From: William Livingston [vitalith@earthlink.net] Sent: Tuesday, March 09, 2004 1:38 PM To: rule-comments@sec.gov Subject: S7-03-04: IC-26323 Governance Mr. Chairman and Honorable Commissioners: You have solicited comments on the Commission's comprehensive proposal to amend ten exemptive rules to require any fund that relies on any of them to adopt certain fund governance standards. As a registered professional engineer (PE) and member of the Institute of Internal Auditors (IIA), the combination of competencies applied to "internal control" builds an extraordinary professional duty to benchmark governance. When receiving your professional license from society, in a complete flip from the "yours is but to do or die" mindset of academic training, you had to pledge "to question why." My previous response reviewed indigenous immutable limitations, set by natural law, for any rule-based approach to corporate governance. It reminded you that, in times of speedy technological advance, the order of battle that got you through the last war spells defeat in the next. As Darwin showed, you cannot remain viable with a response cycle time longer than the arrival rate of new threats. When challenge-response time delays are mismatched, the content of your rules doesn't matter. More industrious self-assessing independent watchdogs, make matters worse. The regulatory agency was Establishment-contrived to constrain business as usual for stakeholder safety. The current codes that restrict the design of engineered artifacts, for example, are the direct result of a standards-making response to protracted man-caused catastrophe. This generic safety net for stakeholders has a checkered history. Regulating industry by rules of action has served society well in some applications, such as for pressure vessels that don't explode even when mal-operated (1895 ASME). For corporate governance, however, more rules of action are now counterproductive to the SEC intent. Your own research and background documentation on corporate governance attests that the SEC is quite aware of the inflection-point limits to hindsight-based rules. While you are already working on the next round of rules to respond to the next round of enforcement actions by the Commission and state regulators, there is Congressional foreboding that the fix isn't. The trial lawyers gleefully prepare for another windfall. The wholesale failure of the regulatory ghetto to safeguard stakeholders is compensated, in part, with the automatic tort parachute. The record shows a direct and clear connection between the financial growth of tort litigation and the shrinking regulatory influence to prevent national economy-wrecking scandal. If stakeholder safety actually attained is measured by lawyer body count, regulatory action is background noise. With the liability economics of tort litigation more than a hundred times larger than regulation, does it make sense for corporate governance to operate by rules of action that encourage the very consequences you seek to avoid? It may be your professional duty, as it certainly is mine, to know that that is the case. Incompatible methodologies- bifurcated law The regulatory tradition is a pre-understanding that defines the space of possible actions. It is concealed by its obviousness. It is both a set of rules and a way of understanding within which organizations interpret and act. This pre-understanding of governance is determined by the history of regulator-regulated interactions exhibiting the tradition. Rules represent a particular structural coupling of the organization to the world in which it exists. Institutionalized regulation faces backwards in time frame. Remote control by rules of action, hierarchically enforced, is based on disconnected discontinuous hindsight. Rules are created and shaped by programmed institutional reaction to wreckage caused during events already transpired. Crisis management makes heroes. The governance spotlight on tort-compliant operation, rather than on conformance to the rules of action imposed by a remote regulatory body, automatically switches the principal time frame of reference from hindsight to foresight. In tort, negligence is established by the retroactive benchmarking of the PE standard of care to the time span prior to damage. The court task is to objectively frame the "foreseeability" of the enabling circumstances of damage. Engineer the risks, before damage, to get your immunity. In any "control" system, a strict sequential work procedure short-circuits control functionality. When the choice for action is confined to a linear set of rules, the original system goal disappears. As soon as the real goal switches to following orders, consequences of action cannot matter. For any hierarchical organizational structure supervising action at the work face by a chain of command, rule-based regulation is the only form of control that works. What you get is your rules, not your compelling purpose. Whoever picks the rules, owns the consequences. Regulation is as regulation does. The requisites of foresight, a feature controls engineers call anticipation, involve loop-wise activity, a form of recursion. In a viable control loop, consequences obtained by the last cycle of work are compared to the original work goal as intelligence for improving the goal-seeking potency of the next cycle of work. Foresight demands intelligence (appropriate selection) and is organizationally punished. Strict compliance to rules forbids intelligence (selection authoritatively imposed) and is rewarded. Intrinsic incompatibility makes classification of internal control type in use a trivial task. In practice, it is impossible to mistake one method system for the other. Lawyers for the DOJ routinely determine corporate governance effectiveness for the USSC Guidelines assignment in a couple of days. Divided loyalties There are reasons in common for the allocation of efforts towards stakeholder safety to be so disconnected from the operational reality. The exclusive focus of attention on a regulatory system proven to fail is no fluke. Cooperative preoccupation with rules of action follows every wave of scandal because switching the operational benchmark of corporate governance to the tort standard of care means the end of business as usual. Tooling now being hawked to move the enterprise along the required "transparency continuum" of 404, touting the "competitive advantage" and the "revolutionizing of business," has put senior management in shock. The pressure on you will be escalated until you defer 404 again. While society has always considered the mindless defense of the status quo as an honorable occupation, for corporate governance the strategy of defense is doomed to fail. The obstruction to preserving business as usual indefinitely is the escalating benchmark of tort law. Corporate activity is evaluated simultaneously, but asynchronously, by two methodologically incompatible legal standards. Regulatory compliance is calendar driven and audited on a periodic basis. Compliance to the tort standard of care is event-triggered, retroactive and asserted by protracted litigation. A penalty for regulatory non-compliance is both likely and economically trivial. Tort presents an opportunity to wager the whole company. Institutions that set regulatory compliance (hindsight) equal to liability risk management are able to defer the day of reckoning with the tort benchmark (foresight) for years. The risks of contemporaneously violating tort law by an exclusive focus on hindsight-based operations are selectively carried by the stakeholders. Management has pre-arranged tunnels to escape with the booty when the corporation gets caught in the tort safety net. Until serious stakeholder damage is inflicted, business as usual rolls on. Hindsight erosion The recent, but fatal, flaw in the strategy of corporate governance limited to hindsight is that the societal balance point between historical and future watchdogging advances with method technology. If you had a complete 3-D map of the path ahead, locating all the hazards and perils, why would you steer by the rear view mirror? When the ship can locate itself to a three-foot circle in any weather, it is professional negligence for the Captain to collide with a hazard to navigation marked on the map. As the technology of precise location has forever altered the responsibility profile of ship management, the technology of foreseeability, i.e., the process of engineering, has permanently altered the responsibility profile of corporate governance. Society is now witnessing and enjoying the effects of a "perfect storm" of quantum leaps in the capability of the process of engineering to assault complexity. About five years ago, the relentless march of Moore's Doubling Law finally boosted the available computational horsepower so high that engineers could tackle the full socio-technical complexity of "real" systems on design engineering terms. The process of engineering has surged into foreseeability so far that, for all practical legal purposes, no stakeholder damage caused by an engineered system is unforeseeable. For the PE, failure is not an option. While the rule of law still provides the terms for PE judgmental immunity, there's nothing left in the realm of stakeholder safety for the PE to select by opinion. Nothing. Other than professional engineering itself, the only part of institutional society attentive to the escalating competency of foreseeability is tort law. It is to the obvious advantage of lawyers for the plaintiff to elevate the standard of care for foreseeability, the core of engineering methodology, as high as the best available technology will allow. It doesn't matter that society despises engineering process and its spotlight on damage prevention. The leap in PE competency has already taken place. Society is permanently addicted to the fruits of foreseeability gone ballistic. You're not going to give up your cell phone. Short wars save lives. NASA enjoys being on Mars. Liability insurance fade-out Corporate governance ineffectiveness, for the first time, is being hammered by tort law success. Its corporate liability insurance market is directly coupled to the balance of power between hindsight governance and the tort foreseeability standard of care. When liability insurance was umbrella and cheap, corporate governance didn't matter. Whatever the consequences from business as usual, scandals and all, insurance served as the paymaster of stored funds to all parties - all belonging to the same section of the ABA (TIPS). The blazing wealth transfer success of tort litigation has radically altered the economic tradition. For all practical purposes, liability for governance failures no longer meets the criteria for an insurable risk. The evaporation of liability insurance for corporate mal-governance means that things will be quite different when the next wave of scandals breaks over your watch. The race to bankruptcy will occur as usual, of course, but there will be no pantry full of insurance money to bankroll class actions. Crisis managers, bearing the bad news, will appear as villains. The stakeholders will be furious. The PE corporate governance audit The engineering of internal control is not rocket science. Apparent complexity in the internal control application is achieved by quantities of simple relationships, not by mysterious fields of subatomic force. The process of engineering is quite capable of engulfing the complexity of corporate governance and bringing it into a rational realm of effective control. The same assault on complexity is, exactly, how we get cell phones to work. There is no distinguishable difference between the process of engineering, effective management, and corporate governance. The term "internal control," was selected by business to create an illusion that "it" was "in control" of corporate affairs to assure stakeholder safety. The diverse array of stakeholders scattered about the social landscape, including the SEC, need have no reason for concern as long as corporate internals were being "controlled" to protect their interests. In the engineering sense of control, where ends are specified and means are varied as appropriate to achieve them, the typical internal control apparatus of the institution doesn't control anything. It is a linear transaction reporting system driven by an algorithm. Scandals do not signal a "breakdown" in internal control. The control functionality never existed in the first place. To the PE practitioner in the trenches of internal control, demonstration of that fact is incessant and painful. Frames of reference To the corporation parking in the legal compliance zone, involving the PE framework in internal control (governance) secures two key assets. First, the PE is sensitized to the intrinsic limits of institutional regulation by rules of action. The PE keeps a running measurement of status relative to the unavoidable regulatory impact inflection point. The PE is legally bound to warn the institution when responding to crises with more rules means less effectiveness in risk management. For instance, it is the PE duty to inform the SEC that the addition of another layer in the regulatory hierarchy, the PCAOB, means a reduction in overall SEC regulatory performance of 8%. In engineering jargon, the added communication overhead of the PCAOB hierarchical layer consumes that much more resources than the value of anything it can contribute to the SEC mission. This best possible bottom line outcome is provided automatically by natural law (control theory). The mathematical physics derivation of this relationship and the graph of effects as a function of hierarchical layers in any organization is shown on page 156 of Rudolf Starkermann's seminal book "Feedcross" ISBN: 3-908730-29-5 (2003). It might be your professional duty, as it certainly is mine, to know that that is the case. The second asset that comes with the PE conditions of license, is a continuous evaluation of the engagement risk profile against the supreme benchmark of an expert witness for plaintiff in tort court. The PE worries endlessly about the foreseeable stakeholder exposures to damage associated with the engagement. He labors to define those associated risks that are not foreseeable with the best available technology. In the course of work, if significant foreseeable stakeholder risks appear that will not be addressed by internal control prior to damage, the PE is obliged to withdraw. What serves stakeholder safety best, as you go, is the same methodology that serves their class-action lawyers so effectively after the damage is done. The internal auditor, operating in the hindsight rules-based realm, may legally remain employed in the engagement from Hell, no matter the consequential wreckage and mayhem. The PE, operating in foreseeability's zone, may not remain associated with a project headed towards failure - and he is legally bound to determine immediately when that becomes the case. Either way, an engaged PE is an insurance policy for management that the governance mission is on target and the institution is immune to liability from regulatory and tort law. Independent validation In corporate governance affairs, research exists on the sociology why both the regulated and the regulator deliberately choose a method of operations that collides head on with the tort standard of care. "The Mechanisms of Governance," by O. E. Williamson (Oxford) is one of several textbooks that cover this governance perspective. For research on the link between the process of engineering (foreseeability), the tort standard of care, and internal controls, a solid technical platform was provided in "Business @ the Speed of Thought" by Bill Gates in 1999 (Warner Books). Here you will find the template of corporate governance by (internal) control in the engineering sense - before the class of Enron graduated. Just like the disaster of the "In Search of Excellence" craze, where the champions of excellence promptly plunged into bankruptcy, the five years since Gates' book have not been kind to his examples. So much for revealing the secret formula of business success. The SEC is to be commended for providing this convenient electronic means for posting rule-making commentary. William L. Livingston, PE