Regulation plays a critical role in society. At its most basic level, regulation is used to control risks that lead to societal problems. It may be used to address a broad range of risks, including economic, health, infrastructure, security, and environmental risks.

Well-designed rules that comprise a regulatory framework will help tackle the risks that the regulatory framework has been designed to tackle but, on their own, will be inadequate. Indeed, the manner in which the regulatory framework is implemented and applied in practice by the regulator will also be very important.

As has been highlighted in the context of the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (Financial Services Royal Commission), an under-performing regulator can compromise achievement of the objectives of the regulatory framework. More specifically, failure by a regulator to strategically and effectively pursue and secure compliance with the regulatory framework can mean the outcomes that the regulatory framework is designed to deliver will not be achieved. In practical terms, this could lead to the materialisation of harms that the regulatory framework is aimed at preventing.

This highlights the fact that the regulator is at least as important in delivering regulatory outcomes as the regulatory framework itself.

Performance of a regulatory regime

The performance of a regulatory regime – that is, its capacity to deliver intended regulatory outcomes – will depend upon the performance of various individual but inter-related components of the regime, including:

  • Regulatory framework: the regulatory framework sits at the heart of the regime and governs the treatment of the risks that the regime is designed to address. The regulatory framework needs to keep pace with relevant changes – whether societal, technological, political or economic – to ensure that it continues to be fit for purpose.
  • Regulator: the regulator has oversight over the regime as a whole and has as its primary remit the task of ensuring compliance with the regulatory framework. The regulator must ensure its policies, procedures and practices are strategic, effective and relevant to the broader context within which the regulatory framework is applied.
  • Funds: adequacy of funds that are available to resource the regulator, including the various regulatory activities undertaken by the regulator, will affect the ability of the regulator to operate effectively.
  • Regulated entities: regulated entities may collectively help or hinder achievement of regulatory objectives depending upon their attitudes towards compliance and their capacity to comply.

While the regulator will typically have limited control over the content of the regulatory framework, the available funds to regulate, and the compliance disposition and capacity of regulated entities, the regulator can, nevertheless, enhance performance of the regulatory regime as a whole through the regulatory activities that it undertakes.

The challenges of being a regulator

As noted by regulatory scholar, Cary Coglianese – a professor at the University of Pennsylvania Law School – being an effective regulator is challenging for a range of reasons,[1] including:

  • Problems that regulators face are hard: this is evidenced by the fact that resort has been made by Parliament to regulation to resolve such problems.
  • The problems that regulators must solve often present value trade-offs: more specifically, regulators will often have to balance the need to protect the public from harm against other regulatory objectives, such as authorising legitimate economic activity (e.g. by licensing a business to operate in the regulated sector).
  • There are many external factors outside a regulator’s control but which can impinge upon what regulators do: external factors affecting the regulator’s approach and operations include changes in public expectations and perceptions of risk, allocation of regulatory resources, and behaviour of regulated entities.

The need for an outcomes-focused approach

Regulatory frameworks are often a complex composite of laws, subordinate instruments, policies and procedures, creating a web of regulation that can seem dense and impenetrable, even for those involved in its administration. A key challenge for regulators is to ensure that, in administering this web of regulation, the focus is primarily on delivering intended regulatory outcomes.

A risk-based approach to regulation can help in this regard. In particular, such an approach helps the regulator:

  • Identify high risk compliance areas: a risk-based approach involves identification of compliance areas and compliance obligations that are most likely to compromise achievement of regulatory outcomes.
  • Identify high risk regulated entities: a risk-based approach also involves identification of regulated entities that are most likely to undermine achievement of regulatory outcomes through unco-operative and/or non-compliant behaviour.
  • Prioritise resources: a risk-based approach allows the regulator to use its limited resources to target high risk compliance areas and regulated entities.

See here for some previous Maddocks articles on the development of a risk-based approach to regulation:

Embedding a process of performance evaluation and continuous improvement

In light of the various external factors and forces that may come to bear upon the administration of the regulatory regime, a healthy degree of critical reflection and introspection on the part of the regulator is required. A structured and sustainable process to continuously improve the regulator’s activities is key to ensuring a regulator remains relevant, respected and effective – now and into the future.

Apart from the clear benefits of monitoring regulator performance, many Commonwealth and State regulators are required by law or government policy to undertake performance monitoring. These requirements are linked to growing pressure on governments and their agencies to demonstrate and improve the results of their activities.

Performance evaluation exercises undertaken by a regulator may be dominated by the need to meet these externally imposed performance requirements, which may be onerous and time-consuming. However, an intelligent and purposeful approach to performance evaluation is more likely to enhance regulatory outcomes, than an approach that slavishly and mechanically responds to these external performance requirements, resulting in a tick-box assessment of performance.