International Organization of Securities Commissions

The International Organization of Securities Commissions (IOSCO) is a global network of over 130 market regulators that sets non-binding principles for securities regulation—yet those principles have become the closest thing the world has to universal rules for stock exchanges, brokers, and trading. Founded in 1983 and based in Madrid, IOSCO coordinates policy among regulators as diverse as the US Securities and Exchange Commission, the UK Financial Conduct Authority, and emerging-market authorities, ensuring that investors in one country face similar protections and market rules as investors elsewhere.

Origins in fragmented markets

IOSCO emerged in the early 1980s as financial markets began to globalize. A US pension fund wanted to buy shares on the Tokyo exchange; a Brazilian bank sought to issue bonds in London. Yet each jurisdiction had its own rulebook, its own definitions of fraud, its own listing standards. A company that listed on the New York Stock Exchange faced entirely different disclosure requirements than one listing in Paris or Mexico City.

The fragmentation created friction and uncertainty. Regulators realized they had a shared problem: how to catch wrongdoing across borders, how to set rules that investors could navigate globally, and how to prevent regulatory gaps from becoming havens for fraud. In 1983, the heads of securities commissions from the largest economies formalized their informal coordination into IOSCO. The organization grew steadily; by 2000 it had about 70 members; today it has over 130.

The IOSCO Principles: a regulatory Rosetta Stone

IOSCO’s core product is the Objectives and Principles for Securities Regulation. Revised most recently in 2010, these 38 principles cover the fundamentals of securities markets: how exchanges should be regulated, what brokers must disclose, how insider trading should be prosecuted, how initial public offerings should be overseen.

These principles are stated at a high level of generality. IOSCO does not say “the maximum insider-trading fine is $1 million”—it says member regulators should have tools to detect and prosecute insider trading. It does not prescribe the exact format of a prospectus; it says companies must disclose material information to investors before raising capital. This generality is intentional: it allows countries with different legal traditions and economic structures to adopt the principles while leaving implementation details to national law.

Yet generality is also IOSCO’s paradox. A principle without specifics is merely aspirational. How has IOSCO’s principles come to shape actual rules?

The answer lies in peer pressure and credibility. When a large emerging market like Indonesia or Mexico wants to develop its securities market, it turns to IOSCO principles as a template. Why? Because rating agencies, institutional investors, and multinational firms assume that a market following IOSCO principles is safer than one that ignores them. A regulator seen as non-compliant with IOSCO faces skepticism from international capital flows. Over time, IOSCO principles become self-enforcing: countries adopt them not because IOSCO can fine them (it can’t), but because the market rewards compliance.

The Financial Stability Board, after 2008, explicitly endorsed IOSCO principles as the standard for G20 jurisdictions. This endorsement gave the principles quasi-official status in the world’s largest economies and added momentum to global adoption.

Thematic committees: from market integrity to digital assets

IOSCO operates through working groups and committees organized by function:

The Board brings together the chairs of securities commissions from the largest markets (US, EU, Japan, Australia, and others) to set strategic priorities.

The Emerging Markets Committee gives a voice to regulators from faster-growing economies. This committee ensures that IOSCO standards are feasible for countries without the compliance infrastructure of mature markets.

The Growth and Emerging Markets Committee addresses particular challenges: how to regulate securities markets when custody infrastructure is weak, how to foster market development without sacrificing investor protection.

Newer committees have sprung up to address evolving risks. A Digital Assets Committee now convenes regulators grappling with cryptocurrency exchanges and tokenized securities. An Environmental, Social and Governance committee coordinates on disclosure standards for ESG investing. These committees signal IOSCO’s evolution from a static standards-body into a responsive forum where regulators hash out emerging challenges.

Coordination with other global bodies

IOSCO does not operate alone. It works closely with the Bank for International Settlements (BIS), which coordinates banking regulators. The boundary between securities and banking regulation can be fuzzy—a brokerage is part securities firm, part bank; a covered call strategy involves both options (a security) and credit (a banking function). IOSCO and the Basel Committee coordinate to avoid conflicting rules.

IOSCO also coordinates with the International Organization of Securities Commissions and regional bodies like the European Securities and Markets Authority. When IOSCO publishes guidance on benchmark manipulation, European regulators factor it into their own rules. When ESMA publishes a technical standard, it typically references the underlying IOSCO principle.

The Financial Crimes Enforcement Network (FinCEN) and other AML authorities lean on IOSCO principles to guide anti-money-laundering standards for brokers and exchanges. This coordination ensures that a single firm operating across jurisdictions faces broadly consistent AML expectations.

Where IOSCO principles meet enforcement

IOSCO principles establish floors, not ceilings. A country can adopt IOSCO principles and still layer on stricter rules. The US, for instance, implements IOSCO principles but adds thousands of pages of additional rule detail. Many developed-market regulators exceed IOSCO minimums.

Emerging markets often find IOSCO principles challenging precisely because they are general. A principle that “exchanges should be transparent” is difficult to operationalize if the exchange is run by politicians, lacks independent audit, and has no electronic trading system. IOSCO has responded by publishing implementation guides and case studies showing how different countries have translated principles into practice.

IOSCO also has limited enforcement teeth. It cannot fine a regulator for breaching a principle. Instead, it uses peer review and mutual pressure. Every few years, IOSCO conducts detailed peer reviews of member jurisdictions’ compliance with the principles. These reviews are published; a poor review can embarrass a regulator and prompt reforms. The reputational stakes are real: a regulator seen as lax faces skepticism from international investors and other central banks.

The challenge of consensus in a divided world

IOSCO’s consensus-based model works well when there is broad agreement, but it struggles when countries have sharply different interests. Consider cryptocurrency. Some members (like El Salvador, which adopted Bitcoin as legal tender) want light-touch regulation; others (like Singapore, focused on investor protection) want strict rules. Reaching an IOSCO principle that satisfies both is nearly impossible. The result is guidance that is broad enough to encompass both approaches, but perhaps too vague to solve the actual coordination problem.

Similarly, sanctions and geopolitical tensions strain IOSCO consensus. When the US and EU impose sanctions on Russian oligarchs, Russian regulators resist principles that seem to codify Western enforcement priorities. These conflicts reflect a deeper reality: IOSCO principles are not apolitical. Behind every rule on trading halts, disclosure, or insider-trading penalties lies a choice about market fairness and who bears risk.

See also