the best running joke in financial journalism is matt levine's observation that everything is, eventually, securities fraud. an airline has a safety lapse — securities fraud, because the lapse was material to the stock price and wasn't disclosed. a restaurant chain discovers e. coli on its lettuce — securities fraud, because the risk-of-lettuce-contamination was known to management and not properly flagged. a ceo tweets something reckless — securities fraud, because the tweet moved the stock. on the surface this is absurd. on reflection it's a deep observation about what the u.s. legal system is actually doing.
the mechanism is this. for a public company, almost anything bad that happens becomes a drop in the stock price. any drop in the stock price, in hindsight, becomes a thing shareholders say the company "should have disclosed." and "should have disclosed" is the core of securities fraud. so anything bad a public company does, given enough time and a creative plaintiff's lawyer, becomes a securities-fraud case. the actual wrong — the bad food, the crash, the leak — is handled by some other regulator slowly. the securities-fraud case is fast, well-funded, and binds the company to a settlement that reaches the same place.
the reason this is useful to understand is that the u.s. has, in a weird and accidental way, outsourced a lot of its general-purpose corporate policing to securities-fraud litigation. we don't have a strong regime for policing ceo misbehavior directly. we have a very strong regime for policing misleading disclosures. since any bad thing becomes a disclosable thing, we police ceo misbehavior through disclosure. this is why u.s. ceos lawyer everything they say. they are not afraid of the justice department. they are afraid of the plaintiffs' bar, and the plaintiffs' bar is armed with the broadest hook in american law: you said something, the stock moved, the stock's now lower, what did you know when you said it.
there's a slightly deeper point underneath the joke. securities law in the u.s. is the most powerful regulatory tool we have because it binds disclosure, not conduct. regulators worldwide struggle with conduct-based rules because conduct is hard to define, industry-specific, and politically fragile. "don't mislead investors" sounds mild but is actually sweeping, because it captures every kind of corporate misbehavior that would, in fact, be material if investors knew. the scope of the rule is not the list of things the drafters imagined; it's whatever investors might have paid less for, had they known. that's almost everything.
the comical corollary is that the shareholders who "win" these cases are usually paying themselves. a shareholder-led lawsuit against a public company results in a settlement paid by the company's insurance and, indirectly, its cash. the cash belongs to the shareholders. plaintiffs pay themselves a settlement, minus legal fees, which are the only people who unambiguously make money. this is not a criticism so much as an observation: the system is designed to penalize public companies for bad behavior, the penalty comes out of shareholder equity, and the legal fees pay for the work of policing. it kind of works. it's also very weird when you say it out loud.
the framing also explains something about why private companies behave badly more than public ones. in the private market, disclosure law is much weaker. you can mislead sophisticated investors — to a point — and the recourse is a private contract dispute, not a class action. private companies aren't subject to the same liability because there's no public market for their stock moving on every piece of news. which is one of the reasons scandals like theranos and ftx happened in the private sphere rather than the public. public markets discipline bad disclosure with a hammer; private markets discipline it with an elbow.
the useful thing to take from levine's running joke is that a lot of financial regulation is not about the thing the regulation appears to police. it's about a tangentially related thing that the regulator can actually enforce against. securities law can't police everything a company does, but it can police everything they say about what they do, and the space of "things they say" covers everything consequential. this is a pattern across regulation in general. the rules you can actually enforce are usually not the rules that sound most principled; they're the rules that attach to the observable behavior downstream of the thing you care about. disclosure is observable. conduct is not.
the tl;dr. the joke "everything is securities fraud" is not really a joke. it's a correct description of how the u.s. polices public corporations. if you understand it, you understand why ceo lawyers are paranoid, why disclosure documents are unreadable, and why the american regulatory state does so much of its work through shareholder lawsuits instead of direct rulemaking. the mechanism is ugly, but the incentives mostly line up, which is sometimes the best you can say for a regulatory regime.