We hear the phrase “risk-based regulation” quite frequently. Yet there seems to be much greater clarity about what it means for the regulations themselves to be risk-based, and much less clarity about what it means to be a risk-based regulator at the operational level.
Regulators, and others with risk-control responsibilities, face a unique set of issues. These could include – what does it mean to be vigilant with respect to novel or emerging risks? What is the relationship between enforcement discretion and effective risk control? How best can regulators modify behaviour and manage compliance, and at the same time remain minimally intrusive?
On these and many other issues, regulatory and enforcement practitioners are hungry for guidance.
For this guidance, they may turn to risk literature—provided largely by experimental psychologists and behavioural economists—focusing predominantly on the ways in which risks are perceived by individuals, and how social, emotional and psychological factors distort risk-assessments and affect behaviour. That is all useful for public officials to know, but the risk literature has not focused on the distinctive managerial challenges associated with running a regulatory or risk-reduction program. It has not explored the different ways of structuring risk-control operations, the nature and exercise of discretion, the linkages between analysis, intelligence and operations and the tension between organising around functional or programmatic solutions rather than around concentrations of risk.
Strategic & managerial issues confronted by regulatory executives
Hundreds of thousands of regulatory and law enforcement professionals stand between the state of the law itself and the delivery of effective front-line protections. What they do matters. It matters how they organise themselves. It matters when and why they enforce particular laws. It matters whether and how they organise their discretion, and what other methods they adopt when the law itself turns out to be obsolete, irrelevant, or insufficient.
Regulatory practitioners must:
- Decide how best and at what size to define a new project and how many projects to define
- They must establish the data-gathering, intelligence, and analytic capacities that enable them to spot emerging problems early, even when those problems do not fit established patterns
- They must figure out how to close risk-mitigation projects—an extremely thorny and ethically contentious issue—because it is easy to keep opening them, and possible to drown under a proliferation of half-completed projects
It is the practitioners who must decide what not to take on, what type of results to expect, and when to cooperate with other parties around various aspects of the task. It is the practitioners who have to balance a range of reactive, preventive and proactive methods, and figure out how to integrate these into coherent control strategies.
Professor Sparrow has spent more than 25 years concentrating on precisely these managerial issues which other scholars generally neglect. In his practical executive education course – The Professional Regulator – Professor Sparrow stresses the importance, the uniqueness, and the complexity of the role of the professional regulator; and centres his work on the managerial and strategic challenges they face.
Participants come away with a heightened appreciation of the importance and complexity of the role of the Professional Regulator. They will understand the variety of pressures currently acting on regulatory, enforcement, and security agencies around the world, and the various adaptations available to them as they strive to enhance their effectiveness.
The Character of Harms – Professor Malcolm K. Sparrow (2008)