Consumer standards one year on: what impact is the regulatory regime having?
The way registered providers are conducting business has changed, but more guidance is needed on this new way of working, says Victoria Jardine, partner and head of housing governance at law firm Anthony Collins
Twelve months on from the introduction of the social housing regulator’s new regime, there is reflection across the sector as to how it’s changed the way registered providers conduct business and engage with their customers.
For a start, local authority registered providers find themselves subject to direct regulation for the first time, and now have to get to grips with consumer standards, tenant satisfaction measures (TSMs), regulatory returns, inspections and a grading system. It’s been a steep learning curve.
While this has been reflected in numerous C3 and C4 gradings, we’ve also seen some of these providers attain the highest levels of tenant satisfaction and consumer grades.
READ MORE
Most private registered providers used to complying with the regulatory standards and – for large providers with more than 1,000 homes – the previous in-depth assessment regime, seemed able to segue into the new regime, submitting their TSM data and compliance assessment against the consumer standards when required.
This played out in the majority of consumer gradings being awarded to private registered providers being C1s and C2s.
What has been more difficult for registered providers of all types is navigating the change in expectations around engagement with the regulator. The serious detriment test previously limited the regulator’s capacity to investigate and take action in cases of breaches of the consumer standards. Its removal gives the regulator a far broader mandate.
Both the Governance and Financial Viability Standard and the Transparency, Influence and Accountability Standard now contain positive obligations for a registered provider to “communicate in a timely manner with the regulator on all material issues that relate to non-compliance or potential non-compliance” with the regulatory standards.
“What has been more difficult for many registered providers of all types is navigating the change in expectations around engagement with the regulator”
The regulator has published guidance on how it will assess whether an issue is “material” or not, but an individual registered provider still has to decide whether that threshold has been crossed and whether it needs to notify the regulator in the first place.
As for what a “timely manner” means, there is no guidance on that at present, which is leading to wide disparities as to what to self-refer about and when to do so. Some registered providers take an extremely cautious view, which could cause them to over-report, while others remain reluctant to contact the regulator in even very serious situations.
A lack of clarity over what is a breach and what isn’t contributes to this. Even once a breach or its potential has been diagnosed, there can be a secondary breach of the Governance and Financial Viability Standard if there’s a breach of “relevant law”, or because it fails to safeguard the reputation of the registered provider and thereby the sector more generally, or because it highlights weaknesses in the effectiveness of its risk management and internal controls assurance framework.
The sheer scope for breach has increased very significantly in the past 12 months. It’s only a slight exaggeration to say that anything that goes wrong in a registered provider’s business could represent a notifiable breach or potential breach, and should be treated as such, at least until investigations prove otherwise.
The vast majority of breaches and investigations stem from data issues, whether it’s missing, incomplete, incorrect or outdated. Poorly stored data may be either inaccessible or too easily accessed by the wrong people, and misinterpreted or misapplied data can lead to critical mistakes or, worse, it may be completely overlooked or ignored. What data registered providers hold and how they use it are absolutely critical to comply with the regulatory standards.
The regulator will be interested in how organisations decide when to self-refer and, equally importantly, when not to. Registered providers need to have an agreed approach to identifying breaches, and a process for assessing whether they need to be brought to the regulator’s attention.
“The vast majority of breaches and investigations stem from data issues, whether it’s missing, incomplete, incorrect or outdated”
Consistency is important, as well as taking a broad view; an issue that wasn’t material last year may be sensitive now, because of changes to the sector environment. Conversely, an issue that does not currently pass the materiality test may do so if read in conjunction with other ‘near misses’ over a specific timeframe.
It’s important to be aware of what others are doing. Many organisations understandably prefer not to air their dirty laundry in public, but external support is available and comes with the benefit of experience of advising many organisations in similar situations.
The co-regulatory system depends on transparency and trust. The regulator needs assurance that registered providers are managing breaches appropriately, learning from them and strengthening their systems and processes.
Boards need assurance they have systems and processes in place to identify breaches and understand what to do with them.
Those whose job it is to give this assurance can draw comfort that the ‘compliance map’ is evolving continually, no organisation is following it perfectly yet and, as a sector, we travel the road together.
Victoria Jardine, partner and head of housing governance, Anthony Collins
Sign up for our regulation and legal newsletter
Already have an account? Click here to manage your newsletters
