One of the features of much of the debate over universities around mental health, sexual misconduct and different types of harassment is harm, and the idea that a university might be directly or indirectly causing it.
So it’s interesting to consider how the wider regulatory environment attempts to ensure that students don’t come to harm, and how those with responsibility for students are held to account if they fail in any reasonable duty to prevent or investigate it – not least because so many universities are keen to promote themselves as environments of safety where students will be protected.
It’s also interesting to think about what’s now becoming the standard OfS press quote when there’s another story of something going wrong in a university involving students and harm. “We will intervene in serious examples of universities failing to address these issues seriously”, says CEO Nicola Dndridge each time. Yes, but on what basis? And how would you know?
It’s your union
If you’re a students’ union in a mainstream university in England or Wales, you’re regulated directly by the Charity Commission – which has a strategic aim to ensure that charities take reasonable steps to protect their beneficiaries (ie students), and others who come into contact with the SU from harm.
The commission expects SUs to make sure all trustees, employees, volunteers and students to know about safeguarding and people protection; have appropriate policies and procedures in place; know to spot and refer or report concerns; have a clear system of referring or reporting to relevant organisations; set out risks and how they will manage them in a risk register which is regularly reviewed; and be quick to respond to concerns and carry out appropriate investigations. Fair enough.
Those risks can be broad. SUs are expected to be alert to the risks of sexual harassment, abuse and exploitation; negligent treatment; physical or emotional abuse; bullying or harassment; extremism and radicalisation; discrimination on any of the grounds in the Equality Act 2010; and the potential of abuse of trust. They should have safeguarding policies and procedures to these ends which are reviewed at least once a year; available to the public; and communicated to all students.
The commission also requires SUs to report “serious incidents”. If one takes place “within” the SU (and that doesn’t necessarily mean in their “building” or “offices”), it is important that there is “prompt, full and frank disclosure to the commission”. SUs have to report what happened and, importantly, let the commission know how they are dealing with it, even if they have also reported it to the police, the university or another regulator.
The definition of serious incident is quite broad. The commission defines it as an adverse event, whether actual or alleged, which results in or risks significant harm to the union’s student members, staff, or others who come into contact with the SU through its work; loss of the SU’s money or assets; damage to the SUs property; or harm to the SUs work or reputation. It’s potentially onerous given the size and scope of SUs and coverage across the activities of things like student societies, but it’s undoubtedly in the student interest.
These powers are important, and can be quite impactful. You only have to look at the commission’s list of inquiry reports to see regular failures identified on the safeguarding of beneficiaries, and regulatory decisions that require improvement when it comes to the management and governance of prevention and incident handling.
In the charity world, there is much discussion on the balance between reputational and beneficiary risk, with suggestions that Oxfam and other aid organisations covered up some of their recent safeguarding failures because of fears they would negatively impact upon reputation. This charge of “cover up” is a frequent feature of student victims’ critiques of universities when there are cases. So what’s in place across universities to ensure the balance is appropriate?
It’s your university
For universities in England, we’ve noted before that neither the OfS regulatory framework nor the UK quality code directly mention safeguarding or student harm, and are notably silent on what the Australian equivalent would call issues in the “learning environment” like “wellbeing and safety”. So right now the only way to deliver on the Nicola Dandridge promise would be tackle the issue through the governance and management duties that charities have in general.
Most universities are exempt (from registration) charities, and the commission does not expect these charities to report serious incidents to it directly. The idea is that they should instead understand and comply with any requirements to report to their “principal regulator” – OfS in England or HEFCW in Wales. Where the principal regulator does not have the power it needs to address abuse or wrongdoing or harm (and it’s not clear that in the context of mental health, sexual misconduct or harassment that it does), it is then responsible for referring concerns to the commission, which then considers whether regulatory action is needed.
For that to work OfS would have to be collecting incident reports relating to harm in the first place, and back in the HEFCE days there was officially a serious incident reporting regime that largely mirrored the commission’s. But to reduce regulatory burden OfS hasn’t replicated that approach, and whilst the OfS-Charity Commission “Memorandum of Understanding” mentions the duty of charities to report serious incidents, it cross-refers to the duty to notify OfS of “reportable events” in line with the regulatory framework – noting that OfS will forward details about reports it gets to the commission on an annual basis.
That would be fine if “reportable incidents” included stuff on mental health, sexual misconduct or harassment – but it doesn’t. Its “non exhaustive” list includes things like mergers, material changes in business models, opening a new campus and “material adverse financial changes”. Which are… different.
HEFCW isn’t much better. Its only mentions of “serious incidents” are largely confined to the Prevent duty, and the HEFCW-CC MOU only cross-refers to “serious weaknesses” – defined as something which has “resulted in, or could result in, a significant loss of funds or a significant risk to an institution’s property, work, beneficiaries or reputation” – about as vague as it gets.
This is all obviously a problem. No one is suggesting that student harm reduction in the mental health, sexual misconduct or harassment spaces should be prescriptive, or anything other than risk and context based. But the lack of regulation around this kind of risk reduction, and the absence of meaningful reporting duties on universities when an incident takes place, represents another huge hole in the regulatory bucket – made all the more preposterous when compared to the duties on SUs.
If we expect SUs to make sure that people know about safeguarding and people protection, have appropriate policies, know to spot and refer concerns, and have a system of referring or reporting and manage risks properly, we should expect that of universities too. Or to put it another way – if a sports club is involved in initiations, or a staff member is found guilty of harassment, why are we only gathering that information if the issues are in the SU rather than the university?
The reality is that when you do the comparison, we only have two choices. You can either exempt SUs from these duties, or instead place universities under them. I know what sounds more like the “student interest”.