Regulatory Risk Differentiation

8/10/2019 Regulatory Risk Differentiation

1/10

Regulatory risk differentiation

From Wikipedia, the free encyclopediaJump to: navigation , search

*Regulatory risk differentiation* the process used by a regulatoryauthority (the regulator) to systemicallytreat entities differently based on the regulator's assessment of therisks of the entity's non-compliance.

Regulators can include law enforcement agencies, while the word entitiesapplies to all those under the authority of the regulator in mostcases ranging from individuals to companies to synthetic entities tomultinationals operating within the regulator's jurisdiction.

The process requires the regulator to directly link a robust riskassessment to a suggested regulatory response(e.g. financial penalties, criminal imprisonment). Regulatory riskdifferentiation is also referred to as *the Compliance Model* in someregulatory agencies .^[1] See for example the Australian Prudential RegulatoryAuthority riskdifferentiation approach known as: PAIRS^[2] / SOARS.^[3]

PAIRS is the Probability And Impact Rating System, whileSOARS is the Supervisory Oversight And Response System.

Contents

[hide ]

* 1 Alternative compliance models o 1.1 Dualistic model o 1.2 Compliance continuum o 1.3 Compliance pyramid o 1.4 Risk bow-tie diagram

* 2 What happens when the law is uncertain? * 3 Risk matrix mapping risk differentiation framework * 4 Use of the regulatory risk differentiation approach, including awards * 5 References

Alternative compliance models[edit ]

Dualistic model[edit ]

The simplest compliance model is a regulatory framework or model knownas dualistic , where the regulator reacts to anentity's behaviours depending on whether the behaviour is seen as eitherright or wrong. This is also known as a black and white response, and isoften used for strict liability offences in


2/10

law.^[4]

Compliance continuum[edit ]

It is a significant improvement to shift to a *compliance continuum* (orspectrum), where the regulator reacts to a spectrum of compliancebehaviours. The Australian Customs Office applies a compliancecontinuum.^[5] ^[6] ^[7]

Compliance pyramid[edit ]

When the reaction of the regulator is tied to the behaviour, it is knownas a *responsive compliance model*. The responsive compliance model wassuggested by Ian Ayres and John Braithwaite in their book "ResponsiveRegulation: Transcending the deregulation debate"^[8] which built on earlier work by John Scholz .^[9]

The Ayres and Braithwaite compliance model was elegantly represented asa *compliance pyramid*.^[10]

Alternative compliance models

The shape of the compliance pyramid indicates:

* the number of clients that might be found at each level in the model, * the hierarchical and escalating nature of regulatory engagement, and * the increasing focus towards the apex on the small minority who

appear to deliberately seek to contravene the system.

The choice of remedy (e.g. financial penalties, criminal imprisonment)imposed by the regulator becomes increasingly severe higher up thepyramid with the view of creating an incentive for entities to movetowards more compliant behaviours. The Australian Taxation Office (ATO)uses a compliance pyramid.^[11]

In the mid-1990s the ATO's Cash Economy Project further developed theircompliance pyramid. An entity's apparent motivation for compliance ornon-compliance, based on evidence (known as their motivational posture),was explicitly coupled to a suggested response.^[12]

Compliance model used by ATO The ATO Compliance Model

In this version of the compliance pyramid, four broad categories ofclient (called archetypes) were defined by their underlying motivationalpostures:

* The disengaged clients who have decided not to comply, * The resistant clients who don't want to comply,


3/10

* The captured clients who try to comply, but don't always succeed, and * The accommodating clients who are willing to do the right thing.

This approach has been widely adopted, particularly within Australia.Several other regulators have similar approaches. It is also describedas the Enforcement Pyramid by some regulators although enforcement isonly one of the compliance strategies implicit in the model.^[13]

The strength of the model is the regulator being seen to apply the rightremedy to the right situation, by taking an entity's apparent motivation(including their efforts to comply) into account. See for example JuliaBlack's paper: "'Chancer', 'Failure' or 'Trier'? RegulatoryConversations and the Construction of Identities" July 2008^[14] or "The ATO Compliance Model in Action: A Case Study ofBuilding and Construction by Neal Shover, Jenny Job and AnneCarroll"^[15] and "Reducing the risk of policy failure:challenges for regulatory compliance"^[16]

In the OECD paper "Reducing the Risk to Policy Failure: Challenges forRegulatory Compliance"^[17] the regulatory responseswere distilled down to ensuring that clients were *ready, willing andable* to comply.

* Ready > Clients who know what compliance is > Knowledge constraint > Educate and Exemplify * Willing > Clients who want to comply > Attitudinal constraint > Engage, Encourage, Enforce * Able > Clients who are able to comply > Capability contraint > Enable and Empower

A similar framework is used in the UK Pension Regulator approach.^[18]

Risk bow-tie diagram[edit

]

Another way of looking at this is as a risk *bow-tie*. See bow tiediagrams in risk management

Generic Tax Compliance Risk Bow-Tie developed by Stuart Hamilton fromthe ATO Generic Tax Compliance Risk Bow-Tie used by the ATO

.

Organisations in oil and gas, mining, aviation, industrials and finance

have had success using bowties.^[19] ^[20]

These compliance enhancement strategies fit into a standard structure:

* deter, (educate, exemplify, engage, encourage, enable, empower) * detect, (using quantitative and qualitative intelligence) and * deal with (educate, exemplify, engage, encourage, enable, empower, enforce)^[21] ^[22]


4/10

What happens when the law is uncertain?[edit ]

Some commentators do not believe that the compliance pyramid applieswhen legitimate differences of views exist as to compliantbehaviour.^[23] Regulators all need to establish theirpositions in this situation, but it is clear that some regulators dostill apply the compliance pyramid when the law is uncertain.^[24]

Risk matrix mapping risk differentiation framework[edit ]

*Explicitly considering the likelihood and consequence of the risk ofregulatory non-compliance*

Some regulators vary regulatory risk differentiation approaches bymapping suggested remedies to an entity's perceived risk of non-compliance. This approach has been usedby the Australian Prudential Regulatory Authority, the AustralianTaxation Office and the UK Pension Regulator^[25] ^[26] ^[27]

Explicitly considering the likelihood and consequences of an entitypossibly breaking a law is a requirement of the UK Statutory Code ofPractice for Regulators^[28] which emerged from the 2005Hampton Report "Reducing administrative burdens effective inspection and enforcement".^[29] The laterMacrory Review "Regulatory Justice making sanctions effective"^[30] effectively codifies the Ayres and BraithwaiteCompliance Pyramid into the UK Regulatory Enforcement and Sanctions Act2008.^[31]

In these compliance models the possibility of entities breaking a lawhas both a likelihood of occurrence and a consequence of occurrence,known as a 'risk event'. Considering entities' likelihood of not

complying and the consequences of their not complying usually provides a'power distribution'^[32] of a few large consequence orhigher likelihood clients and many more lower consequence/likelihood ones.

This can be represented as a scatter plot on a riskmatrix, as shown in the diagram to the right.

Scatterplot of likelihood and consequences of entities breaking a lawScatterplot of ratings of risk of entities breaking a law

The scatterplot risk matrix to the left shows that most entities are

compliant most of the time in other words, assessed as both lowerconsequence and lower likelihood of their not complying with the law.

From a risk management perspective the regulatorhas a more significant interest in higher consequence clients or eventsthan lower consequence. The next two diagrams build on the scatterplotdiagram to the left.

Overlaying detection strategies onto risk matrix


5/10


6/10

paper 'New dimensions in regulatory compliance'^[37]

References[edit ]

1. *Jump up ^ * See for example http://www.acir.gov.au/provider/business/audits/ncp/our-compliance-model.jsp2. *Jump up ^ * http://www.apra.gov.au/adi/Documents/cfdocs/PAIRS_112010_ex.pdf3. *Jump up ^ * http://www.apra.gov.au/adi/Documents/cfdocs/SOARS_112010_ex.pdf4. *Jump up ^ * Strict liability 5. *Jump up ^ * See for example the Customs Compliance Continuum @ http://www.customs.gov.au/webdata/resources/files/FS_CustomsCompliance.pdf or http://www.customs.gov.au/webdata/resources/files/ComplianceContinuumv03.pdf or http://www3.sympatico.ca/d.kerr/contin.htm6. *Jump up ^ * See for example "Explaining the U.S. Income Tax Compliance Continuum" by Brian Erard (Carleton University Department of Economics) and Chih-Chin Ho (U.S. Internal Revenue Service )in the 'eJournal of Tax Research, Vol. 1, No. 2' @

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=6439427. *Jump up ^ * See Page 2 of STATE OF NEW YORK, DEPARTMENT OF TAXATION AND FINANCE, Strategic Plan 2007/09 @ http://www.tax.ny.gov/pdf/strategic_plan/strategic_plan_2007_09.pdf8. *Jump up ^ * Ayres, Ian and John Braithwaite (1992) "Responsive Regulation: Transcending the deregulation debate". New York: Oxford University Press 9. *Jump up ^ * J.T. Scholz, "Cooperation, Deterrence and the Ecology of Regulatory Enforcement" (1984) 18 Law & Soc. Rev. 179; J.T. Scholz, "Voluntary Compliance and Regulatory Enforcement" (1984) 6 Law & Pol. 385.10. *Jump up ^ * Ayres, Ian and John Braithwaite (1992) "Responsive Regulation: Transcending the deregulation debate". New

York: Oxford University Press. Page 35. It was earlier described by John Braithwaite in "To punish or persuade", State University of New York , 1985, at page 142. The model's evolution over time is tracked in a paper by John and Valerie Braithwaite in "An Evolving Compliance Model for Tax Enforcement" .11. *Jump up ^ * See for example 'Law & Policy', Volume 29, Issue 1, January 200712. *Jump up ^ * Improving Tax Compliance in the Cash Economy, Second Report, ATO Cash Economy Task Force, 1998, Page 58 13. *Jump up ^ * See Australian Medicare Compliance http://www.medicareaustralia.gov.au/resources/national_compliance/national_c

ompliance_program_2007-08.pdf National Compliance Program, 200708, Medicare Australia or page 31 of http://www.hm-treasury.gov.uk/media/2/0/odonnell_ch2_497.pdf or Page 33 of http://ec.europa.eu/taxation_customs/resources/documents/taxation/tax_cooperation/gen_overview/Risk_Management_Guide_for_tax_administrations_en.pdf14. *Jump up ^ * http://www.cardiff.ac.uk/chri/research/cnic/J%20Black%20CNIC%20Paper.doc Archived


7/10

June 5, 2011 at the Wayback Machine 15. *Jump up ^ * http://demgov.anu.edu.au/papers/ShoverEtal2003TD(8).pdf16. *Jump up ^ * OECD 2000, http://www.oecd.org/dataoecd/48/54/1910833.pdf17. *Jump up ^ * See Box 2 page 12 in "Reducing the Risk to Policy Failure: Challenges for Regulatory Compliance," OECD, 2000 @ http://www.oecd.org/dataoecd/48/54/1910833.pdf18. *Jump up ^ * See pages 8 onward in the 2012-15 Corporate Plan @ http://www.thepensionsregulator.gov.uk/docs/corporate-plan-2012-2015.pdf19. *Jump up ^ * RPS HSE & Risk Management - BowtieXP 20. *Jump up ^ * Risk Bow Ties: Originally conceived of in the late 1970s by the University of Queensland and then brought to the fore by Shell after the Piper Alpha disaster. Now a widespread risk approach the 'bow-tie' usefully shows the 'paths' by which a risk event can occur, where preventative or deterrent controls are used, the event itself and detective controls and the consequence paths and restorative controls. http://www.bowtiepro.com/bowtie_history.asp21. *Jump up ^ * See for example page 47 of "Development

of risk and intelligence systems" @ http://www.itdweb.org/documents/SGATAR-NZ-Risk%20and%20Intel%20v1.0%20061102.ppt22. *Jump up ^ * See for example page 23 of "Large Business and tax compliance" @ http://ato.gov.au/content/downloads/bus33802nat8675062010.pdf and the Commissioners Speech "Do you see what I see" @ http://ato.gov.au/corporate/content.asp?doc=/content/00228656.htm23. *Jump up ^ * See for example: Mark Burton's detailed paper "Responsive Regulation and the Uncertainty of Tax Law Time to Reconsider the Commissioner's Model of Cooperative Compliance?" @ http://www.atax.unsw.edu.au/ejtr/content/issues/previous/paper4_v5n1.pdf,

eJournal of Tax Research, Volume 5, Number 1 July 200724. *Jump up ^ * See for example the Large business and tax compliance booklet @ http://www.ato.gov.au/corporate/content.aspx?doc=/content/33802.htm25. *Jump up ^ * See for example "Supervisory Oversight And Response System" @ http://www.apra.gov.au/adi/Documents/cfdocs/SOARS_112010_ex.pdf26. *Jump up ^ * See for example "Developing an enhanced relationship achieving voluntary compliance and minimising costs to clients" @ http://www.ato.gov.au/taxprofessionals/content.asp?doc=/content/00187285.htm&pc=001/001/001/002/002&mnu=4068&mfp=001/005&st=&cy=127. *Jump up ^ * See for example pages 8 on in the UK

Pension Regulator 2012-15 Corporate plan @ http://www.thepensionsregulator.gov.uk/docs/corporate-plan-2012-2015.pdf28. *Jump up ^ * The UK Statutory Code of Practice for Regulators is available @ http://www.berr.gov.uk/files/file45019.pdf29. *Jump up ^ * The Hampton report is available @ http://www.berr.gov.uk/files/file22988.pdf30. *Jump up ^ * The Macrory Review is available @ http://www.bis.gov.uk/files/file44593.pdf31. *Jump up ^ * The UK Regulatory Enforcement and Sanctions Act 2008 is available @


8/10

http://www.legislation.gov.uk/ukpga/2008/13/pdfs/ukpga_20080013_en.pdf32. *Jump up ^ * See for example "Power laws, Pareto distributions and Zipf's law" by M. Newman, 2006 @ http://arxiv.org/abs/cond-mat/0412004v333. *Jump up ^ * http://www.thepensionsregulator.gov.uk - note that the page is cached so you will need to search on the site for 'better regulation award 2011'34. *Jump up ^ * Do you see what I see? 35. *Jump up ^ * http://www.ato.gov.au/content/downloads/bus33802nat8675062010.pdf36. *Jump up ^ * Comcover Awards for Excellence - Department of Finance and Deregulation 37. *Jump up ^ * [1]

Retrieved from"http://en.wikipedia.org/w/index.php?title=Regulatory_risk_differentiation&oldid=621231997"

Categories :

* Regulatory compliance

Navigation menu

Personal tools

* Create account

* Log in

Namespaces

* Article * Talk

Variants

Views

* Read * Edit * View history

More


9/10

Search

Navigation

* Main page * Contents * Featured content * Current events * Random article * Donate to Wikipedia * Wikimedia Shop

Interaction

* Help * About Wikipedia

* Community portal * Recent changes * Contact page

Tools

* What links here * Related changes * Upload file * Special pages

* Permanent link * Page information * Wikidata item * Cite this page

Print/export

* Create a book

* Download as PDF * Printable version

Languages


10/10

* Deutsch * Bahasa Indonesia * Nederlands * * Portugus * Svenska *

Edit links

* This page was last modified on 14 August 2014 at 16:43. * Text is available under the Creative Commons Attribution-ShareAlike License ; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy . Wikipedia is a registered trademark of the Wikimedia Foundation, Inc. , a non-profit organization.

* Privacy policy * About Wikipedia * Disclaimers * Contact Wikipedia * Developers * Mobile view

* Wikimedia Foundation * Powered by MediaWiki