The updated consumer standards have now been in place in the social housing sector for just over twelve months.
Following the introduction of the new regulatory regime by the housing regulator, there has been widespread reflection about how it’s changed the sector, specifically in the way registered providers (RPs), both private RPs (PRPs) and local authority RPs (LARPs), now conduct business and engage with their tenants and the regulator.
It has proven to be a steep learning curve, but there are learnings that RPs can take away, having reflected on the first twelve months of the new consumer standards.
Engaging with the regulator
One of the greater challenges for RPs following the new consumer standards has been adapting to the evolving expectations around engagement with the regulator. Previously, the ‘serious detriment’ test restricted the regulator’s ability to investigate breaches of the consumer standards, however, its removal has significantly broadened the regulator’s authority to intervene. Under both the Governance and Financial Viability Standard (GFVS – applicable only to PRPs) and the new Transparency, Influence and Accountability Standard (applicable to all RPs), RPs are now explicitly required to ‘communicate in a timely manner with the regulator on all material issues’ related to actual or potential non-compliance with regulatory standards.
Whilst the regulator has issued guidance on determining what qualifies as a ‘material’ issue, it’s still up to each RP to decide whether that threshold has been met and therefore if a notification is necessary. Some RPs take a highly cautious stance and risk over-reporting, while others hesitate to engage with the regulator even in serious cases. A further difficulty here is that there is currently no definition of what constitutes a ‘timely manner,’ which in turn has led to inconsistent approaches.
Even once a breach is identified, for a PRP, it may trigger further issues under the GFVS, such as breaching relevant law, damaging the PRP’s or sector’s reputation, or exposing weaknesses in risk management and internal controls.
The scope for breaches has grown significantly over the past year, to the point where almost any operational issue could potentially be notifiable until proven otherwise.
Navigating breaches in an evolving landscape
A lot of breaches arise from data issues, for example, when relevant data is missing, inaccurate, outdated, or poorly stored. Inaccessible data can hinder effective decision making, whereas data that’s too easily accessed or misused can lead to serious errors. Ultimately, the data that RPs hold and how they use it is central to compliance with the consumer standards.
The regulator is closely watching how organisations decide when to self-refer and when not to. RPs need a clear, consistent process for identifying potential breaches and assessing whether they should be reported. It goes without saying that context matters – an issue deemed immaterial last year may now be significant due to shifts in the sector, while a series of ‘near misses’ could collectively cross the materiality threshold.
Awareness of how peers are approaching this is valuable. While many RPs are understandably cautious about disclosing issues, external support can offer insights drawn from experience across the sector. There is a clear need for guidance in this area, but it is unlikely to come directly from the regulator. In practice, organisations often turn to trusted advisors like our team at Anthony Collins for initial support.
A solution to approaching breaches
Our advice is that there is a way to approach the regulator in these situations. With this in mind, we are developing the Transparency Toolkit, which is a digital platform that captures our expertise and makes it accessible online to users across the sector. This tool helps RPs assess whether a breach has occurred and identify appropriate next steps through a step-by-step, question-led process to explore issues fully and reach informed decisions.
Ultimately, the regulator needs to see that RPs are managing and learning from breaches, while boards must be confident that systems are in place to detect and handle them effectively. Those responsible for providing this assurance should take comfort in knowing that the compliance landscape is evolving and that no one has truly mastered it yet. As a sector, we’re navigating it together.
Key takeaways
Twelve months into the new consumer standards, it is clear that there have been significant changes in the way that RPs deal with customers and potential breaches.
Here are some key takeaways for RPs who are navigating these changes in compliance:
- RPs must decide what issues are ‘material’ and report them in a ‘timely’ way.
- Ensure data is up to date to avoid the risk of a compliance breach.
- Lean on external support and experience across the sector for guidance.
- Speak to the Anthony Collins team or use our online toolkit to identify breaches.
For more information
For more information, please contact Victoria Jardine.
Latest news
Social purpose law firm strengthens cyber risk and privacy expertise
Joining as a legal director, Ben brings over a decade of experience advising on all aspects of data privacy and cyber risk. His expertise spans both the public and private […]
Thursday 5 June 2025
Read moreAnthony Collins statement following Legal Aid Agency data breach
This data breach solely affects the Legal Aid Agency and is not connected to Anthony Collins. Further details and official updates can be found on the Government’s website. According to […]
Monday 19 May 2025
Read more