Can’t we just ask the regulator?
It is well-known and widely reported that regulations have grown in scope, density, interrelation and complication since those mad, dreamy Eighties days when rules were for birds and the Randian spirit of Aleister Crowley was the dominant fingerpost showing the way to the future:
“Do what thou wilt shall be the whole of the Law”.
Modern finance was once unexplored: broken-fenced frontiers everywhere you looked, and you were free to wander the hinterland, scalping unwitting customers — “ripping customers’ faces off” was the vogue term — unrestrained by official hand.
This, contemporary thought leaders believed, was best for everyone, in the long run. “Government is not the solution to our problem; government is the problem,” Ronald Reagan once famously put it. Javier Milei , but he feels like a man out of time.
For in recent times — President Milei’s remarks notwithstanding — this carefree impulse has fallen on stony ground. Of course it has: to survive its auto-destruction, any new programme must self-organise: its founding spirit of optimistic anarchy will resolve into well-meant, gentle governance which, in time, will freeze into an impenetrable tundra of rules, etiquettes and ways of behaving, all loosely calculated to maintain and strengthen the power structure as it emerges around the programme.
This happened to the nineteen-fifties, to rock ’n’ roll, to the internet, it’s happening to crypto right now and, if Skynet doesn’t happen first, it will happen to AI before long.
The financial markets are the same, only on a loop: the free-wheeling 1920s gave way, via the shock of the Great Depression, to sober, careful regulation. From there a mid-century of cold war in the East and warm steady growth in the West gave way to the libertine laissez-faire eighties, the End of History itself in the nineties, and that decayed into late-stage freewheeling techno-anarchy in the noughties.
It all fetched up, back where it started, upon the rocks of the Global Financial Crisis, whereupon the cycle began again. Detailed, rules-based regulation was back in style.
Twenty years on, we are all technocrats now: a freedom that once seemed hopeful and elegant now seems barbaric in its simplicity. We have become inured to the idea that, because it can be, our every financial impulse should be minutely monitored, reported, and regulated. An industrial estate has taken root around this business of administering things.
And that is fine. Being a pragmatist, it is not the JC’s motive to take sides in the cosmic debate: rather, to say, however heavily we frame our rules, good governance and our well-rehearsed imperative of juridical certainty requires them to be as plain, clear and actionable as they can be. The world is uncertain and non-linear enough: the guardrails we erect to protect each other from it should not be. We should not be left in doubt what we can and cannot do.
Nor should we be held hostage for the consequence of the things we do when in honest and excusable doubt.
Besides, wilfully leaving doubt in regulation creates an opportunity for the enterprise of doubt alleviation to extract rent. Three-quarters of the UK’s £32bn legal services industry services the corporate sector. That is easy to count. Less so is the difference it makes.
Nor should rules be above criticism: times change, unintended consequences emerge and people make bad rules. Practitioners are the first to apprehend them. They should not be loathe to point them out.
In any sensible polity, rules carrying sanctions must be easy to understand, follow and challenge. The optimal scenario: every earnest firm abides by the rules, little time is therefore spent policing them, and there is an easy and open process to challenge the ones that don’t work.
The reality is different. Global regulation has become a monstrous, baffling, ineffective burden. Even sensible jurisdictions mandate multiple regulators to oversee ostensibly the same territory (SEC, CFTC, FRB, FDIC in the US alone). That is before we deal with the conflicts of cross-border regulation and regulatory perimeters or the actions of supranational bodies such as the Basel Committee on Banking Supervision.
This is licence enough for the advisory-industrial complex that has grown around money management, but it is made worse by regulators’ reluctance to be categorical, or even take a position on, what their own rules mean.
Sure, regulators purport to render their rules in plain English, but often by way of aspiration rather than outcome. And, at the end of the day, if regulations are confusing the market, whether or not regulators believe it, this is reason enough to clarify them. If you can’t just rewrite them — a continually morphing regulatory textscape would be worse even than static rules no one understands — a regulator should at least be prepared to clarify and issue binding guidance about what its own rules to mean and how it intends to enforce them.
Continental tax authorities occasionally issue tax rulings. The SEC has been known to issue the odd “no-action letter”, more by way of forbearance from enforcement than enduring interpretation of its rules, though one eventually crystallises into the other.
But these are exceptions. This is not, in the Anglo-Saxon markets, the done thing. There are no bright lines, after all. It is as if regulators are keeping the option to retrospectively smack down the regulated to suit the political climate. Perhaps they fear the precedent an erroneous ruling night create: their own staff — as prone to budget cuts, downskilling and outsourcing as the rest of us — might have no better idea what the rules are meant to mean than we do.
Perhaps the underfunded gamekeeper fears the poacher’s skill in finding loopholes and running around the spirit in which the rules were put in place.
Or, all of the above.
In any case, regulators will not generally tell you what they think their rules mean. On your own head be it. We think this is a pity.
Announcing after the fact what regulations mean and then prosecuting historical violations is, in essence, retrospective legislation.
It also creates poor incentives all round. It encourages regulators to create ambiguous regulation — as you say, this gives them plausible deniability should their subjects find loopholes — and it intermediates and institutionalises the advisory-industrial complex.
An environment where merchants need professional advice to carry out their day-to-day business just to protect them from breaking the law is not working properly. Financial services, being concerned with lending colossal sums of money, has no shortage of call for lawyers already.
JPMorgan, the NDA and the whistle-blowers
This rule says no-one may not stifle “whistle-blowers”: citizens who wish to give the SEC information about possible securities law violations. Where this leads to conviction, whistle-blowers stand to be rewarded.
The settlement doesn’t seem to suggest that JPMorgan intended to, or actually did, use its NDAs to prevent anyone reporting securities violations. To the contrary, JPMorgan seems to have been rather good about self-reporting, whenever the need arose. Nor does the SEC allege anything was concealed from it. Rather, it is the dog in the night-time: since JPMorgan’s confidentiality agreements might have had that effect, or might have been used this way, the SEC can not now know what it does not know.
That an NDA might have a “chilling effect” on a whistle-blower was enough of a pretext for the SEC to extract US$18m from JPMorgan. The threat of further action seems to have been enough of a pretext for JPM to just pay up. This all seems rather unfortunate for the rest of the market.
Firstly, be assured a wholesale re-engineering of the confidentiality agreement standard will shortly descend on us. NDAs are plenty long enough already: this will not make them shorter.
Downtrodden inhouse counsel, who already spend far too much time on NDAs (in that they spend any time at all) will not be cheered. The NDA is a well-understood beast: its principles are standardised, even if their articulation is not. A universal principle is “you may disclose confidential information to regulators if asked, or compelled, to do so”.
This seems a prudent and reasonable standard.
Not according to the SEC, according to whom Rule 21F-17(a) requires something more than that: you must be free to disclose information that may indicate violations if you feel like it. Whether a regulator asks you or not. No-one is obliged to blow their whistle, however, so the market standard term would not, explicitly, allow that. You might try to get home with a general sweep-up like “this agreement is to be read to comply with all laws as they apply to the parties” but that is reaching a bit.
JPMorgan’s standard NDA — not, alas, the OneNDA — said:
“[JPMS client] and [JPMS client’s] attorneys are neither prohibited nor restricted from responding to any inquiry about this settlement or its underlying facts by FINRA, the SEC, or any other government entity or self-regulatory organization or as required by law.”
Now as far as market standards go, this is pretty much on the money and, for US drafting, blessedly short: you can answer questions from regulators — with or without compulsion — but you can’t volunteer things they did not ask for. Well: it does not say you can volunteer things, at any rate. How this might be construed by a court is not the point: the “chilling effect” — the tendency to prevent disclosure in the first place — is all the SEC needed.
Editorialising for a bit — I know, right: who? me? — then unless JPMorgan wilfully meant to prevent whistleblowing, this seems like a bad precedent. Nothing in theindicates wilfulness on the bank’s part.
So, firstly, JPMorgan is being fined, basically, for agreeing to a pretty standard NDA.
Secondly — a point Matt Levine makes with typical brio — is that this means that a securities law violation you can blow your whistle about — and be rewarded for under the whistle-blowing programme — is the very existence of a non-compliant NDA itself.
The NDA contravenes Rule 21F-17(a), after all. That is a violation of a securities law. You stand to gain by reporting it, in ostensible breach of its terms.
But as above, in as much as they cleave to the market standard of only permitting disclosure to regulators when asked, all standard NDAs breach Rule 21F-17(a). Not because the market means to chill whistle-blowers, but because this never occurred to anyone before.
It would be interesting to know who planted the idea of this enforcement in the SEC caseworker’s head. We have all heard of lawyers chasing ambulances: here is the stranger case of an ambulance chasing lawyers.
In another disturbing facet of US justice administration, JPMorgan has agreed to the settlement, a civil prosecution — don’t titter at the back, this is a thing in America — without admission or denial of liability, no doubt taking the pragmatic view that comparatively light fine, in financial services, is a doddle against the administrative hell and regulatory stress of contesting such a charge.
But in doing so, JPMorgan has acquiesced to a bad principle, thereby enacting it upon everyone else. Is every non-disclosure agreement fair game? Will there be a range of swingeing fines against other brokers? Would it change your answer if those made to sign such agreements had a direct financial incentive to shop their brokers to the SEC?
Expect a flurry of activity in the NDA space, even repapering ones already executed, and — inevitably — the lengthening of an already tedious symbolic ritual.
What would a compliant NDA look like?
Here is where a regulator’s reluctance to explain its own rules creates work for lawyers without reason. The advisory-industrial complex has just acquired another ghost story: a tail-event risk which necessitates a four-eyes check of every NDA that goes out the door. In the prudent operation of a financial services organisation, this is nothing but sawdust in the gears. It addresses no real risk of mischief — no-one had any intention to suppress whistle-blowing in the first place, remember — and will do little to change the regulator’s attitude to
rent fine collection if, once more after the fact, it decides that whatever you put in your NDAs to cover the point still does not pass muster.
If we take it as read that JPMorgan’s infraction was formal and not substantive then surely the practical thing for SEC to do would be to warn them off and issue some new guidance to the industry, including acceptable contract wording: to say, as long as your NDA provides that “nothing in this agreement is intended to prevent any person reporting possible legal violations to any regulatory authority”
Were the SEC to give the remainder of the market clear guidance on how to act without the ongoing intermediation of the advisory-industrial complex, JPMorgan might not have suffered in vain.