IOSCO Principles for Securities Regulation

The IOSCO Principles form the international consensus on what securities regulators should do to maintain fair, efficient, and transparent markets. Published by the International Organization of Securities Commissions (a network of over 200 securities regulators worldwide), these 38 principles establish the gold standard for how countries should supervise exchanges, brokers, investment funds, and listed companies.

Why IOSCO principles matter

Securities markets are global. A U.S. fund buys shares on the London Stock Exchange; a Japanese investor buys Canadian bonds; derivatives traders execute simultaneous trades across four continents in seconds. If each country’s rules are incompatible, capital either flees to the least regulated jurisdictions (a race to the bottom) or gets trapped by inconsistent rules. The IOSCO Principles create a common language so that regulators can trust each other’s work and capital can flow with confidence.

The principles are not laws—a country that ignores them faces no international court. But when a regulator applies for entry into a multilateral enforcement agreement, when a broker seeks a banking license abroad, or when a stock exchange wants to host foreign investors, compliance with IOSCO Principles is often a prerequisite. The effect is subtle but profound: a country that diverges too far from IOSCO finds itself isolated and its markets viewed as high-risk by international capital.

The three pillars

The IOSCO framework rests on three pillars, each addressing a different source of harm in securities markets.

The first pillar is market integrity. Regulators must prevent and punish market manipulation, insider trading, and fraud. This means having the power to inspect firms, examine trading records, and prohibit abusive practices. It means setting clear disclosure rules so investors are not misled. It means that price discovery—the market’s ability to find true value—is not distorted by bad actors. A regulator aligned with pillar one will ban short sellers from spreading false rumours, prosecute a CEO who sells shares on inside information, and suspend trading when patterns suggest coordinated spoofing.

The second pillar is investor protection. Investors must be segregated from the firms that manage or broker their assets. If a broker fails, client money should be held in trust or at a custodian so that it does not vanish. Investment advisers must disclose fees and conflicts of interest. Mutual fund managers must not dilute existing shareholders by favouring new customers. Collectively, these rules ensure that ordinary people can place money in securities without fear that the intermediary will use it for the firm’s own bets or disappear with it in a crisis.

The third pillar is systemic efficiency. Markets must be deep enough to absorb large trades without the price moving wildly. Information must reach investors promptly. Clearing and settlement must not break even when a major counterparty fails. These are the unglamorous mechanics that allow markets to function at scale. The IOSCO Principles require regulators to oversee central counterparties (CCPs), custodians, and securities depositories—the plumbing through which trades are executed and settled.

Key principles in practice

Principle 1 directs each regulator to have clear authority to do its job. This sounds obvious, but many countries had regulators with ambiguous power, so they could not effectively ban fraud or require disclosure. Principle 10 requires that exchange rules be fair and transparent. Principle 14 demands that investment advisers disclose the costs and conflicts inherent in their recommendations. Principle 23 sets standards for rating agencies—they must not rate a security on behalf of the issuer (a massive conflict) and must disclose their methods.

Perhaps most important is Principle 29, which addresses derivatives. Because derivatives can be complex and leveraged, they must be subject to prudent standards. Investors must understand what they are buying. Counterparty risk must be managed through clearing houses. Derivative trades must be reported so that regulators can spot risks. The principle does not ban derivatives; rather, it says transparency and risk management are non-negotiable.

The governance framework

IOSCO divides its work into three committees. The Board sets strategic direction. The Presidents Committee brings together the heads of major securities regulators. The Technical Committee does the real work—drafting guidance, assessing whether countries comply, and updating principles as markets evolve.

When a new threat emerges (high-frequency trading, robo-advisors, cryptocurrencies), IOSCO’s Technical Committee publishes guidance. These guidance papers are not binding, but a regulator that ignores them is essentially saying “we believe our market can sustain practices that the global consensus thinks are risky.”

Peer review and compliance

IOSCO conducts detailed peer reviews—sending a team to examine whether a country’s laws and enforcement match the Principles. The review is published, complete with findings and recommendations. A country found to be non-compliant faces reputational pressure. Its exchanges may be viewed as higher-risk by international investors. Its regulators may be excluded from bilateral enforcement agreements with peers.

Yet the system depends on honest self-assessment. Some countries misrepresent their compliance; others have laws on the books that are not enforced. IOSCO lacks the coercive power of a true international regulator. Its strength is that it has become the norm that every credible regulator aspires to meet.

Limitations and evolution

The IOSCO Principles were drafted in a world of stocks and bonds. Cryptocurrencies and decentralized finance have upended that assumption. What happens when there is no single exchange, no custodian, and code (not law) is the contract? IOSCO’s Technical Committee has grappled with stablecoins and digital assets, concluding that some crypto-native instruments should be treated as securities or derivatives and thus subject to regulation. But enforcement against a decentralized network is a problem the Principles do not solve.

There is also uneven capacity. A rich country’s securities regulator can hire PhDs in quantitative finance to spot market manipulation; a regulator in a developing nation may have a handful of staff. IOSCO publishes training and promotes capacity-building, but gaps remain.

Finally, the Principles reflect the consensus of 200-plus regulators, which means they sometimes embrace the lowest common denominator. A proposal to ban a practice that many investors use (say, payment for order flow in broking) can be blocked by a country that profits from it. IOSCO is therefore a floor, not a ceiling—a baseline that ambitious regulators exceed but a guardrail that prevents the worst race to the bottom.

See also