In November 2019, Professor Jeroen van der Heijden reviewed briefly the book Regulatory Delivery: Introducing the Regulatory Delivery Model, Graham Russell and Christopher Hodges, editors, (2019), Hart Publishing Oxford, 504 pages. This article is the fourth of a series of brief reviews of chapters from that book. The chapter reviews outline the key themes of the chapter, with brief commentary about them in respect to New Zealand experience.

Chapter 16 – Risk based prioritisation – Risk-based prioritisation is one of three practice elements of a ‘Regulatory Delivery Model’ that the authors describe as being useful as a map, a diagnostic tool or a predictive model to guide thinking about regulatory delivery. The model overall is made up of three prerequisites: Accountability (ch 7), Culture (ch 10) and Governance Frameworks (ch 3), and three practices: Outcome Measurement (ch 13), Risk-based Prioritisation (ch 16) and Intervention Choices (ch 20). Each chapter ends with a set of ‘Key Lines of Enquiry’ that can be used to assess the current picture in a regulatory organisation.

The premise of chapter 16 is that a regulatory agency’s task is to manage risks to regulatory outcomes, by reducing their likelihood or their impact. Risk is defined as the combination of the magnitude of the hazard and the likelihood that the hazard will cause harm. A hazard is described as anything that has the potential to cause harm.  Likelihood is discussed is relation to non-compliance with regulatory requirements, but notes that this is not the same as likelihood that a harm will occur.  It discusses the distinction between focussing on likelihood of non-compliance, which may not always cause harm, and focussing on the control of risks associated with non-compliance that will. 

Prioritisation is necessary as regulatory agencies have finite resources and need a structured way of thinking about relative impacts, positive or negative, and comparing them so that efforts are directed in proportion to risk, while making fair and proportionate decisions. Other forms of prioritisation are possible (for example, focussing on businesses that have the highest propensity to change) but may generate criticism that an agency is focussing on trivia, or headline seeking which can undermine confidence in the agency.

The chapter notes that effective regulatory delivery requires assessment of risk at every level.  It suggests there are four distinct levels: priorities between regulatory areas; priorities within a regulatory area; priorities within the regulatory area in respect to which specific businesses or activities should be targeted; and priorities at the individual regulated entity level in respect to exactly where checks should be made.  It notes that the quantification of regulatory risk (at any level) involves carefully combining assessments of both hazard and the likelihood of non-compliance which allows risk ratings to be assigned to help direct resources, for example by determining intervention frequency.

The primary importance of using good quality, relevant information (including data, information and intelligence) to properly assess both hazard and likelihood of non-compliance is emphasised.  It is noted that risk ratings may on the face of it be the same but driven by higher or lower scores in respect to levels of hazard, compared to likelihood of non-compliance.  This means deeper examination is required to drive resource allocation. The chapter notes that risk based approaches that include consideration of the efforts and results of regulated parties’ actions to ensure they comply enable regulators to move beyond assessment of inherent risks, adjust risk ratings and intervene less frequently. Finally, transparency around a regulatory agency’s risk-based approach is identified as a powerful means of enhancing the accountability of the regulator.

This chapter provides significant guidance relating to the effective application of risk-based prioritisation approaches which are at the core of many regulatory agencies’ work in New Zealand. Drawing on the extensive experience and knowledge of the authors[1] it provides a sound discussion of issues to support us in our constant quest for improvement in this area, in support of improved regulatory outcomes.


[1] Graeme Russell, Chief Executive of the Office of Product Safety Standards in the UK Department for Business, Energy and Industrial Strategy and Helen Kirkman, who is responsible for regulatory approaches across that Office

This post was written by Keith Manch, the Chief Executive and Director of Maritime New Zealand. He has worked in the public sector since 1977 and brings extensive leadership experience in a number of policy and operational senior leadership positions in regulation, compliance and response.