Summary

  • Institution-funded review is common and not automatically illegitimate, but independence must be engineered rather than assumed from the word independent.
  • The key safeguards are fixed terms, transparent appointment rules, conflict disclosure, challenge rights, protected tenure and compensation that does not rise or fall with the outcome.
  • Small technical communities create repeat-player risks, so reviewers should disclose professional, financial, advocacy and prior-advice connections to both the registry and the appellant.
  • The review budget should buy adjudicative capacity, not loyalty: institutions gain legitimacy when they can lose before a reviewer whose position and pay are secure.

Funding is not the whole independence question

The fact that a review system is paid for by the institution under review is uncomfortable but not unusual. Courts, ombuds offices, arbitration systems, corporate auditors, inspectors and accountability mechanisms often depend on budgets controlled by the entity whose decisions they examine. The real question is not whether money comes from the institution. It is whether the flow of money can influence appointment, tenure, procedure or outcome.

A registry review mechanism needs money. Reviewers must be selected, supported, translated, scheduled, insured and paid. If every appellant had to finance the whole system, access would shrink and well-resourced holders would dominate. If the community funded every case through ad hoc contributions, continuity would be uncertain. Institutional funding can be the practical answer.

But institutional funding becomes dangerous when it is discretionary in the wrong places. If management chooses the reviewer case by case, controls future work, can reduce compensation after an unpopular result or can quietly stop appointing reviewers who rule against it, independence is fragile. A reviewer may never receive an explicit instruction and still understand the incentive structure.

The governance task is to design funding so that the institution pays for capacity, not for loyalty. That means fixed terms, published compensation, conflict rules, challenge procedures, case assignment discipline and budget protection. Independence is not a character trait. It is a set of institutional arrangements that make courage affordable.

The word independent should be earned

Institutions often label review bodies independent because the reviewer is outside staff or because the process uses an external professional. That is a start, not an end. A consultant paid repeatedly by the registry can be outside staff and still economically dependent. A respected expert can be neutral in general and conflicted in a specific case. A panel can sit outside the board and still depend on the board for renewal.

The label should be supported by visible safeguards. Who appoints the reviewer? For how long? Can the reviewer be removed? Who sets fees? Are fees published? Does either side have a veto or challenge? What conflicts must be disclosed? Can the reviewer receive future registry work? Who controls the case record? Are decisions published or summarised? Is dissent allowed?

A review system that cannot answer those questions asks the community to trust reputation. Reputation matters, especially in technical communities, but it is not enough when the dispute concerns valuable resources, continuity and institutional power. The affected holder should not have to prove bias from inside a system whose safeguards are hidden.

Earning the word independent also protects the institution. A registry that loses before a well-designed reviewer can accept the loss as legitimacy cost. A registry that wins before a weakly designed reviewer may still face suspicion. The safeguard is therefore not only for appellants. It makes institutional victories more credible.

Fixed terms reduce result pressure

The first protection is tenure. A reviewer appointed only for one case may still be independent, but repeat appointment by the reviewed institution creates pressure. A reviewer serving a fixed term, with removal only for defined cause, has more room to decide against the institution without fearing immediate disappearance from the roster.

Fixed terms should be long enough to support independence and short enough to allow renewal of expertise. Staggered terms reduce the risk that one board or executive team replaces the whole review bench. Renewal rules should be transparent. If reappointment is possible, the criteria should not depend on whether the reviewer has favoured the institution.

Removal rules matter. The institution should not be able to remove a reviewer because of a pending case, an unpopular interim order or a pattern of decisions. Grounds such as incapacity, misconduct, conflict, failure to perform or serious breach of procedure should be defined and, ideally, decided by a body other than the management whose decision may be under review.

Fixed terms do not guarantee courage. They change the incentive environment. The reviewer knows that the next invoice, appointment or continuation is not directly controlled by the result of the current dispute. That structural security is the foundation on which professional ethics can operate.

Compensation must be detached from outcome

Payment design is the second protection. A reviewer should know the fee schedule before the case and should be paid regardless of who wins. The fee should not include success premiums, discretionary bonuses, informal future-work promises or management approval tied to the substance of the decision. Even a small discretionary element can become symbolically corrosive.

Hourly compensation is common but can create other incentives. A complex case may require real time, but open-ended hours can be attacked by either side. Fixed case fees can control cost but may underfund difficult review. A hybrid model can work: published base fee, defined hourly rates for extraordinary work, independent approval for major budget increases and disclosure of total compensation ranges.

Payment timing also matters. If the institution can delay payment after an adverse ruling, the reviewer learns that independence has cash-flow costs. Fees should be administered through a budget line, escrow, provider or finance process that treats payment as administrative once work is performed. The reviewed management should not approve invoices based on satisfaction with the outcome.

The parties should know the compensation structure. They do not need every private banking detail. They do need enough information to assess whether the reviewer has an economic stake in pleasing one side. Published pay rules transform suspicion into a checkable design question.

Conflict disclosure must fit small technical communities

RIR disputes occur in small worlds. Experts attend the same meetings, serve on the same committees, advise the same operators, write policy together, consult for registry-adjacent entities and take positions in public debates. A conflict rule limited to direct employment or family relationship will miss the real repeat-player risks.

Reviewers should disclose financial, professional, advisory, advocacy and significant social connections to the registry, the appellant, major affected customers and known interested groups. Prior public statements on the issue may not disqualify, but they should be visible. Prior paid advice on the same facts is more serious. Ongoing consulting for the registry should usually disqualify from reviewing registry sanctions.

Disclosure should be early and continuing. A reviewer may learn during the case that a former client is affected or that a firm relationship creates indirect exposure. The duty should require updating. Both sides should have a defined period to entity, and objections should be decided by a neutral process or by the panel excluding the challenged member.

The aim is not to pretend that reviewers have no history. Expertise comes from history. The aim is to separate useful expertise from compromising dependence. A technical community can tolerate known viewpoints better than hidden relationships. Transparency lets parties distinguish experience from alignment.

Appointment should not be controlled by the losing-interest party

If the institution under review selects the reviewer after seeing the dispute, independence is at its weakest. The selector knows the issue, the holder, the stakes and possibly the kind of reviewer likely to be sympathetic. Even if selection is honest, the optics are poor. Appointment rules should reduce case-specific discretion.

Several models can work. A standing roster can be approved through a multi-stakeholder process before disputes arise. Cases can be assigned by rotation, random selection or provider administration subject to conflict checks. Each side can strike a limited number of names from a pre-approved list. A three-member panel can include one institution-appointed member, one appellant-appointed member and a chair selected by agreement or neutral provider.

The right model depends on cost and case volume. Small registries may not need a large standing tribunal. They still need a rule that prevents management from choosing the judge after the challenge arrives. Even a simple rotation among pre-cleared reviewers is better than ad hoc selection by the office whose decision is appealed.

Appointment records should be preserved. The community should know how the reviewer was chosen, what conflicts were checked and whether any party objected. A review decision can then begin from a legitimacy baseline rather than spending its first pages defending the existence of the reviewer.

Procedure must protect the reviewer from institutional control

Independence is not only appointment and pay. It is also control over procedure. A reviewer who depends on the institution for evidence access, hearing dates, publication approval and communication channels may be structurally constrained even if formally neutral. The review rules should give the reviewer authority to manage the case.

That authority includes ordering production of the decision record, setting briefing schedules, granting reasonable extensions, protecting confidential material, deciding interim measures and asking technical questions. The institution may argue burden and confidentiality, but it should not be able to decide unilaterally what the reviewer may see.

Administrative support should be separated from advocacy. Staff may coordinate logistics, but they should not filter filings, summarise evidence for the reviewer without both sides seeing the summary or control the decision draft. If an external provider administers the process, its role should be defined. If registry staff administer, the file should show separation from the enforcement team.

Publication control is another pressure point. If the institution can suppress adverse decisions or publish only favourable summaries, review loses public value. Confidential details can be redacted, but outcomes, reasoning categories and remedies should be published or summarised under a rule that does not depend on whether the registry likes the result.

Interim orders test independence quickly

The first real test of independence may occur before the merits. The appellant asks for a stay of revocation, access to evidence, preservation of route-security services or protection of customer continuity. The registry opposes, citing risk. The reviewer must decide whether institutional action should pause or narrow while the case is heard.

If the reviewer lacks authority to issue interim orders, the appeal may be hollow. The holder can win later after the operational damage is done. If interim power exists but compensation, tenure or appointment incentives point toward institutional comfort, the reviewer may hesitate to use it. Design therefore matters most at the moment of temporary relief.

Interim orders should be reasoned and narrow. A stay can preserve registration while freezing transfers. Evidence disclosure can be staged. Customer continuity can be protected while abuse mitigation proceeds. The reviewer should not have to choose between total institutional paralysis and no relief. Independence includes the practical authority to craft middle remedies.

A registry should welcome disciplined interim review. If the emergency case is strong, the reviewer can say so and strengthen the institution's position. If the measure is too broad, early narrowing reduces later liability and public distrust. The ability to lose a preliminary point is evidence that the review system is real.

The reviewed institution should budget for losing

A review budget that assumes the institution will always win is not an accountability budget. Real independence requires planning for adverse decisions: refunds, restored services, corrected records, external costs, publication, staff time and possible compensation for review expenses where rules allow. If losing would create budgetary crisis, the institution has an incentive to resist review structurally.

Budget documents need not predict specific cases. They should allocate funds for review administration, reviewer compensation, translation, technical expert assistance and compliance with remedies. The budget line should not be raided because management dislikes a case. Nor should the institution punish the review function in the next budget cycle after an adverse result.

This is where member accountability enters. Members should ask not only whether review exists, but whether it is funded enough to work against the institution. A cheap mechanism that cannot handle a serious dispute may be worse than no mechanism because it creates false confidence. A transparent budget makes the cost of accountability visible.

Budgeting for loss is a cultural signal. It says the institution expects to be corrected sometimes. It also reduces defensiveness. When remedy costs are anticipated, compliance with review can be treated as ordinary governance rather than institutional defeat.

Repeat-player data should be published

Independence can erode through patterns invisible in one case. The same reviewer may be appointed repeatedly by the registry. Certain appellants may always face the same panel. Adverse interim orders may correlate with non-renewal. Fees may rise in cases where the institution wins. Without aggregate data, the community cannot see these patterns.

An annual review report can publish number of cases, reviewer appointments, conflicts disclosed, challenges made, outcomes, interim orders, time to decision, fee ranges, publication status and compliance with remedies. Sensitive case details can be anonymised where necessary. The goal is not to rank reviewers by win rate simplistically. It is to show whether the system distributes work and handles conflicts transparently.

Repeat-player data also protects reviewers. If a reviewer is accused of bias because of one decision, the broader record may show a balanced pattern. If the data show concentration or outcome-linked renewal, the institution can fix the design before legitimacy collapses.

The community should resist crude metrics. A reviewer who often upholds the registry may be applying strong records correctly. A reviewer who often rules for appellants may be encountering weak enforcement files. The data are a trigger for questions, not automatic proof. But without data, even the questions remain speculative.

Independence standards should be written before the dispute

The worst time to design independence is after a high-stakes case begins. Every rule then looks tactical. The appellant suspects the institution is choosing a favourable forum. The institution suspects the appellant is trying to delay. Reviewers inherit a legitimacy problem they did not create. Standards should be written before disputes.

The standards should cover appointment, term, removal, compensation, conflicts, challenge, confidentiality, interim measures, publication, costs and compliance. They should be adopted through a process that includes members and affected operational voices. They should be stable enough to prevent tactical change but revisable after public consultation when experience shows weakness.

Transition rules are important. If a new review system replaces an old one, pending cases need a fair path. The institution should not move a dispute to a newly designed process without consent or clear rule. Nor should a holder be allowed to freeze the system by insisting on obsolete procedures that no longer protect independence. The transition should be explicit.

Written standards create expectations before anyone knows who will benefit. That is their legitimacy. They also simplify disputes. Parties can argue application rather than inventing first principles under pressure. In a field where technical scarcity and institutional trust are intertwined, pre-commitment is a core governance tool.

Institution-funded independence can be credible

It is tempting to say that a reviewer paid by the institution reviewed can never be independent. That conclusion is too simple and, in many systems, impractical. The better question is whether the payment system prevents result pressure and whether the reviewer has enough authority, security and transparency to decide against the institution.

A credible design is possible. A pre-approved roster, fixed terms, cause-only removal, published fees, independent invoice administration, broad conflict disclosure, challenge rights, procedural authority, interim powers, publication rules and aggregate reporting can make institutional funding compatible with real review. The design will not eliminate every suspicion. It will give suspicion something concrete to test.

The institution should understand that these safeguards are not concessions to hostile holders. They are infrastructure for its own legitimacy. Severe registry decisions will be contested because number resources matter. The question is whether those contests occur inside a review system the community trusts or spill outward into courts, campaigns and operational uncertainty.

Independence is proven by the possibility of institutional loss. A review mechanism that can only affirm is advice. A mechanism that can reverse, stay, narrow, criticise and publish is accountability. Paying for that mechanism is not a conflict if the institution cannot buy the result. The budget should purchase judgment, not agreement.

Expert assistance should not become a hidden dependency

Some registry disputes require technical or financial expertise beyond the reviewer. The panel may need a routing expert, database specialist, accountant, translator or sanctions adviser. If the reviewed institution controls whether the reviewer can obtain that help, independence can be weakened indirectly.

The review rules should allow expert assistance under defined conditions. The reviewer should identify the question, the proposed expert, the cost range and any conflicts. Parties should be able to comment. Payment should come from the review budget or an allocated deposit process, not from discretionary management approval after the reviewer signals which issue matters.

Expert reports should be disclosed unless confidentiality requires a protected version. The reviewer should not receive private technical briefings from registry staff that the appellant cannot test. If staff expertise is needed, it should be presented as evidence or explanation in the case record. The reviewer may ask questions, but answers should be visible to both sides.

This safeguard matters because technical complexity can otherwise return control to the institution. A nominally independent reviewer without independent expertise may defer to the registry on every operational claim. Expert assistance gives independence practical content: the ability to understand the case without depending entirely on the party being reviewed.

Publication rules should survive embarrassment

A review system that publishes only comfortable outcomes is not independent in the public sense. Publication is how the community learns what standards mean, how remedies work and whether the institution accepts correction. Confidentiality may require redaction, but embarrassment is not a confidentiality category.

The rules should specify what is published: outcome, reasons, remedy, reviewer names, conflicts disclosed, costs category and compliance status. Sensitive customer data, security methods, personal information and privileged material can be removed. If a full decision cannot be published, a structured summary should be mandatory.

Publication should not depend on consent of the losing party. Both registry and appellant may prefer silence after losing. The public interest in accountable number-resource governance is broader. At minimum, severe sanctions and review outcomes affecting continuity should create a public learning record.

Embarrassing decisions are often the most valuable. They reveal where notices were thin, evidence was weak, remedies were excessive or conflicts were missed. A registry that publishes and fixes those problems gains more legitimacy than one that hides them. Independence is visible when the institution allows the review system to speak even when it would rather move on.

Members should oversee the review architecture, not individual outcomes

Membership accountability has a role, but it should be placed carefully. Members should help approve the design of the review system, budget, reporting and periodic evaluation. They should not vote on individual cases or pressure reviewers in live disputes. Case independence and system accountability are different functions.

Member oversight can ask whether the roster is diverse enough, whether fees are adequate, whether conflicts are reported, whether decisions are timely and whether remedies are implemented. It can commission periodic external assessment. It can revise rules after consultation. Those are governance tasks.

Individual outcomes should remain with the reviewer. If members can overturn decisions by political vote, review becomes another contest of influence. Holders and registries alike need a forum where the record, not mobilisation, controls. The community's power is to design and maintain that forum.

This separation is especially important in controversial resource disputes. Other members may have commercial interests in the outcome. They may compete with the holder, depend on registry favour or fear precedent. System oversight by members is necessary; case adjudication by member politics is dangerous.

Reviewers should explain the limits of their mandate

Independence includes honesty about jurisdiction. A reviewer may be able to decide whether the registry followed its rules, whether reasons were adequate, whether evidence supports a finding and whether a remedy is proportionate. The reviewer may not be able to rewrite regional policy, award damages, decide third-party customer contracts or bind courts. Those limits should be stated.

Explaining limits prevents false expectations. A holder may win a finding that the sanction process was defective but still need a new registry decision. A registry may win on authority but be told to improve publication. Customers may learn that their service dispute is outside the review. Clear mandate language reduces frustration after the decision.

Mandate limits should not be used to avoid hard questions within scope. A reviewer who can test proportionality should not decline simply because the remedy is operationally complex. A reviewer who can order disclosure should not defer entirely to the registry's confidentiality label. Independence means using the powers granted while acknowledging powers not granted.

A decision that states its limits is more credible. It shows that the reviewer is not trying to govern the whole Internet-number system from one case. It also shows that the institution cannot hide every issue by calling it policy. The boundary becomes reviewable rather than assumed.

Audit independence offers a useful analogy

Financial audit provides a helpful analogy. Auditors are commonly paid by the entities they audit, yet independence is pursued through appointment rules, professional standards, conflict restrictions, rotation, disclosure, oversight and liability. The model is imperfect for registry disputes, but it shows that payer identity is only one part of independence design.

The audit analogy also shows the danger of client capture. Long relationships, consulting income, management pressure and fear of losing future work can erode independence without explicit bribery. Registry review faces similar risks in a smaller community. A reviewer may value access, reputation, future appointments or institutional approval.

Borrowing from audit, registry review should separate review work from consulting work, disclose non-review income, rotate roles where appropriate and publish aggregate appointment data. It should also treat scepticism as a duty. The reviewer is not hostile to the registry by asking for evidence; that is the job.

The analogy should not be pushed too far. Registry review is adjudicative, not an annual financial assurance exercise. But both systems teach the same lesson: independence is maintained by structure, not by polite assertion. Payment by the reviewed entity can work only when the structure anticipates dependence risk.

Failure modes should be named in the rules

A robust system names its failure modes before they occur. What if the registry refuses to produce the record? What if the reviewer discovers an undisclosed conflict? What if the budget is exhausted mid-case? What if the institution does not implement the remedy? What if the reviewer resigns after an interim order? Silence on these questions creates leverage for whoever controls operations.

The rules should provide defaults. Failure to produce the record can support adverse inference or interim relief. Undisclosed conflicts can trigger replacement and possible rehearing. Budget exhaustion can activate a reserve or member-notice process. Non-implementation can require public reporting. Reviewer resignation can move the case to the next roster member without restarting every step.

Naming failure modes does not imply distrust of everyone involved. It reduces panic when stress arrives. High-stakes registry disputes will test the edges of any procedure. The community should not be designing those edges while one party's resources are at risk.

The reviewed institution benefits from these defaults too. Staff can follow rules rather than improvising under accusation. Reviewers know their authority. Holders know their remedies. Independence becomes resilient because the system has already imagined the moments when independence is hardest.

Cost shifting should not punish successful oversight

Cost rules can quietly influence independence. If the institution must pay all costs only when it loses, it may resist reasonable settlements or narrow concessions to avoid a formal loss. If the appellant risks ruinous costs for bringing a serious challenge, review becomes theoretical. The rules should allocate costs in a way that supports good conduct rather than institutional pride.

One model is for the registry to fund the standing review capacity and ordinary reviewer compensation, with exceptional cost shifting for frivolous claims, bad-faith nondisclosure or refusal to comply with orders. Another model allows the reviewer to award costs based on outcome and conduct, but within published limits. The key is predictability.

Successful oversight should not be treated as an extraordinary penalty. If a reviewer finds that the registry acted wrongly, the cost of that correction is part of accountable governance. Members fund governance because mistakes are possible. Treating every adverse cost award as a crisis creates pressure to avoid losing rather than pressure to decide correctly.

Cost rules should also protect settlement. Parties should be able to resolve cases without artificial fear that compromise will trigger punitive costs. The goal is a review system that rewards candour, narrowing of issues and compliance with interim orders. Money should discipline behaviour, not dictate outcomes.

The reviewer must control communications after appointment

Once appointed, the reviewer should control case communications. Direct private communications between the institution and reviewer should be barred except for logistics copied to all sides or handled by a neutral administrator. The registry should not brief the reviewer informally about institutional background, community politics or expected consequences outside the record.

This rule protects perception and substance. Even harmless private contact can create suspicion. In a small technical community, personal familiarity is common; procedural distance becomes more important. Communications rules let everyone know that the case record, not relationship, controls.

The same rule should apply to appellants. A holder should not lobby the reviewer through conference encounters, private experts or community pressure. If technical context is needed, it should be submitted in the case. If emergency facts arise, they should be filed promptly and shared subject to confidentiality protections.

Independent judgment requires an independent information channel. The reviewer can ask questions, hold conferences and request expert help. But the answers belong in a record visible to the parties. Payment and appointment safeguards mean little if the decisive narrative reaches the reviewer off the record.

Compliance with review outcomes is part of independence

A review mechanism is not independent in practice if the institution can ignore its outcomes. Binding force, implementation deadlines and public compliance reporting are therefore part of independence. A reviewer whose decisions are advisory only may still provide valuable scrutiny, but the community should understand the limitation.

If outcomes are binding, the rules should state how they are implemented: who restores services, who updates records, who pays costs, who publishes the result and what happens if implementation requires board action. If outcomes are recommendations, the institution should be required to give public reasons for accepting or rejecting them. Silence should not be an option.

Implementation should be tracked. An annual report can state whether remedies were completed on time. If a registry repeatedly resists adverse outcomes, the review system is not functioning even if reviewers are personally independent. Independence includes institutional willingness to be bound or to explain refusal under a rule.

This is the ultimate test of institution-funded review. The registry pays for the process, participates in the process and then obeys the process when it loses. Without that last step, all the careful rules about terms, conflicts and compensation become procedural theatre.

The design goal is trusted loss

The design goal can be put in two words: trusted loss. The registry should be able to lose a review in a way that members, holders, customers and staff accept as legitimate. The holder should be able to lose in the same way. Trusted loss is the product of rules known before the dispute, reviewers protected during the dispute and reasons published after the dispute.

Institutional funding threatens trusted loss only when it can become influence. Fixed terms, conflict disclosure, independent compensation administration, appointment discipline, communication rules, publication and implementation safeguards break that chain. They do not make every decision popular. They make the decision harder to dismiss as purchased.

For number-resource governance, trusted loss is not abstract. A registry that cannot lose internally will lose externally: in court, in member revolt, in public campaigns or in operational workarounds. A holder that cannot lose before a credible reviewer will keep relitigating the institution's legitimacy. Both paths damage continuity.

Paying for independent review is therefore not a defensive expense. It is infrastructure for peaceful correction. The institution under review can write the cheque. It must not be able to write the result.

The public test is whether the institution can be corrected

The public will judge independence less by abstract design than by visible correction. Can the reviewer order disclosure the registry resisted? Can the reviewer stay a disproportionate sanction? Can the reviewer criticise the board's reasons? Can the reviewer require a new decision? Can the institution implement that outcome without attacking the reviewer? Those are the moments when payment design becomes real.

A review system may have elegant rules and still fail this public test if every hard case ends in deference. Deference may be justified in many cases; registries have expertise and responsibilities. But if the reviewer never finds a process defect, never narrows a remedy, never orders production and never publishes criticism, members will reasonably ask whether independence is only formal. Aggregate reporting helps answer that question.

The institution should not fear visible correction. A corrected decision is not institutional humiliation. It is proof that the accountability layer works. The registry can say that it created a system capable of finding error and then obeyed it. That message is stronger than a perfect win record, which in a contested environment often looks implausible.

For the holder, the same public test cuts the other way. If a credible reviewer upholds the sanction after disclosure, conflict checks and reasoned analysis, the holder's legitimacy argument weakens. It can still disagree, but the community has a basis for closure. Independence protects losing holders from arbitrary power and losing registries from endless suspicion.

The reviewed institution may write the cheque because someone must fund the forum. The community should judge whether the cheque buys a forum that can correct the writer. Fixed terms, conflict disclosure and outcome-neutral compensation are the mechanics. Trusted correction is the result. Without that result, the word independent is decoration. With it, institution-funded review becomes a practical way to keep registry power inside accountable bounds.

Independence is maintenance, not a launch announcement

Review independence cannot be solved once and forgotten. Rules that look adequate at launch can weaken as rosters age, budgets tighten, repeat relationships form and new kinds of disputes appear. The institution should schedule periodic review of the review system itself. That assessment should examine appointment patterns, conflicts, cost, timeliness, publication, implementation and user experience.

Periodic assessment should be independent enough to be credible and public enough to be useful. It need not expose confidential cases. It should identify structural risks and recommend changes before a crisis forces them. Members should be able to discuss the system without reopening individual outcomes.

Maintenance also includes training. Reviewers need updates on registry operations, routing-security implications, confidentiality rules and community policy changes. Staff need training on record production and communication boundaries. Holders need clear guidance on how to use the process. Independence is easier to preserve when everyone understands the machinery.

The point is simple: an accountability mechanism is infrastructure. Infrastructure degrades if no one maintains it. Institution-funded review can remain credible only if the institution funds not just cases, but the continuing health of the system that may one day rule against it.