Article 2 - What is a Breach of Legal Requirement and the role of the CQC

Article 2 - What is a Breach of Legal Requirement and the role of the CQC

In terms of CQC’s jurisdiction, what is a breach of a legal requirement and how should CQC report on it as part of an inspection?


This article considers the tension between (1) the way in which inspections are carried out and reports are written and (2) the way in which the CQC Enforcement decision tree says that CQC should go about deciding if there has been a breach




One might think that it would be a straightforward exercise to decide whether an act or failure to act amounts to a breach of a legal requirement. However, it is not always that simple. One has to consider the precise legal requirement under the relevant legislation. The Fundamental Standards, for example, are drafted in very general terms and are open to interpretation as to what might constitute a breach. One inspector might describe a concern as an improvement issue making a general recommendation in an inspection report, while another may see it is a breach of a legal requirement necessitating the issuance of a Requirement Notice. 


Why it matters


The above distinction is significant as a Requirement Notice is seen by CQC as the initial stage of civil enforcement, albeit in relation to perceived low risk, while the mere expression of a concern in a report is not. Furthermore, breach of a number of the Fundamental Standards constitute a statutory offence which could lead to criminal investigation and prosecution on the part of CQC. The distinction also impacts on ratings as CQC now says that if a provider is in breach of even a single regulation, the service cannot be rated better than overall requires improvement. The description of a matter as being a breach of a CQC legal requirement can also give rise to a breach of contract, say, with a local authority commissioner leading to embargoes and other adverse interventions. 


Lack of clarity as to what is a breach


The difficulty for providers is the lack of clarity around what is a breach. The previous regulations were more detailed than the Fundamental Standards which are little more than headlines. CQC has issued guidance for providers and managers on complying with the regulations which is of some assistance but it states that it is not exhaustive and that those registered must have regard to wider unspecified legislation and guidance relevant to their operations. The guidance also states that the KLOEs may assist providers in complying with regulations. While the new performance frameworks provide characteristics for outstanding, good, requires improvement and inadequate for each KLOE under each key question (rather than just highly generalised statements as was the case before), there is still room for ambiguity and uncertainty. In contrast, the Health and Safety Executive issues much more detailed guidance, sector by sector, on how to comply with its legal requirements. Of course, there will always be an element of professional judgement as part of CQC regulation but there is the need for consistency, particularly on the question of what is a breach of a legal requirement with all the negative consequences that can flow from it.




CQC’s internal decision-making processes


Helpfully there is a clear process within CQC for deciding whether there has been an actual breach of a legal requirement and if there has, how CQC should respond. It is set out in what is called the ‘CQC Enforcement decision tree’ (January 2017).  At Stage 1 there will be an initial assessment of the concern but there is an acknowledgement that it is not feasible to follow up every potential breach. Only if “initial enquiries do not provide assurance that people using regulated services are reasonably protected from harm, or that a provider or individual may need to be held to account for the breach, escalation to enforcement and Stage 2 of the decision tree should be considered.”  It is only at Stage 2 that a legal and evidential review will be conducted “to determine whether there is sufficient evidence of a breach of the legal requirements by a registered person.”  So any issue that does not proceed to Stage 2 can only be a concern or potential breach as there will have been no legal and evidential review undertaken to make a determination of actual alleged breach.


At Stage 2, escalation to enforcement will only proceed if the inspector “considers that the evidence demonstrates an identifiable breach of a legal requirement and the evidence is sufficient and robust to prove the breach.” So that further limits the instances where CQC can with confidence say there is a breach. If CQC cannot prove a breach, it should not be alleging one. Only when that test is met in the affirmative will it lead on to selection of appropriate enforcement action (Stage 3) of which a Requirement Notice is the least serious option.  CQC places reliance on Regulation 17(3) in issuing a Requirement Notice, requiring the provider to provide a report explaining the actions it proposes to take to ensure compliance with its obligations. In the past they were called compliance actions. The provider is required to provide an action plan, no more, as one would expect as a minimum if there is an identified breach.  One could argue it is not really an enforcement step in relation the particular alleged breach, merely a statutory requirement that an action plan be submitted showing how compliance has or will be achieved.




Sometimes inspectors describe something within an inspection report as being a breach of a particular regulation without first following the stages in the Enforcement decision tree. CQC may say that this does not matter if it does not take formal enforcement action. However, it does matter given potential clients will be guided by adverse findings in inspection reports which may also trigger commissioners into action. CQC also has a clear process for going about deciding if there has been a breach or not which it cannot ignore. It follows that CQC should not be describing something as a breach without having first made a determination in accordance with its own policy.


By applying the Enforcement decision tree fully and correctly, CQC can say with confidence that there has been a breach of a legal requirement which can be proven on the basis of robust evidence which necessitates some form of statutory intervention.  It would be unreasonable if inspectors could allege breaches that have not been the subject of full and careful scrutiny. Of course, it may not be possible to report on the enforcement action in the report as it may be on-going but at least the regulator can identify actual alleged breaches in the report having invoked and followed Stages 1, 2 and 3 of the decision tree.  


Stage 3 adds rigour to the process as there will be a Management Review Meeting (MRM) which can call on legal advice in relation to the facts and the evidence. As the decision tree states, “The MRM…ensures that there is a documented rationale for all decisions and to provide an audit trail to show how decisions were reached.” In other words, there is accountability for the decisions taken, it is not just the opinion of an inspector.  Most importantly it helps promote consistency so that all registered persons are treated equally.


In the absence of a Stage 3 decision on compliance (is the provider breaking the law or not?), the report should simply be a performance review that applies the KLOEs and the characteristics, arriving at ratings at key question and provider level.


How CQC ensures consistency outside of the MRM process was highlighted as an issue in the recent report into 14 Colne Road available on the CQC website.  CQC has responded to say that “a review of post inspection quality control systems has been undertaken by the Quality and Risk Team. The resulting programme of work is being managed by the Inspect and Rate Board and completion is expected by the end of September 2018.” It is hoped that CQC will review its internal processes to make it clear when reports can expressly allege a breach of a legal requirement given that at the moment there is little consistency outside of the MRM process.



Neil Grant - Partner Gordons Partnership LLP 6 July 2018


I would like to thank Michael Curtis QC and Duncan Howells for their assistance in the preparation of this article