PRESIDENT BUSH recently nominated Rep. Christopher Cox (R-Calif.) to be chairman of the Securities and Exchange Commission, and we have urged Mr. Cox not to reverse the tide of financial regulation put in place since Enron and other financial scandals three years ago. But this does not mean that all the new rules are flawless. Indeed, their cornerstone, the Sarbanes-Oxley Act, amounts to the most ambitious overhaul of securities law since the 1930s; an undertaking of that scope was never likely to be perfect. Corporations have bristled at the law's cost, and academic researchers have added their own criticisms. Supporters of reform should be open to the new research findings, which may justify continued regulatory revisions and even, some day, a legislative fix.

The loudest criticism so far has focused on "managerial controls," which are supposed to ensure accurate financial reporting: Companies rely on a fallible combination of computers and staff to generate the numbers they report, and these systems need to be tested. Implementing this "Section 404" requirement has cost more than $4 million at many large public companies. Perhaps half the cost represents one-time expenses for identifying and correcting weak controls; much of the rest may be justified by improved financial information, which helps managers to run firms and investors to value them. Even so, the burden has been inflated by a failure to specify what the new rules demand: Firms and their auditors have been forced to err on the side of caution. Acknowledging this error, the regulators recently issued more detailed guidance.

The academic critique of the 2002 law goes beyond the management controls. For example, the law requires that board directors who hire and fire auditors be independent of the firm's managers, on the theory that auditors will feel free to refuse to certify financial reports produced by those same managers. But in a forthcoming article in the Yale Law Journal, Roberta Romano reviews the empirical research on this question and concludes that the theory has no basis. In the past, firms with totally independent audit committees produced accounts that were no more reliable than those of firms where only a majority of committee members were independent; if anything, reliability had more to do with whether audit committees included an accounting expert, something the Sarbanes-Oxley law neglects to mandate. The law also bans companies from making loans to senior managers, because the corporate scandals of 2002 revealed many such loans that were abusive. But Ms. Romano shows that some loans make sense; banning all of them was overreaching.

The most important example of overreaching concerns small companies. Compliance costs are proportionately larger for small firms, so a regulation that passes a cost-benefit test for the Fortune 500 may fail when applied to smaller rivals. There's some evidence that smaller companies are delisting their stocks, preferring to seek capital from private equity firms rather than incur the regulatory costs of being a public company. This is a troubling development. Public listings attract capital from a far broader pool of investors, spreading business risks throughout society and so making it possible to provide capital at a lower cost. Moreover, it's the prospect of taking relatively small firms public that fuels the venture capital that is at the heart of Silicon Valley's success. If venture firms can't "exit" quickly from their investments, they will have fewer profits to plow back into new ventures. Innovation could suffer.

It's too early for Congress to wade back into these waters. The research on the new regulation is young and evolving, and new legislation would trigger a lobbyfest with unforeseeable consequences. But the SEC should continue to use its latitude to tweak rules as appropriate. If confirmed, Mr. Cox would have to resist business pressure for a wholesale relaxation in the regulatory climate, but there is no shame in fine-tuning.