Skip to main content

Blog headeriii

Assessing risk: what’s the best way to identify risks to public protection and public confidence through the performance review process?


How does a regulator make sure their registrants continue to be fit to practise?

What steps do regulators take to quality-assure education and training programmes?

Has the time it takes for a regulator to deal with a complaint about a potentially risky registrant increased?

We explore questions like these (and many more) when we assess the performance of the regulators. We publish a report for each regulator every year on a rolling basis. This process helps us to protect the public by identifying issues and making sure that the regulators can act to sort them out. It helps them improve – through this process we can identify strengths and areas for improvement and recommend changes.

In this blog we are focusing more on how we assess risk as part of our performance reviews and whether there are other (better) ways to do it. This is one of the reasons why we are consulting on our approach to reviewing the regulators’ performance and asking for your feedback.

What is the performance review?

The performance review is essentially our check on how the 10 health and social care regulators are working to protect the public, but can it be improved? Are there other ways to identify risk in our performance reviews and assess how the regulators are managing risk?

How performance reviews currently assess risk

There are two main ways that the current performance review process contributes to our ability to identify and act on risks.

Our yearly check on how well each regulator is meeting our Standards of Good Regulation

Each year we pore over hundreds of pieces of information about each regulator. This includes statistics, Council papers, annual reports, fitness to practise data, their websites, feedback from stakeholders and members of the public. We analyse all this information to see what it tells us about how each regulator is performing. If it points to any problems, we will go back to a regulator to ask for more details and, when we consider it necessary, we will carry out audits before we make a final decision. We will then publish our performance review report. The Standards of Good Regulation encompass the regulators’ four core functions: setting standards and guidance; education and training; registration; and dealing with concerns and complaints about professionals on their register – the fitness to practise process.

We know that if things go wrong, it can impact people who use health and social care services. For example, if there’s an issue with a regulator’s registration process, it could mean that a professional is added to the register without the right qualifications. Or if there’s a problem with how the regulators oversee education and training, it could mean that students aren’t receiving the right education to equip them to work safely once they’ve qualified. And if there’s a problem with a fitness to practise procedure, it could mean that the regulator doesn’t take the right action at the right time when a concern is raised with them about one of their registrants.

Any one of these issues could result in harm occurring to a member of the public – so we regularly look at how the regulators’ processes are working to try to prevent this happening.

How do regulators identify risks

Secondly, we look at how the regulators identify risks themselves. The regulators consider where there are likely to be risks relating to the profession (or professions) they regulate, as well as emerging risks. These could be due to changes in the wider environment. We ask how well the regulators are monitoring and responding to these risks.

For example, sudden changes and challenges in health and social care could throw up new risks and we would expect the regulators to respond to these. The way regulators have responded to the current pandemic is an example of this – issuing additional guidance to help their registrants provide safe care in these difficult circumstances. The regulators have also had to adapt – recognising that fitness to practise hearings could no longer be held in person, they moved most of these online, setting up virtual hearings to make sure fitness to practise cases could continue to move forward.

Similarly, if there is a sudden influx of concerns about a particular issue (for example, cosmetic surgery), the regulators need to identify this and consider what action they need to take – this could be reviewing the standards and guidance they set for their registrants working in this area. Or if there is a sudden increase in concerns coming through about registrants who all work in the same location – let’s say in a hospital – we’d expect the regulators to identify this. This might also require the regulators to cooperate and collaborate with other regulators and organisations to identify patterns and emerging areas of risk.

Why are we looking at this now?

We are asking ourselves whether we are approaching our performance review work in the right way, and if there’s anything we could change to make sure that we’re identifying and acting on risks to the public.

We want to make sure we learn from things when they do go wrong. In recent years, there have been failings in health and social care, which have had significant impact on patients, services users and their families. Not only do these affect individuals and their families – they can have a wider impact on public confidence and trust. Recent public inquiries have identified failings at the regulators or in the regulatory system itself.

These include that the regulators’ processes were not effective in addressing the public protection concerns identified to them, either to prevent harm or take early action when they were discovered. There have also been concerns about regulators’ internal processes and how they communicate.

We want to make sure that our performance review process continues to develop and is working as best it can to improve patient safety. How we look at regulatory risk is key to this aim.

What might we change?  

Below we outline some of the key areas we believe are important to take into account to identify risks, including:

  • Engagement with stakeholders: we want to engage more with a wider range of stakeholders, including members of the public, the regulators, registrants and representative bodies, as well as employers. We understand that registrants and members of the public often have direct experience of how a regulator is operating, giving them a better idea about what’s working well and what isn’t. We want to make sure we’re connecting with the right people and that this information is informing our assessment of the regulators.
  • Evidence base: we are looking at whether there is more evidence out there that we should be using to inform our assessments of the regulators.
  • We want to develop our understanding of profession-specific risks: regulators should have a very strong understanding of the clinical risks associated with practitioners. However, these risks change over time, including with the introduction of new technologies, and it is important that we are satisfied that regulators are keeping up to date with these.
  • Thematic reviews: we think thematic reviews would provide us with an additional tool to the performance reviews and would help us to see risk across the regulatory system, understand potential regulatory failings, as well as to support learning and development across the sector. Rather than looking at individual regulators, thematic reviews would draw information together from several of the regulators to help us see the bigger picture.

What can you help us with?

We are asking for views on our approach to risk through our consultation. Specifically, we are asking the following questions about our approach to risk, but we would like to hear from you if you have other comments as well.  

  1. Have we identified the right areas of our approach that we need to develop in this area? Is there anything else we should be considering?
  2. How could we best engage with stakeholders, to ensure that we are aware of key risks to public protection? Is there any other evidence that we should be seeking to inform our performance reviews?

The deadline for responding to the consultation is 4 March 2021. You can read the full consultation or a summary of the questions where you can input answers directly (you don’t need to answer all the questions to respond).

Related material

Find out more about:

Keep in touch

Sign up to our e-newsletter to get regular updates about our work

sign up wide banner


Please note the views expressed in these blogs are those of the individual bloggers and do not necessarily reflect those of the Professional Standards Authority.