[PeterStuer]

Contrary to what you indicate rules are not declared in a vacuum, for people to read and then algorithmically 'implement'. There are many ways to interpret regulation, and there will be both accompanying clarifications, as well as compliance departments negotiating with regulators on what is an acceptable and sufficient compliance action. Then there furthermore is a risk that will be calculated vs the cost and opportunity costs etc.

As an enterprise architect, these are all part of the meetings you have with compliance when you are working on major projects. I have had the privilege of working with some excellent compliance officers, and they are the opposite of the nay-saying caricature that is often painted of them. I found these people to be extremely creative and helpful, working together towards solutions rather than stalling or nixing viable progress.

[logicalmind]

I also work in finance and my recent experience with regulators is really discouraging. DOGE wiped out a large amount of the regulators in government. It seems like most of the regulators remaining are the inexperienced and low tenure. Within the past few months we've attempted to roll out new financial products. When we attempt to send our proposal to them, they can't even tell us who we're supposed to send it to.

It doesn't feel like we're living in the same world of regulation that existed prior to DOGE.

[jimbokun]

So the DOGE geniuses failed to remove the regulations they allegedly thought were hampering legitimate businesses, while removing the people capable of verifying whether or not your business is in compliance.

What a win!

[jrflowers]

They wiped out anybody that was hampering their businesses. Leaving the rest as an impossible barrier to entry for everybody else is a feature, not a bug.

[throwaway2037]

    > I also work in finance... DOGE wiped out a large amount of the regulators in government.

I found an insanely detailed Wiki page about all of the gov't divisions affected by DOGE: https://en.wikipedia.org/wiki/US_federal_agencies_targeted_b...

However, I don't see anything about finance there. I'm confused by your comment. Can you provide more specifics?

[logicalmind]

Not sure why it's not covered in that wiki article, but I'm specifically referencing the FDIC and related agencies. They have been so decimated by DOGE that it is possible that multiple of those related agencies will be consolidated into one (FDIC, NCUA, OCC, etc.).

I can't go into too much detail, but for a financial institution to offer certain financial products, you have to submit a proposal to one of the above regulatory bodies to get their approval. We were attempting to do just that and we couldn't even find the proper person at the given agency who should be receiving said proposal. It was even rumored that regulatory agency who would normally review such proposals didn't have the staff to review them. And the review would be done by an entirely different group of regulators who have not done such things historically.

Additionally, these agencies do regular exams of financial institutions to ensure they are complying with regulations and handling fraud properly. These cuts have led to those exams either not happening, or happening at a fraction of the depth they had been previously.

[jayd16]

The point was about who is on the hook and why they might be less permissive.

I'm not implying anything else. I used your own "literal" wording to refer to the "more strict than yours" interpretation.

I suppose I should have used scare quotes around "literal".

[PeterStuer]

'The company' would be on the hook. Inside, it might be the compliance team that signed off on the solution, but it usually is not the sort of blame game at that point. I'm not saying these scapegoat trails do not exist, but they are far less common than you would imagine if you only read about them in the press.

Company politics, feudal wars, fiefdom protections, backstabbing and outright sabotaging, now there's a daily occurrence and many minions are cannon fodder in those skirmishes, but they usually stay clear of regulatory issues minefields.

[rectang]

I am skeptical that developers who implement a non-compliant solution that gets a company in trouble get off scot-free.

If the company you work for actually had such a no-fault culture, I doubt you'd be criticizing programmers so aggressively for being sticklers, but would instead be trying to understand and account for the systemic factors (including human factors) behind their behavior.

[fauigerzigerk]

>I am skeptical that developers who implement a non-compliant solution that gets a company in trouble get off scot-free.

I don't see why developers should be in trouble. Developers don't make unilateral decisions on non-trivial compliance matters. A finding of non-compliance at a financial institution would typically be the result of an investigation, a disagreement with the regulator or a court ruling. It would come years after the organisation as a whole decided to adopt the interpretation in question.

[rectang]

But here we're talking about developers being asked to implement decisions which they don't understand to be compliant.

Engineers are not shielded by their implementer role if they participate in illegal activity. James Robert Liang was a rank-and-file engineer for Volkswagen and he got jailed for his role the VW emissions scandal[1].

No matter how much an enterprise architect or compliance officer promises "it'll be fine" to the developer, the developer needs documented CYA. An enlightened organization would perhaps find ways to expedite that CYA documentation rather than demonizing programmers as a class.

[1] https://apnews.com/general-news-988ea2ae45694b37b320e68cefe3...

[ThrowawayR2]

> "...don't understand to be compliant."

Liang got prison time because he _did understand_ that the engine wasn't compliant with regulations and chose to build the system to falsify the emissions output during tests anyway. He was not a scapegoat.

"On 9 September 2016, James Robert Liang, a Volkswagen engineer working at Volkswagen's testing facility in Oxnard, California, admitted as part of a plea deal with the US Department of Justice that the defeat device had been purposely installed in US vehicles with the knowledge of his engineering team: 'Liang admitted that beginning in about 2006, he and his co-conspirators started to design a new "EA 189" diesel engine for sale in the United States. ... When he and his co-conspirators realized that they could not design a diesel engine that would meet the stricter US emissions standards, they designed and implemented [the defeat device] software.'" from https://en.wikipedia.org/wiki/Volkswagen_emissions_scandal

[fauigerzigerk]

You're talking about two very different situations but your wording doesn't make that clear:

a) Engineers don't know and cannot be expected to know whether what they are being asked to implement complies with all regulations. This is completely normal.

b) Engineers know or can be expected to know based on their expertise that they are being asked to cheat. That's when they are on the hook.

VW was a case of (b). It was clear-cut criminal behaviour on a very technical level. But that's not what typically happens in financial services and many other domains.

But if your point is merely that engineers are not automatically in the clear just because someone higher up told them what to do then I agree with you.

[kanbankaren]

> There are many ways to interpret regulation,

Then the rules should enumerate all the ways. From your posts, you come across as if programmers don't know what they are doing which is insulting to those who work in mission critical industries like aviation where a programmer could be criminally charged if he/she didn't implement the specs STRICTLY.

[habinero]

> Then the rules should enumerate all the ways

It's nice to want things, but rules are much squishier in real life. There's rarely any truly bright line.

[patrulek]

It isnt programmers fault though.

[PeterStuer]

"you come across as if programmers don't know what they are doing"

Is neither what I said nor believe.