Stephen M. Bainbridge argues that the cost of regulations under the Sarbanes-Oxley law (SOX) enacted in the wake of the Enron scandal are too high.

The SEC initially estimated § 404 compliance would require only 383 staff hours. According to a Financial Executives International survey of 321 companies, however, firms with greater than $5 billion in revenues will spend an average of $4.7 million per year to comply with § 404. The survey projects expenditures of 35,000 staff hours — almost 100 times the SEC’s estimate. The survey also estimates that firms will spend $1.3 million on external consultants and software and an additional $1.5 million (a jump of 35 percent) in audit fees.

The new regulatory environment has costs beyond the higher expenditures on compliance. As a former employee of Freddie Mac, and consequently as a shareholder, I watched last year as the company was battered by its own Board of Directors. In a perverse act of post-Enron self-defense, the Board hired an investigative law firm to go after senior management, leaving the firm in a state of executive paralysis.

On the other hand, Bainbridge acknowledges that something was needed after Enron.

No doubt, there are some benefits to SOX — renewed investor confidence and so on. No doubt, moreover, § 404 had laudatory goals. Faulty internal controls, after all, contributed to a number of recent corporate scandals. Given how badly Congress and the SEC underestimated compliance costs, however, serious questions are raised as to whether SOX would pass muster if a serious cost-benefit analysis were to be performed.

For Discussion. Were the incentives for corporations to improve governance sufficient without legislation, or was legislation needed to convince the public that corporations would indeed act to prevent future Enrons?