Regulators should base their regulatory activities on risk
Regulators should take an evidence based approach to determining the priority risks in their area of responsibility, and should allocate resources where they would be most effective in addressing those priority risks.
Regulators should consider risk at every stage of their decision-making processes, including choosing the most appropriate type of intervention or way of working with those regulated; targeting checks on compliance; and when taking enforcement action.
Regulators designing a risk assessment framework, for their own use or for use by others, should have mechanisms in place to consult on the design with those affected, and to review it regularly.
Regulators, in making their assessment of risk, should recognise the compliance record of those they regulate, including using earned recognition approaches and should consider all available and relevant data on compliance, including evidence of relevant external verification.
Regulators should review the effectiveness of their chosen regulatory activities in delivering the desired outcomes and make any necessary adjustments accordingly.
Core Learning Resources