Friday, September 25, 2009

Binding badly behaving banks

At the G20 summit today, leaders from around the world will loudly promise to reform banking in ways they know will never be implemented. Sounds fun to me. I think I'll give it a whirl.

The biggest problem with regulations is that they always leave loopholes. Wall Street may be reckless, but it's also clever, and governments will always lag behind. That's practically by definition, really: nobody notices a loophole until after it's exploited.

In programming, there are two basic approaches to security — that is, to closing off loopholes. The first approach, called blacklisting, is to figure out all of the ways a hacker can sneak into your program, and block them. This is analogous to the government's approach, and it suffers the same disadvantages: you're always playing catch-up.

The second approach, whitelisting, takes the opposite approach: define only the inputs you want to accept, and block the rest. This concept is important enough that one of the Web's early languages has it built in, and more modern languages have add-ons that mimic or extend this behavior.

And that's my proposal for regulating the banking industry: instead of defining the thousands of things that banks, credit card companies, investment banks and the like can't do, define the few things they can do. Not only will there be fewer loopholes, but nearly all of those loopholes will be traceable back to the members of Congress who consciously and explicitly wrote them into law.

Granted, this would put a big damper on fiscal innovation. Is that a bad thing? Banking isn't exactly a new industry; at this point, "innovations" are more likely to be smoke and mirrors than real, fundamental improvements. And if someone does think of a brand new, useful way of doing things, they can petition Congress to allow it. Given the financial industry's power to take down the world's economies, I don't think that's an unjustified burden.

No comments:

Post a Comment