to wander the hinterland scalping unwitting customers — “ripping customers’ faces off” was the vogue term, come to think of it —unrestrained by official hand.
This, contemporary thought leaders believed, was best for everyone, in the long run. “Government is not the solution to our problem; government is the problem,” as Ronald Reagan once famously put it, and Javier Milei did again — without attribution — at the WEF in 2024.
In recent times this carefree impulse has fallen on stony ground. Of course, it has: to survive its auto-destruction, any new programme must self-organise: that founding spirit of optimistic anarchy will resolve to well-meant gentle governance which in time will calcify into impenetrable rules, etiquettes and ways of operating calculated to maintain the emergent power structure around the programme. This happened to the fifties, to rock ’n’ roll, in the noughties to the internet, it’s happening to crypto right now and will happen to AI at some point in the future — as long as Skynet doesn’t happen first.
The financial markets are the same: the libertine laissez-faire of the eighties that made all this possible has given way to utter technocracy.
A freedom that once seemed hopeful and elegant now seems barbaric in its simplicity. We have become inured to the idea that our every financial impulse should be minutely monitored, reported, and regulated.
The theory
And that is fine. Being a pragmatist, it is not the JC’s motive to take sides in the cosmic debate: rather, to say, however heavily we frame our rules, good governance and our well-rehearsed imperative of juridical certainty requires them to be as plain, clear and actionable as they can be. The world is uncertain and non-linear enough: the guardrails we erect to protect each other from it should not be. We should not be left in doubt about what we can and cannot do. We should not be held hostage for the consequence of acting in a case of genuine doubt.
Besides, wilfully leaving doubt in regulation creates an opportunity for doubt alleviators to extract rent. Three-quarters of the UK’s £32bn legal services industry services the corporate sector.[1]
Nor should rules be above criticism: times change, unintended consequences emerge and people make bad rules. Practitioners at the coal face are the first to apprehend them. They should not be loathe to point them out.
In any sensible polity, rules carrying sanctions must be easy to understand, follow and challenge. The optimal scenario: everyone abides by the rules, and there is an easy and open process to challenge the ones that don’t work.
The reality
The reality is that global regulation is a monstrous, baffling burden. Even sensible jurisdictions mandate multiple regulators to oversee ostensibly the same territory (SEC, CFTC, FRB, FDIC in the US alone). That is before we deal with the conflicts of cross-border regulation and regulatory perimeters or the actions of supranational bodies such as the Basel Committee on Banking Supervision.
This is licence enough for the advisory-industrial complex of legal, accounting and regulatory advice that has grown around the markets, but it is made worse by regulators’ reluctance to be categorical, or even take a position, on what their own rules mean.
Sure, regulators purport to render their rules in plain English, but often by way of aspiration rather than outcome. And, at the end of the day, if regulations are confusing the market, whether or not regulators believe they should be, this is reason enough to clarify them. If you can’t just rewrite them — a continually morphing regulatory textscape might be even worse than static rules no one understands — then at least be prepared to clarify, through official guidance, what you take your own rules to mean and how you intend to enforce them.
Continental tax authorities might occasionally issue, and be bound by a tax ruling The SEC issues the occasional “no-action letter”, more by way of forbearance from enforcement, rather than interpretation, of its rules. There are no bright lines, after all.
But this is not, in the Anglo-Saxon markets, the done thing. It is as if regulators are keeping the option to retrospectively smack down subjects to suit the political climate. Perhaps they fear the precedent an erroneous ruling night create: their own staff, as prone to budget cuts and outsourcing as anyone else, might have no better idea what the rules are meant to mean than anyone else. Perhaps the underfunded gamekeeper fears the poacher’s skill in finding loopholes and running around the spirit in which the rules were put in place.
Probably all of the above.
JPMorgan, the NDA and the whistleblowers
So we hear that JPMorgan agreed to pay the SEC a US$18m fine for signing confidentiality agreements that violated Rule 21F-17(a) of the Securities Exchange Act of 1934 prohibiting action that impedes communication with the SEC about possible securities law violation. We don’t know the specifics, but it doesn’t seem to be alleged that Morgan intended this, or that it took any positive steps to enforce its NDAs in this way, but rather that the confidentiality agreements might have had that effect, or been used this way.
If that is right then we have a wholesale rewrite of confidentiality agreements about to descend on us. The NDA is a well-understood beast: its principles are pretty standardised, even if their articulation is not. One principle is “you may disclose confidential information to a regulator if you are firmly asked for it, or compelled to do so”.
The SEC’s whistleblowing rule requires something more than that: you must be free to disclose information that may indicate securities law violations if you feel like it. No-one is obliged to be a whistleblower, however, so an NDA drafted along market standard terms would not, explicitly, permit whistleblowing. You might try to get home if you have a general “this agreement is to be read to be consistent with all laws as they apply to the parties” but you are reaching a bit here.
The SEC release agreed with JPMorgan said:
“[JPMS client] and [JPMS client’s] attorneys are neither prohibited nor restricted from responding to any inquiry about this settlement or its underlying facts by FINRA, the SEC, or any other government entity or self-regulatory organization or as required by law.”[2]
You can answer questions from regulators — without compulsion — but you can’t volunteer things they did not ask for.
Editorialising for a bit — I know, right: who? me? — then unless JPMorgan wilfully meant to prevent whistleblowing, this seems like a bad precedent. Nothing in the SEC’s press release about the fine indicates this is the case. So firstly, JPMorgan is being fined, basically, for agreeing to pretty standard NDAs.
Secondly, and it is a point Matt Levine makes with typical brio, this means that the securities law violation you can blow the whistle on — and be rewarded under the whistleblowing programme for — is the existence of the NDA itself. The NDA contravenes Rule 21F-17(a), after all.
But as above, in as much as they cleave to the market standard of permitting disclosure to regulators when asked, all standard NDAs breach Rule 21F-17(a). Not because anyone meant to, but because this is a unique exception that has never occurred to anyone before. It would be interesting to know who planted the idea of this enforcement in the SEC’s head. We have all heard of lawyers chasing ambulances: here is an ambulance chasing the lawyers.
In another facet of US justice administration, JPMorgan has agreed to the settlement without admission or denial of liability — perhaps taking the pragmatic view that a USD$18m fine is a drop in the ocean compared to the administrative time and burnt marital capital that it would take to contest such a charge. But in doing so, Morgan has acquiesced to a bad principle, thereby enacting it on everyone else.
Expect a flurry of activity in the NDA space and — inevitably — the lengthening of an already tedious symbolic ritual.
What would a compliant NDA look like?
Here is where the regulatory reluctance to flesh out your own rules creates work for lawyers without reason. If we take it as read that JPMorgan’s infraction was formal and not substantive — then surely a practical thing for SEC to do would be to issue some agreed-upon wording: say, as long as your NDA, in essence, provides that “nothing in this agreement is intended to prevent any person reporting possible legal violations to any regulatory authority” then you give the remainder of the market clear guidance for which lawyers are not required, and JPMorgan shall not have suffered in vain.
See also
- Data modernism
- Complex system
- Non-disclosure agreement