Rules- based regulation
1. Rules based regulatory systems can provide certainty by clearly establishing what is required for compliance. Certainty allows organisations to plan and budget more efficiently. However, such systems can be inflexible where new business models, activities, products or services fall within the regulatory orbit and where their relationship with the rules is unclear – for example, because these developments were not anticipated when the rules were written and where adapting the rules to accommodate these developments (where desired) is cumbersome - say where secondary legislation is required.
2. This can be frustrating for both regulators and regulated organisations in that regulators can appear slow to change and against innovation, with little scope to authorise changes that are outside their rules and with limited scope other to use enforcement strategies that may appear heavy handed at times. For organisations it can be frustrating where they wish to bring new products or services to market but are unable to do so in whole or part as they await regulatory approval or where the regulatory landscape is unclear. This can potentially act as a barrier to innovation and market entry.
3. Principles based regulatory systems are popular in some sectors. These emphasise less the primacy of a prescriptive rule book but instead encourage organisations to operate according to certain high-level principles – such as ‘treating customers fairly’, for example. Such systems have allowed regulators to trim expanding rule books and to emphasise more the key principles of regulatory compliance and behaviour. This has resulted in increasing emphasis on the culture of compliance within organisations, supported in some cases by enhanced personal competence and accountability requirements – say, via qualifications and liability to more stringent personal and collective enforcement sanctions.
4. Principles based systems allow regulators to flex their approach to meet new developments in their sector and when dealing with disruption - such as that caused by the COVID-19 pandemic, for example.
Dialogue between Regulators and Organisations
5. Effective regulation is important to both regulators and regulated organisations. Dialogue between the two is important so as to help promote understanding and an appreciation of the challenges on both sides of the regulatory fence. Of course, regulators will focus on their primary purpose – the main thing at the expense of less critical areas that can sap resources. At the same time, organisations often welcome constructive dialogue to provide clarity and aid their business planning and risk management. To this end, many regulators see outreach and the measurement of regulatory impact as important performance yardsticks.
Compliance and culture
6. What drives compliance in organisations often depends on the nature of the regulation and on the culture of the organisation. For example, a small organisation faced with financial penalties for non-compliance will be focused on financial survival. For larger organisations, reputation is often the key factor.
7. Culture is widely recognised as perhaps the key factor in ensuring a strong compliance approach in an organisation. Systems, checklists and processes are important but culture also embraces an understanding and appreciation by all the organisation’s staff as to why compliance matters for example, public safety and the reputation and health of the organisation. Effective cultural change needs to be driven from the top of the organisation so that compliance and good regulatory practice is seen as being synonymous with good business practice.
Innovation and New Entrants
8. New entrants into a market and fast-growing organisations can pose a challenge for regulators where the organisation has developed an innovative business model or new products or services, particularly where based around digital platforms. Here the regulatory requirements may be less clear and such organisations may have less developed compliance systems compared with traditional actors so that their governance lags behind their commercial ambitions. This can be a challenge for regulators if the organisation needs to be convinced of the need for compliance or to follow certain rules. They may see regulation as bureaucratic and costly. Constructive dialogue, safe spaces for innovation and safe harbours from enforcement action are tools that are likely to be increasingly used in these types of situation, where appropriate.
9. Regulators can use a variety of interventions to help with compliance awareness in organisations and to encourage change, particularly in the light of digital innovation. These interventions range from outreach and education initiatives to creating safe harbours to test innovation – for example, the FCA’s sandbox.
10. Some regulators also use ‘nudge’ communications as part of their toolkit to encourage compliance. These can use messaging and reminders to create a narrative where compliance is seen as a normal part of the business cycle, built into processes and procedures. At the same time, many regulators have looked to improve the digital interface with organisations to make compliance easier and less bureaucratic.
11. Enforcement powers vary from regulator to regulator. Enforcement, particularly in the courts, is expensive and time consuming. Whilst necessary in some cases, many regulators have looked at how they use their civil and (if relevant) criminal powers to target the worst actors who undermine the industry and public confidence, whilst providing a proportionate response that discourages poor practice without unduly hampering change and innovation. This is not an easy balance, particularly in those industries where digital innovation has resulted in regulatory grey areas – such as in the use of algorithms, for example. The increasing use of AI in business generally is likely to have an increasing impact on regulatory thinking and policy in many sectors.
Regulating large organisations
12. The scale and reach of larger organisations mean that they have multiple regulatory obligations across different jurisdictions. This often requires different regulators to liaise and cooperate in determining an appropriate regulatory response, whether that be in relation to innovation or enforcement. Where there are jurisdictional or regulatory gaps or overlaps, regulators recognise the need to act cooperatively with fellow regulators to ensure consistency and fairness of approach, where possible.
The impact of the pandemic
13. The Covid-19 pandemic has been a significant catalyst for reflection and change by regulators in that they have had to find ways (sometimes new ways) of ensuring that organisations can meet the challenges caused by closed offices, remote working, fewer staff, and new innovations, for example, while at the same time, ensuring that bad practice is caught and acted upon. This has meant that regulators and organisations have had to work constructively and pragmatically, often at greater speed that would otherwise be the case.
14. Generally, there is no ‘one size fits all’ approach that provides an appropriate regulatory approach for all regulated sectors. Each sector is different with its own particular needs and risks. Clearly, the higher the risk to human life, wellbeing and the natural environment, the stricter the compliance and enforcement regime.
15. Within this context, it is clear that both regulators and regulated organisations are acutely aware of the benefits of regulatory systems that work well to encourage compliance and good practice, while discouraging poor practice and the taking of proportionate action against bad actors.
16. How regulators and organisations go about this varies and can be dependent on the flexibility within the system. Generally, there is an emphasis on the use of softer powers such as effective dialogue and communication and finding ways of encouraging innovation while providing the necessary protections. Improving culture and understanding is widely seen as a key success factor.
17. Flexibility in enforcement is also important, allowing regulators to target bad practice and bad actors with the strongest actions while allowing proportionate responses in less serious breaches.
18. Covid-19 has been a catalyst for change, requiring rapid adaptation by both regulators and organisations to provide flexibility, allowing organisations and sectors to meet the challenges of the pandemic, while at the same time protecting consumers.