[RegBarclay]

>We have government auditors come and review our technology once a year. These guys don't know what the hell they are doing. We have had blatant security problems (now addressed) that they couldn't see right in front of their nose.

I've seen the same issues in SarbOx audits. The auditors don't know beans about the underlying technologies. A lot of evidence requests take the form of screen captures showing x. Well... I can give you a screen capture showing you whatever you want whether it represents reality or not. Ultimately, with our without regulation, it comes down to people being honest professionals. Regulation is all for show.