Regulatory Culture

CONTINUOUS IMPROVEMENT AND TRUST

RISK-BASED AND DATA-DRIVEN

COLLABORATION AND ENGAGEMENT

Three principles of good regulatory culture

CONTINUOUS IMPROVEMENT AND TRUST

This principle proposes that the regulator adopt a whole-of-system perspective, continuously improving its performance, capability and culture to build trust and confidence in regulatory settings. To achieve this outcome, all employees across the agency should have a clear sense of regulatory identity and purpose. That is, they know why they are carrying out their different functions and what constitutes a good outcome. Staff are confident in their decision-making and execute their regulatory functions and statutory powers in a way that is fair and predictable. At each point of the regulatory lifecycle, guidance, accountability, escalation and quality assurance processes give staff confidence to navigate complex settings and to make decisions or manage up as needed. Leaders are models of regulatory best practice, empowering and supporting their teams. Officials at all levels can access professional learning when required and can share critical insights and reflect on outcomes as part of branch-wide and organisation-wide feedback loops that provide the policy teams with vital information from the operational team. And forums need to be created to allow regulators to reflect, share ideas, and fail safely as they test new things. All staff are valued and feel valued. They share a desire to grow their skills and to service citizens with the best possible settings and decisions.

What does good regulatory culture look like?

We have observed some common issues:

What can go wrong?

Workers in a regulator do not identify as being a regulator. They follow the rules, but do not really focus on the outcomes they are trying to achieve. Processes and procedures are either too rigid or too high level, and do not effectively connect actions to outcomes. The right capability is not in place and professional development opportunities are not designed to curate the ‘regulatory craft’. Long-tenured staff are stuck in their ways and are quashing a culture of continuous evolution.

A strong identity of being a regulator and a clear view of what good regulatory outcomes look like

Fair and consistent regulatory decisions to maintain integrity, trust and predictability

Strong capability, accountability and leadership

A mindset of continuous improvement and reflection

RISK-BASED AND DATA DRIVEN

This principle proposes that the regulator maintain essential safeguards, using data and digital technology to manage risks to minimise regulatory burden and to support those they regulate to comply and grow. The regulator should use data and intelligence to understand where risks lie and to focus the requirements they place on businesses and their own resources to manage higher-risk activities. Effective monitoring, information systems and feedback loops enable all sections of the regulator to understand whether their decisions were appropriate and whether the programs and regulations are achieving the policy intent. Regulatory settings such as legislation should be clear and allow sufficient flexibility for staff to act in a risk-based and outcomes-focused way. To support this, a clear risk appetite and tolerance is imperative to support staff in making sound regulatory decisions and promote consistent risk management. For staff to make data-driven decisions, the regulator should have enabling ICT systems and data practices. Staff should have access to high-quality data through streamlined processes.

What does good regulatory culture look like?

We have observed some common issues:

What can go wrong?

Legislation is obsolete and does not support risk-based practice. The right data is not available in a meaningful way to measure and target risk. This can include available data being fragmented across multiple ICT systems. Regulators have unclear risk appetites and risk tolerances that are driving uncertainty among staff about how to approach regulatory decision-making.

Fit-for-purpose regulatory settings to support risk-based regulatory practice

Systems and practices that enable data-driven and insights-led decisions

A clear risk tolerance and commitment to risk proportionality in regulatory activities

COLLABORATION AND ENGAGEMENT

What does good regulatory culture look like?

We have observed some common issues:

What can go wrong?

Siloed ways of working within regulators create barriers to looking at the whole lifecycle of regulation – for example, teams involved in policy and regulatory design do not talk to the operations teams, who do not talk to the evaluation teams, and so on. Regulators do not understand the industries they regulate. The in-house subject-matter expertise does not exist. This is exacerbated by a trend away from meaningful and regular engagement with industry representatives, which would help understand how the world is changing, and how regulators and regulated entities can work best together to achieve mutually beneficial outcomes. Information about the regulator’s performance is scarce, or reported after a delay. Furthermore, there can be a reluctance to share information due to various anxieties and concerns, such as privacy or commercial sensitivities. Some of this concern is warranted, but information can often be shared more readily than it is.

A commitment to collaboration within and across the department, and with regulatory partners

Performance transparency, with information shared both responsively and proactively to support collaboration

A demonstrable understanding of the operational environment, pressures and circumstances affecting regulated entities

This principle proposes that regulators should be engaging and collaborative, implementing regulations in a transparent and informed way. Good collaboration must include both internal and external communications, engagement and visibility. It encompasses the regulator committing to forums to share information and to learn from other sections in the organisation, ensuring dedicated pathways for connection and advice. The regulator should actively seek out, and respond to, multiple sources of feedback – including from regulated entities and co-regulators. Feedback is important across the regulatory lifecycle – from co-design of new or amended regulatory requirements, to coordinating regulatory responses, to understanding and tracking changes to market conditions. The regulator should be transparent about its own performance, proactively sharing information about its activities and being responsive to requests for information, wherever appropriate. This commitment to collaboration and engagement would improve the understanding of the operational environment of regulated entities.