This Article argues that in the ongoing trans-Atlantic discussion about principles-based and rules-based financial regulation, a new development has been largely overlooked. This is the rise, in the United States, of a new approach to financial regulation. The author names this new strategy “institution-based” financial regulation. In this strategy the regulators, to date the Securities and Exchange Commission and the Financial Industry Regulatory Authority, require firms to establish certain institutions. In the U.S. regulatory context these typically include: a Chief Compliance Officer, compliance policies and procedures, an annual self-assessment, access for the Chief Compliance Officer to the firm’s senior-level executives, and internal codes of ethics. The establishment of these institutions is required by rule, but the functioning of these institutions within each firm is generally left to the firms themselves, with the regulators providing interpretations, guidance, and personal statements. The author argues that institution-based regulation combines a mandatory institutional architecture with a customizable firm-specific functionality. This strategy provides regulatory solutions to a number of global issues, including: addressing firms’ competitive worries about rivals’ compliance free-riding, recognizing local regulatory choices, providing a model that is scalable to the size and resources of any firm or market, building continuous improvement into the regulatory model, and helping firms in newly emerging markets establish themselves in the international marketplace. The author concludes that the development of a global community of compliance institutions staffed by highly skilled compliance professionals holds great promise for the future, because it could enhance the mutual trust and confidence needed to forge a truly global marketplace out of the world’s current medley of regulatory regimes, while preserving local regulatory choices.