OT but reading through this was struck by the parallels with the personal finance industry in India.

In this case too the seller, usually an agent, doesn't really understand the product (say a mutual fund) well and neither does the buyer.

The 'certifications' route for agents had been adopted by the mutual fund industry, but that hadn't helped matters. Agents continued to sell the product with the highest commissions, ignoring what the buyer really needed.

The regulator took the unusual step of
a. Mandating that buyers can approach the fund house directly at which point no commission can be charged (the fund operating expenses are anyway taken from the asset value)
b. Mandating that the commission amount be payed separately and directly to the agent. Earlier this was hidden from buyers, they paid one amount to the fund house and the fund house paid back a commission to the agent.
c. Mandating that the agent is free to set the commission amount, subject to a max cap. Earlier this was set by the fund house.

This had thrown the whole industry in turmoil. In the end some agents shaved their commissions down and became an 'execution only' route. Others started down the route of becoming overall financial planners for a slightly larger fee. Many smaller agents basically closed down. And many buyers moved to the direct fund house route to save commissions altogether.

There was a large dip in fund asset value growth while this shakeout happenned but this has picked up again. In the end, the jury is still out on whether the buyer is now really better off.

Of course the parallel with infosec ends at the point where a knowledgeable regulator stepped in to make some changes in a regulated industry.