Tuesday, February 17, 2004

SEC ethics comment submittal draft

Dear all,

I have read Bill's draft. This is pretty dense stuff! I am going to try to summarise it in simple English, with a few points of my own:

1) Trying to make people act ethically is a pointless exercise, because, if they are crooked, they will just find ways to outwit your rules. A set of rules is by definition backward-looking, and does not have requisite variety to cope with the complexity which crooked people can throw at it.

2) In engineering terms, possible unethical conduct is indistinguishable from "noise" in the data from the system. The solution is to find ways to improve data quality. Any control system needs feedback loops with requisite variety to maintain control. If these are in place, "ethics" is irrelevant, because odd conduct will always show up. Whether it is caused by lack of ethics, stupidity or carelessness makes no difference. If the control system has requisite variety, it can deal with it. If you consider the simple matter of collecting payment at a shop counter, the question of the honesty of the shop staff becomes irrelevent when there is a stock control system linked to a cash register. The control system solves the problem.

3) Therefore, the conundrum of corporate compliance can be solved by the existence of real-time monitoring of activity, built into the fabric of the organisation.

4) With cheap telecoms and computing, this is technically feasible.

5) Corporate compliance can be guaranteed by defining a set of Compliance Machines which monitor activity throughout an organisation in a secure and non-intrusive manner. The regulatory authority should define the nature of these machines and invite vendors to supply machines which meet the specification.

6) Any organisation that wants the regulatory authority to stay off their backs can do so by correctly installing the Compliance Machines at key points in their organisation.

7) Therefore, the current debate about this matter is misconceived, because it is couched in terms of quarterly and annual retrospective reporting and it is assumed that regulatory compliance imposes a burden of bureaucracy on organisations which will reduce their flexibility and increase their costs. Given that all modern organisations store their key data in electronic form already, the above approach is perfectly practical and is actually the only one that makes any sense.