[House Hearing, 115 Congress]
[From the U.S. Government Publishing Office]
REGULATORY DIVERGENCE: FAILURE OF THE ADMINISTRATIVE STATE
=======================================================================
HEARING
BEFORE THE
SUBCOMMITTEE ON
INTERGOVERNMENTAL AFFAIRS
OF THE
COMMITTEE ON OVERSIGHT
AND GOVERNMENT REFORM
HOUSE OF REPRESENTATIVES
ONE HUNDRED FIFTEENTH CONGRESS
SECOND SESSION
__________
JULY 18, 2018
__________
Serial No. 115-92
__________
Printed for the use of the Committee on Oversight and Government Reform
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Available via the World Wide Web: http://www.fdsys.gov
http://oversight.house.gov
________
U.S. GOVERNMENT PUBLISHING OFFICE
31-369 PDF WASHINGTON: 2018
Committee on Oversight and Government Reform
Trey Gowdy, South Carolina, Chairman
John J. Duncan, Jr., Tennessee Elijah E. Cummings, Maryland,
Darrell E. Issa, California Ranking Minority Member
Jim Jordan, Ohio Carolyn B. Maloney, New York
Mark Sanford, South Carolina Eleanor Holmes Norton, District of
Justin Amash, Michigan Columbia
Paul A. Gosar, Arizona Wm. Lacy Clay, Missouri
Scott DesJarlais, Tennessee Stephen F. Lynch, Massachusetts
Virginia Foxx, North Carolina Jim Cooper, Tennessee
Thomas Massie, Kentucky Gerald E. Connolly, Virginia
Mark Meadows, North Carolina Robin L. Kelly, Illinois
Ron DeSantis, Florida Brenda L. Lawrence, Michigan
Dennis A. Ross, Florida Bonnie Watson Coleman, New Jersey
Mark Walker, North Carolina Raja Krishnamoorthi, Illinois
Rod Blum, Iowa Jamie Raskin, Maryland
Jody B. Hice, Georgia Jimmy Gomez, Maryland
Steve Russell, Oklahoma Peter Welch, Vermont
Glenn Grothman, Wisconsin Matt Cartwright, Pennsylvania
Will Hurd, Texas Mark DeSaulnier, California
Gary J. Palmer, Alabama Stacey E. Plaskett, Virgin Islands
James Comer, Kentucky John P. Sarbanes, Maryland
Paul Mitchell, Michigan
Greg Gianforte, Montana
Michael Cloud, Texas
Sheria Clarke, Staff Director
William McKenna, General Counsel
Kelsey Wall, Professional Staff Member
Katy Rother, Intergovernmental Affairs Subcommittee Staff Director
Sharon Casey, Deputy Chief Clerk
David Rapallo, Minority Staff Director
------
Subcommittee on Intergovernmental Affairs
Gary Palmer, Alabama, Chairman
Glenn Grothman, Wisconsin, Vice Jamie Raskin, Maryland, Ranking
Chair Minority Member
John J. Duncan, Jr., Tennessee Mark DeSaulnier, California
Virginia Foxx, North Carolina Matt Cartwright, Pennsylvania
Thomas Massie, Kentucky Wm. Lacy Clay, Missouri
Mark Walker, North Carolina (Vacancy)
Mark Sanford, South Carolina
C O N T E N T S
----------
Page
Hearing held on July 18, 2018.................................... 1
WITNESSES
Mr. James ``Bo'' Reese, President, National Association of State
Chief Information Officers; Chief Information Officer, Office
of Management and Enterprise Services, State of Oklahoma
Oral Statement............................................... 5
Written Statement............................................ 8
Mr. John Riggi, Senior Advisor for Cybersecurity and Risk,
American Hospital Association
Oral Statement............................................... 30
Written Statement............................................ 32
Mr. Robert Weissman, President, Public Citizen
Oral Statement............................................... 38
Written Statement............................................ 40
Mr. Christopher Feeney, Executive Vice President, Bank Policy
Institute
Oral Statement............................................... 71
Written Statement............................................ 73
Mr. Oliver Sherouse, Policy Analytics Lead, Program for Economic
Research on Regulation, Mercatus Center
Oral Statement............................................... 86
Written Statement............................................ 88
REGULATORY DIVERGENCE: FAILURE OF THE ADMINISTRATIVE STATE
----------
Wednesday, July 18, 2018
House of Representatives,
Subcommittee on Intergovernmental Affairs,
Committee on Oversight and Government Reform,
Washington, D.C.
The subcommittee met, pursuant to call, at 2:08 p.m., in
Room 2154, Rayburn House Office Building, Hon. Gary J. Palmer
[chairman of the subcommittee] presiding.
Present: Representatives Palmer and Raskin.
Mr. Palmer. The Subcommittee on Intergovernmental Affairs
will come to order. Without objection, the presiding member is
authorized to declare a recess at any time.
The Federal Government has long been associated with
entrenched bureaucracy, separated by agencies and ignorant of
the realities of the average American's life. Federal agencies
impose regulatory requirements under a siloed organizational
structure that is program by program, department by department,
with very little interagency coordination. This committee is
well aware of the impact of Federal agencies' failure to
coordinate between themselves and non-Federal stakeholders.
For the last 8 years, the Government Accountability Office
has issued an annual report on overlapping, duplicative, and
otherwise wasteful Federal programs. And to date, addressing
the problems that GAO highlights in these reports has saved
over $175 billion. Addressing the remaining could save tens of
billions of dollars more. And I might even argue, in some cases
hundreds of billions of dollars more.
In other words, the failure of Federal agencies to
coordinate has wasted hundreds of billions of dollars of
taxpayer money over the last decade.
But the impact of the failure of the administrative state
doesn't stop there. The lack of interagency coordination has
led to a steady accumulation of divergent regulatory mandates
on States and the private sector. Despite often seeking similar
results, Federal agencies impose conflicting regulations that
force the regulated entities, like State agencies and private
sector businesses, to focus heavily on compliance rather than
improved outcomes.
Although the panel comes from different sectors, missions,
and backgrounds, there is remarkable consistency in their
testimony about the burdensome effects of a divergent
regulatory regime.
Today Federal regulations touch nearly every aspect of
daily life, and those regulations have become so complex that
even the regulators can't agree what the requirements are or
how to comply with them.
As a result, these divergent regulations drastically
increase the overall cost of the intended operations and
deviate from the intended purpose of the regulations
themselves. According to the Competitive Enterprise Institute,
Federal regulations cost the economy nearly $2 trillion
annually.
And what I like to point out, I have some colleagues who
identify that as a hidden tax. It really isn't. At least a tax
goes to build a road or a bridge or has some good purpose in
many cases. A regulatory cost is just a hidden cost that weighs
disproportionately heavily upon low-income families. I think
that averages almost $15,000 per household.
Likewise, State governments also experience a drain on
resources and State autonomy due to regulatory divergence.
State officials from the National Association of State Chief
Information Officers have shared multiple accounts with the
committee on duplicative and inconsistent audit requirements
imposing significant burdens on States without any substantive
benefit.
One State's chief information security officer reported
than an audit of the same data security enterprise yielded
inconsistent results across multiple Federal agencies.
Unfortunately, this has become a regular feature of the State
partnership with the Federal Government.
It is our duty to the American people to explore
opportunities to harmonize our current regulatory standards. To
do this, Federal agencies, along with State governments and the
private sector, need to come together to develop means of
communication and cooperation to mitigate future duplicative,
inconsistent, and obsolete regulations.
We are fortunate today to have with us a panel that can
help us better understand the challenges imposed by these
Federal regulatory standards. I thank the witnesses for being
here today.
And at this point, I would like to yield to my friend and
colleague from Maryland, the ranking member, Mr. Raskin, for
his opening statement.
Mr. Raskin. Mr. Chairman, thank you. It's always a pleasure
to be with you, Chairman Palmer.
I'm planning to surprise everyone by becoming the first
American politician in history to defend regulation in its
entirety: the notice and comment period, the hearing process,
regulatory enforcement, the whole kit and caboodle.
Let's start with terminology. A regulation is just a fancy
name for a rule, and we all live according to rules. Every
family has rules, every household, every sport, every school,
every road, every highway, every institution, every economy,
every government, every nation, every corporation, every State,
county, city, and town.
And, indeed, Congress itself and every committee has rules.
I get 5 minutes to do my opening presentation no matter how
brilliant it is, not 6 minutes, not 4 minutes, but we've got a
rule about it. The rule gives us a fair allotment of time and
makes each of us free to use it. We will probably invoke dozens
of rules as we go about our business in the House today.
But the rules targeted for criticism in this hearing are
the rules that Federal agencies adopt to enforce the laws that
we pass in Congress. The laws and the rules reflect the values
of the people and implement our social priorities.
Look at what agency rules do. The Department of Labor's
overtime rule says that hourly wage workers must be paid time
and a half when their bosses ask them to work more than 40
hours a week. That's a rule which gives dignity and fairness to
workers.
The Federal Aviation Administration's 24-hour rule says
passengers forced to cancel airline ticket reservations with 24
hours of purchase must get a full refund. Another FAA rule says
that passengers who miss their flight must be given standby
access if they arrive within 2 hours of the missed flight on
the next flight.
A lot of Federal rules save human lives and protect public
health. The National Highway Transportation Safety
Administration's Gulbransen rule requires dramatically improved
rear visibility in new cars, which is why so many people in
this room and in our country have backup cameras on their
dashboards now. Although President Bush signed it into law in
2008, the rule was unnecessarily delayed and went into effect
in 2018.
Named for 2-year-old Cameron Gulbransen, who was killed
when a car accidentally backed up over him, this rule has
already begun to significantly lower the number of deaths and
injuries, roughly 250 deaths and more than 12,000 injuries a
year that were occurring from accidents caused by vehicles in
reverse. The rule compels use of a technology that had been
available for a decade but was opposed by the auto industry,
which tried to keep it as an optional luxury add-on item.
Everyone knows that the seatbelt rule has saved tens or
even hundreds of thousands of lives since it was adopted in
1983 despite vehement protests that this was overregulation or
hyper-regulation when it was first adopted.
Like these, most Federal rules are commonsense protections
of vital freedoms that we cherish as Americans. Freedom from
air pollution and water pollution. Freedom from dangerous
consumer appliances. Freedom from workplace discrimination and
exploitation. Freedom from predatory business practices and
monopolies.
Moreover, rules have made our people freer and our country
safer, healthier, cleaner, more just, more equitable, and more
secure.
Yet President Trump and my GOP colleagues in the House have
made destroying government rules one of their top priorities,
and they have made of deregulation a mindless political fetish.
But they target only certain kinds of rules. The
administration hates rules that get in the way of corporate
power. They want to get rid of rules that restrict Wall Street
and the finance industry. They want to scrap rules that enforce
the Clean Water Act and the Clean Air Act and rules that
restrict the freedom of polluters.
They love other kinds of rules. They want rules that
interfere with women's rights to make their own healthcare
decisions and decisions about birth control and reproduction.
Just this past May, the administration issued a gag rule that
blocks recipients of Federal family planning funds from
counseling or advising women about abortions, and also
compelling expensive physical, financial, and programmatic
segregation between units that provide such counseling and
those that do not.
They pile rule upon rule in the SNAP program to impose a
kind of bureaucratic extremism which makes it impossible for
people to access nutritional benefits that they need.
So regulations, like statutes or ordinances or
constitutions, are just forms of law. They can be good, they
can be bad. They can be efficient, they can be inefficient,
fair or not. But my colleagues invite us to believe that
Federal regulation is, in general, categorically burdensome and
costly. That's false, and we've got a way to show it.
The Office of Management and Budget annually issues a
congressionally mandated report that identifies the costs of
government rules on the private sector and the estimated
financial benefits produced for the American people. Every year
this report shows objectively that the economic benefits of
Federal rules far outweigh the cost.
Quite shockingly, the administration tried to bury this
year's report, releasing it 2 months late, almost certainly
because its findings undercut everything the President has
stated about government rules.
The report found that last year Federal rules imposed
around $5 billion in costs on businesses. At the same time,
they resulted in more than $27 billion in benefits to the
public. The regulatory benefits to taxpayers are more than five
times the cost of these rules.
The costs of an America without any Federal rules are not
hard to imagine, but they are impossible to accept. Cars
without backup cameras or seatbelts. Peanut butter made in
unsanitary conditions. Banks and hedge funds freed from rules
of prudential lending. Coal mines that poison coal miners and
collapse on human beings with impunity. Predatory payday
lenders operating without a CFPB checking them. Out-of-control
data breaches. And so on.
This deregulatory project in our economy and environment is
risky and dangerous. We cannot risk American lives and our
environment because the President wants to reward large
campaign donors while using the regulatory bogeyman to try to
destroy democratically chosen rules.
Let's think pragmatically and not ideologically. Let's
remember that Federal rules are just America's rules. And when
it comes to building a strong democracy, laissez isn't fair.
Thank you very much, Mr. Chairman.
Mr. Palmer. I thank the gentleman.
I'm pleased to introduce our witnesses.
Mr. James ``Bo'' Reese, president of the National
Association of State Chief Information Officers, and Chief
Information Officer, Office of Management and Enterprise
Services, State of Oklahoma.
Mr. John Riggi, senior advisor for cybersecurity and risk
for the American Hospital Association.
Mr. Robert Weissman, president of Public Citizen.
Mr. Christopher Feeney, executive vice president of the
Bank Policy Institute.
And Mr. Oliver Sherouse, policy analytics lead for the
Program for Economic Research on Regulation at the Mercatus
Center.
Welcome to you all.
Pursuant to committee rules, all witnesses will be sworn in
before they testify. Please stand and raise your right hand.
Do you solemnly swear or affirm the testimony you're about
to give is the truth, the whole truth, and nothing but the
truth, so help you God?
The record will reflect that all witnesses answered in the
affirmative.
Please be seated.
In order to allow time for discussion, please limit your
testimony to 5 minutes. And your entire written statement will
be made part of the record.
As a reminder, the clock in front of you shows the
remaining time during your opening statement. The light will
turn yellow when you have 30 seconds left and red when your
time is up. Please also remember to press the button to turn
your microphones on before speaking.
The chair now recognizes the gentleman, Mr. Reese, for 5
minutes.
WITNESS STATEMENTS
STATEMENT OF JAMES ``BO'' REESE
Mr. Reese. Thank you, Chairman Palmer and Ranking Member
Raskin and members of the subcommittee. Thank you for inviting
me to testify before you today on the burden of Federal
regulations and their impact to State governments.
My name is Bo Reese, and I serve as the chief information
officer, or CIO, for the State of Oklahoma. I also serve as the
president of the National Association of State Chief
Information Officers, or NASCIO.
All 50 States and three territories are members of NASCIO,
and we represent the interests of government-appointed State
CIOs who acted as the top IT officials for State government.
Today I would like to provide the subcommittee an overview
of how Federal regulations hamper the ability of State CIOs to
offer effective and efficient technology and IT services. I
will also touch upon how the complex Federal regulatory
environment is duplicative in nature, contributes to
inconsistent Federal audits, and drives cybersecurity
investments based on compliance and not risk, which is the more
secure approach.
State CIOs act as the technology and IT provider for State
agencies. State agencies administer Federal programs, like
Medicaid, SNAP, unemployment insurance, and in so doing
exchange data with Federal agencies. Because of this
intergovernmental relationship, Federal agencies impose rules
on State agencies and all their requirements in audits which
then flow to State CIOs who provide IT services to State
agencies.
Compliance with the multitude of Federal regulations is
burdensome on States, especially those like Oklahoma that have
consolidated or unified our IT service delivery. IT unification
has resulted in $372 million in cost savings and avoidance for
Oklahoma.
Before IT unification, Oklahoma was supporting 129 email
servers in State government, 76 different financial systems, 22
time and attendance systems, and 30 data center locations.
After the 5-year IT unification process, we were able to reduce
redundancies and leverage economies of scale, further enabling
the hundreds of millions in savings and cost avoidance.
The biggest hurdle we faced in achieving IT consolidation
was compliance with Federal regulations. Our Federal agency
partners are regulating the States not in a streamlined
fashion, similar to the way we now operate, but in a siloed way
that impedes our ability to operate effectively. States must
comb through thousands of pages of Federal regulations to
ensure that they are in compliance while administering Federal
programs.
And even though many Federal regulations are similar in
nature, they each have minor differences, which then requires
one-off adjustments for each Federal regulation. This obscures
the goal of IT consolidation, which ultimately produces savings
for taxpayers.
We certainly understand the importance of regulations and
are not advocating their wholesale elimination. The problem is
not that there is regulation, but that Federal requirements are
organized by Federal individual program and do not follow the
industry-recommended approach, which would regulate cyber
threats by their risk.
The siloed Federal regulatory approach is carried forward
in the Federal audit process. Audits are conducted program by
program and not holistically. This means that my office
responds to the same audit questions multiple times, again and
again, year after year.
For example, in Oklahoma, the IRS audited one State agency
multiple times because it viewed different programs as distinct
and separate entities. My office had to answer hundreds of
questions, attend multiple audit meetings, and deliver
additional explanatory material multiple times for one State
agency.
This wasteful and inefficient process is repeated time and
time again across many different State agencies for each
Federal regulatory entity, not to mention the fact that several
auditors had different results even though they examined the
same audit environment.
A great example of this inefficiency is, in 2016, the State
of Oklahoma performed 14 audits over 8 months on the same IT
environment. In 2017, we had 11 audits that took us 7 months
and all of our resources to perform.
Ultimately, we believe that there is a more efficient and
holistic way of ensuring data security and allowing States to
implement IT consolidation plans that have proven to generate
cost savings.
We would like your assistance in getting Federal regulators
to the table with the State CIOs so that we can harmonize
regulatory environments and streamline the audit process
together.
To this end, NASCIO members have already started the
process of identifying the differences with two major
regulations. And I have a great example of what we've performed
already today. The IRS Publication 1075 and the FBI-CJIS are
the two that we compared.
We hope to engage with our Federal partners further and
appreciate the subcommittee's support in reducing the
regulatory burden on States.
In closing, I would like to thank the subcommittee for the
opportunity to testify on this important issue, and also like
to express our gratitude to Chairman Gowdy for initiating the
GAO study on the State impact of Federal regulations in October
of last year.
I look forward to your questions, and thank you.
[Prepared statement of Mr. Reese follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Palmer. I thank the gentleman.
The chair now recognizes Mr. Riggi for his testimony.
STATEMENT OF JOHN RIGGI
Mr. Riggi. Good afternoon. My name is John Riggi, and I
appreciate the opportunity to testify on behalf of the American
Hospital Association today.
Every day hospitals and health systems confront the
daunting task of complying with a growing number of Federal
regulations. While Federal regulation is necessary to ensure
that healthcare patients receive safe, high quality care, in
recent years, clinical staff--doctors, nurses, and caregivers--
find themselves devoting more time to regulatory compliance,
taking them away from patient care. Some of these rules do not
improve care, and all of them raise costs.
Last fall, the AHA issued a report entitled ``Regulatory
Overload,'' and I appreciate the opportunity today to discuss
the findings. The major findings include that health systems,
hospitals, and post-acute care providers must comply with 629
discrete regulatory requirements across nine domains.
The four agencies that promulgated these requirements--the
Centers for Medicare and Medicaid Services, CMS; the Office of
the Inspector General, Office for Civil Rights, OIG OCR; and
the Office of the National Coordinator for Health Information
Technology, ONC--are the primary drivers of Federal regulation
impacting these providers.
However, providers also are subject to regulation from
other Federal and State entities which are not accounted for in
this report.
Health systems, hospitals, and post-acute care providers
spend nearly $39 billion a year solely on the administrative
activities related to regulatory compliance in the nine domains
discussed in the report.
An average-sized community hospital of 161 beds spends
nearly $7.6 million annually on administrative activities to
support compliance with the reviewed Federal regulations. That
figure rises to $9 million for those hospitals with post-acute
care beds.
Nationally, this equates to $38.6 billion each year to
comply with the administrative aspects of regulatory compliance
in just these nine domains.
Looked at in another way, regulatory burden costs $1,200
every time a patient is admitted to a hospital.
An average-sized hospital dedicates 59 full-time equivalent
employees to regulatory compliance, over one-quarter of which
are doctors, nurses, and pulling clinical staff away from
patient care responsibilities.
The frequency and pace of regulatory change make compliance
challenging and often results in duplication of efforts in
substantial amounts of clinician time away from patient care.
As new or updated regulations are issued, a provider must
quickly mobilize clinical and nonclinical resources to decipher
the regulations and then redesign, test, implement, and
communicate new processes throughout the organization.
Providers dedicate the largest proportion of resources to
documenting conditions of participation, CoPs, adherence,
billing and coverage verification processes. Meaningful use has
spurred provider investment in IT systems, but exorbitant costs
and ongoing interoperability issues remain. Quality reporting
requirements are often duplicative and have inefficient
reporting processes, particularly for providers participating
in value-based purchasing models.
Again, this creates inefficiency and consumes significant
financial resources and clinician staff.
Fraud and abuse laws are outdated and have not evolved to
support new models of care. The Stark Law and the Anti-Kickback
Statute, AKS, can be impediments to transforming care delivery.
While CMS has waived certain fraud and abuse laws for
providers participating in various demonstration projects,
those who receive a waiver generally cannot apply it beyond the
specific demonstration or model.
The lack of protections extending care innovations to other
Medicare or Medicaid patients and commercially insured
beneficiaries minimize efficiencies and cost savings realized
through these types of models and demonstration projects.
A reduction in administrative burden would enable providers
to focus on patients, not paperwork, and reinvest resources in
improving care, improving health, and reducing costs.
We have several general recommendations to reduce
administrative requirements without compromising patient
outcomes:
Regulatory requirements should be better aligned and
consistently applied within and across Federal agencies and
programs and subject to routine review for effectiveness to
ensure the benefit for the public good outweigh additional
compliance burdens;
Regulators should provide clear, concise guidance and
reasonable timelines for the implementation of new rules;
Conditions of participation should be evidence-based,
aligned with other laws, industry standards, and flexible in
order to support different patient populations and communities;
Federal agencies should accelerate the transition to
automation of administrative transactions, such as prior
authorization;
Meaningful use requirements should be streamlined and
should be increasingly focused on interoperability and
cybersecurity risk considerations without holding providers
responsible for the action of others;
Quality reporting requirements should be thoroughly
evaluated across all programs to better determine what measures
provide meaningful and actionable information for patients and
providers and regulators;
Post-acute care rules should be reviewed and simplified to
remove or update antiquated, redundant, and unnecessary rules;
With new deliver system and payment reforms emerging,
Congress, CMS, and the OIG should revisit the Stark Law and AKS
to ensure that statutes provide the flexibility necessary to
support the provision of high quality care.
Thank you for the opportunity to provide an overview of
AHA's view on regulatory burden. We appreciate the committee's
focus on this topic. And I look forward to your questions.
[Prepared statement of Mr. Riggi follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Palmer. I thank the gentleman.
The chair now recognizes Mr. Weissman for his testimony.
STATEMENT OF ROBERT WEISSMAN
Mr. Weissman. Mr. Palmer and Mr. Raskin, thank you very
much for the opportunity to speak today. I wanted to make three
general points and, assuming I talk fast enough, add a footnote
in.
The American regulatory system has made our country
stronger, better, safer, cleaner, healthier, more fair, and
more just. It's something we should be celebrating, trying to
improve, but not attacking with evidence-free allegations.
As Mr. Raskin pointed out, the benefits of regulation,
Federal regulation, even monetized and corporate-friendly
accounting systems, vastly exceed the costs. We know that
because of the OMB reviews of the costs and benefits of
significant regulations issued each year. Every single year
since the agency started conducting that study in 2001,
benefits have vastly exceeded costs at minimum of a range of 2
to 1 and typically up to 12 to 1.
Critics of regulation too often focus on costs to the
exclusion of talking about the benefits. No agency adopts a
rule for the simple purpose of imposing costs. There's always a
rationale and reason, and the benefits have to be taken into
account. The $2 trillion figure that is routinely cited is not
based on careful analysis, as my testimony describes in some
detail.
It's worth focusing also for a moment on the American
Hospital Association study, which fell into this same problem
of focusing exclusively on the cost of regulation without
talking about the benefit. It acknowledges that there may be
some patient benefits, but doesn't actually try to monetize
those costs.
The study does not show that there are duplicative
regulations. The study does not acknowledge the benefits in
monetary terms to patients. The study does not disclose its
methodology or how its survey was calculated. So there's every
reason to assume that the cost estimates are inflated.
Most importantly, what the study fails to do is acknowledge
why it is that the government imposes a host of regulations on
the healthcare sector. It's primarily to deal with two
overarching problems: poor quality of care and massive fraud.
250,000 people die every single year in this country from
medical malpractice, making it the third highest single cause
of death in this country. By any metric, we perform at often
the worst of all rich countries in quality of care.
Quality of care regulations are aimed at trying to improve
that situation. Fraud consumes 3 to 10 percent of all
healthcare spending in the United States, according to the FBI.
At the low end, $80 billion a year.
Those regulations are designed to cut down on rampant
fraud. They have a purpose. They are inadequate. They're
obviously not doing the job. It would be much worse off if
those rules, by and large, were not in place.
The second point I wanted to make was about the issue of
regulatory duplication. I think it is the case that much of
what's complained about in the area of duplication is really a
disguised complaint about regulation itself.
That said, there are obviously, in a complicated
bureaucracy, in a complicated economy, overlapping rules and
regulations and massive regulatory gaps. So for sure better
coordination is desirable. It doesn't really make sense to
blame that problem on the administrative state, though.
Let's talk for a moment about cybersecurity. It is the case
that there are massive gaps in cybersecurity and privacy
protections in this country. That's because there is no
overarching American cybersecurity framework or privacy
protection law.
We absolutely need that. I detail some components of what
would be desirable in such a framework. That may not cure all
the problems that are being discussed today by area
specialists, but it would for sure deal with many of them.
The third thing I wanted to highlight is that, although
there has been a very partisan discussion about regulation in
the Congress for now going on almost a decade, there is a
shared agenda that's available if members are eager to pick it
up.
I think the key elements of reform packages that would have
bipartisan support would focus on transparency, limiting
regulatory delay, enhancing regulatory enforcement without
regard to adopting new rules but making sure everyone plays by
the same rules, and focusing on the revolving door of people
leaving from regulatory agencies and going into regulated
industry, and back and forth.
Finally, my footnote. Yesterday my organization, along with
100 other organizations, petitioned OSHA to adopt a heat
standard to protect indoor and outdoor workers from extreme
heat. More than 1,000 people die every near in this country
from extreme heat. Many of them are workers, especially
agricultural workers.
Supporting our petition was Raudel Felix Garcia, the
brother of Audon Felix Garcia, a California farmworker who died
from excessive heat in the fields. Raudel told the story of his
brother's death yesterday in a teleconference we had in
wrenching detail and pleaded with Federal regulators to take
steps to make sure that no one else died such a needless death.
It was a crucial reminder both in that particular area, but
more generally, that life and death is at stake in regulation,
that real people are affected and protected and need strong
regulatory protections. And I hope this Congress can ensure
that that is delivered to them.
Thank you very much.
[Prepared statement of Mr. Weissman follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Palmer. I thank the gentleman.
The chair now recognizes Mr. Feeney for his testimony.
STATEMENT OF CHRISTOPHER FEENEY
Mr. Feeney. Chairman Palmer, Ranking Member Raskin, and
members of the subcommittee, thank you for inviting me to
testify today. My name is Chris Feeney. I'm the executive vice
president of the Bank Policy Institute and president of our
Technology Policy Division, BITS.
Cybersecurity is a top-of-mind issue for every one of our
CEOs, and the industry has been and remains committed to making
the investments necessary to protect our critical
infrastructure broadly. We embrace the trust that our customers
confer in us and take the job of protecting customers and their
data seriously, including valuing their privacy.
Our industry is heavily regulated. In the U.S. alone, we
have 9 independent Federal regulators, 3 self-regulatory
organizations, and 50 State banking, securities, and insurance
agencies. Regulations include extensive cybersecurity oversight
and comprehensive data protection standards, such as those in
the 1999 Gramm-Leach-Bliley Act.
The cybersecurity requirements across the industry are very
diverse in terms of size, type of business, and geographic
footprint. Yet we have validated that over 80 percent of the
cyber issuances are common across all regulators.
For the financial sector, it becomes a tangible problem
when those tasked with creating cybersecurity rules approach
regulations with their own variations, addressing the same
cyber requirements with different approaches and language.
To analogize this, think of the impact on your safety if
air traffic controllers didn't use English as a common language
and instead pilots were required to use their native language
for every airspace they pass through. This would be challenging
at best, require extensive training, and introduce unneeded
risk.
This is the dilemma we face today with variations on cyber
standards, requirements, and expectations without any
appreciable benefit to security. These requirements lead to
misuse of scarce cybersecurity experts' time, taking them away
from protecting our technology and the customers who count on
us daily to access ATMs, to write checks, and to pay mortgages.
When a chief information security officer at one of our
largest firms estimates that 40 percent of their time is spent
trying to unravel the web of cybersecurity regulation rather
than focusing on protecting systems, that's a serious problem.
We face similar complexity in the area of data breach,
which has no uniform standard, and we are seemingly entering
into a complex environment of conflicting requirements related
to privacy as regulation develops around international
requirements, emerging State requirements, and potentially
local requirements, such as those being discussed in Chicago.
For technology and cybersecurity experts, consistency,
repeatability, and improved security require a common technical
and operating architecture, a common language, and a common
framework to achieve the highest degree of protection.
In a 2017 Financial Stability Board publication, U.S.
member agencies self-reported that 10 different Federal schemes
of cyber regulation were in place and that 43 different
publicly available cybersecurity issuances were about to be
offered.
We want to be clear. The financial industry supports the
need for cyber regulation and the industry's multi-billion-
dollar investments here to improve our capabilities and satisfy
our regulations. These investments have contributed to
developing the highest standards for cybersecurity, data
security, and customer expectation.
Individually these regulations have merit. However, when
one regulation is laid over another and another, it saps both
the time and focus from executive leadership and those whose
time and job it is to defend and operate our businesses. And
more specifically, firms are already burdened by a shortfall of
skilled cyber professionals and they must take resources away
from protecting their platforms to interpret the language of
divergent regulation.
Ultimately, we hold ourselves accountable for protecting
customers, our systems, and for compliance with the regulatory
process. You might be surprised to hear me say that the
solution is not fewer regulations but instead rationalized and
harmonized regulation around a common approach and a shared
language.
BITS and our industry partners have developed a model cyber
framework. The foundation of this effort centers on the NIST
Cybersecurity Framework which is used across multiple
industries, Federal and State government, and with support from
both the Obama and the Trump administration.
The financial sector used this standard to develop a sector
profile. And importantly, we developed a solution by working
with our regulators, gathering their input, incorporating their
diagnostic statements, and tailoring the solution so that we
don't force a one-size-fits-all approach to managing cyber
risk.
There are clear benefits of this approach for the
regulatory agencies, such as examinations that can be tailored
to institutional complexity, and for financial firms, such as
optimizing the use of cybersecurity professionals' time and
also enabling more effective use of fintech innovators who can
meet requirements and expectations more efficiently.
Congress has been vocal in encouraging regulators to pause
any additional cyber regulation, and we ask that Congress now
support and encourage the use of the sector profile.
In the spirit of this committee's broad remit, we also ask
that Congress work to develop uniform Federal standards for
data breach notification and a common privacy standard before
we enter into a 50-State and 50-variation environment similar
to what we face today in cyber. We must ensure these issues do
not fall prey to jurisdictional battles, and we need to work
together to maintain the cyber integrity of the U.S. financial
system.
Thank you, Mr. Chairman, and I look forward to your
questions.
[Prepared statement of Mr. Feeney follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Palmer. I thank the gentleman.
The chair now recognizes Mr. Sherouse.
STATEMENT OF OLIVER SHEROUSE
Mr. Sherouse. Chairman Palmer, Ranking Member Raskin, and
members of the subcommittee, thank you for the chance to speak
to you today about the important and often overlooked problem
of duplicative regulations and regulatory standards.
My testimony today will focus on one cause of regulatory
duplication, the incomprehensible scale of the administrative
state. And I will also present two ways my colleagues and I are
working to reduce that problem. First, through the application
of text analysis and machine learning in our QuantGov project;
and second by developing an open, machine-readable, and data-
first standard for rulemaking documents called XRRL.
Now, my job is policy analytics, and what that means is
that I teach computers to read policy documents, and especially
regulation. We have to use computers because the administrative
state has grown to an incomprehensible size. And I mean that
literally. There are simply too many rules for any one person
to understand.
So using text analysis and machine learning, my colleagues
and I have created a dataset called RegData to quantify Federal
regulation.
Now, RegData tells us that today there are more than 103
million words in the Code of Federal Regulations, including
1.08 million individual regulatory restrictions, so that's
words and phrases like ``shall'' and ``must'' that indicate a
particular mandated or prohibited activity.
That means that if you were to read the Code as your full-
time job, it would take you 3 years, 111 days, and a bit past
lunchtime the next day. By the time you'd finished, of course,
you would need to immediately start figuring out what had
changed since you started. And that's no easy task since the
Code increases by an average of more than 1.4 million words
every year.
So since reading the Code is impossible, data tools like
those we have produced for the QuantGov project can help us
begin to make better sense of the administrative state.
RegData, in fact, does more than count total words and
restrictions. It attributes them to the individual agencies
that write them and predicts which industries will be affected
by them.
All of our data is freely available, and our website
features a daily updated interactive tracker of Federal
regulation which users can break down by industry and by
agency.
And we do the same thing for regulation currently being
developed with our RegPulse dataset, which examines rules as
they are published in the Federal Register. And as with
RegData, we have built a daily updated interactive tool that
allows users to see which industries have more or fewer
relevant rules coming into effect over the next several years
and what those rules are.
With QauntGov we are producing these kinds of data and
interactive tools for a growing set of jurisdictions and policy
documents. The software we used to produce QuantGov is also
open source and freely available for anyone to use or build on.
For a more comprehensive understanding of the
administrative state, however, we should reexamine the medium
by which regulations are made. The current process is made for
paper, paper rules and analyses published in a paper Federal
Register and compiled into a paper Code of Federal regulations.
Even the electronic versions of these documents essentially
mimic the paper-based system in use since the Administrative
Procedure Act of 1946. Seventy years later, it is time for an
upgrade to an open, machine-readable, and data-first standard
format for regulatory documents.
A standard format could liberate the information that's
currently trapped in pretty dense prose about who regulations
will affect and how and transform that information into
accessible data.
That data can be used by Congress to ensure effective
oversight. It can be used by regulators to avoid duplication
across agencies and potentially even across jurisdictions. It
could facilitate the review of regulatory programs to fix those
that are broken and to recognize those that are successful. And
it can be used by businesses and individuals to ensure that
they know what the law is and how to follow it.
My colleagues and I are currently developing such a
standard, the eXtensible Regulatory Reporting Language, or
XRRL. Our role with this project is to build an open and
nonproprietary standard incorporating insights from the
academy, government, and industry that can be adapted to any
level of government, including the U.S. Federal Government.
So in conclusion, duplication in regulation is a side
effect of an administrative state grown too large to manage
effectively, and tools like the ones we have built with
QuantGov are a step towards making an incomprehensible
collection of rules somewhat less so. But the implementation of
an open, data-first standard format, such as XRRL for
rulemaking, would be an even more powerful way to render the
administrative state more manageable while also providing
benefits to both those writing rules and those subject to them.
I thank you again for the opportunity to testify, and I
look forward to answering your questions.
[Prepared statement of Mr. Sherouse follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Palmer. I thank the gentleman for his testimony.
I think we'll go ahead and begin with our questions. We
anticipate that they will call votes at any time. In the event
that occurs, I will order a recess and reconvene.
And I normally, as chairman, wait until other members have
asked their questions. And being that there is only one, I am
at this point going to yield to the ranking member, Mr. Raskin,
for questions.
Mr. Raskin. Mr. Chairman, you're a true gentleman. Thank
you very much for doing that.
Mr. Reese, let me start with you. I was very interested in
your testimony. And thanks for coming all the way from
Oklahoma. One of the things that cheered me about it was that
you were not engaged in any kind of broadbrush attack on
regulation. You were giving very specific examples of conflicts
that just make your life difficult.
The specific example that you raised in your testimony, or
at least your written testimony, was if you're handling
sensitive data in the State, like Social Security data, IRS
data, how many unsuccessful attempts of somebody trying to get
into the computer must there be before you're required to shut
it down and to close people out?
And you sort of set up a little graph where you showed that
the IRS requirement was, if there are three attempts, I think
the one from DOJ was perhaps no more than five attempts, and
the Social Security agency was a recommendation of no less than
three, no more than five. Okay.
And I did the little SAT question analysis and figured,
okay, well, you could just set it at three. You would meet the
IRS. You would also meet Department of Justice, because it
would be not more than five. And the third one was just a
recommendation. So it's not that big a deal.
On the other hand, why should it be so difficult for the
Federal Government on something like that to come up with one
governing principle? And I wonder if you've attempted to get
the relevant agencies to come around on one coordinated,
harmonized approach on that.
Mr. Reese. Thank you, Ranking Member Raskin, for your
question.
So absolutely that is our goal. Our goal is seeking that
partnership with our Federal partners. And, again, as a State
agency, I absolutely view our Federal agencies as partners. We
are all trying to do the same thing, and that is best use our
citizen tax dollars to serve the needs of the citizens.
And so our goal in making sure that we are being fiscally
responsible is where we get into challenges like this where
we've got multiple different regulations that are imposed upon
us and trying to find, in some cases, the most restrictive that
applies. And, of course, in the example we talk about IRS and
SSA and FBI.
Mr. Raskin. Did you do anything to see if they would
coordinate or harmonize?
Mr. Reese. So working through NASCIO, our national
association, we have significant outreach where we come
together and have had several opportunities now to come
together with the SSA and the FBI and the IRS who come speak to
us.
In fact, our last meeting that we had here in Washington at
the Hall of States, I believe we actually had in excess of, I
think, 40 CIOs from other States that participated, if not all.
And those entities came and they spoke to us. And we
actually get to talk about it. And they're there to answer our
questions.
And so there's outreach. There's ongoing opportunities. But
in typical State and government fashion, it's slow going. We're
seeking support to continue those actions.
Mr. Raskin. Gotcha.
Let me quickly come to you, Mr. Feeney. You mentioned NIST,
which is actually in my district, so that piqued my curiosity,
and I was thinking like an example that Mr. Reese gave.
Does NIST or can NIST play a role in just harmonizing and
reconciling these things? It doesn't strike me as a really big
deal except that we've got a big country with a lot of States,
we have a lot of Federal agencies, and somebody needs to pull
it together. But does NIST play that function?
Mr. Feeney. NIST doesn't play that function exactly. But we
coordinate and partner with NIST quite actively. So we took the
NIST framework, which was a standard that had multi-stakeholder
input, and we actually designed it specifically for the
financial industry with NIST's both endorsement. And also NIST
held two large conferences for us with the industry, with
regulators and member firms, to really help develop that.
So they've been supportive of the work we're doing. They
actually like it. They'd like to use it as a model for some
other industries. And we are actively working with them.
We added two components to the NIST framework, because we
thought they were very important to surface actively. One is
governance and the second is third-party or dependency
management. So we also have taken the NIST framework and
extended it for the attributes of our industry, so we're
working very collaboratively with them.
Mr. Raskin. Thank you much.
Mr. Weissman, let me come to you. There have been some good
points raised on specific issues like this on the need for
harmonization and reconciliation of different Federal mandates
for the States.
How can we distinguish those kinds of criticisms or points
from a broadbrush attack on regulation itself and the system of
rulemaking?
Mr. Weissman. Well, I think, as you're pointing out, these
are pretty particular issues. And it's not obvious that they
broadly say anything about the administrative state.
I think in the cyber area the big problem is that there is
no overarching legal framework. And although the executive
could come up with one, Congress has actually failed on this.
We do have a crying need for, as Mr. Feeney was saying,
really for an overarching cyber protection framework as well as
a privacy protection one.
I agree with much of what he said. I disagree with his idea
that we should preempt State law. I think it would be very
important to protect overall for States in this. But there does
need to be a unified approach on that.
Beyond that, I'm not sure there is a massive problem of
coordination. There may be issues in particular sectors. In
many cases, the downside of lack of coordination is
insufficient regulation rather than too much regulation.
Mr. Raskin. Thank you.
I yield back, Mr. Chairman.
Mr. Palmer. I thank the gentleman.
I now recognize myself for questions.
Mr. Reese, how does having to comply with disparate Federal
regulations impact the States? What kind of burden does that
impose on the States?
Mr. Reese. So as you can imagine, in most areas of State
government we have to be very cautious with the money that we
have and how we spend it and what we do with it. And the
challenge that we have is with these resources that we have to
dedicate to compliance and in cybersecurity.
We're finding that we're having to put, as someone else
here, I believe, pointed out, we know that about 40 percent of
our resources within our compliance in cybersecurity are being
utilized to our Federal compliance where, again, we're all for
Federal compliance. We absolutely want to be following the laws
because we need structure.
But our challenge is, is that we're having to spend so much
time and so much duplicative time because of the multiple
audits, again, when we're having the same audits over and over
again.
And the fact that there's some differences that we have to
go out and try to map as we had showed before, we've got to
determine what the least common denominator is across those,
the time constraints are just enormous. The amount of time that
we spend, the thousands of hours we know.
We spoke with some of our other States, and we were able to
log that in a single year Oklahoma spent over 10,000 hours in
regulatory compliance, Maine spent over 11,000 hours, and
Kansas over 14,000 hours just in our compliance and audits.
Colorado itself had nearly 3,000 hours.
And so all of that is time and resources. And those
resources, especially in days like we have today with
cybersecurity being really a number one challenge for all of
us, we'd rather be spending our time and efforts updating
legacy systems and trying to enhance our security posture
rather than trying to meet some of these, in many cases,
outdated regulatory compliances.
Mr. Palmer. I ran a State-based think tank for 24 years and
worked very closely with State legislators and administration
official across, I think, four or five governors. And I am very
aware of the cost imposed on the States and the inefficiencies
from duplicate regulations, obsolete regulations, extremely
overly complex regulations. It wasn't that the States weren't
interested in complying. It was in many cases they didn't know
what complying meant. And we spent an enormous amount of money.
Mr. Riggi, it's interesting, in your testimony you talk
about what's going on in healthcare and how the patient-
physician relationship is impacted by overregulation. One
example, that would be ICD 10, where basically you've got
doctors that are compromising time with patients--or their time
with patients is compromised because now they've become data
entry people.
Would you like to comment on that?
Mr. Riggi. Well, again--well, first, I'd just also like to
clarify for the record that the AHA does understand the
necessity of regulations to provide safety and high quality
care for patients.
Again, the implementation of ICD 10 does require a
significant amount of physician time. And I think for us to
make sure we give you the most accurate response, it would be
better for me to provide you a written response on that one,
sir.
Mr. Palmer. That would be fine with me.
I introduced a bill to postpone the implementation of ICD
10 primarily because I grew up in a rural area. I grew up dirt
poor basically in a house that had cardboard between the two by
fours. And at the time I grew up, we did have a little doctor
in a town that didn't even have traffic light.
You won't find that anymore. And one of things that I saw
happening with ICD 10 was--and even made rural healthcare even
harder to provide, literally, doctors were selling their
practices or they were just flat out retiring, shutting the
door.
And that's an example of how overregulating can have a very
negative impact, particularly in these rural healthcare
settings where they're already undercapitalized. It's also
impacted wait times, and like I said, the amount of time that a
doctor's able to spend with a patient.
And if you want to see what overregulation of a healthcare
system looks like, take a look at Canada. The Fraser Institute
published a report, the Huffington Post commented on this, that
showed that between 1993 and 2009 there were between 25,000 and
63,000 women died on waiting lists waiting for treatment. The
wait times have increased that much.
They just called votes. I'm going to go ahead and ask a
couple other questions here before we recess.
But I want to go back to Mr. Reese and ask you, how do the
Federal regulations keep pace with the evolving technology in
the business models across State governments.
Mr. Reese. They do not.
Mr. Palmer. That is what I thought you'd say.
Mr. Reese. Our challenge is we find ourselves in a lot of
cases when we're dealing with our regulatory compliance, we're
actually dealing with third-party auditors. And the third-party
auditors are coming in and doing different audits, getting
different results on the same regulations, on the same systems.
And the technologies that they're auditing us on are not
consistent. Their understanding of the technologies are not
consistent with the technologies that we're using today. And in
some cases, they're limiting our ability to use what we believe
would be more cost-effective, efficient, and possibly even more
secure technologies because we can't check the box with the
auditor. So we have to go back and spend more money, using
older technologies, costing the State more dollars, than if we
could actually make good business decisions.
And a lot of this has to do with that those Federal
regulations need to be able to keep up. We need to figure out
how we can harmonize and be involved in those discussions and
decisions, and how we can do it quicker so that we can keep up
with the evolving technology.
But your point is absolutely spot on.
Mr. Palmer. What I found, again, working with the think
tank, is that the people who are responsible for regulating are
not people who are trying to mess things up. They're trying to
do a good job. But they're as frustrated as everybody else
because you call one regulator and get an answer, and 2 or 3
weeks later you call another regulator and you get a different
answer. And it's frustrating them, because they want to do a
good job.
Mr. Feeney, I'm going to ask this question, then we're
going to take a recess to go vote. How much does it cost the
financial institutions to apply with disparate regulations? And
I'm interested in this because this additional cost gets passed
on to the consumers, and I think it has a disproportionate
impact on older customers and lower-income customers.
Mr. Feeney. Right. So I can't speak to the specific aspect
of that. I can tell you in 2016 the industry spent $9.5 billion
on regulation, $1.5 billion of that was spent by the largest
firms.
Mr. Palmer. Wait a minute. Wait a minute. According to the
report that Mr. Raskin said came from OMB, I think you said
that the regulatory cost was only $5 billion, but you say the
regulatory cost on the financial institution was $9 billion?
Mr. Feeney. I think quite a bit in the industry, across the
industry, and that was a single-year review.
Mr. Palmer. Thank you.
Mr. Feeney. The challenge is more, and I think Mr. Reese
had referenced it, is that our industry, they are trying to
keep up with the changes in technology, but you can't. It's
just too fast paced, too hard.
We were able to use that sector profile, for instance, and
take the question set down to about 400 from thousands. And
what that does is provide you some latitude in simplifying the
diagnostic statements that auditors or examiners would use. And
there are ways to actually apply these types of tools to help
the regulators, help the industries, I say that plurally, to
really minimize the cost. And I think there are a number of
things we can do in that arena.
Mr. Palmer. Okay. Hold on. I'm going to suspend for just a
minute.
Mr. Raskin. Mr. Chairman, with your permission, I'd like to
submit for the record the OMB report from which I drew the
figure, about $4.9 billion. Thanks.
Mr. Palmer. Okay. This is going to be a long vote series,
so in consultation with the ranking member, what I'm going to
do is I'm just going to make a couple other points here. Any
additional questions will be submitted in writing. Because one
thing that the ranking member and I do have a constitutional
responsibility to do, and that is vote, and a political
responsibility as well.
I do want to make some points that were in the OMB report,
and these are quotes from the report, that it was a perspective
analysis that they say may overestimate or underestimate both
benefits and costs. Retrospective analysis can be important as
a collective mechanism. And that this was not an actual
analysis of actual cost and benefits and that it only applied
to about 1.6 percent of all the regulations.
So I tend to be somewhat dismissive of the OMB report,
because my experience, again, working with the think tanks and
being focused on trying to come up with sensible regulations.
This idea that those of us on the Republican side of the aisle
are for getting rid of all the regulations is just political
nonsense. What we want are sensible regulations.
Regulations have improved the quality of life in our
country. They've protected consumers. They've in some respects
protected the relationship between the State and Federal
Government.
What we want to do is get rid of the obsolete, the
duplications, and the contradictions, and get it down to
regulations that businesses can comply with, that they
understand.
And one of the reasons that this is important is that in I
think it was 2014--2015--the Gallup organization put out a
report entitled basically--I think that the working title was
``Is Entrepreneurism Dead in America?''
Prior to 2008, according to the Gallup study, there were
100,000 more businesses that started up than closed. But by
2014, there was 70,000 more businesses closed than started up.
And according to the report, the primary reason for that was
regulations.
I've tried to point out to people that businesses are not
anti-regulation. They're anti-uncertainty. They're anti-
complexity. And what we want to try to do in working to reform
regulations is as much as possible reduce the uncertainty and
the complexity, so that some person who has some capital to
invest can make a sensible investment, whether it's starting a
business or expanding a business or hiring more people.
With that, if there are no further questions--let me find
my script.
Okay. The ranking member would like to make a closing
comment. I yield to him.
Mr. Raskin. Mr. Chairman, thank you very much.
And I want to just start my closing statement by saying how
much I agreed with what you just said, that we're not opposed
to rules which have, indeed, advanced the public interest, but
obsolete rules or duplicate rules or contradictory rules, and I
think we can all agree to that.
You know, nobody is in love with regulation, and the
biggest tax is on people's time. And that might be one thing
for big businesses, which often support a lot of regulation,
but for small businesses it's very tough.
But I think about the 2010 BP oil spill, which was one of
the worst environmental catastrophes in our history, which
caused 11 deaths, immediately the deaths of more than a million
coastal seabirds and other animals, and 5 million barrels of
oil poisoning the whole Gulf of Mexico ecosystem.
That was a failure of regulatory enforcement just like the
same year the collapse of the coal mines in Mexico, which led
to dozens of deaths and a real calamity in that country.
So we need regulation. We need strong regulation. But I
agree with you, we should be doing whatever we can to get rid
of the duplicative, unnecessary, and obsolete regulation.
I yield back, Mr. Chairman.
Mr. Palmer. I thank the gentleman.
I thank our witnesses again for appearing before us today.
The hearing record will remain open for 2 weeks for any
member to submit a written opening statement or questions for
the record.
If there is no further business, without objection, the
subcommittee stands adjourned.
[Whereupon, at 3:08 p.m., the subcommittee was adjourned.]