What Makes a Good Regulator?

27 October 2011

What Makes a Good Regulator?

 Dame Suzi Leather 

I sometimes think that, if written today, the New Testament would cast Zacchaeus not as a tax-collector, but as a regulator.

Certainly the words ‘I work in regulation’ don’t always inspire immediate sympathy in the casual acquaintance. And I imagine some consider the phrase ‘good regulator’ an oxymoron.

One symptom of this collective attitude is that regulators are rarely seen to get it right. Certainly judging by the way their work is reflected in public debate and in the media.

Either we are portrayed as hopelessly weak – note how often scandals about peoples’ wrong-doing become supposed scandals about regulators.

Or regulators are seen as having assumed too much power – as being overbearing, as trying to fix what ain’t broke. As a symptom of a supposed ‘nanny-state’.

This is perfectly understandable. Indeed it is right that the work of regulators inspires such interest.

After all, regulation confronts us with some of the most profound small-p political questions going.

Such as where, in a democracy, the correct balance lies between freedom and compulsion.

Between, on the one hand - our qualified rights as citizens to live autonomous lives, to make our own decisions free from unnecessary involvement of the state or its agencies.

And, on the other hand - our legitimate expectation of protection against the mistakes and misdeeds of others.

In some ways, this is a them and us dilemma:

We all of us balk at being controlled by others, at being told what we may and may not do.

But this powerful instinct exists alongside the contradictory expectation that other peoples’ behaviour most certainly should be subject to control.

Regulators get caught in the middle of that contradiction. So their work is bound, now and then, to be the subject of vigorous debate and indeed political differences of opinion.

That doesn’t necessarily mean the regulator is doing a bad job. 

There isn’t time on this occasion to debate in-depth the question ‘why regulate’. In any case, the precise answer will depend on who or what is to be regulated.

But we surely can’t judge what makes a regulator good, without having first established whether it’s purposes are justified, are good.

And my argument today is that good regulators, regardless of the sector they work in or the powers at their disposal, should share one core principle in common.

And that is that they work for the benefit of the public in the first instance. The exist to serve the public interest.

Not, primarily, the interests of those being regulated or indeed the interests of commerce, government or political parties.

How that public interest is defined, depends on the regulator in question. At the Charity Commission, our focus is on developing public trust and confidence in charities.

Ultimately, our goal is to help develop a charitable sector in which the public can have justified confidence.

Now, regulation in the public interest doesn’t imply those being regulated are particularly likely to work counter to the public interest, or that they are potentially untrustworthy.

In fact, quite the reverse is the case.

Regulation is generally introduced where the subject is considered to perform an important task or to command high levels of trust.

And public-focused regulation generally has three main aims:

Firstto help members of the public – as consumers, parents, patients – make reasonably well-informed decisions in critical areas of their lives.

So making information available is a crucial part of modern regulation.

Second, public-serving regulation works to improve quality. It helps ensure those being regulated are equipped, empowered and required to do the best job possible.  

One often hears the argument that if someone needs a set of regulations to do their best, they shouldn’t be doing the job in the first place.

It’s a common argument against independent regulation.

But there’s a very sound counter-argument to that.

And it’s that regulation empowers people or groups to resist pressure – for instance from their employer – to work in a way that isn’t safe or isn’t ethical.

For instance: airline pilots aren’t allowed to fly more than a certain number of hours a year. That’s a condition of their registration.

And it means that pilots can’t be leant on to work longer hours than is safe. 

Regulation in this case allows the pilot to refuse to perform unethical or unsafe actions by reference to a higher authority.  

So regulation, far from questioning their subjects’ commitment to quality, in fact supports them to maintain standards, to do what they know is right. Regulation has their back, as it were.

Third, public-serving regulation helps protect the good name of those being regulated.

It helps prevent fraud and abuse.

For example:

All charities above a very low income threshold are required to register with the Commission and thereby to be entered on our online Register of Charities.

Regulation in this case means people thinking about giving to charity can quickly check whether the organisation in question is indeed a charity.

And it means that those thinking about fraudulently raising money via a ‘sham charity’ are deterred from doing so. 

I should of course stress that regulators are not usually prosecuting authorities. They don’t deal with crime when it occurs. That’s the job of the police.

But good, public-focused regulation helps reduce the likelihood of crimes or misconduct happening in the first place.

So those, in summary, are the three core purposes of public serving regulation – informing choice, improving standards, deterring abuse.

As I hope I’ve shown, professional, commercial, sectoral interests often coincide with the interests of the publi

So regulation does not imply some kind of clash between the public and those being regulated.

But being public-focused as a regulator means that, when push does come to shove, when conflicts do arise, the public interest overrides any other interests. The public interest rules.

I’d now like to look in a little more detail at what this principle of public service looks like in practice.

There are many factors of course. And I can’t go through them all. So I’d like instead to highlight four factors that I think are indispensable, non-negotiable pre-conditions for good regulation.

These are: independence, authority, initiative and accountability.

Independence

First, independence.

This follows pretty clearly and logically from the core principle of public service.

Independence in a regulator means that it is

• Free from undue influence from the sector being regulated,
• Free from political interference by the government of the day or political parties, and
• Free from any interests other that the public interest. And that includes the prejudices, preconceptions and biases all humans have, but which those involved in regulation must rise above

The way in which a regulator demonstrates independence will depend on the context in which it works.

For example. The Charity Commission is a non-ministerial government department, all our people are civil servants, but we are formally independent of the government of the day.

Our position places particular responsibility on us to maintain the independence from government that the law demands.

Other regulators have different independence priorities.

Post Shipman, for instance, it has become important for regulators to demonstrate that they are independent from the professions they regulate.

Those regulating groups of private businesses, similarly, work hard to demonstrate independence and impartiality with respect to any commercial pressures or influences.

Independence does not equal splendid isolation.

Being independent doesn’t mean we can’t develop effective relationships and partnerships with those we regulate where that’s in the public interest.

The Commission, for instance, is placing ever greater emphasis on collaborative working with the charitable sector.

Following a strategic review, we have concluded that, to serve the public effectively, we need to help charity trustees run their charities more independently.

We must help them become more self-reliant.

So, over coming months and years, we’ll be working with charity umbrella bodies to help develop their capacity for providing tailored individual advice to charities.

We will also be encouraging charity trustees to trust their judgment more confidently, not least by ensuring our online guidance is easy for trustees to find and to understand.

Because, ultimately, trustees are those responsible for charities. Not the regulator.

Now, this work doesn’t mean we’re sacrificing independence. It just means we’re becoming smarter about the way we use public money.

Authority

The next factor I want to talk about is authority. A regulator needs to be trusted by the public and respected by the sector it regulates.

Without the authority that flows from trust and respect, a regulator risks doing more harm than good.

Authority is of course a complex thing. It’s made up of a range of different factors. I’ll mention a few.

Powers– a good regulator needs legal powers that match the task it has been set. And it needs access to sufficient funding so it can actually apply those powers. 

And as important as having powers is being wise about their use

I apologise in advance for some regulatory jargon – but a sound risk framework that is understood by those working for the regulator and by the sector being regulated is crucial.

That risk framework should, ideally, be developed with those being regulated.

And it should emphasise that heavy-handed intervention, including the use of statutory powers, should only occur rarely, when the risks are highest.

‘Powers’, of course, aren’t restricted to heavy sanctions. It’s amazing what can be achieved with relatively few tools. Here’s another example from the Commission’s work:

We have no inspectorate.

We don’t issue licenses - charity registration is a matter of legal status, not a privilege that we can withdraw.

And the Commission can’t impose financial sanctions.

But we have tried to put the tools that are available to us to the best possible use.

For instance by using the online Register of Charities as a key regulatory tool.

As I’ve said, each charity over a certain size has an entry on our register. And that entry shows whether the charity filed its most recent documents on time.

There’s a prominent green box for charities that filed on time, and a big fat red box for charities whose documents are overdue.

Charities that have now filed, but missed the deadline, will also be left with a red mark against the relevant part of their page.

This simple visual tool, which requires no additional work on our part, has changed behaviour.

Charities have become more diligent in meeting their legal duties to file their documents on time.

And charity supporters have used the online Register to help make better informed decisions.

For instance: the CEO of a large grant-making charity told us that her organisation does not support charities whose entries show red.

This is an example of what is sometimes known as “reputational regulation” – using disclosure and transparency to encourage good practice and to help the public make decisions.

Authority also implies expertise. A good regulator needs access to the right skills mix, to the necessary knowledge in the right disciplines.

These vary of course.

For example – at the at Food Standards agency, one of the regulators I have worked with, the relevant disciplines are largely science-based – nutritional, microbiological, and so on.

At the Charity Commission, we need experts in charity law, forensic accounting, and those trained in investigation techniques.

Without this expertise there would be little chance of evidence based, authoritative regulation.

Now, that expertise doesn’t necessarily have to live in the heads of paid members of staff.

Some regulators, for instance, make use of committees of experts in areas that require particular knowledge.

What’s important is not where expertise sits, but that the regulator makes the right use of it. 

And expertise, in a regulator, goes beyond technical knowledge. To be socially authoritative and to earn public trust regulators also need to reflect the society they operate in.

They need to demonstrate an understanding of and a commitment to diversity. 

You can’t regulate the use of embryos in research, for instance, unless you understand that for some, the fertilised human egg is not just a ball of cells.

And you can’t regulate charities, no matter how great a legal eagle you are, without understanding that trustees are normal human beings, with a range of reading ages and professional and educational backgrounds.

So to be socially authoritative regulators also need to reflect the society they operate in.

Whatever the dimension: ethnicity, gender, religious identity and so on, regulators must signal that they take account of relevant differences.

When the areas regulated involve moral sensitivities, social values or novel developments, this becomes even more vital.

It is then crucial that the authoritative regulator adopts inclusive, open processes for establishing its position. 

The Charity Commission took great care, for instance, in drafting guidance on what ‘advancing religion’ means in charity law.

What is a religion? What are the characteristics that religions defined as such in law must share? Bearing in mind that some beliefs involve the worship of a god, some the worship of more than one god and some of no god at all?

Communication skills – including the ability to use plain English – are also crucial.  You can’t claim to work on behalf of the public unless the public understands what it is you do – unless he gets it.

Authority, finally, also implies an appetite to learn and a willingness to change.

It’s the same principle that applies to human beings. People with real authority tend to be confident about conceding that they’re not perfect.

They’re happy to defer to someone else when they don’t know the answer, and they’re happy to admit when they’ve made a mistake.

Regulators should, of course, strive to know the relevant answers, and they should try not to make mistakes.

But they should be open to challenge and confident enough to accept criticism.

They should welcome opportunities to learn and improve and evolve.

Another example from the Commission’s work:

In 2008, a new Charity Tribunal came into operation. Its role is to offer an independent route of appeal for charities that have exhausted our decision review process.

We could have been defensive about the Tribunal, seen it as a threat or danger. Certainly its work has, at times, been high profile. It’s not always been comfortable for us.  

But we welcomed it and have benefited from its work. It has helped clarify areas of the law relevant to our work that were previously unclear.

Recently, it helped clarify the law on public benefit and fee paying independent schools, following a long-running legal debate in the sector.

That clarification will help us do a better job on behalf of the public.

And to maintain authority, regulators also have to listen to those they work with – in our case charities and the public primarily.

In my experience listening to criticism from your customers is of enormous value.

One of the things I emphasised when I arrived at the Commission was that we needed to become more permeable: to listen more, to work with others more.

We have brought about huge changes at the Commission in the last few years. Notably to our processes, making them easier, simpler and faster for charities, without making compromises in terms of our regulatory role. These changes started with listening.

Initiative

I’d like to focus, briefly, on initiative and innovation and why I think they are important in the context of regulation.

To my mind it is vital that a good regulator is able to anticipate risk and prevent problems.

A significant part of every regulator’s role may be to step in and take action when things go seriously awry.

But unless that work is balanced up by a considerable emphasis on preventative guidance, all that the regulator will achieve is the occasional headline in the press.

It is unlikely really to raise standards within the sector it regulates. And it will thus have failed the public it serves.

This emphasis on prevention stems in part from my basic sense of why people do wrong when they do. For me, the words of the Catholic confession hit the mark:

We do wrong through ‘negligence, weakness and own deliberate fault.’ In that order. So, mostly negligence, then weakness and only lastly deliberate wrong doing.

A good regulator therefore should be very clear about “what good looks like” and should provide clear, targeted guidance to help prevent unknowing wrong-doing as well as being alive to the possibility of deliberate malice.

A preventative approach also helps resolve dilemmas and paradoxes that usually accompany the work of regulators.

Here’s an example from the Commission – I’m sure all regulators have similar stories to tell:

One of our key purposes is to promote and increase public trust in charities.

To do so, part of our role is to investigate abuse or misconduct in charities. And to publicise such cases to help other charities avoid similar problems.

Now we know those two don’t always sit happily together.

Our research demonstrates that one of the factors most likely to drive down trust in charities generally, is having read or heard about problems occurring in a charity.

So in fulfilling a core duty, we risk undermining the ultimate purpose.

This paradox is of course slightly frustrating.

But we can help overcome it by working to avoid serious issues arising in the first place.

Preventing problems requires a range of skills and actions.

For instance, regulators need to be horizon scanners, they need to be able to anticipate systemic risks facing those being regulated. They need to be aware of the wider environment in which those being regulated work.

This of course links back to the importance of having expertise and authority.

Crucially, preventing problems also requires investment in excellent guidance.

And, in my view that guidance should, where possible, be principle, rather than rules based. Now the difference between the two isn’t always clear and can be exaggerated.

But my view is that regulatory guidance that is largely principle based is marked by certain characteristics.

It differentiates between legal requirements and general recommendations. So it sets out clearly when something must be done, or may not be done.

But it’s clear when a decision is for those being regulated to make.

For instance, the Commission’s guidance doesn’t dictate how much a charity should spend on fundraising, or how much it should pay its chief executive.

We point out that trustees have a responsibility to protect their charities’ reputations – and that reputation might be influenced by the pay packet of the CEO. But it’s not for the Commission as regulator to say: thou shalt spend no more than x% of your income on salaries.

Principle-based guidance is also aspirational and promotes trust – it expects and assumes that those reading the guidance want to do what is right.

Finally, a regulator with initiative is also one that is clear about what it can’t do. Where its role ends or never even began.

Because, as mentioned at the beginning, regulators that don’t explain the limits of their role risk being portrayed as weak when problems arise that they don’t have the remit to solve.

Such situations can be painful, as we at the Commission know.

We are often contacted by people desperately upset about, for instance, a destructive dispute taking place between trustees of a charity they know.

They want us, as regulator, to stride in and do something about it.

But there are very few cases of disputes in charities that require our involvement. As a general rule, we can’t get involved in disagreements between trustees.

We investigate when there is evidence of serious governance failures, but a simple case of deadlock through disagreement does not merit our intervention .

Now, “computer says no” is never an easy message.

Especially when you’re confronted with letters from MPs and newspaper articles questioning what on earth a regulator is there for if not to deal with x scandal or y outrage.

And especially when you fear that such public statements risk undermining public confidence in you as a regulator and the sector you work with.

But the blow is softened where the regulator has been consistent in its messaging.

When it has been upfront and open about its role without belittling the concerns of others.

And, of course, consistency helps, too. No two cases are identical and risk frameworks can mean that superficially similar situations result in different approaches. But blatant irregularities of approach undermine trust.

Accountability

Finally accountability.

In a democracy it is vital that regulators are answerable to the public they claim to serve.

Particularly where the regulator is funded from the public purse. Or where it is legally independent and not, therefore, subject to that ultimate accounting mechanism, the ballot box.

Like authority, accountability is  complex. It is demonstrated in different ways, depending on the context in which a regulator operates.

There are some core points that I think probably apply to all regulators – indeed all public institutions.

The first  is simply to note that accountability is an attitude as much as an action. It’s about a commitment to integrity, a constant awareness of and alertness to the fact that you are acting on behalf of the public.

It’s about adopting a default position of maximum openness and candour.

Most regulators are of course restricted as to how much they can say about certain areas of their work.

Most work with personal data that they are required to handle very carefully.

And the Commission, for instance, has to be very careful about what we say publicly about any ongoing investigations.

But generally speaking our attitude is and should be: What are we able to say? Not: what can we get away with not saying?

And we ask: what’s in the public interest to disclose? Not: what could embarrass us as a regulator?

My second point on accountability relates to performance and performance measurement.

Because you can’t really go about saying that you serve the public unless you can show you’re actually making a difference.

So you need goals, and ideally, these goals should be set in collaboration with others.

The Commission’s current Key Performance Indicators – which we’re actually currently revising following our strategic review – were agreed with the Treasury which funds us.  

But it’s not enough to set targets – you also have to report on your progress against them.

The Commission, for instance, reports, once a year, to Parliament, via the Public Administration Select Committee.

This is not a formality. The chief executive and I are generally given a pretty thorough grilling by members.

They might ask us about any aspect of our work or our performance and they tend to expect a straight answer.

These hearings represent a hugely important opportunity for us to be held to account for the money we’re given and the powers we use.

It’s our chance to answer to the public we serve – or at least to their elected representatives.

Separately, we hold our own public meetings, which are open to anyone. We put a lot of effort into them.

Partly because, like the PASC hearings, they’re an opportunity for the public to hold us to account for our actions and omissions.

But also because they allow us to have a wider discussion with the public and with charities about our role and our approach.

They’re a chance to ask some really broad and quite fundamental questions and to gauge responses to them.

For instance, our most recent Annual Public Meeting, which took place last, included a lively panel debate about the role and limits of self-regulation.

We were joined by a panel of very eminent peers – each of whom brought relevant expertise in regulation or the charitable sector to the table.

Holding debates of this nature is, of course, a bit risky. People might disagree with one another – and with our regulatory approach.

There may be calls for us to do things we don’t think we should or can do.

But that’s exactly why we think these debates are so useful. Because being open to scrutiny should mean being open to wide debate and discussion.

To conclude– I’m conscious that I’ve only scratched the surface of what makes a good regulator.

But my intention today was not to provide a list of all the various building blocks that are needed to build a good regulator, but rather to set out the foundations on which construction work can begin.

So to summarise:

A good regulator, to me, is one that serves the public interest in everything it does.

• That demonstrates independence in approaching its work
• Authority and initiative in the content of its work and
• Accountability about the impact of its work

All the other important factors in good regulation can be placed, I think, on these four foundation stones.

Thank-you

©Dame Suzi Leather, Gresham College 2011