In my first public outing as the OfS’s interim chief executive I wanted to talk about regulatory burden and institutional autonomy.
Or, if you prefer, “why does your governing body spend so much time on regulatory stuff?”
I know this is a favourite topic for debate.We launched our new OfS strategy in March, and we have been clear that our focus for the next three years will be on quality and standards; and equality of opportunity; and on the enabling regulation needed to make all of that work.
Quality and standards and equality of opportunity rightly get a lot of attention.
But the third part of the strategy – enabling regulation – is equally important even if it might sound less glamorous. That’s the part of the strategy that ensures that the system as a whole works effectively.
Regulatory burden
Our strategic goal in relation to regulatory burden is that:
The OfS minimises the regulatory burden it places on providers, while ensuring action is effective in meeting its goals and regulatory objectives.
That balance is important. Regulation by its nature imposes burden. Regulated entities need to take time to understand the regulatory regime, they need to take action they might not otherwise have taken, and their ability to act as they wish is inhibited.
We should see those things as regulation doing its job. And that matters because students are entitled to regulatory protection as they enter and progress through higher education.
We’ve taken a number of steps to drive down regulatory burden over recent times. We announced in March that we’ve reduced the enhanced monitoring requirements in place across registered providers by 75 per cent. That means we’ve removed 376 separate requirements for additional information or reports.
More recently, we’ve removed the requirement for all providers with an access and participation plan to send us a detailed monitoring return in 2022.
Streamlining communication
We’ve also streamlined how we communicate with institutions. And providers have a direct contact in our core regulation teams. We’ve heard positive feedback from the sector on these changes – but there’s always more to be done and we’re alive to opportunities to look at how regulation creates burden.
Our risk-based approach is important here. This is a legal obligation rather than simply a philosophical choice for us. HERA requires us to regulate in proportion to the risk posed by an individual institution. And our risk-based system means that institutions that are compliant, and so represent low risk, shouldn’t be concerned about our regulation because it’s not likely to be targeted at them.
Institutional autonomy
Our new strategy has one more thing to say about regulatory burden. It says that we will challenge institutions to take purposeful steps to dismantle internal bureaucracy that has accreted over time and is not needed to comply with our regulatory requirements.
This kind of unnecessary institutional bureaucracy is sometimes referred to as “gold plating” – although that idea of adding unnecessary layers to something that is, in itself, necessary doesn’t quite capture the point I want to make.
As we have looked at individual cases, we can see patterns that I think will be familiar to you. Institutions tend to have a well-developed system for moving documents from one committee to the next. Often the same people congregate as a different committee and consider the same documents all over again. And then those documents find their way to the governing body.
But what happens when the OfS looks at all of this from the outside? We can see those documents moving around the institution and lots of effort spent on assurance processes. There are assurance maps of compliance with OfS conditions of registration, compiled by governance teams, pored over by internal auditors and audit committees, before being presented to governing bodies. Governors are told that they can “take assurance” that all is well.
Primary and secondary evidence
If we enquire about an issue relating to, for example, consumer law, an institution will tell us that all is fine and point to this mountain of documentation and process as evidence of that.
But then when we look in detail at the primary evidence – the decisions the institution has made about the information it publishes when it recruits students, or the terms and conditions in its student contract – we start to see issues that suggest non-compliance. The assurance mechanisms have focused on process and not on substantive compliance. It can come as a surprise to an institution when we point this out.
We can also see weaknesses in decision-making processes. For example, schemes of delegation aren’t followed in practice, decision-makers haven’t properly considered the things we would expect, and records of the reasons for decisions are minimal.
Derived and self directed autonomy
So there is a distinction between decisions about substantive matters that are of direct regulatory interest to the OfS, and assurance processes that we’ve not asked you to construct.
In Mike Shattock’s book ‘Managing Good Governance’ he talks about two different conceptions of autonomy: derived autonomy and self-directed autonomy. He says:
… I have argued that universities have a choice between ‘derived autonomy’ where the institution essentially follows funding council policies and transmits funding council formulae direct to subject areas or ‘self-directed autonomy’ where an institution consciously follows an individualistic self-determined strategy.
Mike was writing about a period with a funding council, not a regulator. And his point was that universities could and should choose to make their own decisions about what they prioritised and spent money on, regardless of how the latest HEFCE funding formula worked in practice. That might feel like ancient family history.
But his concept of self-directed autonomy still feels hugely important. My heart sinks when I hear mature institutions expressing uncertainty about whether and how they should respond to a routine letter from the OfS. I wonder what happened to self-directed autonomy. It can sometimes feel that there is a lack of confidence in doing the right things for the right reasons and being prepared to explain that clearly in response to any regulatory enquiry.
Gold plated myths
If we come back to the idea of gold plating, that assumes that the thing being plated is something that should be done in the first place. I want to challenge you to consider whether you need to do some of these things at all. To help you with that, there are three myths I want to burst:
- Myth one: you have to take every OfS letter, request, or document, to your governing body. You don’t. Your governing body can delegate any of those issues to somebody else, provided that delegations are lawful and consistent with your main governing documents.
- Myth two: your schemes of delegation are fit for purpose in the new regulatory environment. They’re not. Or at least, they probably need another careful look. The schemes of delegation we’ve seen recently tend to focus on financial matters – for example how much money the finance director is allowed to spend without asking. They were written for a different world and don’t cover things that the OfS will be interested in – decisions about your free speech code of practice, for example.
- Myth three: your assurance processes are giving you reliable assurance about compliance. They’re not. Or rather, if your assurance processes are in fact a substitute for substantive compliance and good decision-making, they won’t prevent the OfS from finding breaches of conditions of registration if these exist. All of those documents moving round the institution are not going to save you from regulatory criticism in those circumstances.
The benefits of autonomy
In our new strategy we say that we know our goals can only be achieved by working through the higher education providers we regulate. Our role is to incentivise and influence providers to bring about the changes needed to achieve these goals.
I think we all agree that unnecessary regulatory burden could get in the way of that.
I’ve set out today the steps the OfS is taking to minimise regulatory burden and how that fits into our strategy more broadly. But I’ve also challenged you to take this into your own hands.
Your autonomy shouldn’t be a theoretical idea that you mobilise defensively to ward off regulation. It should be a living, active practice that you use to make your own decisions with confidence. So I’m encouraging you to think about whether the idea of self-directed autonomy might be a useful way to think about how you respond to regulation.
This is an edited version of a speech by OfS interim chief executive Susan Lapworth to an AHUA members’ webinar.
The issues highlighted in this piece are more to do with poor governance than institutions having too much internal regulatory burden. I can see the overlap as poor governance does increase the bureaucratic internal workings of an institution, but done right good governance can reduce that burden as alluded to when schemes of delegation are appropriately deployed. What I think needs to be acknowledge is that in a risk based system the risk of getting it wrong for an institution is very high and that is what causes the additional layers of assurance which are put in place. This tension amplified by the language of both the OfS and DfE causes governing bodies to seek these assurances, lest we not forget that the lay members of governing bodies are often bringing their experience of different sectors (e.g. finance, audit, etc.) and apply that to what they wish to see within an institution.
Another key point which needs to be acknowledge is some of what an institution has in place in terms of processes is not just for assurance but also serves a dual purpose for operating. For example the approval processes for new courses aren’t just there to provide assurance but provide a framework in which new provision can be developed, feedback upon and enhanced.
Having effective mechanisms for assurance are important for all institutions, and whilst there is scope to do things better, I would be cautious to embrace this ‘bonfire of red tape’ in its completeness. Removing checks and balances is great until something goes wrong and then the questions are asked about why wasn’t something done. I’ve seen this within institutions where there has been the pursuit of doing things quicker and/or simpler and risks have been materialised. You can also look at other sectors where the removal of internal oversight because the regulator hasn’t required it has led to poor outcomes for the public.
The pendulum does need to swing away from the current approach with the right controls in place but we need to guard against it swinging too far in the other direction.