More on
This blog is one of a series commenting on our reforms of regulatory capability.
Not all risks are the same. There are risks and then there are regulatory risks. So what makes regulatory risks different?
Let me start with common or garden corporate risks. All organisations confront risks – reputational, strategic, financial and so on. They manage those risks as part and parcel of achieving their objectives because the materalisation of risks can undermine the pursuit of those objectives and, in a worst case, sink the organisation itself.
The big difference is that regulatory risks are risks not to the organisation, but to the public. They go to the heart of why regulators are set up in the first place.
Regulators exist to manage risks which consumers can’t control themselves. Natural monopolies like water and power must be regulated to prevent the economic exploitation of consumers or the loss of key and irreplaceable services.
We regulate professions – the Bar is a good example – because of the critical importance of high ethical and professional standards which consumers are not well-positioned to ensure themselves. Professionals, after all, have a huge information advantage over the consumers to whom they provide services.
There is also a market dimension to our regulation. We need to ensure barristers’ services are competitive and easily accessed by consumers who are well-informed about costs and, to the extent possible, about quality.
So managing regulatory risks is, above all, about reducing harm to the public. Sometimes harm to the public and harm to organisation will overlap. For example, we record on our corporate register the risk that the BSB is unable to sustain public confidence in regulation. But that risk is itself bound up with the BSB’s actual track record in protecting the public from harm as a result of unprofessional, unethical or poor value service by individual barristers or by the Bar.
So it is very important that we do distinguish regulatory risks – risks to the public interest – from organisational risks. In fact, it would not be going too far to state that the identification and management of regulatory risks is exactly what we’re here for.
Our analysis of current potential harms to the public should determine our short-term regulatory interventions. Our reading of the potential for harm from new or as yet unrealised developments should guide our strategy for the future. And by “harm” we mean opportunities for good outcomes to be lost as well as well as bad outcomes to eventuate. Reluctance by the Bar to seize the chance that AI offers for a more efficient service would be a good example of a potential opportunity foregone.
So, against this background, we have been reviewing our regulatory risk framework. The review’s conclusions have now been approved by the Board.
So what are the main findings?
The good news is that we are building on solid foundations. The review finds that the Bar Standards Board already maps regulatory risks and that everyone across the organisation buys into the importance of this work. In other words, we are in the business of improvement, not construction from the ground up.
But there are definitely improvements to be made.
For one thing our current risk framework and map is too complicated. As one colleague put it: our approach is bogged down by spreadsheets. So we need to streamline our approach and empower people across the organisation. Information about risk must flow from our front line teams to the centre for analysis. And central analysis of emerging risk must inform – but not over-determine – the approach of our front-line teams to day-to-day issues.
As always, data and intelligence are key. We must ensure that our analysis of regulatory risk is driven by high quality, first hand intelligence. And that intelligence must be what we actually need, not just what we happen to have to hand. This is where our parallel data and intelligence strategy comes into the picture – the subject of a recent public statement.
Finally, we must take a strategic approach to assessing the intelligence based on a clear-sighted view of where regulatory interventions are needed in the public interest. As part of this, we need a good debate about the threshold for intervention in response to potential or actual harms to the public.
Let me give you an example.
We shall never condone unethical behaviour by barristers and will take enforcement action where we become aware of cases. As long, however, as ethical breaches are isolated examples and few and far between, we may well conclude that our existing rules and the enforcement of those rules suffice as controls and as a deterrent to such misconduct.
But suppose we become aware through our intelligence gathering or through a Public Inquiry of systemic problems in the profession arising, for example, from mis-aligned allegiances. We should need then to take further regulatory action, perhaps to issue guidance to clarify how our rules apply or, conceivably, to strengthen the rules themselves. These are possible steps we might take in response to issues emerging from the current Post Office Inquiry.
In short, the successful identification and management of regulatory risks – risks of harm to the public interest we serve – are at the heart of what we are here to do. Reform of our regulatory risk framework is, in consequence, right up there as among the most important elements of our current programme of reform.
We shall be implementing reforms to our framework over the next two years, with the highest priority reforms delivered this year – 2024/25.