Monday, November 19, 2018

Regulatory cost disease

A post on Marginal Revolution is so good, I have to quote in its entirety before commenting.
From my time in both the military and healthcare I can say that the biggest problem are the compliance costs.

For example, I have a phone app that allows me to send texts. We pay very good money to have said app. It does nothing that my phone cannot innately do – except be HIPAA compliant. EMR software is clunky, an active time suck, and adds little or no value … but we are required by law to use it. In each case there are scads of less specific programs out there which are insanely cheaper and more functional, but those programs cannot justify the costs of becoming compliant for a small niche of their business.

In the military we had similar difficulties. If you want systems to be secure, you need to pay extra as the marketplace does not do real security for consumer goods. Likewise, if you worry about logistical tails, building in assured access drastically increases costs.

And I fully suspect that prices will continue to diverge. As ever more of the internet ends up in a giant interconnected mess there will be fewer people able to code in a secure fashion. There will be fewer parts of the ecosystem that can be used by security conscious actors.

Then we get to actual procurement itself. People worry that arcane institutions will somehow make off with lots of money and spend it either poorly or nefariously. Absent easily observed price and cost data in both sectors we began developing rules. These rules drive firms out of the market (e.g. we needed some light interior remodeling to comply with a regulation that specified inches between things, the contractor who has been most affordable and highest quality refused to bid because the hassle on his side was too great). Eventually the rules become too complicated and you start needing specialists to interpret them. Costs skyrocket and firms abuse rules to pad profits. Then the lawyers get involved and things get more expensive. Again, medical and military consumers become a captive market facing greater monopoly as fewer firms can navigate the thicket of rules to even try to make money.

Then we have the problem that people look at these sectors and say that it is public money. All public money should help with goal X (e.g. going “green”, affirmative action, boycotting South Africa/Israel, patriotism, “America first”) and then we become even more overly constrained. Find vendors who meet one hurdle is hard, finding ones that meet 30 is nigh unto impossible unless the vendor is engineering the firm to market solely to this niche – and charging monopoly rates as his reward.

Any single thing would not be too bad for prices, but the marketplace in general is diverging from military and healthcare. Even education is diverging with mandates in FERPA and political business constraints. We have pretty effectively restricted supply, why exactly would we not expect an increase in cost?
This story seems much broader than just healthcare and military procurement. The story also clarifies a bit why it's going to be hard to fix. The thicket of regulations often have a purpose -- security, to protect patent privacy, or more importantly, for military applications. But we do not often ask properly what the cost of extra regulations is. Even well done cost benefit analyses tend to take the supplier network as given, and ask what it will cost them to add just one more step. That the network will shrink and the number of potential entrants shrink more -- the best protection against monopoly power -- is really not part of any cost benefit analysis. The note also points slightly to the public choice problem. The few companies who become specialists at meeting regulations become advocates for the regulations, which puts them in fine position with the army of bureaucrats who promulgate and enforce regulations.  Yes, military text messages probably need high security. Does every doctor's text message to a patient need the same?

It doesn't take long to see in this post a reading of many contemporary economic ills. The perception of increasing monopoly power fits well. The decrease of small business formation and increasing size of businesses fits. And we can think of a number of industries that have the same problem. Banking is obvious.

General aviation is a tiny, but clear example.  Go to your local airport, and contrast the ramp (where planes park) to the parking lot. The ramp is typically an excellent example of a Cuban used car lot. Lovingly maintained aircraft either from the 1950s or designed in the 1950s predominate.  Beautiful, yes, to nostalgic eyes, but not exactly practical. Small aircraft engines are much less reliable than automobile engines. Why? Well, they all must be FAA certified, and it's not worth the cost to certify, say, a new model of spark plug. The parking lot is full of Teslas. Well, in Palo Alto. BMWs elsewhere. But stuffed with the latest technology. Planes are not inherently more durable than cars. They're just regulated differently.

The HIPAA regulations, making electronic medical records every doctor's nightmare, and adding billions to costs, are actually an improvement. We can all remember the not too distant past, and sometimes still present, that doctors needed us to fax things around, because of the same regulations.

The central point of the story is the interplay of new technology and regulation. Our technology has huge fixed costs.  Commercial off the shelf technology, usually "pretty darn good" is amazingly cheap and effective. Specialized technology written to constantly evolving regulation is nightmarishly expensive, and usually not very good. And leads to cronyism and monopoly. The cost of regulation is higher than you think. Make sure the benefits are appropriate.


15 comments:

  1. Interesting you should compare a GA airport to Cuba. I use exactly the same line in my book, "Where is my Flying Car" ...
    http://wimflyc.blogspot.com/p/where-is-my-fly8ing.html

    ReplyDelete
  2. I am a private sector PhD economist in banking regulatory compliance (model risk management).

    The "optimal regulation" is an interesting problem. In my area, I really do believe there was a net social benefit in the early stress test years (after Dodd-Frank) to having experts come in and review statistical models.

    I came in after the initial wave and saw how bad some of the models were. You had a lot of dumb things that I could say honestly did contribute to risk more than the cost of fixing it. Once, I saw a major loss model that a bank had been using for years prior the stress tests - it had a flaw in that it correlated loss given default with GDP, and not GDP growth. Result: always trending down LGD. This basically means the model magically forecasts losses trending to zero. They used that model for years and during the housing crisis. That institution was losing $1b/quarter at the height of the crisis.

    But the thing about the major statistics violations is once you fix them once, they really don't need to be fixed again. Its a very interesting view from where I sit (lowly mid level analyst) because I also so that people that benefit from the regulation do everything they can to keep the amount of work higher. For instance, a lot of people in my field will try to maximize the number of "findings" because some places measure output by findings.

    If the findings were actual risks, then ok. But it is actually very counterproductive to have 20 risk items and only 1 that matters (or even worse - miss the 1 that does matter). It confuses upper management (the MBAs) as to what an actual real model risk is as opposed to a "model developer should have considered another approach" (that would have yielded an identical estimate) type thing.

    Toss in that the people that made the rules were by and large lawyers and you have the full on "stupid government" effect. A few years ago I was questioned about an intense statistical model by... a Federal Reserve lawyer.

    Lawyers without 2+ years of quant training have no business in the room making these decisions. So for instance, the letter of the guidance says, "must consider alternative approaches." So what do people do? Oh they follow it, but does estimating a model with a logit and a probit really matter? Or MLE vs OLS for linear estimation? This is Dodd Frank in practice.

    I will end with this. The end result of Dodd Frank is what we have now at my current employer. We churn out pages and pages of documents literally re inventing the wheel. How do I mean? A lot of banks use vended models, like FICO and there are others of course for wholesale LOBs. They are extensively validated by the vendor.

    There is of course expectation that we validate it for our internal use. But, we go overboard. There is a very real "fear of regulatory action" that the MBAs at the top go through, and combined with their ignorance on statistics, they tend to trust the quants that tell them they need to do things. So what do these ambitious managerial level quants want to do? Maximize the work! We write 100s of pages documenting work that is the equivalent of moving dirt from one place to another. If a quant really wanted to maximize the work (to have the most workers under them, all managers want to do this), they just say "we need to text all these things or else!"

    As a result, I often see model risk management departments (I have been a part of 3) end up requiring 10% more each year from their model developers. The types of dumb things they often require of their in house model developers range from tracking statistics that have no meaning (PSI on the Y variables does not make sense) to requiring a 50 page annual report for models that don't change for years.

    ReplyDelete
  3. There is an interesting military analogy to your observation that private commercial aircraft lag behind regular automobiles and reliability and technical sophistication.

    In recent decades, military aircraft have become hanger queens requiring greater numbers of hours of maintenance per hour of flight time. The F-22 requires 40 hours of maintenance for every hour of flight.

    I look at my mini Mac, which is not failed in eight years of service, and has a computing power that a supercomputer used to have.

    ReplyDelete
  4. Notice too how this regulatory swamp doesn’t just reduce competition, it distorts the path of research and development. Engineers get paid not just to design better pegs, they get paid to fit square pegs into the round holes created by the regulators.

    John’s right, most general aviation aircraft are exquisitely maintained antiques. But there is one exception, “light sport aircraft (LSA)” are designed and flown under a different set of rules. Not surprisingly, designers work to meet the rules, not to produce the best design. (For example, if you had to choose whether to make your aircraft safer or make it weigh less than 600kg, you would probably choose to keep things light and retain your LSA category.) Of course LSA’s are mostly toys for a handful of eccentrics but I’ve got to think the same thing happens in medical technology, defense technology and lots of other areas.

    ReplyDelete
    Replies
    1. This eccentric is having a lot of fun with an LSA toy - a lot more fun than he would have had with a Part 23 aircraft designed in the 1950s. LSA has been very interesting: the ease of compliance has produced an explosion of new designs (more than 130, an average of 10 per year), often with wider, more comfortable cabins, many of them using modern engines (with electronic ignitions - and automotive spark plugs), avionics that are far more advanced and more easily updated, and even airframe parachutes. But, they are indeed constrained by regulation to 600 kg, which has forced some non-ideal choices. That said, the FAA has now had 13 years to look at the effect of this relatively massive deregulation of design (it worked fine, with problems largely attributable to the weight limitations imposed by the FAA itself), and is trying to bring itself to apply similar thinking much more broadly.

      Delete
  5. I've had experience with doing HIPAA compliance with small providers. I knew the costs could explode very quickly to meet compliance due to all the documentation and security implementations on electronic and paper document systems. Communications had to be secure. Faxes had to have a blurb of text saying x, y, and z, just to meet compliance.

    Now, there's consultancy firms out there that will do all this for you -- for a price of course. There's no way a small provider can stay in business if the costs of compliance eat into the margins. Some barely even do it and just hope to God the HIPAA monster doesn't show up one day and do an audit.

    In my case, there's simple ways to meet compliance. Security isn't that hard and there's cost effective ways to minimize cost. But, unless you're in the know, you don't know what the landscape looks like or where all the landmines are. Stepping on one is expensive. But, so is being so cautious that you can't get any work done. Bottom line, yes, there are ways to make compliance doable without sacrificing quality and fleecing people.

    ReplyDelete
  6. So John Cochrane would support Nordic style excise taxes on distillates (gasoline and diesel) and reduce the ambitiousness of the CAFE regulations? CAFE = corporate average fuel economy.

    Before you answer John, think about the wildfires in California's wooded, low-density suburbs.

    The comparison between older airplanes and modern automobiles would be more effective if accident statistics were included. Example: probability of death per kilometre travelled.

    -Erik

    ReplyDelete
    Replies
    1. "Before you answer John, think about the wildfires in California's wooded, low-density suburbs."

      Is the answer still... Nordic style tax? If forced to incur the sunk cost of a fuel sipping car, I might be more inclined to live further from work, thus increasing the likelihood of living in the "wooded, low-density suburbs." Whereas if I had a cheap gas guzzler but faced large fuel costs, maybe I'd live closer to work, and therefore be less likely to find myself in those wooded, low-density burbs.

      Of course the whole underlying premise here is beyond absurd but, if one is bored enough to pretend it's serious, I guess you'd prefer the Nordic distillates tax.

      Delete
    2. That's a good thought, but the reduction of fatalities in cars through technology doesn't translate into aircraft in the same way. In cars, crumple zones, seat belts and air bags can dramatically reduce fatalities in relatively low-speed crashes (30 mph) and give occupants a fighting chance at highway speeds. Airplanes' necessarily lightweight structures offer limited scope for crumple zones, and impacts tend to be at much higher speeds, where seat belts and air bags can't help that much. Post-crash fires have proven difficult to stop, too, although Diamond Aircraft has a dramatically better track record with its modern designs.

      Reliability - a reduction in the rate of mechanical failures - might help in theory, but old airplanes are very simple machines and mechanical failures are a small percentage of fatal accidents.

      Pilot error is much more important than reliability. Cirrus Aircraft found that pilot training - combined with modern technology - had a huge effect on fatal accident rates, but the technology alone did not deliver much. That may change in the years to come, as increasingly capable autopilot technology may begin to reduce the rate of "loss of control" and "controlled flight into terrain" accidents, both of which have high fatality rates (close to 100%) when they happen.

      Modern airplanes are more fuel efficient, much more comfortable, a little faster, and much more capable of complex flight operations (routing, weather) with relatively low pilot workload. Safety has been harder to improve, so far, although more-autonomous aircraft technology may help, and - despite being controversial among pilots - airframe parachutes do help quite a lot.

      As an aside, aviation accident rates are often given as fatalities per million miles, which is a sensible metric for cars but is somewhat misleading for aircraft: a much better measure for aircraft would be fatal accidents per flight, because so much of the risk is concentrated in takeoff and landing. It's said that a single airline flight - of any length - is roughly as dangerous as driving a couple of hundred highway miles, but I can't validate that particular claim.

      Delete
  7. Dodd-Frank caused hedge funds to increase compliance departments. Some of the compliance officers earned more than some traders. The real punitive effect of D-F, earning risk-adjusted returns became more difficult.

    ReplyDelete
  8. Dodd-Frank caused hedge funds to increase compliance departments. Some of the compliance officers earned more than some traders. The real punitive effect of D-F, earning risk-adjusted returns became more difficult.

    ReplyDelete
  9. OK, we get it. But like Tevia in Fiddler on the Roof laments, "Lord we know the disease, where is the cure?"

    ReplyDelete
    Replies
    1. In the hands of bureaucrats separated from the consequences of his or her actions. They are immunized from fallout by the very nature of bureaucracies.Even the milkman knew this!

      Delete
  10. It is worth pointing out, on this Thanksgiving day, that not all of our world is as bad as the bureaucratic cancer, and we remain among the luckiest people ever to have lived.
    One of many observations: https://reason.com/archives/2018/11/20/better-faster-cheaper

    Of course, that makes the original point even more poignant, as we must compare the cost-disease sectors to the market learning curve, not a mere maintenance of flatline costs.

    ReplyDelete
  11. John, have you analyzed Tabarrok's paper on the lack of large regulatory costs on American dynamism? I find it counterintuitive and would like to know your view. https://marginalrevolution.com/marginalrevolution/2018/02/federal-regulation-not-cause-declining-dynamism.html

    ReplyDelete

Comments are welcome. Keep it short, polite, and on topic.

Thanks to a few abusers I am now moderating comments. I welcome thoughtful disagreement. I will block comments with insulting or abusive language. I'm also blocking totally inane comments. Try to make some sense. I am much more likely to allow critical comments if you have the honesty and courage to use your real name.