Richard Hackworth, group security officer at HSBC, said he was concerned some regulators were producing regulations that introduced burdens on businesses but failed to generate any real improvements.
"Sometimes the complete picture of risk management is more complex than the regulator understands. The potential concern is that a regulator causes more problems by being prescriptive," he said.
HSBC has to deal with 350 regulatory bodies worldwide. They lay down rules ranging from the very general, such as "you must be secure", to the very prescriptive, such as "you must use this type of encryption", said Hackworth.
Problems can occur because the security priorities identified by regulators do not always match the real-world security priorities experienced by business, he said.
Hackworth said international bodies such as the UN should attempt to co-ordinate the work of regulators by arranging multinational conferences with businesses to discuss issues before new regulations are written.