TL;DR: Bureaucracy in public institutions is not principally a management pathology. It is the cumulative result of a largely logical process. It is generated by policy and rendered permanent by asymmetric incentives. Nobody decides to create it; nobody is readily positioned to undo it.
We are, in public institutions, hemmed in by a rising tide of bureaucracy that stands between us and the achievement of our missions. It absorbs resource and diverts attention. It damages professional autonomy. This bureaucracy is often attributed, depending on your worldview, either to the impositions of ‘managerialism’ or to an inclination towards ‘liberal correctness’. Both diagnoses mistake symptoms for causes. What we are seeing instead is the autonomous operation of what I will call the bureaucratic escalator.
The bureaucratic escalator is the cumulative translation of policy intent into regulatory condition, compliance machinery and institutional assurance structures, driven forward by asymmetric incentives, and embedding obligations that are progressively harder to unwind. @profserious examines how the escalator works in order to understand how its worst consequences might be mitigated.
I have set out in Something Must be Done how often narrow, albeit worthy, concerns manifest as policy. And then how public institutions are assigned responsibility for realising these policies. It is important to understand that the first step onto the bureaucratic escalator proceeds from a genuine intent to do ‘something’ about a manifest issue. Once stepped onto, however, the escalator progresses regardless of the intentions of those travelling on it.
There is an obvious problem that, if I identify some of these issues now, it will distract from my primary purpose. It will appear as if this article is actually about, in the case of higher education, and as an example, the importance of visa compliance, fit-and-proper persons requirements, prevention of harassment and sexual misconduct, or whatever, and it categorically is not. This is about how bureaucracy arises and takes hold, not through obvious ill intent but through a largely logical and cumulative progression.
So I will call our starting point simply ‘that-issue’ and assume ‘that-issue’ has been subject to a political or policy process yielding a ‘direction’. In the case of a regulated public institution this direction must now be realised as a regulatory condition or provision. It may be accompanied by politically demonstrative penalties for non-compliance. Let us follow the process.
First, specify the condition. The condition must be precise enough to be enforceable, broad enough to cover the range of institutional circumstances, durable enough to survive legal challenge, and sharp enough to answer the political imperative. These requirements pull against each other and thus the drafting process itself generates complexity.
Next, run the consultation. A consultation must be suitably configured and resourced. Individual institutions will need to respond, engaging with each of their stakeholders, internal and external. Groups of institutions and other representative bodies will also need to respond, consulting in turn with their members so as to establish a collective position.
Then respond to the consultation. Even in the common circumstance that the consultation is largely a formality, the regulator must give some account of how the results have been accommodated. This account itself becomes guidance which must be read, interpreted and acted upon.
Build the compliance architecture. The monitoring regime, the escalation procedures, the appeals process, each is a substantial piece of work, independent of the underlying condition. The regulator must design and resource all of it. Institutions must understand and respond to all of it.
Publish and stand behind it. The condition, the guidance, the compliance framework and the penalties must all be made public, in a form that is legally coherent and ideally intelligible. Subsequent investigations, findings and interventions become part of the story, each adding interpretive weight to what the condition means in practice.
Now the regulatory subject must:
Communicate it internally. Not simply circulate a document, but ensure that the right people understand what is now required of them and why. In a complex institution this means identifying who is affected, which is itself non-trivial. A condition touching on, for example, staff-student relationships implicates HR, legal, academic line management, student services, students’ union, and the governing body simultaneously, each of whom will read the same condition differently. Ultimately, of course, all staff and students will need to receive communication that is appropriate to their role.
Set up a policy. Which must be drafted, reviewed by legal counsel, consulted upon internally, approved through governance, published, and version-controlled. The policy must be consistent with existing policies, which may themselves then require revision. Policies have owners, review cycles, and amendment histories.
Set up a process. Which translates the policy into operational reality, establishing who does what, in what order, by when, and with what authority. The process must be documented, tested, and made accessible to those who will operate it. It will interact with other processes, some of which will inevitably need to be modified to accommodate it.
Train the individuals involved. Which means identifying who needs what level of understanding, designing or commissioning appropriate training, delivering it, recording completion, and handling those who have not completed it. Where the condition requires training from those with ‘demonstrable experience’, the institution must either verify that its existing providers qualify or procure new ones, with all that entails.
Resource the function. Which means deciding whether existing staff can absorb the new responsibility, or whether new capacity is required. In practice, the answer is usually the former at the outset but the latter thereafter, as the true scale of the ongoing commitment becomes apparent. At that point, of course, the agenda has moved on and ‘that-issue’ no longer has currency. Nevertheless, the resourcing commitment remains.
Map accountabilities. Which means determining who is responsible for what, and ensuring those responsibilities are formally recorded. In a governed institution this means committee terms of reference, job descriptions, and delegation frameworks may all need amendment. Where the condition attaches personal responsibility to named individuals, as for instance fit-and-proper requirements now do, the mapping must be precise and defensible.
Monitor compliance. On a continuous basis, not merely at the point of implementation. Monitoring requires data, and data requires systems. Where the condition involves staff conduct, student experience or third-party relationships, the monitoring infrastructure may be substantial. The regulator will likely ask for evidence and probably impose their own reporting obligations, with associated data standards that will need to be adopted.
Handle non-compliance. When it arises, through a process that is fair, documented and, again, defensible. Non-compliance may involve students, staff or third parties. Each requires different handling. The process must sit within the institution’s broader disciplinary and grievance frameworks without creating inconsistency or legal exposure.
Quality assure the process. Periodically verifying that what is supposed to happen is actually happening. This is distinct from monitoring compliance with the underlying condition; it is compliance with the compliance process. Audit committees, internal audit functions and external reviewers will all have a stake.
Report for governance. Producing regular assurance to the governing body that the institution is meeting its obligations. Governing bodies are themselves now under greater regulatory scrutiny and will certainly ask questions. The report must be accurate, timely and pitched at the right level of abstraction. Someone must write it and, of course, someone more senior must sign it off.
Revise the process as guidance evolves. Because regulatory guidance is not static, the regulator will inevitably publish clarifications, update guidance, issue sector-level findings from investigations and amend the condition itself. Each revision requires the institution to assess whether its policy, process, training and monitoring remain adequate.
Each of these steps follows from the other and each requires time and effort. Each requires management attention. Each generates forms and processes. Above all each renders collateral process more complex and intertwined, raising the bar for further assurance. The cost this imposes is real but invisible in any account of what the original policy intervention was expected to cost.
An escalator differs from a simple ‘point’ imposition because, once you are on it, it carries you forward regardless of your best intentions and you cannot easily get off or, to stretch the metaphor, walk down the up-escalator. Each of these institutional steps embeds the bureaucracy. The policy exists, and to remove it requires a decision. The process is in place, and to dismantle or disentangle it requires effort and justification. The roles and resources are allocated. The governance report becomes part of the assurance structure. No individual actor made the decision that this was worthwhile, and no individual actor can unwind it. The regulator has no incentive to retire a condition that is being complied with. Compliance is after all, and certainly from their perspective, success. The institution has no incentive to argue for its removal. Doing so signals indifference to ‘that-issue’, which carries its own reputational risk. The escalator moves in one direction.
Whilst there is no mechanism by which the accumulated weight of regulatory compliance can be simply reversed, its worst consequences can be somewhat mitigated by institutions that are willing to act deliberately rather than reactively. Some options follow:
Calibrate your risk appetite. No institution can, or should, aim for identical levels of compliance effort across every condition. The governing body should make explicit, and own, a view about where full and demonstrable compliance is essential, where adequate compliance suffices, and where the institution is willing to be a late adopter and accept the consequences (though disproportionate penalties may skew decision making).
Implement lightly. Learn what the condition actually requires in practice rather than what it appears to require on paper, and build the durable infrastructure only once the shape of the obligation is clear. Regulators tend to be more tolerant of good-faith iterative compliance than institutions assume. The cost of excessive effort at the outset to comply to a specification that turns out to be wrong is rarely counted but is often substantial.
Engage on proportionality. Most regulatory frameworks contain proportionality provisions that institutions rarely invoke explicitly. Make the case for a proportionate implementation, and document that engagement. Pursue collective action through representative bodies where possible.
Impose internal sunset discipline. Regulators will not ask whether a compliance process is still necessary. Every compliance process should be subject to regular review where the question is not ‘is this still operable’ but ‘what would we lose if we stopped’.
Frame correctly. Treat regulatory compliance as a managed obligation, calibrated to risk and proportionate to circumstance. Institutions that can do this consistently, and thereby avoid the inclination to gold plate, tend to implement more efficiently and maintain cleaner compliance functions.
There is, of course, one further mitigation: avoid setting the escalator in motion in the first place. Resist the initial policy imposition by engaging in the political process before the direction is set. Make the case upstream rather than managing the consequences downstream. This carries reputational risk because indifference to ‘that-issue’ is not a comfortable position. It is nevertheless the most effective intervention available, because every subsequent mitigation is damage limitation.
A final word to those who experience all of this as managerial imposition and direct their frustration accordingly. Much of what lands on desks as bureaucracy originated in a political process, passed through a regulatory process, and arrived in the institution because that is where the law and the regulator have placed it. The managers implementing it are, more often than not, doing what they are required to do. If there is a complaint to be made, it properly lies in the domain of politics and regulation rather than with colleagues tasked with implementation.