In the last few decades there has been a paradigm shift towards risk-based regulators and regulation.
In the traditional model regulators identify the public harm, conduct an assessment, and come up with prescriptive treatments (rules) that industry is expected to adhere to.
Adhering to these rules is what compliance has meant and still does in many sectors but that is changing.
Regulators in high-risk sectors are modernizing their approaches to better contend with uncertainty.
They are transitioning towards being a risk-based regulator. If you want to learn more on this, I recommend you read the work by Malcolm Sparrow.
Risk-based regulators understand that industry is closer to the risk specifically with respect to determining how best to handle them.
In this new model, regulators establish performance and outcome-based obligations for industry to achieve and advance.
This requires organizations take on more of the risk function, defining treatment, and monitoring to satisfy the obligations.
This also means organizations must be proactive if they expect to meet obligations that arise from risk-based regulation. They need to set goals, define objectives, and make progress towards specified outcomes.
To manage this shift, compliance must be more than procedural, it must now become operational.
Kommentarer