Only about 25 percent of banks and other financial institutions are trying to [roll their initiatives together], which is a shame because, in a way, it's an easy fix. You would have one overall compliance risk program instead of everyone doing their own thing.

One of them, there's about 20, will make it through before the 2006 elections.

You'll have more missed meetings. But as for SOX or privacy compliance, who cares? I don't see any broad implications.

I thought they would have come with some recommendations that actually reduce the burden -- maybe, you'll only have to, say, audit a third of the controls in any given year. Or maybe they would have come with some clarity on what are effective controls, a problem for all-sized companies.