“Are we there yet?” This is the constant cry from those in business charged with complying with the ever-growing volume and complexity of these new rules. But, unnoticed by most, it’s also a nagging question for those charged with administering and enforcing new, and often strange, regulations. The costs of training current staffs and finding new hires with up-to-date knowledge are rising rapidly. For some businesses, the rising costs of regulation are actually challenging the validity of their business model and viability of their enterprise.


This confusing and threatening situation requires clarity of purpose. Those charged with “governance” need to create clear procedures for defining goals and responsibilities.

Governance is synonymous with control. Corporate governance includes both external governance — the legal requirement to comply with laws and regulations — and internal governance — those policies and procedures that frame the purpose and functions of the individual enterprise.

Three current cases point to the difference between external and internal governance. JPMorgan Chase’s trading loss is an example of possible failures in both important areas. The poor execution of the hedging strategy is strictly poor internal governance. If the Securities and Exchange Commission or other government agencies find illegal procedures used in addition to poor management controls, then the incident could become a major external governance failure as well.

On the contrary, the Yahoo debacle over misleading or untrue qualifications is purely a case of poor due diligence — an internal governance procedure that demands quality both in definition and execution.

A third incident exemplifies a failure in governance by both the executive and legislative branches. How can a law or rule be considered fair, ethical or reasonable if it finds a U.S.-based company guilty of violating U.S. law because its foreign subsidiary cannot comply without that affiliate violating local foreign laws? The SEC action against Deloitte, Touche in the United States is unreasonable. Global politics might be at play as government regulators, rightfully, want to see major improvements in internal and external governance by Chinese companies registered to do business in the United States. Making a U.S. parent appear compliant with bad governance is risky to the reputations of both the U.S. parent and the Shanghai affiliate. That sort of risk can be costly. Goldman Sachs paid $550 million in fines to settle with the SEC and quiet down the growing damage to its reputation at the NYSE and with major clients.

Legislators and regulators must be sensitive to the cost to companies, shareholders, employees and other stakeholders of actions that could severely damage a company’s reputation.

Siemens is one of the largest companies in Germany, with more than 70,000 employees in the United States. It suffered costly and humiliating repercussions when cases of bribery were revealed in several different foreign affiliates. Germany has the most complex governance system of any country. With organizational control dispersed among several autonomous divisions, the parent company’s management and board of directors were caught unaware of the “foreign corrupt practices” of their minions abroad. This is a failure in internal governance with criminal law implications.

No laws, no matter how detailed, can ever stop unethical behavior. More regulations, as they grow more complex, cannot help but create loopholes. Failed, or overbearing, governance violates fundamental principles and places our already challenged economy in peril of even greater stress.

James is executive director of the Center for Global Governance, Reporting and Regulation at Pace University’s Lubin School of Business in New York City. He is also program director of Pace University’s new Certified Compliance and Regulatory Professional certificate program.