Business Licensing and Inspections Maturity Model — Guidance Note 1 © 2022 International Bank for Reconstruction and Development / The World Bank 1818 H Street NW Washington DC 20433 Telephone: 202-473-1000 Internet: www.worldbank.org This work is a product of the staff of The World Bank with external contributions. The findings, interpretations, and conclusions expressed in this work do not necessarily reflect the views of The World Bank, its Board of Executive Directors, or the governments they represent. The World Bank does not guarantee the accuracy, completeness, or currency of the data included in this work and does not assume responsibility for any errors, omissions, or discrepancies in the information, or liability with respect to the use of or failure to use the information, methods, processes, or conclusions set forth. The boundaries, colors, denominations, and other information shown on any map in this work do not imply any judgment on the part of The World Bank concerning the legal status of any territory or the endorsement or acceptance of such boundaries. Nothing herein shall constitute or be construed or considered to be a limitation upon or waiver of the privileges and immunities of The World Bank, all of which are specifically reserved. Rights and Permissions The material in this work is subject to copyright. Because The World Bank encourages dissemination of its knowledge, this work may be reproduced, in whole or in part, for noncommercial purposes as long as full attribution to this work is given. Any queries on rights and licenses, including subsidiary rights, should be addressed to the Office of the Publisher, The World Bank Group, 1818 H Street NW, Washington, DC 20433, USA; fax: 202-522-2422; e- mail: pubrights@worldbank.org. Acknowledgments The development of this work was led by Goran Vranic (Senior Private Sector Specialist) and Aris Molfetas Lygkiaris (Private Sector Specialist) under the general guidance and supervision of Asya Akhlaque (Practice Manager, Investment Climate Unit), and Sylvia Solf (Senior Private Sector Specialist, Investment Climate). The development of the html website was implemented by Mirta Stefanac. The authors are grateful for the valuable peer review comments received from Ganesh Rasagam (Lead Private Sector Specialist), Penelope D. Fidas (Senior Private Sector Specialist), and Victor Steenbergen (Private Sector Specialist). About the Authors Goran Vranic (gvranic@worldbank.org) is Senior Private Sector Specialist in the World Bank Group’s Investment Climate Unit based in Washington, DC, USA. He advises governments in a range of areas at the intersection of business regulation and regulatory technology (RegTech). Aris Molfetas (amolfetas@worldbank.org) is a Private Sector Specialist in the World Bank Group’s Investment Climate Unit based in Washington, DC, USA. He advises governments in a range of areas relevant to business regulation and construction regulation reform. 2 Table of Contents Executive Summary....................................................................................................................................... 5 Introduction .................................................................................................................................................. 5 Maturity Assessment Domains ..................................................................................................................... 6 Laws and Regulations................................................................................................................................ 7 Institutional Framework and Leadership .................................................................................................. 9 Key Policies and Capacities ..................................................................................................................... 11 Procedures, Tools, and Transparency ..................................................................................................... 12 Regulatory Technology ........................................................................................................................... 14 Maturity Assessment Outputs .................................................................................................................... 16 Scoring..................................................................................................................................................... 16 High-Level Roadmap ............................................................................................................................... 17 Budget Considerations ............................................................................................................................ 18 Appendix ..................................................................................................................................................... 20 Maturity model assessment questionnaire ............................................................................................ 20 Terms of reference for the maturity assessment ................................................................................... 20 Bibliography ................................................................................................................................................ 22 3 List of Acronyms ASA Advisory services and analytics BPM Business process management COTS Commercial off-the-shelf CPD Continuous professional development DCED Donor Committee for Enterprise Development G2B Government to business GovTech Government technology GSB Government service bus HTML HyperText markup language IC Investment climate ICT Information and communications technology ID Identification IPF Investment policy financing JSON JavaScript object notation MIT Massachusetts Institute of Technology MSME Micro-, small, and medium-sized enterprises PforR Program for Results RAS Reimbursable advisory services RegTech Regulatory technology TA Technical assistance TTL Task Team Leader WBG Word Bank Group X2RL Extensible regulatory reporting language XML Extensible markup language 4 Executive Summary Several countries implemented Investment Climate (IC) reforms in the past 20 years focusing on legal and administrative improvements and one-stop-shop integration approaches (i.e., first- and second-generation reforms). However, with the advent of emerging technologies and data availability, the needs and opportunities for greater integration of business licensing and inspections and digitalization of government to business (G2B) service delivery have been growing. Therefore, the next generation of reforms requires a higher level of sophistication and more comprehensive and integrated solutions (third generation of reforms). In turn, this requires new approaches in terms of diagnosis and implementation encompassing legal frameworks; institutional frameworks and leadership; key policies and capacities; procedures, tools, and transparency; and regulatory technologies. To that end, the IC unit developed a new diagnostic tool known as the Maturity Assessment (MA)1 to better capture the spectrum of maturity and potential reforms that can be considered based on each country’s maturity level. The MA aims to help Task Team Leaders (TTLs) carry out a quick diagnostic of licensing and inspections systems. The rationale behind this tool is to allow country teams that design operations and advisory services to take a snapshot of where a jurisdiction stands on business licensing and inspections management. The output of this snapshot can be used to inform project design as well as to produce a high-level estimate of investment needs. The tool is intended to be used by staff and consultants who work on private sector development and who are familiar with the investment climate topics. The MA is an innovation in this area, since it is the first diagnostic on investment climate topics, and on private sector development more broadly, that employs this approach. The authors aim to crystalize the knowledge and lessons learned through the literature and practice by supporting licensing and inspections reforms in different regions and income levels. Introduction This MA is best suited to be applied when country teams have identified business regulations as a constraint for private sector development. For example, a country partnership framework or similar strategy (e.g., country private sector diagnostic), an investment climate assessment, or a private sector survey may have indicated this area as a weakness for the country’s investment climate. In the context of an Investment Policy Financing operation, the MA should be deployed during the identification phase. In the context of reimbursable advisory services (RAS) or advisory 1. The Maturity Assessment concept has its roots in the software capability maturity model developed at Carnegie Mellon University. It is an instrument that helps organizations assess and determine the degree of maturity of their implementation processes. This approach was taken further by Gartner and has been applied in other domains, beyond software capability, and more recently by the World Bank Group for FinTech Maturity. 5 services and analytics (ASA), it could be deployed even before designing the scope of the technical assistance. The MA is structured around five domains, and there are five questions per domain, with three possible responses to each question. Each response is assigned a score (0, 1, or 2); therefore, by completing the MA, the user can quantify and visualize how the country performs across the five domains, as well as receive an indicative list of transformational activities to consider when designing improvements. The MA is modular, and its scope can be easily adjusted depending on client needs. For example, it can be applied horizontally,2 by taking a bird’s eye view of licensing and inspections in a jurisdiction, or vertically, by focusing on a specific economic sector or regulatory domain. Similarly, it can be applied at the national level or at the subnational level. The output of the MA is twofold. Initially, it includes an assessment of the jurisdiction’s maturity level across five maturity domains and three maturity levels (Starting, Developing, and Maturing). Subsequently, the assessment identifies specific transformational activities and produces a high- level roadmap. The roadmap can be used as an important input to the policy dialogue with the client and to the project design. The Maturity Assessment can be implemented with a limited budget and a relatively low level of effort. For example, it can be deployed by hiring a local consultant for five to ten days to carry out an in-country mission to collect data and conduct interviews with regulators, inspectorates, and businesses. Ideally, the consultant should be supervised by an expert (e.g., by a member of the Investment Climate unit with expertise in this area) who can provide guidance throughout the assessment. Maturity Assessment Domains Licensing and inspections are often seen as separate components of service delivery; however, they are two sides of the same coin when it comes to business regulation design and implementation. Business licensing encompasses all ex ante authorizations and procedures relevant for businesses entering the market and commencing operations after incorporating and registering with the tax authorities. Business inspections refer to supervision activities relevant after the business enters the market. From a bird’s eye view, this topic can be assessed across five domains (see table below). Table 1. Maturity assessment domains Maturity assessment # Description domains Framework laws and regulations and sectoral regulatory requirements on I Laws and regulations business authorization (permits, licenses) and inspection-related requirements 2. The term “horizontal� in this context refers to an economy-wide scope. In contrast, the term “vertical� refers to a sector-specific scope. 6 Governance and leadership on business licensing and inspections, Institutional framework and II including clearly set roles and responsibilities, results framework, and leadership mechanisms to prevent conflict of interest Vision, principles, and values of the business licensing and inspection III Key policies and capacities system, along with resources and competencies for resilience and sustainability Catalog of administrative procedures, risk management, planning and Procedures, tools, and IV reporting, inspection checklists, complaints management, and transparency enforcement management procedures Data management and emerging technologies applied to policy making for V Regulatory technology outcome-based regulations, integrated licensing and inspection management, and feedback mechanisms Laws and Regulations A strong legal basis that adequately captures the key principles and good practices is key for a successful reform path. 1. At the outset, it is important to assess if there is a strong framework for regulatory delivery. In some jurisdictions this takes the form of horizontal laws for licensing and inspections. Horizontal laws in this area typically set out the key principles, processes, tools, and approaches for the licensing authorities and the inspectorates to adhere to. The specific requirements (business authorizations and inspection- related requirements) are prescribed in the sectoral/substantive laws and regulations. In this setup, line ministries and inspectorates align their vertical laws and regulations to the horizontal laws. Other jurisdictions regulate licensing and inspections exclusively or primarily through sectoral laws and regulations. Either approach can work, depending on the context.3 Since both approaches are valid, the MA assesses whether such a framework exists and, if it does, whether it is risk based. Risk-based approaches to regulation are at the frontier of regulatory delivery. A mature risk-based framework for licensing is based on the principle of proportional regulation and the key concepts of risk.4 Moreover, it requires regulators to justify the introduction of ex ante authorizations and procedures based on evidence (e.g., by performing risk assessments) that indicates a clear need to safeguard a public interest (e.g., food safety). Additionally, it includes a spectrum of regulatory approaches ranging from information campaigns to registration requirements, approvals, and inspections. Less mature licensing systems typically lack proportionality, and they impose horizontal requirements on entire sectors, irrespective of the risks posed by each business activity. A mature risk- based framework for inspections introduces the key concepts of risk as well as the approaches and tools 3. For more extensive analysis of the various options on legal reform for inspections management, see the note “Approaches to Integrated Inspections Reforms, Based on Selected Case Studies,� available at https://openknowledge.worldbank.org/bitstream/handle/10986/36895/Approaches-to-Integrated-Inspections- Reforms-Based-on-Selected-Case-Studies.pdf?sequence=5&isAllowed=y, and the paper titled “Inspections Reforms: Do Models Exist?� available at https://openknowledge.worldbank.org/bitstream/handle/10986/25077/Inspections0reforms000do0models0exist 0.pdf?sequence=1&isAllowed=y. 4. For more information on the key concepts of risk, see the note “Risk-Based Approaches to Business Regulation,� available at: https://openknowledge.worldbank.org/bitstream/handle/10986/34675/A- Note-for-Reformers.pdf?sequence=1&isAllowed=y. 7 that inspectorates must use in their operations. A risk-based inspection framework is anchored in a preventive and advisory approach, not policing and enforcement. Inspections are prioritized and driven by intelligence. This requires developing tools that target businesses based on risks and ensuring that inspection planning is proactive instead of reactive. It also requires developing tools that promote consistency, proportionality, and transparency in inspections decisions. Risk-based checklists and enforcement management models5 can help achieve those objectives. 2. The legal framework on enforcement is at the crux of a preventive and advisory approach.6 In mature systems, the legal framework on sanctions includes a spectrum of enforcement actions, ranging from light (such as guidance and persuasion or warning letters) to more severe (such as minor fines, major fines, stop orders, temporary prohibitions, and permanent prohibitions). Mature systems also distinguish between risks and administrative infringements. Less mature systems typically lack BOX 1 this spectrum as they include only fines and The Kyrgyz Republic achieved a “standardized� possibly prohibitions in their sanctions system maturity level in certain domains for business and do not permit inspectors to provide guidance inspections; however, several areas still require and advice to businesses, focusing instead on improvements.1 Adopting the umbrella law revenue generation and policing. Mature systems defining the general principles of conducting do focus on providing guidance and advice to inspections, using inspection checklists to businesses, and inspectors are required to communicate compliance requirements, and consider contextual factors outside the severity publishing the inspection plans online were key and type of violation when making enforcement successes of previous reform cycles. The risk- decisions, such as the business’s compliance based inspection approach is not fully history, if the business gains a competitive implemented, however, and the quality of advantage from the noncompliance, if the checklists is poor, key performance indicators business refused to comply, etc. In less mature are lacking, and the e-Inspections system does not truly serve as a coordination and planning systems, the spectrum of sanctions is more tool. (See Arynova et al. 2021.) limited, and there is no room for guidance and warnings. Instead, sanctions are typically limited to fines and prohibitions. Starting systems go a step further and incentivize the imposition of sanctions by measuring the number of fines as an indicator of inspectors’ good performance. 3. Convoluted and ever-expanding regulator mandates and jurisdictions is a typical challenge in this area.7 This can manifest in unclear mandates between national level regulators/inspectorates and unclear or weakly implemented coordination between the subnational level authorities, or both. This can also manifest in overlapping or duplicative sectoral regulations. In good practices, institutional mandates and jurisdictions for the licensing issuing authorities and the inspectorates are clearly delineated and jurisdictions are clear for each economic sector and regulatory domain and subdomain. Moreover, sectoral regulations should be free of overlaps and duplications to reduce the compliance burden on businesses and regulatory unpredictability. 5. For more details on this, see Health and Safety Executive 2013. 6. For a more extensive analysis on enforcement management see OECD 2018 and 2014, and World Bank Group 2020. 7. See, for example, Arynova et al. 2021 for a case study on Kyrgyz Republic for an extensive discussion on the challenges posed by lack of clear institutional mandates. 8 4. In good practices, sectoral regulations are goals-based, whereby businesses are required to comply with functional requirements expressed in qualitative terms by stating a goal to be achieved. Functional requirements may be complemented by performance requirements expressed in quantitative terms, the fulfilment of which can be determined by calculation, testing, or simulation. Prescriptive requirements may also be used, but this is typically in the form of guidance (i.e., nonbinding) as to how businesses can achieve compliance with the goals and performance requirements in the regulation. This approach acknowledges the several paths available to achieve the same goal. Less mature systems rely on overly prescriptive requirements by describing in detail the specifications for facilities, equipment, practices, etc., that businesses must adhere to. This approach stifles innovation since it mandates only one way to comply. Lastly, systems in a starting phase of maturity either lack sectoral regulations or the sectoral regulations are underdeveloped. 5. In good practice jurisdictions, the legal framework on the organizational structure of licensing authorities and inspectorates defines the terms of reference for each position in the relevant institutions. Moreover, they include the competency frameworks for each role and grade of regulatory officers and inspectors to inform recruitment, promotion, and retention of staff. This contributes to the professionalization of those units and roles. It also contributes to more transparent recruitment and retention frameworks. In developing jurisdictions, some of these elements may be missing or underdeveloped. Typically, the organizational structure and the terms of reference are present, but not necessarily the competency frameworks. At the more initial level, none of these elements are present. Institutional Framework and Leadership 1. Institutional organization and leadership for licensing and inspections must ensure professional independence and continuous professional development. Typical safeguards of professional independence include (i) preventing inspectors from participating in the work of committees or expert bodies that may impact the impartiality of inspection decisions, (ii) ensuring the ground for rejecting applications for licenses is prescribed in regulations and allowing an appeal procedure with a professionally independent body, and (iii) protecting officials and inspectors from political and other influence by implementing internal audit procedures. In addition to the professional independence safeguards, institutional organization and leadership replaces routine licensing and inspections with efficient service delivery and promotes inspectors’ professionalism and expertise. Instead of routine inspections that count as successes the numbers of penalties issued, institutional leadership should promote as success the reduction in numbers of penalties and fines.8 2. The institutional funding model must ensure sustainability of regulatory service delivery and adequate compensation for licensing officers and inspectors. Inadequate compensation for licensing officers and inspectors incentivizes corrupt behavior. An important policy for implementing risk-based licensing and inspections involves the review of compensation schemes for providing competitive salaries to inspectors comparable to other employers in the market that hire professionals of the same profile. The funding model for inspection activities cannot be linked to the monetary amount of issued fines. Considerations that can ensure an adequate funding model involve fair business license fees linked to the administrative expenses (i.e., that implement the cost recovery principle), on-demand 8. For a more extensive discussion on this, see Blanc 2018. 9 consultative inspections that can be applied by some jurisdictions,9 and indirectly, savings for the private sector achieved through streamlined licensing requirements and inspections. Jurisdictions that recently implemented business licensing and inspection transformation achieved return on their investment in business licensing and inspection reforms in a matter of a year or two, measured through direct benefits only. For example, in Moldova the estimated annual savings achieved for the private sector thanks to the licensing and inspection reform are US$15 million, and in Jordan inspection reform generated US$12.4 million in annual savings.10 Indirect benefits are significantly higher; for example, in Moldova, combined investment climate reforms and capacity development for MSMEs generated 2,079 jobs and more than US$225 million in new exports. 3. Regulatory bodies enable the private sector to provide feedback on licensing services and inspections. Ideally, such feedback will be integrated into the service delivery; e.g., for licensing services, the feedback should be captured through online services, such as online search of business licensing requirements or a transactional online service for applying for and obtaining a business license. Feedback should be accounted for by measuring performance at various levels, from the individual officer/inspector level to a department level to the regulatory body level. Feedback should be used as input when deciding on an individual officer’s or inspector’s professional development and as input for suggesting improvements in regulations. 4. Risk-based and preventive licensing and inspections require strong internal and external communication. Pivoting away from command-and-control regulation and from punitive to preventive and risk-based licensing and inspections requires developing internal communications to officials and inspectors and external communications to economic operators and the public. Internal and external communication is an important tool for developing trust between economic operators and regulators. Internal communication within the inspectorates has to support developing awareness of the new risk- based approach, in which success is measured through reduced risks and improved compliance. Internal communication should also promote ethical behavior and provide mechanisms that protect officers’ and inspectors’ professional independence. External communication should support informing economic operators about risk-based regulatory requirements and their rights and responsibilities in regulatory processes. Public relations strategies often include public campaigns that help inform economic operators about new regulatory approaches, requirements, and risks (e.g., campaigns promoting occupational health and safety, intellectual property rights, or new digital G2B services for licensing and inspections). 5. To ensure efficient and effective licensing services and inspections, coordination and information sharing across regulators is also essential. Coordination shall exist horizontally between inspectorates operating on the same governance level in different domains (such as occupational health and safety and construction safety) and vertically between national and subnational inspectorates operating in the same domain. An institutional framework that ensures coordination typically involves a national level central coordinating body. Good practice shows that such a central coordinating body should be established under a prime minister’s office and be responsible for the design of horizontal guidelines (such as the development and use of inspection checklists, risk models, complaints management, inspection planning, and enforcement management) and for developing and operating shared licensing 9. The New York City Health Department offers two types of consultative inspections to provide basic food safety education and guidance to restaurant operators upon request: one can be requested before the official inspection (at a cost of US$100); the other can be scheduled after an official inspection was conducted (at a cost of US$400). 10. Source: World Bank 2022, Implementation Completion and Results Report. 10 and inspection management digital solutions. Such a horizontal framework and shared digital solutions enable the coordination necessary to implement risk-based licensing and inspections. Key Policies and Capacities 1. Strengthening regulatory service delivery requires having a reform strategy and an action plan to implement that strategy. Given the cross-cutting nature of licensing and inspections reforms, ideally this strategy should be led by the ministry responsible for economy-wide issues (e.g., Ministry of Investment and Commerce, Ministry of Economy, Ministry of Trade and Industry, or similar). However, such strategies may exist at the sectoral level as well (e.g., sector regulators produce reform strategy in the food safety domain). Such a high-level strategy should include the high-level vision and mission for reform, anchored around prevention and risk management. The high-level vision should be supported by a high-level roadmap and an action plan that cover all key dimensions of reform (i.e., legal, institutional, administrative, and regulatory technology), including defining clear roles and responsibilities of all relevant authorities in the action plan. Ideally, the action plan should be leveraged to coordinate support from international development agencies, and there should be a process to review and update these documents periodically. Continuous revisions are important to recalibrate the strategy and identify bottlenecks to implementation. Less mature systems may include some but not all of the aforementioned components, and starting systems do not have reform strategies in place. 2. A robust strategy is underpinned by a sound monitoring system that can help policy makers and regulators assess performance in regulatory service delivery. Mature systems incorporate performance indicators to monitor the overall implementation of regulations11 in the relevant institutions (e.g., license issuing authorities and inspectorates). In the absence of performance indicators, it is difficult to identify bottlenecks and assess the quality and efficiency of such services. In developing systems, the performance indicators may be available, but they may be inadequate or poorly designed (e.g., measuring number of fines issued) or inadequately implemented (due to the lack of data). In starting systems, performance indicators are not available. 3. Mature inspection systems emphasize the professionalization of inspections. This can help reduce corruption and attract subject matter experts. The professionalization in service delivery can be achieved by developing competency frameworks for recruitment, promotion, and retention of staff. Moreover, it can be supported by developing training curriculums to onboard new staff and improve capacities and performance of existing staff as a result of periodic evaluation. Mature systems provide trainings for new inspectors and require existing inspectors to complete continuous professional development (CPD) on a periodic basis so that they can keep up-to-date with developments in their fields of expertise, new technologies that businesses use, and new approaches to verify compliance. 4. Equipment is an important component of a modern inspection system, allowing inspectors to adequately carry out their mandates. Equipment in this context can include vehicles that enable inspectors to be mobile and make planning decisions based on risk factors and not based on which businesses are more reachable. It also includes laboratory equipment for fast indication to support decision-making about official laboratory analysis and mobile devices that can help inspectors in their 11. For example, a performance indicator in the OHS regulatory domain is the number of profession-related diseases or injuries at a workplace or work environment. These are broader and not specifically related to service delivery. 11 site-visits (e.g., testing, measuring, etc.). More mature systems may even equip inspectors with advanced technologies such as drones, tablets, and other devices for remote virtual inspections.12 5. In some jurisdictions, inspectors are also subject to a different (higher) salary scale than other civil servants in the public sector. This helps reduce opportunities for corruption. It also helps attract talent and create a cadre of professionals with expertise in their regulatory domain. In mature systems, inspectorates maintain competitive salaries for professionals hired as inspectors and incentive schemes (e.g., annual awards to high performers, promotions, bonuses, certification to train other trainers and/or inspectors, opportunities for continuous professional education and development) to reward high performers who promote the preventive role of the inspectorate, train other colleagues, and continuously develop their expertise. In less mature systems, incentive schemes are typically designed to promote policing and enforcement rather than to advise businesses and prevent risks from materializing. Most commonly, this is the case when inspectors are rewarded for the amount and/or number of fines they issue on businesses. Procedures, Tools, and Transparency Assessing the maturity of procedures and tools and the degree of transparency can help determine the transformational activities required at a more downstream level. 1. The inventory of sectoral regulations and administrative procedures is an important component of a modern licensing and inspections system for several reasons. First, it is a starting point for any efforts to review and streamline regulations. For example, jurisdictions that engage in wholesale reviews of the regulatory stock first need to map the universe of sectoral regulations. This exercise can also help identify overlaps and duplications in the ex-ante authorizations and sectoral regulations. Second, it is a starting point for developing other operational tools such as checklists for the inspectorates. Finally, it is a prerequisite to improve transparency. Developing licensing and inspection information portals, publishing the most up-to-date sectoral regulations, and developing guidance for businesses, requires having these inventories. The most challenging aspect of such inventories is their sustainability. Since their value lies in the accuracy of the information, keeping them up-to-date every time a new law or regulation comes into force is crucial. 2. Designing and implementing risk-based regulatory delivery for licensing and inspections requires developing tools. In the case of licensing, this requires developing risk assessments13 and benchmarking with other good practices to determine the appropriate level of risk for each business activity. It also requires designing and implementing different instruments (i.e., registrations, approvals, ex ante inspections, etc.), procedures, and documentation requirements for each business activity depending on the risk. For example, low-risk businesses should be able to commence operations without being subject to ex ante inspections or authorizations. In mature systems, low-risk businesses either do not need to be licensed or, if subject to licensing, licenses should be obtainable through a simple registration that can help the authorities gather all relevant data for planning ex post inspections. Medium-risk activities can typically benefit from streamlined procedures and documentation requirements, as well. It is only high-risk businesses that should typically be subject to more stringent ex ante controls. When it comes to inspections, mature inspectorates carry out risk assessments to identify and evaluate risks 12. See the International Code Council 2020. 13. For a more extensive discussion on risk assessments, see United Kingdom, Better Regulation Delivery Office (BRDO) 2012. 12 in their regulatory domain. The risk assessments are typically based on set criteria that may combine both intrinsic factors (e.g., type of activities) and extrinsic factors (e.g., compliance history). The purpose of these tools is to assist inspectorates and inspectors in developing risk criteria to prioritize their inspection activities14 and improve targeting of high-risk subjects and objects (e.g., repeat offenders, structures with a high impact in terms of loss of life or injury, etc.). Risk assessments are a primary source of information in designing inspection planning. This can help inspectorates target high-risk businesses and thus allocate their resources efficiently. Other sources of information for inspection planning include complaints received from the public and intelligence collected through site- inspections. 3. Checklists are compliance assessment tools that guide inspectors during site inspections and complaints management by helping them determine the most appropriate response to mitigate risks. Checklists can also help improve standardization and consistency in inspections, as well as simplify and strengthen the inspection procedure by ensuring that inspectors focus on the key elements of compliance and on what are likely to be the main risk areas. In addition, checklists can help raise private sector awareness and compliance regarding the areas on which the inspection subjects will be scrutinized. Finally, checklists are a useful tool to collect, process, and analyze information in an efficient, reliable, and standardized manner to inform risk assessments and risk-based planning. By ensuring consistency, checklists serve as especially important tools for less mature systems trying to implement a risk-based approach. A comprehensive checklist consists of a list of questions with assigned weighting, references to the legal basis for each question, and an aggregate score. 4. Inspection equipment can help inspectorates deliver on their mission to improve compliance and safeguard public goods. This is an important area to measure since it is a proxy for the extent to which inspectorates have adequate resources to carry out their mandates, as well as for the extent to which they focus on prevention and advice. Moreover, inspection equipment is important for implementing a risk-based approach. For example, when deciding on official laboratory analysis or applying temporary bans, such decisions can be better informed if inspectors possess mobile laboratory equipment for fast indications. More mature systems have a well-developed framework for how and when to deploy equipment based on the types of inspections carried out and the procedures for its use (e.g., calculation, testing, simulation, etc.). They also have a framework and budget for maintenance. Developing systems may provide the inspectorates with equipment, but this is not supported by a deployment and sustainability framework. Lastly, starting systems do not allocate adequate resources for equipment or, if they do allocate funding, it does not cover all inspectorates; they also lack deployment and sustainability frameworks. 5. Enforcement management is an important component of a preventive and risk-based system. This consists of a legal framework that stipulates a spectrum of sanctions that enable proportional enforcement (see question 2 in the legal domain). For example, minor infringements that do not pose risks to the regulators’ objectives should be dealt with through guidance, advice, or warnings. More severe responses should be reserved for repeated infringements and/or for when the businesses’ operations pose significant risks. Moreover, enforcement management consists of operational tools that help inspectorates ensure consistency, proportionality, and transparency in enforcement decisions. This is typically achieved by developing decision-making tools (e.g., guidelines to inspectors and decision 14. Note that inspection activities can include a broad range of activities, not just site inspections. For example, they can include awareness-raising campaigns, development of guidance to businesses, and information-sharing with other authorities, among others. 13 trees), to help inspectors identify the most appropriate enforcement action in the event of noncompliance. Moreover, in mature systems, decision-making tools distinguish between risks and administrative noncompliance. This must be reflected both in the legal framework and in the decision- making tools that implement the law on sanctions. Moreover, in mature systems inspectors are required to consider several factors when making an enforcement decision, such as the businesses’ compliance history, the severity of the violation, and the associated degree of risk, among others. This must be reflected both in the legal framework and in the decision-making tools. Regulatory Technology 1. A key prerequisite to digitalizing licensing and inspections are digital and interoperable business registries and databases that allow initial risk categorization. Typically, the first challenge for regulatory bodies digitalizing licensing and inspections is availability of accurate data on businesses. Many developing jurisdictions still face fragmented, poor-quality business databases. A BOX 2 common workaround is to use a taxpayer’s Technical Safety Authority in British Columbia registry to form a database of subjects and (BC), Canada, achieved a “maturing� level in objects of inspection. This approach does not certain domains for business licensing and offer a data management mechanism to keep inspections. It is a delegated administrative the data updated, however, and is missing authority that oversees the safe installation and information on the profile of establishments or operation of technical systems and equipment facilities where economic activities operate. across the province of British Columbia. The These constraints limit the initial risk Authority developed policy, institutional, and digital technology transformations to improve categorization of businesses and objects to the efficiency and risk management. Using a intrinsic risk data available. A comprehensive combination of data generated through database of subjects and objects of inspection inspections along with permits and declarations, requires integrating business registries and the developed AI/machine learning algorithm registries of issued permits and licenses with an predicts the risks associated with regulated inspection database. Only such an integrated assets in BC. It informs the development of regulatory database allows application of both annual inspection plans, but also informs intrinsic and extrinsic risks,15 such as inspection inspectors’ daily priorities. (See Donor results or severity of inspection measures, when Committee for Enterprise Development (DCED) digitalizing risk-based licensing and inspections. 2020.) Further, an extension to integrating private sector data, such as IoT-driven data, enables inspections to advance to the next level: risk intelligence to capture forward-looking risks to inform decision-making for inspection activities that can prevent the risks from arising, i.e., to identify potential risks and act to prevent them from emerging.16 15. Intrinsic risks refer to those internal to a business or establishment (e.g., economic activities, size, scale, location), while extrinsic risks are external to a business or establishment (e.g., last inspection visit result, severity of violations, received complaints). 16. Risk intelligence goes beyond risk management. While risk management prevents risks from materializing, risk intelligence identifies potential risks to prevent them from emerging. It requires real-time and integrated business data and emerging technologies for data insights (such as AI). It allows regulators to act earlier (as compared to risk management, for which actions are organized after a risk has already emerged) to prevent them from materializing. 14 2. An initial step in digitalizing licensing and inspections is publishing online information on sectoral regulations and administrative procedures. Experience shows that establishing informational online portals and publishing business administration procedures that allow businesses to easily navigate them is not sustainable without a mechanism to ensure data updates following regulation changes. These mechanisms range from an internal online notification mechanism requesting manual updates of administrative procedures from relevant regulatory bodies following relevant regulation changes to machine-readable regulations where data on administrative procedures is attached to regulation (i.e., the administrative procedure becomes regulation metadata and is updated along with regulation changes).17 Typically, the administrative procedures for business authorizations (permits, licenses, certificates, etc.) are published online, followed in the next phase by publishing the inspection checklists. More advanced informational portals on administrative procedures are integrated into the overall e-Government portal and structure administrative procedures according to business life events (entry, expansion, internationalization) and economic activities. They also implement chatbots to support users in navigating through administrative procedures and allow application of advanced mechanisms for regulatory risk management and compliance (such as self-assessment). 3. Digitalizing risk-based licensing and inspections requires having e-Government shared services in place. Digital ID and signature, cloud hosting, e-Payment, and interoperability of e-Government shared services are prerequisites to digitalize licensing and inspections. Considerations on the use of mobile e- Inspections for field visits depend on internet connectivity and broadband. Lack of government technology (GovTech) and digital infrastructure prerequisites makes digitalizing licensing and inspections difficult to achieve. For example, without digital ID and signature, paper documents cannot be completely removed from the processes, creating the possibility for parallel flows and uncertainty (e.g., a permit can be processed using paper application and documents without data recorded to the digital platform). The lack of a horizontal interoperability system or government service bus (like X-Road in Estonia) would require implementing point-to-point data exchange interfaces between digital business licensing and inspection digital platforms and external registries. Such fragmented approaches to data exchange impede overall sustainability and increase maintenance costs of the licensing and inspections digital solutions. Lastly, recent revelations of cybersecurity threats emphasized a need for an e-Government cloud to ensure continuity of operation and resilience of digital solutions for public service delivery. 4. Digitalizing licensing and inspections requires an evolutionary and phased approach to implementation. Implementation ranges from an online informational portal publishing information on administrative procedures and basic ICT automation of physical one-stop shops for business licensing to fully digital and integrated solutions for business licensing and inspections. Countries advance first in digitalizing business authorization processes, implementing both the online services for businesses and the backend digital processing workflows for issuing licenses. Experience shows that the digitalizing the highest priority business authorizations (e.g., typically 100) is a major milestone that results in significant Recent implementations involve the Technical Safety Authority of British Columbia in Canada and Andra Pradesh in India (for more details, see Donor Committee for Enterprise Development (DCED) 2020). 17. Machine-readable formats for regulations, such as XML or JSON, represent a higher level of digitization and enable greater machine understanding of documents through the use of ontologies, elements, attributes, and tags that create metadata describing the structure and content of text in a way machine readers can use. For more details, see MIT Drafting X2RL: A Semantic Regulatory Machine-Readable Format, available at https://law.mit.edu/pub/draftingx2rl/release/2. 15 benefits for the private sector.18 Digitalizing inspections requires more effort, and a phased approach despite the possibilities that shared e-Inspections platforms offer. Digitalizing inspections requires that inspection tools and procedures (checklists, complaints management, risk models, sampling, enforcement management) be developed first, along with inspectors’ capacity to apply the new risk- based approach and e-Inspections. Such tools and procedures are specific to inspectorates, and require adaptation to each inspectorate’s specific needs; i.e., the new inspection tools and shared e-Inspection system are configured and rolled-out in phases organized according to the individual inspectorates. 5. Sustainable operation of digital solutions for business licensing and inspections requires institutional capacities and adequate budgetary resources. Countries and jurisdictions that have implemented separate e-Inspection and e-Business Licensing digital platforms found it more challenging to implement sustainable solutions, as decision-makers (i.e., ministries of finance) could not see a direct revenue stream coming from risk-based inspections when deciding on the budget. Furthermore, an in-house ICT staff must be engaged by regulators from the beginning of implementing digital solutions to develop the necessary capacity for supporting its use and maintenance. Along with in-house ICT staff, the maintenance and required upgrades of digital solutions also require the engagement of external software vendors. If commercial-off-the-shelf (COTS) software products are used, the system will depend on the software vendor that owns the software product for future system maintenance and upgrades; this should be taken into account when designing an implementation approach in a transformational project to improve business licensing and inspections. Maturity Assessment Outputs Scoring The scoring for calculating results according to five maturity domains is linked to the answers given to the domain questions. Each of the five domains has five questions with three possible responses: 0, 1, or a maximum of 2 points. The maximum number of points for each maturity domain is thus 10. If the aggregate number of points for a domain is between 0 and 2, the maturity level is designated as “Starting�; if it is between 3 and 6, the level is labeled “Developing�; and if the number of points is between 7 and 10, the domain maturity level is termed “Maturing� (Table 2). Table 2. Scoring and maturity levels Level Description Point range This maturity level is characterized by fewer than three questions 0–2 points Starting in a domain/category achieving minimum points (1) and other questions receiving zero points. This level indicates at least three questions in a domain/category 3–6 points Developing achieved the minimum score (1). This level shows at least two questions in a domain/category 7–10 points Maturing achieved a maximum score (2) and other questions received at least the minimum score (1). 18. Setting priorities for regulatory streamlining and digitalization applying the Pareto principle was applied in Singapore and Moldova and resulted in significant and quicker benefits to the private sector while also maintaining the momentum needed to continue the efforts. 16 Figure 1. Example of maturity assessment radar chart Laws and regulations 10 7-10 “Maturing� 9 8 3-6 “Developing� level level 7 6 5 Institutional 4 Regulatory technology 3 framework and 2 leadership 1 0 0-2 “Starting� Maturity level assessment result Procedures, tools, and Key policies and transparency capacities High-Level Roadmap The High-Level Roadmap is intended to provide TTLs with an indication of the potential activities and an estimated timeline for implementation depending on the jurisdiction’s maturity level in each domain. The Roadmap can also help TTLs sequence transformational activities during a reform cycle. The maturity model assessment characterizes transformational activities according to five maturity domains (see Figure 2). This can be used to initiate the policy dialogue with the client and determine the appetite for reform across one or more domains. At the same time, when it comes to designing operations for technical assistance or lending, it is recommended that the TTLs consult with subject matter experts and/or the global team to ensure the implementation roadmap is adequately tailored to the specific client needs. Figure 2. High-level indicative transformational roadmap 17 Budget Considerations The cost of modernizing business licensing and inspections depends on the starting maturity level and the size of the jurisdictions; the typical range in between US$5 million and US$20 million. Experience shows, however, that while this is a multimillion endeavor, return on investment is quick and significantly exceeds the investment, including for initial results. Recent examples of projects in Moldova and Jordan show direct annual savings for the private sector of approximately US$15 million and US$12 million, respectively. The indirect savings, such as new export sales or paid wages, go to nine digits. In Moldova, recent licensing and inspections reform and support for MSMEs generated new export sales of US$225 million and 2,079 new jobs. The typical costs of modernizing licensing and inspections include costs of legal analysis and design, capacity development, and digitalization. Legal work involves review of sectoral laws regulating business authorizations and inspection requirements for risk-based approaches, as well as setting up a framework for cross-institutional collaboration and digitalization. The cost of these activities ranges from several hundred to one million US dollars, depending on the scope (such as number or type of prioritized business sectors). The cost of developing institutional capacities typically requires investments in the millions (e.g., over US$10 million for national-level initiatives) when new buildings must be equipped and specialized inspection equipment (such as mobile laboratories, ICT equipment, and relevant training) provided. Digitalizing licensing and inspections require between US$1 and US$2 million to implement or upgrade a shared digital licensing and inspection solution (see examples in Table 3 below). These costs do not include digital assessment for developing the technical concept and technical requirements specifications for the digital solution. They also assume that prerequisite e-Government shared services are ready and can be integrated, including digital ID and signature, cloud hosting, e-Payment, service bus for data sharing (GSB), and business process management (BPM). Experience from WBG operations shows that one or more e- Government shared services may require upgrades as a prerequisite to digitalizing licensing and inspections. The cost estimate of these e-Government platform upgrades is beyond the considerations addressed in this maturity model. Table 3. Examples of typical costs of modernizing licensing and inspections19 Jurisdiction Contract Amount Description Implementing the legal framework for licensing and inspections as well as the operational tools for the inspectorates to implement a risk- Implementing a risk-based Licensing €3.2 based approach. This cost does not include Greece & Inspections System million implementing the digital technology platform but does include the design of the technical concept and technical requirements specification. Integrated Inspection Management A contract with the vendor to implement a US$1.6 Jordan System for Jordanian Inspectorates shared inspection management digital solution million (2016) for 12 inspectorates. Information system for A contract with the vendor to implement a US$1 Moldova Mechanism for Managing and digital solution for business licensing. As of million Issuing Permits of Moldova (2017) December 2021, 78 business permits were fully 19. Content for this table was drawn from published World Bank Group corporate procurement contract awards and World Bank documents and reports. 18 Jurisdiction Contract Amount Description digitalized, and 54% of applications were submitted online. e-Permitting System for Serbia US$1.1 A contract with the vendor for digitalization of Serbia (2019) million 100 business permits. 19 Appendix Maturity model assessment questionnaire The maturity model assessment is developed as an HTML interactive document. It allows TTLs and investment climate experts to answer the questionnaire, see the results of the maturity assessment according to five maturity domains, and generate a list of indicative transformational activities that can be considered for improvements. The assessment results and indicative transformational activities can be used for policy discussion with a government client to decide on the scope of business licensing and inspection modernization and to plan the transformational project. Terms of reference for the maturity assessment Objectives of the Assignment The World Bank (WB) is hiring a Short-Term Consultant to carry out the Maturity Assessment for licensing and inspections in country XX. The Consultant is expected to use the inputs provided by the WB, fill out the maturity assessment questionnaire, and suggest transformational activities that can be considered based on the maturity assessment scoring. Inputs provided by the WB • The maturity assessment questionnaire • The maturity assessment roadmap • The maturity assessment user manual Tasks The Consultant is expected to perform the following tasks: 1. Review the inputs provided by the WB team. 2. Collect information and fill out the maturity assessment questionnaire by conducting desk research and by interviewing regulators, inspectors, businesses, and private sector representatives. Deliverables The Consultant is expected to deliver: • a complete maturity assessment questionnaire • a short write up on the findings (2 to 3 pages) • a table of recommended transformational activities based on the maturity assessment scoring Required Qualifications • Advanced academic degree (masters or PhD), in public policy, law, economics, or a related field. Where the diagnostic focuses on a specific economic sector or regulatory domain, a different academic background may work as well. For example, if the diagnostic focuses on the environmental domain, the Consultant could have an academic background in environmental management, environmental law, environmental science, environmental engineering, or similar. • At least 5 years of experience in regulatory reforms. • Experience in business licensing and inspection reforms. • Experience in interacting with government officials and representatives from the private sector. 20 • Experience in business regulation reform; particularly desirable is experience in licensing and inspection reforms. • Strong analytical skills; ability to translate findings into actionable policy recommendations. • Ability to work under pressure, collaborate effectively on a team, and learn and assimilate new information/topics swiftly. • Strong analytical and writing skills; ability to translate findings into actionable policy recommendations. • Ability to work independently with minimal guidance. • Fluency in English. • Conversant with Microsoft Office Suite applications (Word, Excel, and PowerPoint). Supervision and Timing The consultant will be supervised by Task Team Leaders (XX) Timeline: (insert dates) Level of effort: 15 to 20 days Confidentiality Statement All data and information received from WB for this assignment are to be treated confidentially and are only to be used in connection with the execution of these Terms of Reference. All intellectual property rights arising from the execution of these Terms of Reference are assigned to the WB. The contents of written materials obtained and used in this assignment may not be disclosed to any third parties without the express advance written authorization of the WB. 21 Bibliography Blanc, F. 2018. From Chasing Violations to Managing Risks: Origins, Challenges and Evolutions in Regulatory Inspections. Cheltenham, UK: E. Elgar. Blanc, F., and G. Ottimofiore. 2015. “Regulatory and Supervisory Authorities in Council of Europe Member States Responsible for Inspections and Control of Activities in the Economic Sphere — Structures, Practices, and Examples.� PRECOP RF Project, European Union and Council of Europe. Cordova, C., and T. Sahovic. 2010. “Inspections Reforms: Do Models Exist?� International Finance Corporation, Washington, DC. https://openknowledge.worldbank.org/handle/10986/25077. License: CC BY- NC-ND 3.0 IGO. https://openknowledge.worldbank.org/bitstream/handle/10986/25077/Inspections0reforms000do0models0 exist0.pdf?sequence=1&isAllowed=y. Donor Committee for Enterprise Development (DCED). 2020. “Use of New Technologies in Regulatory Delivery.� Donor Committee for Enterprise Development, Cambridge, UK. https://www.enterprise- development.org/wp-content/uploads/DCED-BEWG-Use-of-NewTechnologies-in-Regulatory-Delivery.pdf. Dugeree, J., G. Cola, F. Blanc, and G. Ottimofiore. 2019. “Lessons from Creating a Consolidated Inspection Agency in Mongolia,� Chapter 25 in Regulatory Delivery, edited by G. Russell and C. Hodges, 411–36. Oxford: Hart Publishing. Health and Safety Executive. 2013. Enforcement Management Model (EMM): Application to Health Risks. FOD HQ/OSEA Unit/Legal & Enforcement, HMSO, London. https://www.hse.gov.uk/foi/internalops/ocs/100- 199/130_5/. International Code Council (ICC). 2020. “Recommended Practices for Remote Virtual Inspections (RVI).� International Code Council Publishing, Washington, DC. http://media.iccsafe.org/2020_MarComm/Remote_Video_Insp_FINAL_w_Covers.pdf. International Finance Corporation (IFC). 2010. Business Inspections in Mongolia. Washington, DC: International Finance Corporation. International Finance Corporation (IFC). 2021. Kyrgyz Republic — Inspection Reform Case Study: The Reform Process (2006–2019): What Can We Learn? Washington DC: International Finance Corporation. https://openknowledge.worldbank.org/bitstream/handle/10986/36895/Approaches-to-Integrated- Inspections-Reforms-Based-on-Selected-Case-Studies.pdf?sequence=5&isAllowed=y. Mangalam, Srikanth, and Goran Vranic. 2020. “Use of New Technologies in Regulatory Delivery: Summary Note and Case Studies.� Business Environment Working Group, Donor Committee for Enterprise Development, Cambridge, UK. January. https://www.enterprise-development.org/wp- content/uploads/DCED-BEWG-Use-of-New-Technologies-in-Regulatory-Delivery.pdf. Organization for Economic Co-operation and Development (OECD). 2012. Inspection Reforms: Why, How, and With What Results. Paris: OECD Publishing. https://www.oecd.org/regreform/Inspection%20reforms%20- %20web%20-F.%20Blanc.pdf. Organization for Economic Co-operation and Development (OECD). 2014. “Regulatory Enforcement and Inspections,� OECD Best Practice Principles for Regulatory Policy, OECD Publishing, Paris. https://www.oecd.org/gov/regulatory-enforcement-and-inspections-9789264208117-en.htm. 22 Organization for Economic Co-operation and Development (OECD). 2018. OECD Regulatory Enforcement and Inspections Toolkit. Paris: OECD Publishing. https://www.oecd.org/gov/regulatory-policy/oecd-regulatory- enforcement-and-inspections-toolkit-9789264303959-en.htm. Organization for Economic Co-operation and Development (OECD). 2020a. Regulatory Enforcement and Inspections in the Environmental Sector of Peru. Paris: OECD Publishing. https://www.oecd.org/gov/regulatory-policy/regulatory-enforcement-and-inspections-in-the-environmental- sector-of-peru-54253639-en.htm. Organization for Economic Co-operation and Development (OECD). 2020b. “Removing Administrative Barriers, Improving Regulatory Delivery.� OECD Policy Responses to Coronavirus (COVID-19), OECD Publishing, Paris. https://www.oecd.org/coronavirus/policy-responses/removing-administrative-barriers- improving-regulatory-delivery-6704c8a1/. United Kingdom, Better Regulation Delivery Office (BRDO). 2012. Proposals for Developing a Common Approach to Risk Assessment. BRDO: Professional Development and Culture Changes Resources, London. https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/263921 /risk-assessment-paper.pdf. World Bank Group (WBG). 2006. Business Licensing Reform: A Toolkit for Development Practitioners. Washington, DC: World Bank Group. https://documents1.worldbank.org/curated/en/664561468779400537/pdf/391130LicensingBook01PUBLIC1. pdf. World Bank Group (WBG). 2011. How to Reform Business Inspections: Design, Implementation, Challenges. Washington, DC: World Bank Group. https://openknowledge.worldbank.org/bitstream/handle/10986/25076/How0to0reform00entation00challen ges.pdf?sequence=1&isAllowed=y. World Bank Group (WBG). 2014. Implementing a Shared Inspection Management System: Insights from Recent International Experience. Washington, DC: World Bank Group. https://documents1.worldbank.org/curated/en/190851468152706158/pdf/907550BRI0Box30ment0System0 apr02013.pdf. World Bank Group (WBG). 2019. Business Licensing Reforms: Insights from Selected Country Experiences. Washington, DC: World Bank Group. https://openknowledge.worldbank.org/bitstream/handle/10986/32065/Business-Licensing-Reforms-Insights- from-Selected-Country-Experiences.pdf?sequence=1&isAllowed=y. World Bank Group (WBG). 2020. Risk-Based Approaches to Business Regulation: A Note for Reformers. Washington, DC: World Bank Group. https://openknowledge.worldbank.org/bitstream/handle/10986/34675/A-Note-for- Reformers.pdf?sequence=1&isAllowed=y. 23