I find it extraordinarily interesting and thought provoking to be at this gathering of illustrious academic thinkers here at the University of Pennsylvania as we collectively consider what constitutes regulatory excellence and how it can be measured. As a practicing regulator, it is also fairly challenging and not a little daunting when I consider the extent to which we at the UK Civil Aviation Authority (CAA), measure up against the standards you are espousing. But I want to start by saying that regulating day by day, identifying the right risks and taking the right actions, is tough. I am grateful for the general recognition among the experts gathered here, and in the various discussion papers prepared for this dialogue, that it is a hard business.
Over the fifteen years or so that I have been involved in regulation, I have developed a few rules of thumb as to what makes a good regulator. First, it is helpful to have a clear objective in law. Second, to deliver your task effectively, you need to have staff members who are real experts, with deep knowledge of the industry which you are regulating. Third, you must be engaged with all the varied stakeholders and genuinely listen to them. Finally, you should be transparent in everything you do because that is the way in which you can be judged by your stakeholders as to whether you are fulfilling your mission.
When I was chairing the UK Food Standards Agency (FSA), one of my Board members had, in a previous life, been Global Marketing Director of Unilever. He used to recount that his previous colleagues often commented to him that life on the FSA Board must be very mundane compared to the excitement of working at a company like Unilever. His response was that at the FSA he helped make decisions that were more far reaching, more costly and more complex than anything he had done at Unilever. And that it was all made more difficult by the huge complexity of the stakeholder environment.
That remark has always stayed with me because the complexity of stakeholder relations is one of the factors that distinguish regulatory bodies from private-sector organizations and which makes regulation so tricky. Experience suggests to me that no matter how clear your objectives, or how expert your staff, none of that will suffice without the right relationships with that web of external interests.
I thought that in my remarks I would try to consider regulatory excellence through the prism of stakeholder relationships, addressing what sort of relationship a regulator should have with each category of stakeholder.
Consumers want to know in whose interests the regulator is operating. We are fortunate at the CAA to have an unambiguous legal duty to protect consumers and the public – that is, those who fly and those who are overflown. This duty is fortunate because consumers pick up very quickly on even apparent conflicts of interest, and they do not so readily trust a regulator with equal duties to other, conflicting interests, such as the promotion of the industry.
I want to be clear, though, that the duty to protect consumer interests is not the same as doing what consumers are interested in. It is a much more complex construct which contains within it the idea of what is, in the end, to the benefit of consumers in society as a whole.
It is also important always to remember that consumers pay in the end. They are the final “purse” which pays for the consequences of regulation. Wherever there is poor quality or unnecessary regulation, it will cost them, perhaps in pure monetary terms or perhaps in a reduced choice of goods and services.
So my starting point for excellent regulation with consumers in mind is to keep the following principles firmly in mind:
- Only regulate for risks that are real and cannot be better managed by a competitive market.
- Only regulate those things that consumers cannot regulate for themselves. For example, consumers can see, smell, and assess the food on the shelf at the supermarket; they cannot see or affect what goes on further back in the food chain at the farm or the processing factory.
- Understand what consumers really care about. Regulatory over-confidence can lead to regulating things that do not matter to consumers. There is a well-documented example in the UK when, during the course of the infectious BSE/CJD crisis, the government took the precautionary action of banning beef on the bone. This meant no more T-bone steak or rib roast. Consumers were outraged. They saw this as a step too far, an instance of the government taking control of a risk that consumers wished to assess for themselves.
Understanding consumers is a good backdrop to a critical regulatory skill, namely choosing the right regulatory tool and understanding which one to use when and with whom.
In choosing the right regulatory tool, the regulator should first consider whether information might serve just as well as new regulations. One of my favorite forms of “regulation” is to give consumers the information and tools they need to be empowered to act as their own regulator. An example of this informational approach to regulation is the CAA’s practice of publishing comparative information about such things as the differing charges airlines make to put baggage in the hold. Possibly the CAA could find some way of managing those charges, but how much better to give consumers the ability to make that choice for themselves.
Second, if you have decided that something more than information provision is needed, can you nudge industry into behaving better through incentives? For example, if a particular company is operating to a high standard, perhaps they could be rewarded with fewer inspections, thus taking up less management time.
Third, regulators are inevitably less efficient than industry in understanding the process that leads to an outcome. So give companies clarity about desired outcomes and the parameters within which they should operate, and let them get on with reaching the outcome.
Fourth, only go for more prescriptive rules where the risk justifies it, where none of the other types of regulation will work and, importantly, where you can enforce the rule. Too often merely passing a rule is thought of as the end of the process. It is not; it is the beginning, and passing a rule that cannot be enforced will damage the credibility of the regulator while not achieving the desired outcome.
Finally, it is important to use the full weight of regulation to get rogues and crooks out of the business. Allowing them to “get away with it” is only a bad example to others, and it will damage the reputation of the regulator and will reduce others’ incentive to perform legally and ethically. Most critically, in food and aviation, people die as a consequence of rogue operators.
Let me move on to industry. Consumers have a real interest in flourishing competitive innovative industries, as does the economy of a country. Interestingly, it is a view not always shared by companies who have sometimes managed to achieve an advantage through poorly framed regulation that inhibits real competition.
There is a very delicate balance in the relationship with industry. On the one hand, the relationship may be framed as co-working, perhaps especially when both the regulator and the industry are confronted with new problems that have not previously been explored. In the CAA context, this might be the new field of space planes. On the other hand, the relationship might be more of a partnership where, jointly with industry or consumers (or both), you are wrestling with a problem which you all have a joint interest in solving. Or, finally, you might be acting as a stern objective regulator. All of these, and many other variations, are valid but it is important that at all times there is clarity in the minds of the regulatory officials and the industry as to what mode of relationship you are in.
It is helpful to industry if the regulator sets a clear long term direction, makes clear what are the desired regulatory outcomes, and also establishes what their regulatory culture or style is.
Regulators should be consistent internally. But they should also be consistent with other regulators who impact on their field, or with international regulators in the same field. Aviation is a global business, so the CAA liaises with the European authority as well as the global authority in Montreal. We put a great deal of effort into working at both the European and international levels to ensure consistency and, of course, to try to frame international regulations to suit our market. But the point is that inconsistency makes it difficult for the well-intentioned businesses to act well and it allows the ill-intentioned businesses to seek to exploit regulatory arbitrage.
Think about de-regulation. Most regulators have accreted rules perhaps born out of a different time and different risks that are no longer relevant and are merely burdensome. But de-regulation should be done on the basis of principle and not as a consequence of a pick-and-mix push from industry. In the UK, we have been looking at de-regulation for general aviation but rather than just start looking at individual rules, we started by agreeing on a principles paper as to what it was we really needed to protect. This set of principles then provided the framework against which we could assess individual rules.
To regulate effectively you must have real expert knowledge of the market; you must know how your industry works, what drives it and what shapes it. The regulation that will work best is that which sits easily alongside the way in which industry works. Regulating against the grain of the industry is hard work and usually less effective.
Finally, it is very helpful if there is a good reporting culture in the industry. Aviation has historically had an excellent record in reporting incidents. All the airline staff, whether cabin crew, engineers, or pilots, have access to reporting systems and use them. The challenge for the regulator is then to collate those disparate reports to pick up trends and identify what might be leading indicators of risk.
In the UK, regulation is independent of government, normally with a statutory base. The CAA is not a government department. It is a public corporation funded by industry and neither I, nor the staff, are civil servants. That does not mean a divorce from government but rather a relationship that needs to be constantly worked at. There should certainly be respect between the regulator and government, and there is sometimes inevitably tension. There are probably three main reasons for that tension.
- Regulatory boundaries and the proper allocation of responsibility. For example, the southeast of England badly needs new runway capacity, which for some people will result in noise disturbance, but for the economy as a whole it will be a benefit. That is absolutely a government decision and not one for regulators to take. It is not for unelected regulators to make decisions between individual detriment and public good, between winners and losers – that is a policy issue that should be decided by an elected government. Understanding your regulatory boundaries and trying to ensure that government provides the necessary policy framework is critical to good relationships.
- Long term vs. short term. Industry will often be working to a time scale which is longer than the normal Parliamentary terms. Particularly in infrastructure investment, where the payback may be over forty years, investors will require stability and certainty.
- Politics. Sometimes, straightforwardly, politics will intervene and government will require that it take control of an issue over which it feels strongly.
As a regulator, I am clear that if you don’t take government with you, you are likely to fail. So work out what really matters to you and, if you do want to have a fight with government, make sure you have picked your fight carefully and that you are having the fight on a proper, legally and factually valid, basis.
Regulators are generally accountable to Parliament. But I think there is something else important, which I call “answerability” to society at large.
We are there to manage risk – to set the right level to allow industry to flourish, to enable consumers to feel secure and to fulfill such other objectives as may be required. But who decides what level of risk is tolerable? At the FSA, I had many expert scientists who could tell me what particular action would produce what level of risk. What they couldn’t tell me was what level of risk was the right one. That is largely a societal construct, usually mediated through politicians and the media.
Where regulators fail, and there are plenty of examples, it is usually because the public has decided against them because of wrong judgments about the public appetite for risk, or simply that the regulator has been seen to be incompetent. Once the public noise is loud enough, then politicians will act. That death process may take a long time, but it is pretty relentless once the momentum has started.
There is an interesting new phenomenon in this area. Historically the public’s views have been mediated by others — the media or politicians — but today social media is changing this. The power of the press to collectivize opinion has shifted to the power of every individual to make their views known and felt. This presents considerable new challenges to regulators to which we do not as yet have a response.
I want to turn to internal relationships and I will start with good governance. The CAA has a board built along the lines of company boards. There are four executive directors and five non-executive directors, including me as chair. Two of the non-executives have aviation experience; the others come from different sectors and bring invaluable insights from other areas. The board sets the culture and the strategic plan, and it oversees the management. The strategic plan is a five-year rolling plan that is formulated through extensive discussion with all our stakeholders. It is then the role of management to take that plan away and systematize it throughout the organization from the top right through to the lowliest employee. It is for the board to oversee that process and make sure that management delivers on the plan.
Culture comes from the top of the organization and the role of the board here is critical. It is hard for an organization which does not have the imperative of a financial bottom line to change and adapt, so the board has a special responsibility to really push a culture that encourages the right sort of organization. The culture we want to promote at the CAA is one which is outward looking, intelligent, keen to learn from others, receptive, collaborative and brave – and ready to change in response to a changing world.
The CAA is moving to a risk based, judgmental approach based on integrated teams of inspectors covering every discipline of the Authority, gaining an understanding of the whole of a regulated entity’s business, and then putting all that information together and using a holistic picture to understand where the risks are and to apply resource to them. This approach will mean doing different things and sometimes stopping things. Generally, this is a much greater ask of staff than a straightforward audit approach. It requires people of a higher caliber who have technical, emotional, people, business, and negotiating skills.
We should always remember that it is the industry, not the regulator, who is responsible for delivering safety. Our role should be to use the information we have collected and the judgments we have applied to enable challenging conversations with the company covering their risks and focused on what they are doing to mitigate them.
At the CAA, we have established what you might describe as an internal think tank whose function is to improve the intelligence with which we operate. So they will be looking outside the immediate environment to try to identify upcoming risk. Equally, they will study and review big decisions or programs we have taken to assess whether we could do them better or whether the outcomes were as we expected.
We collect a great deal of information and we need the management processes and IT systems to make sure that we capture all the information in a usable way and that we achieve a common understanding across the Authority as to how we behave and act. This is no different from good management practice in industry and I do not believe there is any reason why a regulator should not be any less efficient than a well-run company.
The effectiveness of your internal structures will help the identification and handling of risk – much of it is about the acquisition of information. I find the Donald Rumsfeld typology quite useful:
- We are good at known knowns.
- We can be good at the unknown knowns if we focus on being a porous, thoughtful, outward-looking organization.
- Unknown unknowns are a difficulty, and we need to develop flexible, intelligent, nimble, and resilient organizations to handle them when they come into view.
Relationship with self
I want to end with some comments about the individual leader. Make no doubt, it is tough leading a regulator and there can be pressure from a variety of external sources, some of it fairly rough. So as an individual you do need to be personally resilient with a thick skin. I believe you also need a belief in a purpose, or a lodestar, which will help you confidently to make judgments and stop you from being pushed around by each last source of pressure. But the flip side of that, and it makes for a nice balance, is that you also need humility to recognize that you may well be wrong and others may have better ideas or judgments. And, finally, you should have recognizable integrity and, because of that, you should also recognize that there may be circumstances in which you should be prepared to resign.
The unspoken thread that has run through all of this presentation is trust:
- Trust from consumers that you are properly protecting their interests.
- Trust from industry that you know what you are doing and know enough about their industry to do it well.
- Trust from government that you are generally sensible and are delivering within their policy framework.
- And a rather amorphous sense from society that you are getting it right.
You cannot command that trust. It grows from everything that you do: from your clarity of purpose; from the expertise you bring and your excellence in delivering outcomes; from transparency which is the way you illustrate, as opposed to assert, your quality; and from your integrity.
And the prize is that trust gives you a background against which you can champion genuinely proportionate risk-based regulation. Conversely, a lack of trust can lead to less constructive industry relationships, more difficulty with government relationships, nervous consumers who may demand more regulation as a consequence, and potentially a less able, motivated staff. So trust is a huge prize, not for itself, but for what it enables you to do. Once you have earned it, the rest is up to you and the continuing expertise of your organization to ensure you remain worthy of it.
And how can you measure this? You achieve essential outcomes. You display the characteristics and culture of an excellent regulator. And you gain broad stakeholder respect.