I’m not a fan of vast regulations. It seems, though that when corporate leaders make mistakes, or willfully fraud, a regulation is born that is often necessary.
Compliance programs are only as effective as the people implementing them. Yet, what ‘goes around’ seems to ‘come around’ and eventually it appears that most, if not all, perpetrators are eventually held accountable.
It never ceases to amaze me how a few dozen people in charge of various companies continue to try to get away with corruption. Some examples include:
- American Express
- Arthur Anderson
- Bristol-Meyers Squibb
- Johnson & Johnson
- Marsh McLennan
- Union Carbide
Well the list is quite long. I’m not one to quote Wikipedia much, but it’s worth a look as it lists some 50+ corporations with scandalous episodes in their history. 
Sikich (2008) reports that “Current regulations and laws, such as NYSE Rule 446 and NASD Rules 3500, 3510, 3520, Sarbanes-Oxley (section 404), HIPAA, etc. make it incumbent on companies to assess compliance, operational resilience and ability to assure continuity of operations.” 
However, corruption continues. CNN reports on recent examples in a their expose of “75 Examples of Corporate Fraud.
I won’t pretend to judge each case as I don’t have the time or inclination to delve into the shenanigans of each. However, what is clear is that despite the plethora of compliance programs and regulatory oversight, the corruption seems to continue.
Leaders of corporations are responsible for setting an example and it’s definitely the people who consciously choose to follow the guidelines and comply or not. In my experience with a brush by compliance (i.e. SOX, HIPAA, etc), I can see where interpretation and judgment do enter the picture. Today’s businesses are quite complex and global connections can sometimes cloud an issue. Nevertheless, at the end of the day, someone makes a decision to do it ‘right’ or ‘wrong’ according to compliance laws and regulations.
There usually is an opportunity (usually as information comes to light) for the leaders to take responsibility, report transparently, and begin to comply. My guess is that most companies do, otherwise we’d probably be hearing about hundreds or thousands of cases instead of tens of cases.
That is crux of compliance, I think. Follow the rules the best we can and if we make a mistake, own up to it immediately, fix the situation, report what’s being done and continue our business. That is managing risk and I think it is the responsibility of all of the ‘people’ (employees included) to do the right thing always.
As for whether some of the regulations are properly worded or even need to exist is for wiser folks than me go figure out.
 Wikipedia. “List of Corporate Scandals”. Retrieved 8-3-10: http://en.wikipedia.org/wiki/List_of_corporate_scandals
 Sikich, Geary. (2008). “Impact of Regulatory Initiatives and Guidelines“. Norwich University MSBC Seminar 4 Lecture Week 9, 2010