In his book, “The Regulatory Craft” published by The Brookings Institute in 2000, Professor Malcolm Sparrow suggested that regulators should: “Focus your efforts – but be consistent” ; and “process things quicker – and be more careful next time”. By Rupert Brown, CTO Evidology Systems.

These suggestions were echoed by the OECD in 2014 in its publication, 'The Governance of Regulators', which summarised seven key principles for regulators derived from Professor Sparrow’s book.

Fast-forward to 2019, and the UK National Audit Office (NAO) has produced a number of ‘Overviews’ and ‘Short Guides’  to try and capture the current scope of regulation across all UK business sectors. The most recent of these can be seen here.  

It concluded that:

  • “Regulators are at different levels of maturity and all have further to go.” 
  • “Regulators find it particularly challenging to robustly measure the impact of their interventions.” 
  • “Regulators’ public reporting does not provide a meaningful overall assessment of how well they are protecting consumers’ interests.”
  • “Regulators do not consistently provide a clear line of sight between what they are trying to achieve overall, what they have done to meet these objectives, and what the actual outcomes are for consumers.”
  • “Regulators have no common set of standards for what or how to report.”

Alongside these conclusions, the NAO overview also made a number of recommendations to improve performance. However, what it did not do is ask the more difficult question: why do regulators have these common failings?

To put some more perspective around the need to answer this complex and difficult question, the NAO report reminded its readers that the 90+ UK regulatory bodies spend more than £4bn ($5.5bn) a year from a mixture of public funds and direct industry levies; however, the real cost of regulation across all commercial businesses is estimated to be more than £100bn per annum.

In order to try and answer the question “why”, perhaps the best place to start is to examine what lies behind each of the NAO conclusions.

Looking at “maturity”, perhaps the most glaring omission in the NAO reports is that they do not give a full point-in-time list of all the regulatory bodies that are considered to be in scope, nor do they state their founding date. Since the Thatcher era, every UK parliament has tinkered with the regulatory structures and agencies of the nation and the recent conclusion of Brexit will undoubtedly result in more change. If the UK NAO cannot accurately count the number of regulators and measure their lifespan/volatility then we are already on shaky ground. 

The recent UK Parliamentary Select Committee reviewing the use of consultants to set up the NHS Track and Trace system highlighted the cost of creating new government agencies from scratch, the difficult task of weaning them off staff from the ‘Big four’ and measuring the number of consultants involved with each regulatory body; the average tenure of permanent staff should also be a metric that the NAO surfaces for all the agencies in scope.

GDPR fines

In a world of rolling 24-hour news, regulators have mostly eschewed “Robust measurement of impact” in favour of attention-grabbing headlines publicising rulings that have large fines proposed as remedies.  To date, none of the headline amounts levied under global data protection regulation (GDPR) in the UK have survived first contact with the legal system and have been reduced to small fractions of their initial sums.

No wonder the ICO (Information Commissioner’s Office) doesn’t want these major reductions and the protracted case durations to be reported as standard metrics. Professor Sparrow’s recommendations about speed and care are particularly resonant here in ensuring that regulators always measure the final amount paid vs. the initial recommendation and the duration of the dispute from the initial date of malfeasance through to the actual settlement of the dues agreed. 

The UK’s former prime minister Harold Wilson’s famous quote about “the pound in your pocket”, following the devaluation of Sterling in 1967, is probably the best benchmark to exemplify meaningful overall assessment of consumer protection. Consumers have been bombarded by regulators for many years, trumpeting success in enabling tariff/account switching, be it for energy, mobiles, broadband and now, ‘open’ banking, and yet bills and customer satisfaction issues continue to rise. The recent ruling that energy providers must refund excess direct debits is real protection – account switching statistics are not.

The simplest solution for consumer protection-focused regulators would be for them to be given bonuses directly on the reductions in direct costs they achieve, which will give them real motivation to drive improvements, rather than merely serving a public service tenure as part of their career path.

Other than the governor of the Bank of England, there is no consistent clear line of sight from UK regulators to the general public about their plans. We caught a brief sight of the UK information commissioner during the Cambridge Analytica scandal and more recently have received reassurances about the Astra Zeneca vaccine from the head of the Medicines and Healthcare products Regulatory Agency (MHRA) but the names of the heads of other major UK regulatory bodies would be good bets for pointless answers in any TV or pub quiz. Perhaps major regulators should stand in some form of public election, like the newer metropolitan mayors, as they can potentially have a similar or greater financial and social impact.

Finally, we come to the “No common set of standards” NAO finding, that again echoes back to Professor Sparrow’s comments two decades before. It has already been noted that there is significant politically-induced churn in regulatory bodies and a lack of consistent maturity measurements. 

Who guards the guards?

Perhaps this is really a case of quis custodiet ipsos custodes? (who guards the guards?), where it should be the NAO itself that takes responsibility for driving the standardisation of reporting and metrics from each of the agencies it claims to know about. A clear case in point is the obvious difference between the Financial Conduct Authority (FCA) Handbook and the Prudential Regulation Authority (PRA) Rulebook technical platforms – why is this the case, other than probably a textbook instance of organisational fiefdoms? A much simpler example is the lack of standardised digital machine-readable glossaries being published by each regulator and government department to describe the entities and processes they govern.

Perhaps the best way to summarise the paragraphs above is that despite 20+ years of advice and recommendations from governance bodies around the globe, regulators seem to crave the kudos of headline successes but don’t want to do the hard yards of defining metrics and building information gathering and reporting systems to deliver them. In the UK, the NAO must also shoulder some share of blame in all of this for not being able to accurately quantify how many ‘official’ regulators there are and driving operational synergies around the basics of information management content and platforms across them.