In the previous contribution to our series on regulation, I argued that England needs new legislation to create a single, unified regulatory system for an expanded higher education sector.
I advocated that this new regulatory system be underpinned by two principles:
1) Regulation be equitably applied (rather than an equally applied level playing field); and
2) Regulators abide by the rule of explain or comply.
This piece examines the approach which new higher education regulation should employ. Specifically, it will consider the merits of uncertainty-based, rather than risk-based, approaches to regulation. Far from being a semantic difference, uncertainty-based regulation represents a meaningfully different approach to risk-based regulation. It involves an escalation of trust between regulators and higher education providers and an investment in human intelligence at the expense of data dependence.
There is tremendous political pressure for all regulation in the public sphere to be risk-based. The concept appears sound enough: regulation should be applied to all, but should target those areas or institutions that pose the greatest risk to consumers, students, patients etc. Risk is quantified and measured by data reported to the regulator.
The Quality Assurance Agency’s 2012 consultation, A Risk-Based Approach to Quality Assurance proposed reducing the number of visits high performing institutions would receive from the QAA. This provided an example of pursuing a risk-based approach to regulation.
Uncertainty-based regulation: intelligence versus data
Professor Roger King, of the University of Bath and Co-Chair of the Higher Education Commission inquiry Regulating the new landscape of higher education, differentiates between uncertainty-based and risk-based regulation. Professor King discusses uncertainly-based regulation, among other regulatory challenges, in a March 2014 paper for the QAA’s Talking About Quality series. Essentially, the differences between uncertainty-based regulation and risk-based regulation may be boiled down to two points:
a) It is the difference between assuring that providers are sufficiently resilient to deal with challenges and trying to predict the future; AND
b) It is the difference between intelligence gathering through ongoing communication and demanding ever-increasing amounts of data.
To illustrate: during the 2002 hearings of the National Commission on Terrorist Attacks Upon the United States on the 11 September 2001 terrorist attacks, the Central Intelligence Agency (CIA) was interrogated about why the CIA had not anticipated Al Qaeda attacking the World Trade Centre with hijacked airplanes.
The CIA’s response was that they had become increasingly dependent on data reporting as a consequence of cutting back on field agents in response to budget cuts. They pursued a risk-based approach to national security. However, during the Commission hearings, the CIA argued it needed people on the ground collecting and processing human intelligence. While data provided information on past behaviour human intelligence could have highlighted areas of exposure or emerging trends and allowed the CIA to adapt and respond. The Commission recommended that:
Rebuilding the analytic and human intelligence collection capabilities of the CIA should be a full-time effort, and the director of the CIA should focus on extending its comparative advantages.
The Commission concluded that data intelligence gave increasing amounts of information on areas the intelligence community was already looking. However human intelligence could have suggested that there are new areas where the CIA needed to look.
According to Professor King, an uncertainty-based approach to regulation does not pretend to predict the future through data, an exercise fraught with pitfalls and doomed to failure over the long run. Because data intelligence can only provide information retrospectively, or past behaviour, it cannot be depended upon to identify future threats. Data can, of course, indicate where there are deviations from the norm and suggest where an institution may start getting into trouble. However, it cannot predict what may happen in the future.
Bouncing back from adversity: resilience
Uncertainly-based regulation does not presume to predict future risk. It is intended to make judgements about an organisation’s or sector’s resilience in uncertain circumstances. Resilience is the ability to bounce-back when faced by changes to environment or circumstances. Resilience is not limited to an organisation’s ability to deal with known risks, “known knowns” or “known unknowns”, which may be measured using data collected through risk-based regulation.
Resilience includes understanding organisational flexibility to recover from the “unknown unknowns”. Uncertainty-based regulation, relying on a balanced mixture of data and human intelligence, can consider the ability of organisations to anticipate and recover from unforeseen threats.
Furthermore: risk, and risk taking, is how innovation occurs – trying new pedagogical approaches or untested research techniques can lead to positive change. They can, of course, also fail, but either way risk can contribute to learning. Risk-based regulation, however, suggests that new approaches represent a regulatory threat. Uncertainty-based regulation is not about avoiding failure, or the possibility of failure, but is about recovering from setbacks. An uncertainty-based approach to regulation should not curtail progress – it should support institutions and the sector.
Finally, taking an uncertainty-based approach, predicated on intelligence gathering and on-going communication between regulator and higher education provider, supports an equitable regulatory regime. The regulator and higher education providers do need to trust one another to some extent, but greater trust can lead to reductions in regulatory intrusion. Low levels of trust will demand greater intelligence gathering and more communication.
But how does one make sure a resilient higher education system? Stephen Jackson, QAA Director of Quality Assurance, described one of the higher education system’s current blind spots to The PIE News; the potential for provision of misleading data by higher education providers:
How can you guard against that sort of criminal behaviour through a peer review process – our methods are just not geared to dealing with those issues… Our process is based on trust…
Uncertainty here is linked to, at best, misleading information and, at worst, blatantly criminal behaviour. Stephen Jackson suggests the solution may be creating statutory powers that let the QAA to more vigorously investigate new providers in England.
It is possible that an uncertainty-based approach to regulation could help overcome the threat of misleading data. In this situation, the concept of resilience applies to the regulator; QAA, using human intelligence gathering tools in combination with intelligent information sharing with sister regulatory organisations, could be flexible enough to deal with new types of higher education providers with different missions from the institutions of the traditional sector. The relationships developed with new providers may start burdensome but could become less so as trust is built between the provider and the regulator.
Uncertainty-based regulation comes with some risks. Human intelligence presumes a role for human judgement and with judgement comes bias. Uncertainty-based regulation, therefore, requires a level of trust of the regulators on the part of higher education providers. Human intelligence gathering requires relationships, not merely data reporting.
While burdensome, data reporting does not involve a significant amount of human interaction. Rebalancing the use of human intelligence and data intelligence may represent a diminished reporting burden on higher education providers, but will providers and regulators be prepared and have the resources to invest the time needed to build the necessarily relationships?
A second question arises about the perspective of uncertainty-based regulation. Should regulators be assessing the resilience of individual higher education providers, taking a starting position of assuring individual institutional health? Or should regulators focus on the resilience of the higher education sector as a whole, assuming failure of individual providers as a natural consequence of increased marketization (as suggested by the 2014 Office of Fair Trading report on the English undergraduate sector) provided the overall sector could deal with displaced students and public needs? Ultimately these may be questions for primary legislation and Parliament to answer.