[nullc]

There is no strong reason that a regulator funded enough to go after every scam wouldn't instead spend much of the time chasing their own personal or political enemies.

There is evidence that they wouldn't use the resources in the public interest: since we know that the NSA is well funded with a budget that isn't up to public inspection and it has used its surveillance powers for the fulfillment of its staff's prurient interests.

"We just don't have a way to solve this via authority" is also a possible answer.

It's fundamentally a question of scalability: Asking a regulator to protect everyone just doesn't scale, in anything but the most draconian police state there will always be more crooks than regulators (and in a police state the crooks become police). So the primary defense must always be an individual and personal responsibility, as irritating as that is. The regulator then exists to backstop people's personal protection, dealing with what slips through and helping to keep the personal costs tolerable.

Doesn't mean that our regulators couldn't do better. I think they could. But there is only so much you can expect via regulator and law enforcement action.