Table of Contents

  • There is a gap between the level of risk that is aspired to by policy makers and the level that is achievable through regulation. Not all risks can be reduced to zero and tradeoffs in risk reduction measures are inevitable. This publication aims to identify areas for the improvement of risk governance through an analysis of the legal, procedural and practical challenges for risk regulation. Each chapter provides advice on policy steps that governments can take to improve the efficiency and effectiveness of regulatory management arrangements for reducing risks.

  • Greater emphasis on risk-based approaches to the design of regulation and compliance strategies can improve the welfare of citizens by providing better protection from hazards and more efficient services from government. Improvements to risk and regulatory policy are also consistent with the Better Regulation Agenda of most Governments and can reduce costs for business. However, across OECD only a few governments have taken steps towards developing a coherent risk policy framework for managing regulation. For the most part there is little or no central oversight or guidance to ensure that approaches being taken are efficient and effective, adequately account for risk-risk tradeoffs, and/or diffuse the lessons from individual agencies to other parts of government. This chapter argues that central guidance and a review role is necessary if progress is going to be made to improve risk governance systems right across the administration.

  • Because the reduction of risks is a pervasive part of government activity, the management of risks is a primary function embedded in the operations of capable governments. In practical terms, government action provides protection for citizens against myriad risks every day. However, this is clearly being done better for some risks (and in some countries) than for others. Meeting the challenges from new emerging risks is a constant source of pressure on government administrations that can result in reactive regulatory responses. The political consequences of failing to manage risks are significant. Elections can be won or lost on the public estimation of a government’s capacity to manage particular risks, and the choices made at the administrative level about the treatment of risks are also under increasing scrutiny and pressure from interest groups, particularly when viewed retrospectively following a critical event. Governments can only benefit from a better understanding of how to assess, manage and communicate with the public about risks at both the political and the administrative level.

  • The OECD has recognised that applied risk assessment is an important factor in the governance arrangements for regulatory quality systems. In its 2002 report1 the OECD remarked that: Quantitative risk assessment improves the capacity of a government to focus on the most important risks and reduce them at lowest cost while identifying those risks that fall below a threshold justifying government action.

  • Over the last decade risk regulatory concepts have been increasingly utilised in administrative decision making in a wide array of contexts in many different jurisdictions. These concepts have been introduced for different reasons; are regulating administrative power in a range of ways; and are not defined homogeneously. Moreover, these concepts have not gone un-criticised and these criticisms make clear that the use of risk regulatory concepts must be done with care, critical reflection, and an awareness of complexities involved in their use. The complexity of risk regulatory concepts is reflected in the many different legal dimensions of risk regulatory concepts. A study of the interface between risk regulatory concepts and these different legal dimensions highlights the fact that the operation of risk regulatory concepts is not straightforward and is always embedded in a particular cultural and legal context.

  • Public officials are increasingly facing the need to make decisions about policies where future uncertainties are economically significant and unavoidable. Today the issue of risk looms so large that some observers speak of a “risk society”, where problems of “risk distribution” replace those of income distribution which characterised industrial society. The need of clear and consistent principles for dealing with uncertainty is as urgent in the public sector as it was in the private sector a few decades ago. This chapter presents concrete examples of the practical consequences of confused thinking about the principles of decision making under uncertainty, pointing out, for example, the shortcomings of the precautionary principle as a general decision rule. A key element of this chapter is that the theory of decision making under uncertainty provides the appropriate conceptual framework for thinking about uncertain events and their consequences, and thus also for thinking about risk. One limitation of this theory, however, is that it has been developed for structuring the choice problems of an individual decision maker and so does not provide unambiguous advice for group decisions when different stakeholders have different attitudes toward risk. But the methodology is nonetheless helpful without providing formal solutions.

  • During the 1960s and 1970s the theory of decision making under uncertainty became part of the standard curriculum in all leading Business Schools and Economics Departments. Now, pervasive uncertainty has always been the most obvious feature of decision processes in business and in economic policy making. Why did it take so long to develop a general theory of such processes, and what is the contribution of this theory to a more rational approach to real decision problems? The answer to the first part of the question is that no general conceptual approach to decision making under uncertainty was possible until the twin concepts of subjective (or personal) probability and of probabilistic utility were introduced in a clear and logically consistent way, and this did not happen until the late 1940s. Once these concepts were well understood it became possible to develop a theory based on three simple principles. First, the uncertainties present in the situation must be quantified in terms of values called probabilities. Second, the various consequences of the feasible courses of action must be similarly described in terms of utilities. Third, that decision must be taken which is expected, on the basis of the calculated probabilities, to give the greatest utility: any deviation from this rule is liable to lead the decision maker into procedures which are inconsistent.

  • This chapter offers a critical overview of the key elements of risk regulation and governance institutions, regarding risks to health, safety, environment, security, finance, and other areas. It emphasises the challenges for risk regulation of increasing interconnectedness in a multi-risk world, including: the need to assess the joint effects of simultaneous exposure to multiple risks; the increasingly rapid spread of risks across networks; and the ubiquitous ancillary impacts of risk regulation such as riskrisk tradeoffs. The chapter advocates: comprehensive regulatory impact assessment of the full portfolio of impacts of risk reduction efforts; both ex ante (prospective) regulatory impact assessment to inform initial policy decisions, and ex post (retrospective) regulatory impact assessment to inform subsequent policy revisions and to improve ex ante assessment methodologies; evenhanded use of regulatory analysis both to discourage undesirable policy proposals and to encourage desirable policy proposals; greater use of economic incentive instruments in regulation; and better co-ordination and oversight of risk regulation policies across agencies within each government, and across governments internationally.

  • A common set of challenges faced by regulators is to achieve public risk management objectives at lower cost, often by giving greater flexibility to the private sector without sacrificing public health and welfare. In addition to improving existing regulation, challenges increasingly arise from new kinds of risks that seem to evade resolution through traditional forms of regulation. A potentially promising regulatory solution – management-based regulation – may help regulators better address both existing risks and new ones. The underlying concept is to deploy regulatory authority in a way that leverages the private sector’s knowledge about its particular circumstances and engages firms in developing their own internal procedures and monitoring practices that respond to risks. This flexibility also raises the question of whether this regulatory strategy can actually deliver value to society. Empirical evidence indicates that management-based regulations can lead firms to make risk-related behavioural changes and induce positive behavioural change within industry. The purpose of this chapter is to explain where management-based regulation fits within government’s overall policy toolkit and examine the conditions under which management-based regulation is both a viable and superior policy strategy.

  • This chapter identifies key aspects of the risk-based frameworks of eleven regulators in four countries across four sectors: environment, food safety, financial markets and health and safety. Risk-based frameworks contain real choices as to the types and levels of risk the regulator is prepared to tolerate. Risk-based regulation therefore requires regulators to take risks. In practice the risk-based frameworks themselves have risks and a regulator’s risk tolerance is ultimately driven by the political context. The chapter explores how these are addressed. Section 6.1 of this chapter defines risk-based regulation, explores the motivations for its adoption, sets out the main elements of risk-based frameworks, and provides some examples. Section 6.2 explores key questions that arise in practice with respect to each of these elements. Section 6.3 examines some of the main issues and challenges which have arisen in implementation. Finally, Section 6.4 discusses the evaluation of risk-based frameworks and identifies lessons learned.

  • The research was conducted during a six-week period from mid-September to end- October 2008. The project explored some of the risk-based frameworks used by regulators in the environmental, food and financial services sectors in a number of countries. The purpose of the research was to draw on examples of risk-based frameworks in development and use, not to perform a systematic survey of their state of development. Desk-based research was conducted with respect to food, environmental and financial services regulators in the UK, Ireland, the Netherlands and Australia, and occupational health and safety in the UK and the Netherlands. In addition, interviews were conducted with one or more officials from each of the regulators listed below. Others were contacted, but it was not possible to arrange interviews within the time constraints. All interviews were conducted on a semi-structured basis, using the questionnaire in Annex 6.A2. Interviews lasted between 1-1.5 hours; contemporaneous notes were taken and written up immediately after each interview.

  • APRA was formed in 1998. It is responsible for the prudential regulation of deposit taking institutions, general and life insurers, and much of the superannuation (pension) industry, and is responsible for their financial soundness (prudential regulation). Its counterpart, the Australian Securities and Investments Commission, regulates securities business, superannuation funds and insurance, and is responsible largely for regulating the manner in which those firms conduct their business. APRA introduced a risk-based approach to supervision in 1999. A new framework was introduced in 2003-04, the Probability and Impact Rating System (PAIRS) and the Supervisory and Oversight Response System (SOARS). PAIRS has been subsequently refined, the latest refinements being introduced in 2008.

  • Regulation can be a key tool to help governments manage risks. The financial crisis has reinforced concern that governments have not done enough to integrate risk management into the design and management of regulations and the functions of regulatory bodies. Formal guidelines for risk prioritisation, assessment, management, and communication may help governments cope with this regulatory governance gap. Themes that should be addressed in such guidelines include optimal risk taking, processes for preparing formal risk assessment reports, the analytic treatment of scientific uncertainty about risk, ranking risks and risk-reduction opportunities, precaution and the value of information, ancillary risks and benefits, transparency of governmental procedures, cross-department co-ordination, public/stakeholder participation and capacity building. The governments of Canada, the USA and the UK as well as the European Commission have already moved in this direction with formal policy statements on risk.