Same risk, same regulation — a principle that sounds better than it is
Regulations Systemic risk
The Financial Stability Board has adopted the principle for crypto-assets. The banking lobby invokes it against fintechs and shadow banks. The fintech industry uses it to argue for lighter rules. The crypto world embraces it to gain legitimacy. Either it is a truly universal truth, or groups that agree on almost nothing else each think it means something different.
The principle has two quite distinct readings.
Reading one: a level playing field
The most common reading is straightforward. If different entities perform the same financial activity, they should face the same regulation, regardless of whether one is a bank, a fintech, an insurer, a crypto platform or something else entirely. A loan is a loan. A payment is a payment. The legal form of the entity should not matter.
The strict interpretation leads to some undesirable outcomes.
Regulations bring high fixed costs — compliance, reporting, legal, risk. These costs are much the same whether an institution is large or small. A large bank spreads them across a vast revenue base. A small firm cannot easily absorb them. So "same regulation" does not produce a level playing field. It tilts the field toward the large and the incumbent.
It also promotes homogeneity. Same regulation across different types of entities is hard to achieve without a single regulator overseeing them all. That means folding diverse institutions into one supervisory framework, which in turn drives the very compliance costs that favour the large.
And if all entities doing the same activity must follow identical rules, they converge on identical risk models, identical portfolio structures and identical ways of doing business. The financial system ends up with less diversity, not more — the opposite of what we want.
Reading two: calibrate to systemic risk
The second reading is more sophisticated, saying we should look not merely at what an entity does, but also at the risk it actually poses to the system. A systemically important bank making mortgage loans is not the same proposition as a small fund doing the same thing. The bank's failure could take the payment system with it. The fund's failure is a local event. Different systemic risk, different regulation. The regulatory treatment should be calibrated to the threats the activity poses to the financial system.
Sensible in theory. The problem is practice.
Calibrating regulation to systemic risk requires measuring systemic risk. And we cannot do that. Systemic risk is not a quantity sitting inside an institution waiting to be observed. It is endogenous — created by the interaction of market participants, shaped by the rules they operate under, and dependent on what is happening in the entire network at any given moment. The same activity at the same institution can be harmless in one state of the world and catastrophic in another. That is why systemic risk is not measurable, even if certain authorities persist in trying.
We struggle to measure the risk of a single asset reliably, not to mention that of portfolios. And usually, the risk you measure is probably not the risk you care about.
Measuring an institution's contribution to systemic fragility is a far harder problem, and pretending we can do it creates the illusion of control — false confidence that the authorities have calibrated the rules correctly, when in fact they are running a bureaucratic exercise of quantifying the unquantifiable.
So reading two, for all its theoretical appeal, collapses into the same problem that plagues much of financial regulation: it demands precise measurement of something that is not precisely measurable.
The alternative: embrace diversification
If same regulation is a bad idea in both readings, what is the alternative?
The opposite. Instead of trying to equalise regulation across entities, deliberately maintain diversified regulation. Heavier rules on systemically important institutions. Lighter rules elsewhere.
Apply the most important principle of finance, diversification.
Risky activity will migrate toward entities that are smaller, less interconnected and less capable of bringing down the system. This is regulatory arbitrage, abhorrent to the advocates of "same risk, same regulation". But it tends to move risk to where it does less systemic damage, and preserves diversity, because different entities operating under different rules will behave differently in a crisis, which is exactly what we want.
The most common counterargument is that diversified regulation culminated in the 2008 crisis. Shadow banks grew because they faced lighter regulation than banks while performing bank-like functions. When the crisis hit, they turned out to be deeply interconnected with the banking system, and the lighter regulation had not contained the risk — it had hidden it.
Fair point. But the lesson of 2008 is not that diversified regulation is inherently dangerous. It is that nobody was watching the perimeter. The shadow banks were not just smaller and less connected — they were opaque, leveraged and entangled with the very banks they were supposed to be drawing risk away from. The failure was in the oversight of interconnections, not regulatory diversification.
Maintaining diversified regulation does not mean ignoring what happens outside the banking perimeter. It means watching it — monitoring size, interconnectedness and leverage — and intervening when entities that were supposed to be systemically unimportant become systemically important. That is a more promising and tractable supervisory task than trying to measure and equalise systemic risk contributions across the entire financial system.
So
Under the first interpretation of "same risk, same regulation", where everyone, regardless of systemic importance, should be treated the same, we end up promoting the very homogeneity that makes the financial system fragile.
The second interpretation is more sophisticated, taking into account the systemic impact also. The problem is it demands measurements we cannot make. And trying to do so just leads to the Illusion of Control.
The alternative is to embrace the first principle of finance: diversification. Let risk migrate to where it does less damage. Lower the cost of financial intermediation and help the economy grow. It is less tidy, but more honest about what we can and cannot control.
And most importantly, it both reduces systemic risk and helps the economy.
Win-Win-Win.