Does being ‘risk-based’ imply principles-based regulation and regulators?

For simplicity the primary types of regulation risk committee chairs and INEDs will encounter are either principle or rule based. So what works best for risk and why?

Regulation usually results when outcomes are poor and show no sign of improvement, for example following the substantial number of Operational Risk and Systems failures at UK banks exemplified by the TSB case and others. While some stakeholders can afford to vote with their feet or use the courts to win compensation, others are harmed with little recourse and need regulator protection from poor ethics or performance.

An ’improvement regulator’ will often aim to ‘lift all boats’ by providing principles and guidance to support those accountable in being the best they can be. Those who fail to achieve those standards may be given additional ‘supervision’ or penalties. In some cases so severe that the organisation (or individual) is not able to continue operations.

A principles-based approach has worked relatively well with the UK legal and governance systems, where those accountable are expected to ‘comply or explain’, enabling key stakeholders to demand transparency and explanations for judgements made.

An advantage of an outcome-led and ‘top down’ principles-based approach is that it becomes less worthwhile for any party to argue about details and loop holes– either you are committed to ‘what needs to be done and why’ or it becomes clear that you are not! An honest mistake or misjudgement may earn you a second chance, where a clear rule violation would not. 

A typical approach to develop risk-based regulatory principles would usually include stakeholders throughout, by considering desired outcomes, sufficient coverage of principles, implementation challenges, impact analysis and assurances. Adjustments can be made over time through experience, while hopefully avoiding additional detail and complexity.

The Risk Coalition is not a regulator but has identified with others that there is an opportunity for collaborative improvement, where board’s can gain greater assurance of delivering their commitments to stakeholders (purpose, viability etc as per The Code) while minimising any ‘preventable surprises’, or at least responding to them well. Pre-regulatory initiatives can be voluntary and aspirational, driven by professional and other chartered bodies through a focus on evolving best practices rather than less-flexible legislation.

Where these surprises occur society and stakeholders increasingly look for ‘someone to blame’ and there is always pressure on politicians to legislate against bad actors. Rules are necessary and can enable this but a focus on better outcomes through principles and guidance for those accountable can make enforcement actions a rare exception.

Bryan Foss, Visiting Professor Bristol Business School

www.riskcoalition.org.uk/guidance