Arnold Kling  

Cost of Sarbanes-Oxley

Social Security Reform... The High-Cost Producer...

Stephen M. Bainbridge argues that the cost of regulations under the Sarbanes-Oxley law (SOX) enacted in the wake of the Enron scandal are too high.

The SEC initially estimated § 404 compliance would require only 383 staff hours. According to a Financial Executives International survey of 321 companies, however, firms with greater than $5 billion in revenues will spend an average of $4.7 million per year to comply with § 404. The survey projects expenditures of 35,000 staff hours -- almost 100 times the SEC's estimate. The survey also estimates that firms will spend $1.3 million on external consultants and software and an additional $1.5 million (a jump of 35 percent) in audit fees.

The new regulatory environment has costs beyond the higher expenditures on compliance. As a former employee of Freddie Mac, and consequently as a shareholder, I watched last year as the company was battered by its own Board of Directors. In a perverse act of post-Enron self-defense, the Board hired an investigative law firm to go after senior management, leaving the firm in a state of executive paralysis.

On the other hand, Bainbridge acknowledges that something was needed after Enron.

No doubt, there are some benefits to SOX -- renewed investor confidence and so on. No doubt, moreover, § 404 had laudatory goals. Faulty internal controls, after all, contributed to a number of recent corporate scandals. Given how badly Congress and the SEC underestimated compliance costs, however, serious questions are raised as to whether SOX would pass muster if a serious cost-benefit analysis were to be performed.

For Discussion. Were the incentives for corporations to improve governance sufficient without legislation, or was legislation needed to convince the public that corporations would indeed act to prevent future Enrons?

Comments and Sharing

COMMENTS (12 to date)
Mcwop writes:

Seems to me that what Enron did was ALREADY illegal. In fact this is the case with many of the companies caught in scandal. Enforcement of the law is needed.

Mark writes:

Given what happened in the absence of legislation, it's pretty clear that legislation was needed.

Also, note that while Bainbridge does establish that costs to businesses have increased, that is not the same as establishing that they are "too high." If these increased costs deter even a few future Skillings and Fastows, they will be well worth it, even if "poor" Mr. Bainbridge's dividend checks are a bit smaller.

Bernard Yomtov writes:

I agree, Mark. Bainbridge does nothing to support the idea that compliance costs are "too high." He is just spouting ideology. You can't claim to be making cost-benefit calculations if you don't count any benefits.

To address Arnold's question, the answer is no. There was not enough incentive, and there probably is still not. Corporate boards are notoriously inbred. Challenging directors, or trying to get resolutions passed, is virtually impossible. At one time the SEC did not even permit shareholder votes on executive pay. (I'm not sure what the current status is).

If we are going to claim that the shareholders own the company, we ought to at least pretend that they have some control over it.

Bernard Yomtov writes:

Having looked at Bainbridge's biography, I have to suggest that he is a good example of one of those silly academics Eric is always complaining about.

Lawrance George Lux writes:

It is the continual contest between Liberal and Conservative Economists over what is and what is not legitimate Expense. Five Million dollars per Five Billion dollars of revenue is not excessive. I would ask what is the Paper and Ink Costs of Management for the Corporation--probably higher in actuality. Was SOX the answer to Corporate mismanagement? I seriously doubt it, but its flaws are not found in the accounting costs. lgl

Robert Schwartz writes:

The securities laws did not prevent the bubble in the 1990's, just like they did not prevent the S&L scandal in the 1980's or the energy bubble in the 1970's. SOX added another layer of complication on to the securities laws, but did not in any way address any real issues in market or corporate structure that would prevent any future bubbles. The additional cost of compliance with SOX is of course pure dead weight loss to investors.

For some background and additional discussion of Sarbanes-Oxley, see the recent article by Richard Mahoney,
"Sarbanes-Oxley, Belts and Suspenders: The Regulatory Aftermath of the Corporate Accounting Scandals,"

Bernard Yomtov writes:

The securities laws did not prevent the bubble in the 1990's, just like they did not prevent the S&L scandal in the 1980's or the energy bubble in the 1970's.

And laws against murder and armed robbery haven't prevented those crimes, either. Under the the standard you set we would have no laws against wrongdoing at all.

SOX added another layer of complication on to the securities laws, but did not in any way address any real issues in market or corporate structure that would prevent any future bubbles.

SOX was not intended to "prevent bubbles." I don't think there's any way to do that.

The additional cost of compliance with SOX is of course pure dead weight loss to investors.

Not true. Improving the accuracy of financial information has value to investors. Further, it has value to the country, even to those who are not investors in a particular company. This is an important point that Bainbridge completely misses.

The integrity of our financial markets is a valuable public good.

Among other things:

It gives a huge boost to entrepreneurship, since it means that venture firms and other startup investors can see where their potential payoff is coming from.

It keeps interest rates down by reducing risks.

It makes raising capital in general easier and less expensive.

It attracts foreign capital, letting us finance our current account deficit on non-confiscatory terms.

I'm sure there are more, but that seems like quite a bit. It hardly seems unreasonable to ask publicly traded firms, who benefit greatly from the integrity of the markets, to go to some trouble and expense to help preserve it.

Jim Glass writes:

"Given what happened in the absence of legislation, it's pretty clear that legislation was needed."

The fallacy of that statement as a piece of logic can be seen by inserting the word "bad" before "legislation" and then repeating it.

Bernard Yomtov writes:

Jim Glass,

OK. I agree. We don't need bad legislation. But that begs the question. If you're trying to say we don't need SOX because it's a bad law, then tell us why it's bad. Don't just say, in effect,

We don't need bad laws.
SOX is a bad law.
Therefore, we don't need SOX.

That's not much of a case.

Monte writes:

The incentives were sufficient if the accounting standards observed by the vast majority of firms are a reliable indicator. Unfortunately, it took what, IMO, will prove to be a costly but ineffective piece of legislation (SOX) to create the perception that something serious is being done to address corporate governance.

Rather than relying on a cumbersome regulatory apparatus of questionable effectiveness that consumes valuable firm resources, why not allow LBO and venture capitalist orgs (as they did in the 80’s) provide the assurance markets need that company assets are being optimally managed? The evidence from that experience shows how effective and efficient corporate takeovers were in weeding out and/or re-capitalizing unhealthy firms and how lucrative the process was for investors. This would provide even more incentive for corporate boards to implement internal control systems that work.

Also, some have commented that the obvious and substantial costs of SOX can’t be criticized without giving due consideration of any supposed benefits. I would argue that it’s flawed reasoning to conclude these costs are justified on the basis of such a presumption.

Ron Jennings writes:

As a database administrator (DBA) for a large health care company, I am definitely caught in the throes of SOX hysteria. For instance, I am on a team of 7 DBAs, and we manage over 150 database servers throughout the enterprise. Anyone who works in an IT field, especially as a systems administrator, will understand that individual administrators must constantly make changes to these systems in order to keep them running. Because of SOX regulations, we now have to receive approval from our manager before making any changes to any systems. In effect, I have to have approval before I can do my job. If I were making shoes for a living, I would have to get permission to make each and every shoe. Not only that, I would have to have be granted permission to lace each one as well. It's ludicrous.

While this is only a single example, I believe it illustrates the effects of this, or any government regulatory law. The simple fact of the matter is that it will now take me longer to do my job. This will mean that the company for which I work will receive less production for my salary, thus reducing efficiency, increasing operating costs, and raising the price of our services. This is on top of the approximately 8 million dollars the company is spending to become compliant.

What I believe to be the real issue here is a simple fact that hasn't been mentioned in the comments posted thus far, and that is that the scandals that brought about this legislation were crimes perpetrated by individuals, namely the executives of the companies that went under as a result. As mentioned before, laws against murder do not prevent murder, at least not directly. It is naive to assume that laws against any act prevent the act from occurring. Equitable punishment, however, will make people think twice about committing the act.

The people who ran these companies into ruin through fraud must be held accountable for the millions of dollars they stole from their stockholders and employees. I'm not saying they should be lined up before a firing squad, but I do feel that they got off way too easily. An appropriate punishment, in my opinion, would be to seize the assets of the individual perpetrators and distribute them amongst the people they hosed. Even better would be to analyze the amount of money lost in order to calculate a reasonable amount of retribution. This amount should be of a sum greater than the assets of the perpetrators, but lower than what they could earn working in a productive prison for the next 30 or 40 years. Granted, there would never be enough money to pay back everything that was lost, but if I had lost my entire savings, to the tune of half a million dollars or so, 30,000 dollars retribution would be better than nothing.

Humans will always choose the path of least resistance to wealth, but they will also generally weigh the risks against the costs. Raise the cost of fraud for the individuals who would engage in it, and fewer individuals will choose that road.

Comments for this entry have been closed
Return to top