I don't think registrars are bad or evil. The problem, as I see it, is that too many folks have a higher expectation of what a certificate of registration means in terms of a supplier's ability to consistently deliver goods and services per requirements than is justified.
I wasn't joking when I said "Trust, but verify!" Too often, customers get complacent [lazy?] when they have a supplier in their supply chain with a certificate of registration to an International Standard (ISO, TS, etc.) Some suppliers, when desperate from economic pressures (or just plain venality), will note that complacency and make moves to take advantage of slack vigilance by customers. I needn't bore readers with a litany of real life examples, but, if pressed, can provide them. In most cases, no disaster occurs, no end users are injured or killed, and those few cases where customers DO COMPLAIN are dealt with in the same way GM dealt with auto issues BEFORE Ralph Nader came out with "Unsafe at Any Speed" - they are treated as a minor annoyance and "cost of doing business.
Sometimes, though, public ire is aroused and the result is a MASSIVE
financial penalty such as Toyota was just assessed. I recall our various threads when the Toyota story first hit the news four years ago. I had a
comment then that Toyota would probably regret not being more open and transparent when the problems first arose.`Even I never imagined the price of a coverup would be so high!
When I first entered the investment banking business nearly 45 years ago, I heard tales of how easy it was to make a quick buck (like the characters in "Wolf of Wall Street.") One old boy I considered a Mentor back then gave me a little aphorism which burned into my brain and has remained bold and clear ever since:
"He who takes what isn't his'n must give it back or go to prison."
Relating that to the topic of this thread:
Suppliers who cheat are cheaters plain and simple. Registrars who fail to detect the cheating aren't bad or incompetent - they aren't paid to perform a forensic audit. Customers who don't take steps to verify the supply chain are doing the equivalent of leaving an unlocked auto in a bad neighborhood with the motor running with the keys to house and office on the ring with the address of both places clearly marked on the ring. Thus, the burden is on customers to recognize registrars for what they are - organizations which verify honest organizations are doing what they say; that registrars are not paid to detect outright criminality, only "lapses" or pure incompetence. Certainly, if Toyota had been undergoing 3rd party audits, the entire "acceleration" issue would never have popped up, since the paperwork said Toyota was "dealing with" complaints. Certainly the sufficiency of that dealing would not have been a focus of an audit.
How does a customer "verify?"
There are myriad ways, running from pure statistical data gathering to sending out a qualified inspectors and investigators to look at supplier operations for hints or clues that some topic should be forensically investigated. It all depends on how crucial an individual supplier is to the customer's operation.