Chapter 2 Key Takeaways
The Regulatory Landscape: Financial Regulation and Its Architecture
The Big Picture
Financial regulation exists to correct specific market failures: information asymmetries, systemic risk externalities, market power, and public good problems. It is implemented through a complex, fragmented, multi-jurisdictional architecture that creates compliance challenges well beyond what any individual rule, read in isolation, would suggest.
Essential Points
1. Three Goals, One System
Financial regulation pursues three goals simultaneously: - Financial stability: Prudential requirements (capital, liquidity, resolution) prevent systemic failure - Market integrity: Market abuse rules ensure prices reflect genuine supply and demand - Consumer protection: Conduct regulation protects retail customers from unfair treatment
These goals sometimes tension with each other — solutions that maximize one may compromise another.
2. The US Regulatory Structure Is Unusually Fragmented
| Regulator | Primary Domain |
|---|---|
| Federal Reserve | Bank holding companies, SIFIs, monetary policy |
| OCC | National bank charter and supervision |
| FDIC | Deposit insurance, state bank supervision |
| SEC | Securities markets, broker-dealers, investment advisers |
| CFTC | Derivatives markets |
| FinCEN | AML/CFT, BSA administration |
| CFPB | Consumer financial products |
Multi-state, multi-charter firms navigate multiple of these simultaneously.
3. The EU Model Centralizes Standards, Decentralizes Supervision
- EBA, ESMA, EIOPA develop binding technical standards
- ECB directly supervises significant eurozone banks (SSM)
- National Competent Authorities supervise domestic institutions
- Implementation variation among NCAs creates its own complexity
4. The Regulatory Cycle Has Five Stages
Legislation → Rule-making → Guidance → Supervision → Enforcement → (feeds back to legislation)
Each stage involves interpretation and judgment. Compliance failures often occur at intermediate stages, not from ignoring the law's broad intent.
5. Extraterritoriality Is a Material Problem
Regulation routinely applies beyond its enacting jurisdiction: - GDPR applies to non-EU processors of EU resident data - US CFTC asserts jurisdiction over swaps with US nexus - UK MiFID applies to UK-regulated firms serving overseas clients
Cross-border institutions must map applicable regulatory requirements for each activity — not just their home jurisdiction.
6. Regulatory Complexity Is a Quantifiable Business Risk
Cornerstone's experience: 11-week regulatory inquiry, 847 pages of response, ~$2.1M in staff time — for a review that found no significant failings. The burden of demonstrating compliance can rival the cost of the underlying compliance itself.
Regulatory Architecture at a Glance
| Jurisdiction | Primary Prudential | Primary Conduct | Primary Markets |
|---|---|---|---|
| US | Fed/OCC/FDIC | CFPB | SEC/CFTC |
| EU | ECB/EBA/NCAs | NCAs (via ESMA standards) | ESMA/NCAs |
| UK | PRA/BoE | FCA | FCA |
| Singapore | MAS (integrated) | MAS | MAS |
| Australia | APRA | ASIC | ASIC |
Looking Ahead
| Coming in Chapter 3 | Coming in Chapter 4 |
|---|---|
| RegTech vendor landscape | AI and ML in compliance |
| Market dynamics and investment | NLP for regulatory text |
| Build vs. buy considerations | RPA and graph analytics |
| Consolidation wave implications | Technology readiness assessment |
Self-Check Questions
- What are the three goals of financial regulation? For each, identify a specific regulatory instrument designed to achieve it.
- Why is the US regulatory structure described as "fragmented"? Give two specific examples of the compliance complexity this creates for multi-business-line firms.
- Explain extraterritoriality with a specific example relevant to a firm that processes data about European customers but operates outside the EU.
- What is the difference between a formal rule and regulatory guidance? Why does this distinction matter for compliance professionals?
- Describe how Cornerstone's regulatory risk map process illustrates the concept of regulatory complexity as a business risk.