Protecting the public is the core task of many government bodies—in particular, regulatory and law-enforcement agencies. Today, these agencies are coming under increasing scrutiny, and the public’s expectations of them are higher than ever: are they doing enough to anticipate threats? What are the costs to taxpayers of the protection these agencies offer? Are there unintended consequences in terms of lost sector output, slower rates of innovation, or invasion of privacy?
Structural changes in the global economic and political environment have made threats more dynamic and uncertain, which in turn has made answering these critical questions more difficult. As part of our work on regulation and public protection, MCG has identified important trends—such as an increased focus on “tail” risk events and greater budget pressures—that agencies must adapt to. MCG’s research can inform how agencies respond to these trends.
We believe one element of agencies’ response should be to retool core management functions—including strategic planning, risk management, performance management, and recruiting and hiring—to drive better decisions and improve cost-effectiveness.
Strategic planning and risk management
In the past few years, high-profile failures in risk management have had shocking and widespread ripple effects and have led to costly government interventions. These failures served as a call to action, spurring public-sector institutions to strengthen their planning and risk-management practices: where do the most significant new threats lie, what tail risks is the public exposed to, and what monitoring and prevention strategies would be most effective? Agencies must then translate ideas from strategic planning and risk management into operations and effective action. Building on McKinsey’s extensive experience in strategic planning, risk management, and public-sector operations, MCG is developing perspectives on the challenges that government agencies face in adapting to change and managing risk, as well as how to overcome these challenges. We are also identifying best practices and success factors in how a government agency should allocate limited resources across a broad range of risk exposures.
Performance management and tracking
Protection agencies must track whether their regulations or protective actions are having unintended consequences. For regulators, unintended consequences could include distorting industry behaviors that reduce output and innovation or that substitute one form of risky behavior for another. Whether agencies choose to do the monitoring and measurement themselves or have these tasks done by an independent party, our research and insights—into industry dynamics and behavior as well as performance management—provide a useful knowledge base.
Recruiting and hiring
In a world of dynamic threats, compliance and enforcement agencies need more sophisticated risk analytics and forecasting capabilities. They must hire people who can spot patterns and anomalies, make connections, and instinctively probe and challenge. They may also need to hire people with deep-sector or product expertise. We are developing perspectives on how agencies can rebalance their mix of talent within budget constraints.
Research and collaboration
We regularly convene round tables and knowledge-sharing sessions on regulation and public protection. In addition, we collaborate with respected thinkers worldwide to generate unique insights into these complex topics. Our current research efforts include in-depth studies of two areas critical to protecting the public: cybersecurity and food and drug regulation.
Governments now recognize that securing cyberspace is of paramount importance—yet they have a poor understanding of the scale of the challenge. McKinsey research shows that attacks on government data and systems, critical national infrastructure, and private enterprises’ intellectual property carry the most value at risk. McKinsey’s cybersecurity experts have identified the elements of a next-generation cyberdefense, and are conducting ongoing research on the primary cyberthreats that governments face as well as the various levers (such as tax strategy or civil litigation) they can use to counter these threats.
Food and drug regulation
Project Regulatory Excellence, or “Project RegEx,” is a global benchmarking and knowledge-development effort covering topics important to food and medical-products regulators, such as inspection programs, the root causes of product recalls, and approaches to managing drug shortages. Within medical-products regulation, MCG research will focus on a number of specific issues, including enhancing human-subject protection in clinical trials and improving the security of the supply chain. MCG's advisory board on regulatory issues consists of leading experts and academics with decades of regulatory experience.
For more information or to discuss potential collaboration and participation in our research, please contact us.