Cynthia Giles has written a book that deserves to be read by all regulatory practitioners and scholars.
Regulations on the books can do little good if they are seldom followed. Only if regulations induce compliance—and change the behavior of the businesses and other entities to which they apply—can they hope to solve societal and economic problems. This fundamental truth undergirds Cynthia Giles’s magnificent book, Next Generation Compliance, which offers a much-needed call for regulators to take compliance into account when they establish new regulations.
Giles has a distinguished track record of public leadership, having served in a variety of high-level regulatory positions throughout her career, including eight years overseeing the Office of Enforcement and Compliance Assurance at the U.S. Environmental Protection Agency (EPA) during the Obama Administration as well as service as a Senior Advisor to EPA’s Office of Air and Radiation during the Biden Administration.
With Next Generation Compliance, she draws on this experience to offer one of the most important books on regulation to appear in a long time. Although her book is specifically focused on environmental regulation, anyone interested in improving regulation across any policy domain would benefit from Giles’s message about the need to build compliance into the structure of rules themselves.
Lurking just beneath the surface of Giles’s book is the omnipresence of another public leader: Chester Bowles, the former head of the federal Office of Price Administration during World War II. Throughout Bowles’s career, he held a number of other prominent positions of public leadership, including as Governor of Connecticut, U.S. Ambassador to India, and a member of Congress. Yet for regulators and regulatory scholars, what makes Bowles famous is a view widely attributed to him that “most companies will go along with regulations perceived to benefit the market as long as the enforcement agency makes a credible effort to identify and punish the small group of hardcore noncompliers.”
Scholars also frequently quote Bowles as having said that “20 percent of the regulated population will automatically comply with any regulation, 5 percent will attempt to evade it, and the remaining 75 percent will comply as long as they think that the 5 percent will be caught and punished.”
Although reprinted in the work of many well-respected scholars, this second quotation has seldom been reproduced accurately—as I explain elsewhere. For one thing, Bowles’s division of the world into three buckets of compliance propensities was aimed at describing individuals—not business firms. Moreover, he wrote that it was only about 2 or 3 percent of individuals who decidedly incline toward noncompliance—not 5 percent.
Giles never makes the mistake of misquoting Bowles. In fact, she never mentions Bowles in her book at all. But the ideas so often attributed to Bowles—namely, that most businesses comply with regulations, and that enforcement is the key to making this compliance happen—form the ever-present backdrop to Giles’s book. They are her true foil.
Next Generation Compliance’s very first paragraph references conventional wisdom held by many professionals in the field of environmental regulation: “Almost all companies comply, they say.” And when companies do not comply, the conventional response is to point to enforcement: “We need more enforcement. Smarter enforcement. Tougher enforcement. It is taken as given that compliance is the job of enforcement, so if there are violations, then enforcers need to up their game.”
Giles says that this conventional view has things backwards. It is not that the rules need more enforcement as much as compliance needs to be “built into” the rules themselves. Her book persuasively shows why regulators need to think differently about compliance, factoring it explicitly into the development of regulations in the first place: “By far the most important driver of compliance results is the structure of the rule itself. A well-designed rule that makes the most of creative strategies to set compliance as the default can produce excellent compliance rates with very little enforcement involvement.”
Make no mistake. Giles does not argue that enforcement efforts—inspections, audits, administrative and civil penalties, and criminal sanctions—are unnecessary. Rather, she points to what is too seldom recognized: enforcement efforts cannot by themselves bring about large-scale behavioral change, at least not in the way implied by the view commonly attributed to Bowles.
Giles is right to say that this common view permeates the world of regulatory practice. Consider remarks delivered in 2013 by a litigator at the U.S. Food and Drug Administration to an audience of industry professionals:
Chester Bowles … would say that in any given industry, 20 percent will comply no matter what, because of the values and philosophies of those in charge, 20 percent will not comply no matter what (these are the folks who try to continue illegal activities from their prison cells), while the final 60 percent watch to see what happens to the non-compliant 20 percent and modify their actions accordingly. Now the actual numbers will likely vary across industries and with changing circumstances, but the general categories ring true. Our goal is to convince as many of you as possible in that 60 percent to join the compliant 20 percent. There is no mystery here: as the law enforcement community knows, certain, predictable and deliberate enforcement is a great motivator.
The problem with this view, Giles argues, is that enforcement is not as great a motivator as many people think. She “asked many people—including some who have spent their entire careers working on environmental protection—to guess what the rate of serious noncompliance is with environmental rules. The most frequent response: 5 percent to 10 percent.”
Yet, as Giles shows, noncompliance with regulations is, in fact, quite common. In Chapter 2, she walks the reader through environmental regulation after environmental regulation, revealing striking evidence of widespread noncompliance at rates much higher than 5 or 10 percent. As many as 75 percent of all major U.S. releasers of water pollution, for example, violate their legal requirements at some point during the year. Unfortunately, these data on environmental noncompliance are all too consistent with those that others have reported for other fields of regulation.
Enforcement’s limitations derive fundamentally from the sheer number of regulated entities and the volume of different regulatory obligations imposed on them. When it comes to environmental regulation in the United States, regulated entities number in the millions. And in virtually every domain of regulation, the regulatory personnel available to audit, inspect, and enforce the rules are vastly outnumbered by the entities and activities subject to regulation.
Because regulators cannot be present everywhere and at all times to enforce the rules, “enforcement alone can’t do it,” Giles argues. Instead, “compliance drivers need to be built into the rules, not stapled on at the back end.” These drivers, Giles argues, are structures that make it easier for firms to comply with their regulatory obligations—or harder for them to escape with violating them. The key, she says, is to “make compliance the default” —that is, “to make compliance the path of least resistance, so compliance is good even if enforcement never comes knocking.”
This notion of making compliance “the path of least resistance” runs through Giles’s book. At first glance, this may seem an odd turn of phrase. After all, if complying with a regulation could be truly made the path of least resistance, then why would the regulation have been needed in the first place? As Giles fully recognizes, the very reason that regulations are needed is to change behavior, and this inherently imposes costs on firms that they would have preferred to avoid. Regulation seeks to make what is truly the path of least resistance—business as usual—no longer attractive. Given the consequences that can follow from failure to comply, firms incur the costs associated with changing their behavior.
What I think Giles means by making compliance “the default” or the “path of least resistance” is perhaps easiest to see with a familiar example from outside her book: speed limits. The conventional approach has been simply to post a speed limit on the side of a road and either hope that drivers will slow down on their own—an approach that Giles calls “magic”—or assume that police officers will be able to patrol the streets and ticket enough drivers to induce compliance. As nearly any driver could attest, police enforcement alone does not eliminate speeding. Noncompliance is common, and enforcement is limited because there are far too many roads and automobiles for police enforcement to induce high levels of compliance in most locales.
Nevertheless, cities can take other measures to ensure compliance with their speed limits. They can, for example, install speed bumps on a road which will make slowing down a necessity and which will literally make compliance a path of least resistance—or the path of least damage to axles and shock absorbers.
Alternative traffic compliance options can be readily envisioned too. City officials can install equipment that automatically detects the speed of each passing car and displays that speed prominently on a digital sign visible to everyone in the vicinity, drawing on the power of shaming to induce compliance even without any increase in police enforcement. A still further idea would be to automate detection and punishment altogether, just as some cities have done by installing radar detection systems and traffic light cameras that can automatically send traffic tickets to vehicles’ owners.
These examples come from outside of the realm of environmental regulation, and they focus on the behavior of individuals rather than businesses. But they are emblematic of what Giles calls a “Next Generation,” or “Next Gen,” approach to regulatory compliance. Her book provides many examples of specific structures that regulators can build into their regulations at the time of adoption, including:
- Continuous monitoring. Regulations can require that firms install and operate technology that directly monitors compliance and reports instances of noncompliance to the government in real-time fashion. Giles holds up the continuous emissions monitoring requirements built into the EPA’s market-based acid rain regulation from the 1990s, finding that they were one of the key factors producing robust compliance with this regulation.
- Automatic data substitution. To keep regulated firms from strategically claiming that monitoring equipment has broken down, a regulation can provide for a substitution of worst-case data whenever a firm fails to report as required. The acid rain regulation also incorporated this feature, which then gave firms an incentive to keep their continuous monitors in good working order. A related but more banal example will be familiar to anyone who has experienced a city parking garage that charges a full day’s fee whenever patrons are unable to produce their time-stamped ticket stubs.
- Burden-of-proof shifting. Regulations can place the burden of proof on regulated firms—such by requiring them to demonstrate that a product is safe before it can be approved for sale. That regulatory structure may elicit greater compliance than when the government bears the burden of proof of demonstrating that a product is unsafe before it can be taken off the market.
- Robust reporting. Giles walks through a range of options for promoting better compliance with self-reporting requirements, including structural features that call for timely electronic self-reports, reporting of hard facts versus soft judgments, certifications by senior managers to be made under penalty of perjury, and third-party certifications and auditing protocols. Giles argues that, under the right circumstances, these kinds of structures can make it harder for firms to evade their legal obligations and easier for government to identify and respond to regulatory violations.
- Hard-wiring. Just as with speed bumps on city roads, noncompliance can sometimes be made virtually impossible by manipulating physical structures. Giles offers the example of an EPA regulation that controlled the size of gas pump nozzles and fuel inlets on automobiles, making it impossible to insert a large leaded gasoline nozzle into a car built for use of unleaded gasoline, which needed to have a smaller inlet.
- Remote sensing. Much as with the use of automated radar detection in the context of speed limits, a variety of new technologies—such as remote sensing and satellite imagery—now facilitate automated detection of other kinds of regulatory violations. As I have noted elsewhere, and Giles also observes, machine-learning tools also hold promise for making it easier for noncompliance to be detected—and hence harder for regulatory obligations to be evaded.
By incorporating features such as these into their rules and regulatory programs, regulators can improve the prospects for changing firms’ behavior and solving regulatory problems. As a National Academy of Sciences, Engineering, and Medicine committee noted several years ago, many considerations should enter into decision-making about new regulations—but, among these considerations, “an important factor is the prospects for compliance with a given regulatory design.” Those prospects can be improved by finding ways to make regulations “compliance resilient.”
Regulators and others interested in environmental policy will especially appreciate that Giles devotes Chapters 7 through 9 to showing how various compliance-resilient ideas can be applied to regulations aimed at solving climate change. Giles emphasizes the imperative of ensuring that climate rules effectuate real change: “We are out of time to address climate change,” which means that “the rules EPA develops now have to work.”
For regulators and scholars working across all policy domains, Giles packs into her book an abundance of other important compliance-related ideas. She explains, for example, that building into regulations too many exemptions—or what Dan Walters, Gabe Scheffler, and I have elsewhere called “unrules”—can make enforcement more difficult and provide opportunities for regulated firms to obfuscate and evade. “Complexity is where violators hide,” as she puts it.
In Chapter 6, Giles joins with a few of us lonely voices in the field who have offered cautionary notes about the otherwise heralded performance-based approach to regulation. She points out how, without reliable metrics and monitoring, the flexibility that performance standards provide to regulated firms can complicate a regulator’s compliance challenge. And Giles explains why there can at times be an essential role for proverbial “command and control regulation”—a term that both she and I agree is conceptually redundant and ideologically freighted.
Overall, Giles builds an important case for including explicit analysis of compliance in the process of adopting new regulations—instead of simply assuming, as too many regulators do, that a new rule will automatically generate full or sufficient levels of compliance. An entire chapter of Next Generation Compliance, for example, explains why what I would call compliance impact assessment should be included in the overall process of regulatory impact analysis and rule-writing at agencies such as the EPA—a practice I have reaffirmed in a requested peer review of draft changes to the Office of Management and Budget’s Circular A-4 on regulatory impact analysis. As Giles puts it, without adequate consideration of compliance realities, a “nuanced, complicated, and involved approach” to a new regulation may “on paper seem more efficient”—but this will not guarantee that it can “deliver in real life.”
As Giles argues, and as I have elaborated elsewhere, if regulators are given a choice between two alternative rule designs, one that will bring about compliance more easily than the other, the easier one might be the better choice, even if it will in theory deliver fewer net benefits. What would be the point of developing a regulation that is only theoretically more efficient if it will never result in the level of compliance needed to achieve expected outcomes?
By incorporating compliance assessment into regulatory decision-making, and by considering “the real costs of assuring strong implementation for every considered alternative,” policy decision-makers can look at different options “on level ground” and with realistic expectations about what each option can achieve. Giles is clearly right to say that “an option with strong compliance design shouldn’t be measured against an option that is a predictable compliance disaster as though these are both accomplishing the same thing.”
Next Generation Compliance contains so much valuable insight that no review essay can do it justice nor engage with it as fully as it deserves. Suffice it to say, Giles’s book offers its readers vastly more guidance than does the oft-repeated—even if inaccurately so—quotation of a policy leader from a bygone era. Compliance is both too important and too complex to boil down to any simple aphorism. When it comes to practical wisdom about how to improve regulatory compliance, it is time to put Chester Bowles to the side. When regulators and scholars are looking for deep practical insights, the person to quote in the future is Cynthia Giles.
This essay was originally published as the introduction to a symposium published by the Yale Journal on Regulation on Cynthia Giles’s Next Generation Compliance: Environmental Regulation for the Modern Era.
This essay is one of a six-part series on The Next Generation of Regulatory Compliance.