Really Responsive Risk‐Based Regulation

• DOI: http://doi.org/10.1111/j.1467-9930.2010.00318.x
• Author: JULIA BLACK,ROBERT BALDWIN
• Published date: 01 April 2010
• Date: 01 April 2010

Really Responsive Risk-Based Regulation

JULIA BLACK and ROBERT BALDWIN

Regulators in a number of countries are increasingly developing “risk-based”

strategies to manage their resources, and their reputations as “risk-based regula-

tors” have become much lauded by regulatory reformers. This widespread

endorsement of risk-based regulation, together with the experience of regulatory

failure, prompts us to consider how risk-based regulators can attune the logics of

risk analyses to the complex problems and the dynamics of regulation in practice.

We argue, first, that regulators have to regulate in a way that is responsive to five

elements: (1) regulated firms’ behavior, attitude, and culture; (2) regulation’s

institutional environments; (3) interactions of regulatory controls; (4) regulatory

performance; and (5) change. Secondly, we argue that the challenges of regula-

tion to which regulators have to respond vary across the different regulatory tasks

of detection, response development, enforcement, assessment, and modification.

Using the “really responsive” framework, we highlight some of the strengths and

limitations of using risk-based regulation to manage risk and uncertainty within

the constraints that flow from practical circumstances and, indeed, from the

framework of risk-based regulation itself. The need for a revised, more nuanced

conception of risk-based regulation is stressed.

INTRODUCTION

Regulators usually find that they have more to do, and more issues to

respond to, than time or resources allow. Partly as a result, many govern-

ments and regulators are now developing risk-based regulatory strategies as

frameworks for the management of their resources and their reputations

(Rothstein et al. 2006; Black 2005a). These are collections of strategies that,

at the very least, involve the targeting of enforcement resources on the basis

of assessments of the risks that a regulated person or firm poses to the

regulator’s objectives.1The key components of such assessments are evalua-

tions of the risks of noncompliance and calculations regarding the impact

that the noncompliance will have on the regulatory body’s ability to achieve

its objectives. In its idealized form, risk-based regulation offers an evidence-

based means of targeting the use of resources and of prioritizing attention to

the highest risks in accordance with a transparent, systematic, and defensible

framework.

Address correspondence to Julia Black or Robert Baldwin, Department of Law, London School

of Economics and Political Science, Houghton Street, London WC2A 2AE, England. Tele-

phone: 0207 955 7936/7258; E-mail: J.Black@lse.ac.uk or R.Baldwin@lse.ac.uk.

LAW & POLICY, Vol. 32, No. 2, April 2010 ISSN 0265–8240

© 2010 The Authors

Journal compilation © 2010 The University of Denver/Colorado Seminary

The UK is a jurisdiction that has fully embraced risk-based regulation, at

least at the level of exhortation. The Hampton Review of 2005 (Hampton

2005) endorsed the risk-based frameworks developed by the Environment

Agency, the Food Standards Agency, the Health and Safety Executive, and

the Financial Services Authority (FSA) and recommended that all regulatory

agencies should adopt a risk-based approach to enforcement. The govern-

ment has sought to implement that recommendation across UK regulatory

affairs and all UK regulators are now under a statutory duty to develop and

use risk-based frameworks for organizing all aspects of their regulatory

activities, including data collection, inspection, advice and support pro-

grams, and enforcement and sanctions (Department for Business, Enterprise

and Regulatory Reform 2007, para. 4). The UK is not alone in this move:

regulators have been developing risk-based frameworks of supervision in a

wide range of countries, particularly in the areas of environment, food safety,

occupational health and safety, financial services, and pension regulation

(Black 2008).

This widespread endorsement of risk-based regulation prompts us to con-

sider how risk-based regulators can attune the logics of risk analyses to the

complex problems and the dynamics of real-life regulatory scenarios. Else-

where we have argued that such attuning requires regulators to be “really

responsive” to the ongoing challenges that confront regulators on a daily

basis (Baldwin and Black 2008). We, accordingly, look here at the fit between

“risk-based” and “really responsive” regulation. By “really responsive” regu-

lation we mean a strategy of applying a variety of regulatory instruments in

a manner that is flexible and sensitive to a series of key factors. These include

not only the behavior, attitude and culture of the regulated firm or individual

but also the institutional environments in which regulation takes place, the

ways in which different control instruments interact, the performance of the

control regime itself, and the changes that occur in regulatory priorities,

challenges, and objectives (ibid.).

A further prompting to re-examine the implementation challenges of risk-

based regulation comes in the wake of the 2007–2009 credit crisis and stems

from the widespread perception that risk-based regulation, at least in the

UK, signally failed to protect consumers and the public from the catastrophic

failure of the banking system.2This decline in the reputation of the UK’s

risk-based approach to financial regulation, together with the experiences of

other regulators who have adopted risk-based approaches, presses us to

examine whether there is a need to apply risk-based regulation in a newly

reflective manner and to conceive of it in a more nuanced way. We will argue

that a “really responsive” approach offers a framework for reconceiving

risk-based regulation in such a fashion.

This article contends that there are considerable difficulties to be faced in

seeking to apply risk-based regulation really responsively but that the payoffs

from doing so outweigh any such difficulties. One payoff, it will be seen, is

that the really responsive framework forces us to move away from the rather

182 LAW & POLICY April 2010

© 2010 The Authors

Journal compilation © 2010 The University of Denver/Colorado Seminary

too easy vision of risk-based regulation—as a mechanical/quantitative means

of solving regulatory problems, as envisaged by the Hampton Review, for

example (Hampton 2005, Recommendation 1). It thrusts us toward a more

complex vision of risk-based regulation—as a particular entry point into, and

means of constructing and addressing, a core set of regulatory issues. It also

compels us to see risk-based regulation not as a free-standing and discrete

mode of control but as a strategy that is routinely and often necessarily

deployed in harness with a host of other strategies for addressing the chal-

lenges of regulatory intervention.

A really responsive analysis also suggests that once regulators have estab-

lished their objectives, they should consider how any given regulatory

approach comes to grips with the five fundamental tasks involved in imple-

menting regulation so as to further those objectives. The tasks are as follows:

(1) detecting undesirable or noncompliant behavior, (2) responding to that

behavior by developing tools and strategies, (3) enforcing those tools and

strategies on the ground, (4) assessing their success or failure, and (5) modi-

fying approaches accordingly (Baldwin and Black 2008). Part of our argu-

ment here is that risk-based regulation should be used in a way that takes on

board not only the way risk-based approaches offer a distinctive approach to

discharging each of these tasks (with the strengths and weaknesses of that

approach) but also the different ways in which risk-based and other regula-

tory strategies are likely to interact across the various tasks.

THE KEY ELEMENTS OF RISK-BASED REGULATION

The development of risk-based frameworks follows the pattern of many

innovations (Black 2005b). There have been a few early adopters, and over

recent years the number of regulators adopting some kind of risk-based

approach has steadily increased. The later adopters have been directly or

indirectly helped by the early proponents. Regulators have communicated

the detail of their frameworks and their experiences to other regulators

through transnational networks, such as the European Union Network for

the Implementation and Enforcement of Environmental Law, in the envi-

ronmental context, or by bilateral interchanges (Black 2006). Models of

risk-based systems are thus spread across regulators and modified each

time. For example, the risk-based model of the Australian Prudential Regu-

lation Authority (APRA) was based on that of the Canadian banking regu-

lator, the Office of the Superintendent of Financial Institutions (OSFI), and

the UK financial regulator, the FSA. It has, in turn, been adopted in modi-

fied form in a number of different countries, including the Netherlands (for

banks and pensions) and Indonesia (for pensions). The Canadian pruden-

tial supervision model also formed the basis for the Singaporean financial

regulator’s risk-based system. The UK’s risk-based model of financial regu-

lation has been adopted in countries as diverse as France and Columbia.

Black and Baldwin REALLY RESPONSIVE RISK 183

© 2010 The Authors

Journal compilation © 2010 The University of Denver/Colorado Seminary