Jerry Pournelle (a fascinating character - writer and scientist - who I wish I had discovered earlier) formulated the 'Iron Law of Bureaucracy' as follows: "In any bureaucracy, the people devoted to the benefit of the bureaucracy itself always get in control and those dedicated to the goals that the bureaucracy is supposed to accomplish have less and less influence, and sometimes are eliminated entirely". I recognise this as, at least, an acute observation though, perhaps, falling short of a law.
I wish then to propose a second Iron Law of Bureaucracy in a similar spirit: "Systems complexify. Any bureaucratic system will tend to accrete complexity and layers of control, unintended by the original designers but necessitated by the broader context." Whilst this is also less than a true law, it probably comes nearer, grounded as it is in systems theory.
My work in government has inclined me to look favourably on the requirement for regulation and for the use of law to achieve desired policy outcomes. My experience out of government has however, led me to confront the many negative aspects of this approach. In universities we have certainly encountered all of these: we have felt compelled to put in place systems of oversight, control and reporting, as well as elaborate policy frameworks, way out of proportion to the problems we were originally intended to address and engendering significant additional operating costs. In some cases, this overhead defeats the policy goal altogether.
How did this come to be? I tend to assume that the original progenitors of the policy did not have the consequences in mind. Clearly, it does not help that many of them have a limited understanding of the management of the organisations for which they have a policy responsibility. In general however, I believe they wish to do the right thing and I sympathise with their objectives.
Let us take a simple example to illustrate the operation of the second Iron Law. We assume that the government wants universities to register international engagements (projects, collaborations, partnerships and so on) where these engagements include an element of direction by foreign states or state-related actors. To protect against the most egregious abuses, involving espionage and covert political influence, they include criminal sanctions for failure to register. This all seems quite reasonable and is, in my judgment, proportionate to the problem being faced. The obvious implementation involves a simple, lightweight digital registration process (actually, this is probably a stretch for government, but that is for another time) intended as a minimal operational imposition.
Now let us view this registration requirement from the perspective of the universities that are subject to it. First, the sanctions, intended only to capture a small number of cases, are now front and centre. Universities cannot set aside the reputational risk, let alone the risk to its employees, to whom they owe a duty of care. There is no scope for the exercise of judgment. They must put in place a complex process for assurance, compliance and, in inevitable turn, training. They must monitor the data arising from the process and report it into their own risk-management processes. They must establish a clear chain of responsibility - who, exactly, registers what - and accountability, probably centralising a hitherto largely distributed task. Internal sanctions for compliance failures will have to be instituted, again with the appropriate process laid down. They will need to develop a shadow process of due diligence. To ensure they are doing the right thing they will need to establish sector best practices and benchmarks. And so on.
Thus, the workings of the second Iron Law of Bureaucracy. A simple requirement has generated a bureaucratic system that will become more onerous and rule-bound over time. Nobody is really to blame, perhaps if government were to develop an instinct for partnership, perhaps if universities were to adopt a different way of managing risk and discard the controlling instinct. Neither of these seem likely, both rely on trust (a 'meta-systemic property') which is absent. Otherwise, by the inexorable operation of the Iron Law, systems complexify.