Regulators that receive high volumes of complaints from the community or stakeholders can become overburdened by the management of those complaints.
Sometimes, well-meaning complaints officers (chosen for that quality) get very bogged down trying to solve the complainant’s problem whilst the complaints keep rolling in.
Having a strong focus on “service” will often encourage processes that result in many complaints not being closed until there is a resolution to the satisfaction of the complainant.
This can become burdensome, as almost all complaints may seem worthy of letters seeking information, as well as responses from the regulated entity that has been complained about. This means a regulator can wind up using a high proportion of its resources responding to complaints for fear of being accused of doing nothing.
With no time or capacity to get on the front foot and proactively audit or monitor the regulated community, the regulator slowly becomes submerged in unresolved complaints whilst its regulated community is alleged to be out of control.
Change from the top
How does a regulator break this type of reactive culture, gain control over the use of its resources and the exercise of its regulatory responsibilities?
Major cultural change must come from the top. Taking a step back and finding the time to go back to basics is essential. What are we here for? What is our regulatory framework? What is important?
The risk-based approach to regulating, executed correctly, enables a regulator to clearly understand the relative risks they are trying to regulate. Taking stock of the regulatory framework is essential. Spending the time to properly consider the risks that exist by reference to relevant legislation is one key factor. Another is understanding the regulatory tools that are available to respond to risk. With these tools, a regulator has the beginnings of a risk-based framework.
What benefit can this framework deliver? Primarily, the realisation that the regulator does not need to respond to all alleged non-compliances. Forbearance is readily justifiable if the regulator can demonstrate that the non-compliance complained of is low risk relative to other potential or actual non-compliances that may occur in the regulated sector.
It may be that the highest risk non-compliances that are occurring are non-compliances that are not the subject of complaints.
For example, regulated entities that are behaving dishonestly, or taking advantage of unsuspecting consumers for commercial gain, may be so sophisticated that their breaches go undetected and are not raised in complaints. If the regulator is bogged down in responding to complaints, high-risk, egregious breaches can occur for months or years with little or no regulatory intervention.
Drawing the line
Understanding what not to respond to can be as important as understanding what to respond to. The no further action response option won’t actually mean the regulator does nothing. The likely steps will be to:
- Record the complaint. Effective data collection should ensure that multiple complaints against the same regulated entity about low risk non-compliances will be recognised and acted on when a specified threshold has been reached;
- Communicate with the complainant clearly about why no specific action will be taken justifying the response and managing expectations early. This should include consistent messages in external publications, and;
- Based on the data collected, communicate with the regulated community through reporting and education with a view to seeking voluntary compliance.
Reducing regulatory burden
An effective risk-based compliance model will not only allow the regulator to focus its attention and resources on relatively high risk non-compliances, but it should reduce the regulatory burden on the regulated community by minimising time spent responding to complaints about relatively trivial matters.