Nate Fick's op-ed is well written but misdiagnoses the problem. Having spent my whole career in cybersecurity, years studying public policy, and prior work at a big four accounting firm, I believe that while legislative action is necessary, it is not sufficient. Let's examine the success of the law Fick hopes to model, Sarbanes-Oxley (SOX).<p>The Enron fraud, which precipitated SOX, was pretty simple at it's core. Arthur Anderson, Enron's auditor, traded weak accounting oversight for lucrative consulting contracts. In the wake of Enron, all remaining big four accounting firms, except Deloitte sold off their consulting businesses to avoid an appearance of conflict of interest. Since then, they have all either bought or grown their consulting businesses back.<p>In the six years following SOX, only three CEO's were charged with violating provisions of SOX. A full 60 of the 63 CFO's charged, were charged with violating previously existing legislation (<a href="http://ww2.cfo.com/risk-compliance/2007/08/count-em-63-cfos-convicted-in-past-five-years/" rel="nofollow">http://ww2.cfo.com/risk-compliance/2007/08/count-em-63-cfos-...</a>).<p>The problems are in the executive and judicial branches. The NYS DFS Cybersecurity Law is a good start, but companies will not change behavior until a case is brought and executives face real risk. Until then, no amount of legislation, Federal or otherwise will be sufficient. In fact, a patchwork of state and Federal regulations that cover some companies according to how they are chartered and which industries they are in (e.g. Healthcare and HIPAA) will only create a race to the bottom, where companies arbitrage regulatory regimes and confusion reigns. This was the state of financial regulation prior to the creation of the SEC (<a href="https://en.wikipedia.org/wiki/Blue_sky_law" rel="nofollow">https://en.wikipedia.org/wiki/Blue_sky_law</a>).<p>An interesting historical footnote is that the era of blue sky laws was the early 1900's, which coincided with a period of technological innovation (electrification and the combustion engine), falling demand for labor, and was punctuated by manias and panics. Sound familiar?<p>It wasn't until after the United States experienced the Great Depression, awoke from it's fever dream and established a body to enforce the recently passed security exchange act, that Wall Street was temporarily cleaned up. Unfortunately, regulatory capture has resulted in modern day financial regulation becoming a competitive advantage for big banks that can afford the lobbying and compliance overhead.