This is a regulatory oversight problem, pure and simple, and it has existed forever. The incentive structure is far too conflicted for self policing. See also: ratings agencies.
I agree that it's an incentive problem, and that it is directly analogous to what happened with the ratings agencies, but I don't think regulation will help much.
Auditing worked when the shareholders were paying for it, because they were interested in getting 'tough' reports, and they were holding the auditors to account. As soon as you make it mandatory, and the companies are paying for it, the audit becomes de rigueur; more of a formality than a search for truth. I don't think regulators are part of the solution here.
I think that having 'crowdfunded' audits by shareholders would work much better, but it probably won't happen while audits are required for all public companies. You'd have to put the onus of auditing back on the shareholders, and expect that some results will go un-audited.
Regulations would help if they were truly enforced and, in the case of fraud, criminal charges were pursued. White collar prosecutions are so rare, there is no longer any real deterrent.
I am not sure how regulation will really solve a problem of incentives. I know that locking up corporate executives is very popular, but I don't think it works. You just end up with a bunch of audits that are technically correct, but fail to detect big problems.
I recently read "The Smartest Guys in the Room", and I'm not sure how you regulate that kind of problem out of existence; I don't think Sarbanes–Oxley really fixed it, but I am not sure regulations really can. Look at Theranos and Nikola; these should have been found out earlier, but their deceptions were not covered by auditors.
Of course there will still be fraud, but enforcement of regulations provides powerful disincentives to cheat. Right now it's wild west, and when systemic risk shows up, the Fed bails everyone out without consequence.
I don't think regulations can get rid of systemic risk, but maybe that's because of how I see systemic risk issues. Most of those huge market corrections seem to be due to massive mistakes made simultaneously by a lot of people. The 2006 crisis is a great example, where investors thought real estate markets in different states were independent of each other, which turned out to be incorrect.
The real estate bubble and the financial crisis in 2008 that followed was due to oversight failure, pure and simple. Rather than address that failure, the government bailed out everyone.
Auditors do not look for fraud. Plain and simple. It has NEVER been their job. I have at least a dozen auditors/accountants as close friends. Talk to any auditor and that’s the first thing they will tell you. If they happen upon fraud they need to tell the authorities immediately but otherwise don’t expect auditors to be the ones who are also fraud detectors.
So why exactly does anyone want that, if not as a subgoal of spotting fraud? (I mean, if the first link in the chain is "because that's what's necessary and sufficient to comply with the law" then why was the law written that way?)
I would presume that the (not unreasonable) assumption is that "verification that a company's books are drawn up according to prevailing requirements." makes it harder to hide fraud.
Well I did just talk to the auditor of my company (100m ebitda, not massive but not small), last week about their questions regarding fraud and it seems you're entirely wrong...
WRT the 2006 financial crisis, there were about 10-20 regulatory agencies that had the power/responsibility to maintain stability. Each of them failed, but none were held to account; they each just made some excuses, and demanded more power and money.
Every time there's a crisis, the relevant regulator is exonerated of any responsibility, so their incentives are even weaker than those of the executives getting bailed out.
I agree. In addition regulators have zero incentives to serve the interests of the regular people. They do, however, have a huge incentive to block the market for the new competition (aka regulatory capture) and then comfortably rest and vest in a major corporation after quitting their government job with full benefits.
Auditing worked when the shareholders were paying for it, because they were interested in getting 'tough' reports, and they were holding the auditors to account. As soon as you make it mandatory, and the companies are paying for it, the audit becomes de rigueur; more of a formality than a search for truth. I don't think regulators are part of the solution here.
I think that having 'crowdfunded' audits by shareholders would work much better, but it probably won't happen while audits are required for all public companies. You'd have to put the onus of auditing back on the shareholders, and expect that some results will go un-audited.