Designing an 
Efficient Securities-Fraud Deterrence Regime

Report Markets and Finance

Designing an 
Efficient Securities-Fraud Deterrence Regime

February 28, 2017 17 min read Download Report
Amanda Rose

In order for capital markets to function well, investors need accurate information about securities. If investors do not trust firms’ disclosures, they will discount what they are willing to pay for securities, increasing the cost of capital and thereby making it more difficult, even for honest firms, to fund productive endeavors. Moreover, investment decisions based on inaccurate information distort the efficient allocation of resources in an economy. As it has artfully been put, “A world with fraud…is a world with too little investment, and in the wrong things to boot.”1 Deterring fraud in the capital markets should therefore be a government priority.2

But the devil, as is so often the case, is in the details. If poorly constructed, a deterrence regime can produce the very harms it is meant to prevent: Just as securities fraud increases the cost of capital and reduces allocative efficiency, so, too, can misguided enforcement. This happens when firms, fearing erroneous prosecution and legal error, choose not to disclose information that may be helpful to investors, out of fear it will be deemed misleading, or, conversely, bury investors in an avalanche of trivial information, out of fear that its omission will give rise to liability. With less useful information to guide their decisions, investors will again discount what they pay for securities and may end up investing in the wrong things. Misguided enforcement also imposes a variety of other deadweight costs on firms and, ultimately, their shareholders, operating as a drag on economic growth.3

The goal of a securities-fraud deterrence regime should be to minimize the sum of the costs that securities fraud produces and the costs that the deterrence regime itself produces—both direct enforcement costs and the over-deterrence costs that result when companies fear inaccurate prosecution and legal error. It is, of course, difficult to observe and measure these costs, and thus to empirically prove that a regime has achieved or failed to achieve this goal. But where empirics fail theory can still offer guidance. This chapter discusses the fundamental design choices that policymakers must confront when attempting to construct an optimal securities-fraud deterrence regime, and offers what theory suggests is the best approach to each. The analysis reveals that the United States’s current approach to securities-fraud deterrence falls far short of the ideal.

The Building Blocks

If policymakers were designing a securities-fraud deterrence regime from scratch, they would necessarily confront several basic questions. These include: Should civil or criminal penalties be imposed? On whom? By whom? This part briefly discusses these choices and the impact they can have on the ultimate efficiency of a deterrence regime.

Should Securities Fraud Carry Criminal or Civil Penalties? A threshold question that must be addressed in designing any deterrence regime is whether to impose criminal or civil penalties on offenders. In modern practice, the civil–criminal divide has become increasingly blurred—civil enforcement agencies often pursue remedies that appear designed to punish, while criminal enforcement agencies often impose fines for regulatory offenses that lack a mens rea requirement.4 But at a theoretical level, a clear distinction can be drawn: Regardless of how they are labeled or who enforces them, civil penalties can be thought of as those meant to “price” behavior, whereas criminal penalties can be thought of as those meant to “sanction” behavior.5 Under this conception, civil penalties should be set at a level designed to force potential defendants to internalize the costs their activities impose on society, much like a Pigouvian tax;6 criminal penalties, by contrast, should be set high enough to deter the behavior unconditionally.7

It follows that criminal penalties should be reserved for conduct that has no redeeming social value—a category that securities fraud surely falls within. Criminal sanctions would not be appropriate, however, if the conduct sought to be regulated is not securities fraud itself, but company-level efforts to prevent fraud within the organization. Clearly, companies should not spend unlimited amounts on such efforts; rather, they should invest in them only so long as the social benefits produced exceed the marginal cost—something that civil (but not criminal) penalties encourage of companies.

Even when limited to the direct perpetrators of fraud, criminal penalties must be deployed with caution. Because they are by design severe, criminal penalties raise serious over-deterrence concerns to the extent that inaccurate prosecution and legal error are risks. How severe of a problem this proves to be will depend on other features of the liability regime. For example, the scope of the substantive fraud prohibition will make a difference, as will procedural issues, such as the burden of proof—the vaguer the boundaries of the law, and the easier it is to establish culpability, the more likely that honest individuals will distort their disclosure choices to avoid mistakenly getting caught in the law’s web.8 Perhaps the most important factor that will influence the level of over-deterrence, however, is the identity of the enforcer, a topic discussed more fully below.

To Whom Should Liability Attach? The best way to deter a scienter-based offense like securities fraud is to credibly threaten the individuals who would commit it with criminal penalties.9 The criminal penalties threatened should include imprisonment, but need not be so limited. As explained above, what makes a penalty “criminal” is that it is severe enough to discourage the activity unconditionally. Monetary fines and orders barring defendants from working for public companies or in the securities industry can fit this definition, as well, if they impose expected costs on individuals that exceed any possible expected benefits from committing fraud.

When the individuals who would commit fraud are acting as corporate agents, a case can sometimes be made for also threatening the corporation with civil (but not criminal) penalties:10 Forcing corporations to internalize the costs imposed on society by the frauds committed by their agents, the argument goes, creates incentives for corporations to invest efficiently in internal controls to deter it.11 Of course, a corporation is a legal fiction, one characterized by a separation of ownership from control. As its residual claimants, it is ultimately the shareholders of the corporation who bear the cost of corporate-level liability. A more precise statement of what corporate-level liability is meant to do, then, is to incentivize shareholders to use the tools available to them to push corporate managers to take efficient steps to deter fraud within the organization. It thus assumes that shareholders do not already have natural incentives to do so.

This assumption is probably not true of the institutions who own the majority of U.S. public company stock.12 Institutional investors like mutual funds and pension funds are among the primary victims of securities fraud, so they have natural incentives to prevent it.13 Indeed, most scholars today view securities fraud by public companies as primarily a species of agency cost—corporate managers commit fraud in order to hide their poor performance, thus allowing them to game incentive compensation programs and avoid other forms of shareholder discipline.14 Imposing liability on public companies when managers commit fraud is thus akin, as one commentator has observed, “to punishing the victims of burglary for their failure to take greater precautions.”15

Who Should Enforce the Prohibition? Another important decision that policymakers must make when designing a deterrence regime is to whom to assign enforcement authority. As a general matter, public enforcement is to be preferred over profit-driven private enforcement. This is especially so with respect to criminal penalties. Even a small risk of inaccurate prosecution and legal error can produce significant over-deterrence costs when criminal penalties are threatened, and this risk is likely to be higher under a regime of private enforcement than public enforcement. Profit-driven private enforcers are likely to bring all cases that have a positive net present value to them, even if of borderline merit, and to ignore those that do not. A public enforcer, by contrast, is more likely to consider the broader social impact of its enforcement choices—including both the fraud its choices might deter and the costs they might produce. To be sure, public enforcement agencies are far from perfect, and may sometimes base enforcement decisions on undesirable criteria. Nevertheless, it is usually easier to monitor, control, and discipline public servants than it is to force the alignment of private incentives with the social goal of optimal fraud deterrence. It is not surprising, then, that throughout the developed world the enforcement of criminal law is entrusted to public authorities.16

Private enforcement of civil penalties can be problematic, as well. Although less severe than criminal penalties, civil penalties can likewise produce over-deterrence costs to the extent that individuals fear inaccurate prosecution and legal error—something that, again, is more likely under a regime of private enforcement. In addition, it can be difficult to craft accurate and stable civil penalties under a regime of private enforcement, given that penalty levels can be expected to drive the amount of private enforcement activity.17

This is not to say that private parties should be denied traditional compensatory remedies if they find themselves the victim of securities fraud. To the contrary, the prospect of being able to recover one’s losses in the event of fraud encourages participation in the capital markets, and discourages inefficient investments in precautions.18 Meanwhile, the traditional common-law restrictions on private fraud claims—such as the need to prove actual reliance and damages—serve to limit the over-deterrence risk these types of lawsuits present.19

With respect to the allocation of enforcement authority as between the federal government and state governments, the federal government should have the leading role in policing fraud in the national capital markets, whereas state enforcers should focus on intra-state frauds. No individual state would fully capture the benefits of deterring fraud in the national capital markets, as those benefits would spill over to the national economy; thus, states might predictably underinvest in the effort. Conversely, states “might use their authority aggressively to impose monetary sanctions on offenders to generate revenue for their state, without fully internalizing the potential over-deterrence costs of their actions.”20

How the Current System Measures Up

The straightforward tenets outlined above counsel in favor of a securities-fraud deterrence regime that bears little resemblance to the one that exists in the United States today. To recap: Theory suggests that the individuals who would commit securities fraud should be threatened with criminal penalties, enforceable by a federal public enforcer when the conduct implicates the national capital markets. Corporate-level liability for securities fraud may also make sense with respect to firms that are closely held, but is difficult to justify with respect to public companies. And when corporate-level liability is warranted, the penalties threatened should be civil—never criminal. Finally, private enforcement is best limited to traditional common-law compensatory remedies or close analogues.21

 Now compare the U.S. system. Public companies routinely face corporate-level liability for securities fraud committed by their agents, while the responsible agents often escape punishment entirely. This is almost always true in private securities fraud litigation.22 The Securities and Exchange Commission (SEC) and Department of Justice impose penalties on individual defendants with greater frequency, but have also been criticized for favoring headline-grabbing high-dollar settlements with public companies, to the ultimate detriment of innocent shareholders, over pursuit of actual individual wrongdoers.23

Moreover, public companies face not just civil penalties for securities fraud but criminal penalties, as well. This is true both in the formal sense that they may be pursued by the criminal division of the Justice Department, and in the functional sense that the penalties with which they are threatened (by both the Justice Department and the SEC) often seem calibrated to “sanction” rather than to “price.”24 Worse yet, public companies also face criminal penalties (in the functional sense) at the hands of profit-driven private enforcers. Fraud-on-the-market class actions brought under SEC Rule 10b-5 retain the out-of-pocket measure of damages associated with a common-law fraud action, but they are not subject to other traditional limitations on common-law fraud suits, such as the need to prove actual reliance.25 As a result, all investors who purchased stock in a public company on the secondary market at a price affected by an alleged misstatement or omission are included in the plaintiff class, and stand to recover the full amount of their losses with no offset for the gains to the counterparties to their trades. Fraud-on-the-market class actions therefore threaten public companies with truly enormous damage awards—awards that likely far exceed what might be necessary to force them to internalize the social costs of their agents’ frauds.26

Finally, while, as a general matter, the federal government focuses on fraud in the national capital markets and state governments focus on intrastate frauds, states are free to pursue national frauds without any need to notify or coordinate with the federal government.27  This has occasionally led to duplicative, follow-on state enforcement actions against public companies that have already reached a settlement with federal authorities.28 Such actions generate revenue for the enforcing state but fail to produce meaningful deterrence benefits.


The securities-fraud deterrence regime that exists in the United States today deviates in significant ways from what theory suggests is optimal. If writing on a clean slate, policymakers would be well-advised to design a system that: (1) places more emphasis on individual liability; (2) eschews corporate criminal penalties entirely; (3) focuses the imposition of corporate civil penalties on companies whose shareholders would otherwise have poor incentives to adopt internal control systems to deter fraud; (4) limits private enforcement to traditional common law remedies or other compensatory remedies possessing similar safeguards against over-deterrence; and (5) better delineates and coordinates the authority of federal and state securities fraud enforcers.

Amanda M. Rose is Professor of Law at Vanderbilt University Law School.

This report is part of Prosperity Unleashed: Smarter Financial RegulationGovernment policies have—for decades—empowered regulators to manage private risks and mitigate private losses in an effort to prevent financial-sector turmoil from spreading to the rest of the economy.  This approach, rarely contemplated in nonfinancial industries, has demonstrably failed. Prosperity Unleashed: Smarter Financial Regulation provides solutions to the core regulatory problems that existed in U.S. financial markets long before the 2008 financial crisis.  


1.    Frank H. Easterbrook and Daniel R. Fischel, “Mandatory Disclosure and the Protection of Investors,” Virginia Law Review, Vol. 70 (1984), pp. 669 and 673. For a more in-depth discussion of the social costs of securities fraud and, conversely, the social benefits of accurate disclosure, see Merritt B. Fox, “Civil Liability and Mandatory Disclosure,” Columbia Law Review, Vol. 109 (2009),
pp. 237 and 252–268, and sources cited therein.

2.    A legal rule against fraud is likely more efficient than exclusive reliance on market-based solutions. See Easterbrook and Fischel, “Mandatory Disclosure and the Protection of Investors,” pp. 674–677.

3.    The costs of producing and verifying information can be considerable. If companies fear mistaken liability, they may overinvest in this effort. If this fear extends to the third parties who assist corporations in the disclosure process, such as auditors and investment banks, they will charge more for their services. Fear of erroneous fraud liability might also distort companies’ financing choices.

4.    Crimes have traditionally required a showing of mens rea—that is, “a guilty mind: a guilty or wrongful purpose; a criminal intent.” Black’s Law Dictionary, 6th ed. (1990), p. 985.

5.    This terminology traces its origin to Robert Cooter, “Prices and Sanctions,” Columbia Law Review, Vol. 84 (1984), p. 1523. For a more detailed theoretical account of the civil-criminal divide, see Amanda M. Rose, “Public Enforcement: Criminal versus Civil,” The Oxford Handbook of Corporate Law and Governance (2014).

6.    “A Pigouvian tax is a tax equal to the harm that the firm imposes on third parties. For example, if a manufacturer pollutes, and the pollution causes a harm of $100 per unit of pollution to people who live in the area, then the firm should pay a tax of $100 per unit of pollution. This ensures that the manufacturer pollutes only if the value of the pollution-generating activities exceeds the harm, such that the social value of those activities is positive.” Jonathan S. Masur and Eric A. Posner, “Toward a Pigouvian State,” University of Pennsylvania Law Review, Vol. 164 (2015), pp. 94–95. Because the likelihood of imposition is less than 100 percent, civil penalties should be set higher than the net social costs of the conduct to reflect the probability of non-detection. See Steven Shavell, Foundations of Economic Analysis (Cambridge, MA: Belknap Press, 2004), p. 483.

7.    Steven Shavell, “Criminal Law and the Optimal Use of Nonmonetary Sanctions as a Deterrent,” Columbia Law Review, Vol. 85,
No. 6 (October 1985), pp. 1232 and 1234, and Richard A. Posner, “An Economic Theory of the Criminal Law,” Columbia Law Review, Vol. 85, No. 6 (October 1985), pp. 1193 and 1215. This does not mean that criminal sanctions should always be set as high as possible. Concerns about marginal deterrence, as well as other factors, counsel against this. Ibid., p. 1207 (“If robbery is punished as severely as murder, the robber might as well kill his victim to eliminate a witness.”), and Reinier Kraakman, “The Economic Functions of Corporate Liability,” in Klaus J. Hopt and Gunther Teubner, eds., Corporate Governance and Directors’ Liabilities (Berlin: De Gruyter, 1985) (discussing other practical and moral limitations on the magnitude of sanctions).

8.    For a more fulsome discussion of these issues, see Amanda M. Rose, “The Multienforcer Approach to Securities Fraud Deterrence: A Critical Analysis,” University of Pennsylvania Law Review, Vol. 158 (2010), pp. 2183–2192.

9.    Scienter-based offenses are those that require proof of an intentional mental state. See Ernst & Ernst v. Hochfelder, 425 U.S. 185 (1976).

10.    V. S. Khanna, “Corporate Criminal Liability: What Purpose Does It Serve?” Harvard Law Review, Vol. 109, No. 7 (1996), p. 1477 (challenging the social desirability of corporate criminal liability).

11.    The possibility of judgment-proof defendants is one oft-cited reason for supplementing individual liability with corporate liability. For an overview of this and other arguments for corporate liability, and a survey of the literature, see Amanda M. Rose and Richard Squire, “Intraportfolio Litigation,” Northwestern University Law Review, Vol. 105 (2011), pp. 1682–1687. The optimal design of a corporate liability regime is a complex issue that is outside the scope of this chapter. For an introduction to the topic, see Jennifer Arlen and Reinier Kraakman, “Controlling Corporate Misconduct: An Analysis of Corporate Liability Regimes,” New York University Law Review, Vol. 72, No. 4 (October 1997), p. 687.

12.    Ronald G. Gilson and Jeffrey N. Gordon, “The Agency Costs of Agency Capitalism: Activist Investors and the Revaluation of Governance Rights,” Columbia Law Review, Vol. 113 (2013), pp. 874–886 (detailing how changes in the financing of retirement security in the United States has led to the concentration of record ownership of U.S. public equities in the hands of institutional investors).

13.    Among other things, the specter of fraud increases bid-ask spreads, which makes portfolio adjustments more expensive.

14.    See, for instance, Jennifer Arlen and William Carney, “Vicarious Liability for Fraud on the Securities Markets: Theory and Evidence,” University of Illinois Law Review (1992), p. 691; Jonathan Macey, “Agency Theory and the Criminal Liability of Organizations,” Boston University Law Review, Vol. 71 (1991), p. 315; and A. C. Pritchard, “Markets as Monitors: A Proposal to Replace Class Actions with Exchanges as Securities Fraud Enforcers,” Virginia Law Review, Vol. 85 (1999), p. 925. For an alternative account of securities fraud, see Donald C. Langevoort, “Organized Illusions: A Behavioral Theory of Why Corporations Mislead Stock Market Investors (and Cause Other Social Harms),” University of Pennsylvania Law Review, Vol. 146 (1997), p. 101.

15.    John C. Coffee, “Reforming the Securities Class Action: An Essay on Deterrence and its Implementation,” Columbia Law Review, Vol. 106 (2006), pp. 1534 and 1562.

16.    For a more nuanced discussion of the choice between public and private enforcement, see Rose, “The Multienforcer Approach,” pp. 2200–2203, and Amanda M. Rose, “Reforming Securities Litigation Reform: Restructuring the Relationship Between Public and Private Enforcement of Rule 10b-5,” Columbia Law Review, Vol. 108 (2008), pp. 1330–1349.

17.    Ibid., pp. 1326–1328, and sources cited therein. To the extent that private parties have superior access to information about securities fraud than government enforcers, they can be encouraged to report to public authorities through the payment of whistleblower awards. If public authorities were to systematically under-enforce, it might justify granting private parties a limited right to sue to recover civil penalties, but only subject to continued government oversight and control to prevent abuse. For a more fulsome discussion of the circumstances under which private enforcement might be justified, and how it might be structured, see Rose, “The Multienforcer Approach,” pp. 2210–2227; Rose, “Reforming Securities Litigation Reform,”
pp. 1354–1358; and Amanda M. Rose, “Better Bounty Hunting: How the SEC’s New Whistleblower Bounty Program Changes the Securities Fraud Class Action Debate,” Northwestern Law Review, Vol. 108 (2014), pp. 1290–1300.

18.    See, for instance, Pritchard, “Markets as Monitors,” p. 939, and Paul G. Mahoney, “Precaution Costs and the Law of Fraud in Impersonal Markets,” Virginia Law Review, Vol. 78 (1992), pp. 630–632.

19.    Richard B. Stewart and Cass R. Sunstein, “Public Programs and Private Rights,” Harvard Law Review, Vol. 95 (1982),
pp. 1298–1300.

20.    Rose, “The Multienforcer Approach,” p. 2206. For a more nuanced analysis of the choice between federal and state enforcement, as well as the desirability of hybrid models, see Amanda M. Rose, “State Enforcement of National Policy: A Contextual Approach (with Evidence from the Securities Realm),” Minnesota Law Review, Vol. 97 (2013), p. 1343.

21.    Additionally, under limited circumstances private enforcement of civil penalties might be warranted if under-enforcement by public authorities is a concern. See note 17 and sources cited therein.

22.    See, for instance, Michael Klausner et al., “How Protective Is D&O Insurance in Securities Class Actions? An Update,” Professional Liability Underwriting Society, Vol. 26 (2013) (empirical study of securities class actions filed between 2006 and 2010 finding that outside directors contributed in none of the settled cases, and officers contributed in only 2 percent).

23.    Judge Jed Rakoff of the District Court for the Southern District of New York highlighted this issue when he initially rejected an SEC-proposed settlement with Bank of America in 2009. SEC v. Bank of Am. Corp., 653 F. Supp. 2d 507, 509 (S.D.N.Y. 2009). See also Jed S. Rakoff, “The Financial Crisis: Why Have No High-Level Executives Been Prosecuted?” New York Review of Books, January 9, 2014, (accessed October 11, 2016). The Department of Justice has also taken note, recently instructing its attorneys on the importance of individual accountability. Sally Quillian, “Individual Accountability for Corporate Wrongdoing,” Department of Justice Memorandum, September 9, 2015, (accessed October 11, 2016). See also Mary Jo White, “Opening Remarks at the 21st Annual International Institute for Securities Enforcement and Market Oversight,” U.S. Securities and Exchange Commission, November 2, 2015, (accessed October 11, 2016), similarly stressing the importance of individual liability.

24.    The Justice Department and SEC have considerable leverage in settlement negotiations, both to demand the payment of large fines and to insist on what can be invasive corporate governance reforms, given that a litigated adverse judgment can have severe direct, as well as collateral, consequences for a public company.

25.    Amanda M. Rose, “Form vs. Function in Rule 10b-5 Class Actions,” Duke Journal of Constitutional Law and Public Policy, Vol. 10 (2015), pp. 58–60 (discussing the differences between Rule 10b-5 class actions and common law fraud actions).

26.    See, for instance, Janet Cooper Alexander, “Rethinking Damages in Securities Class Actions,” Stanford Law Review, Vol. 48,
No. 6 (July 1996), p. 1497 (“It seems likely that the true social costs of any particular violation are significantly less than the tens or hundreds of millions of dollars represented by potential class-based damages.”); Donald C. Langevoort, “Capping Damages for Open-Market Securities Fraud,” Arizona Law Review, Vol. 38 (1996), p. 646 (arguing that “full out-of-pocket compensation in open-market cases is systematically excessive and dysfunctional”); and William W. Bratton and Michael L. Wachter, “The Political Economy of Fraud on the Market,” University of Pennsylvania Law Review, Vol. 160 (2011), p. 72 (observing that the “consensus view” amongst academics is that the fraud-on-the-market class action “just doesn’t work”).

27.    Sara Sun Beale, “What Are the Rules if Everybody Wants to Play?” in Anthony S. Barkow and Rachel E. Barkow, eds., Prosecutors in the Boardroom: Using Criminal Law to Regulate Corporate Conduct (New York: New York University Press, 2011) (“At present there are no formal mechanisms to preclude duplicative or dueling prosecutions in different jurisdictions, require prosecutors in such cases to cooperate, or sequence the cases to avoid conflicts”).  While the National Securities Markets Improvement Act of 1996 prohibits states from applying mandatory disclosure and offering rules to nationally traded firms, state regulators remain free to bring enforcement actions against such firms with respect to fraud or deceit. Rose, “The Multienforcer Approach,” p. 1377. For an empirical examination of state securities-fraud enforcement efforts, see Amanda M. Rose and Larry J. Leblanc, “Policing Public Companies: An Empirical Examination of the Enforcement Landscape and the Role Played by State Securities Regulators,” Florida Law Review, Vol. 65 (2013), p. 395.

28.    Rose, “The Multienforcer Approach,” pp. 1402–1406 (describing numerous such actions brought by the State of West Virginia).


Amanda Rose


Prosperity Unleashed


The Massive Federal Credit Racket

Feb 28, 2017 43 min read


Federalism and FinTech

Feb 28, 2017 35 min read