From: RegBlog/University of Pennsylvania Program on Regulation
Enlightened Regulatory Capture
Harnessing private expertise in the service of public goals is a proverbial “Holy Grail” of regulatory policy. Policymakers have experimented with many approaches for harnessing private expertise, including traditional notice and comment rulemaking, industry self-regulation, express delegation to industry, and of course negotiated rulemaking. These methods have enjoyed varying degrees of success, but all resist fully embracing the use of procedural capture (where private parties exert disproportionate input into regulatory decision making) for fear that substantive capture will result (where policy outcomes favor private interests over the public’s interest).
Yet, ironically, procedural capture is precisely the missing link for effectively engaging private expertise and for properly aligning incentives that encourage private parties to design regulations in the public interest. Substantive capture outcomes do not necessarily result from procedural capture.
For example, I have argued elsewhere that a more flexible approach to cybersecurity regulation is an effective strategy for encouraging organizational commitment to information security. This approach is well-suited to substantially heterogeneous industries like healthcare, whose core competency is not security.
Such an approach to cybersecurity regulation—what I call management-based regulatory delegation—arose from a unique approach to consensual rulemaking in which a congressional experiment gave strong procedural capture to a committee of private actors. Unlike traditional negotiated rulemaking, the performance of which legal scholars such as Cary Coglianese and Philip Harter still debate, Congress’ grant of capture authority to the National Committee on Vital and Health Statistics (NCVHS) mandated strong procedural capture by NCVHS over the rulemaking process.
NCVHS comprised private interests and subject-matter experts, but not regulatory officials. Yet counterintuitively its members appear to have “brought all their personal expertise to the table… and checked their professional affiliation at the door,” according to Maya Bernstein, one of the lead staff to the National Committee on Vital and Health Statistics. The result was profound: according to my research, healthcare cybersecurity regulations drive industry practices to be four times more effective than the security practices found in other industries subject only to traditional directive regulation.
Thus, while possessing the power to advance selfish goals, NCVHS members instead acted like “Roman Senators,” using their procedural capture to advance the public interest, contrary to classic expectations about procedural capture. The regulations recommended by NCVHS (and adopted by the Secretary, pursuant to HIPAA’s capture command) lacked the “private agenda” that often characterizes substantive capture. I call this process Enlightened Regulatory Capture (ERC).
Five conditions suggest when ERC may be worth consideration:
1. Legislatures must enforce procedural capture by rule, requiring that the regulatory agency adopt the output of the pre-rulemaking committee as the proposed rule.
2. The participants in the negotiation must perceive a detriment if their activities fail. For example, in the case of healthcare cybersecurity, my interview subjects described how the participants in the negotiations worried about negative externalities. They were therefore willing to accept more burdensome regulations on themselves if it meant other organizations would not become the “weak link in the chain.”
Leave a Reply