After my last post regarding due diligence, some LinkedIn contacts asked for a little more information into regulatory decision making for prosecutions. Whilst I can’t detail specific cases (s271 WHS Act prevents that!), I can share my personal experience of the regulatory decision-making process.
I usually keep blog posts to 1-2 minute reads, but this topic requires a little elaboration, so strap in and make yourself comfortable!
Caveat Alert!!!
These are my experiences and thoughts as a former WHS Regulator. They do not represent anyone else.
It is not legal advice.
It is not representative of every, or any other, Regulator.
The following is a high-level view of my experiences when laying WHS charges against alleged wrongdoers during my 6 years as a WHS Regulator. My reason for sharing is that if you understand the regulatory decision making process, then I hope you can use the information to make your system better and workers safe.
Regulators receive complaints daily and adopt a triage process to risk rank the severity of the complaint. Once assessed, they are allocated to Inspectors, Investigators, or both, depending on the risk to the worker. More serious cases usually get a quicker, investigative response. Lower risk events are dealt with by other compliance actions, such as Notices.
Investigations of WHS incidents are inherently complex and require a rapid response so evidence is not lost. I was a police detective for nearly 20 years, and I can categorically state that serious safety investigations can be just as complex as any homicide, or other serious crimes dealt with by police for that matter. They are not easy to investigate or prosecute. With increased penalties in many jurisdictions and gaol time for those convicted, these cases will naturally be rigorously defended and require the highest level of investigative and prosecutorial skill to ensure robustness.
As the ultimate decision maker, I remained outside the investigation process to provide a level of objectivity of the evidence and process. When the investigation was finished, I assessed the whole event, the evidence and whether charges should be laid to hold alleged wrongdoers accountable, and it was all based on the evidence provided to me.
These are criminal charges. There are rules of law to apply and adhere to. These investigations are not the same as internal safety investigations used by most organisations. Safety breaches are akin to police homicide investigations and, believe me, I’ve done both and they are incredibly similar. A high level of investigative inquiry is needed, way beyond usual internal investigation methods. When it comes to regulatory investigations, you need more than internal processes (your Defence Counsel will love you for it!)
I looked for all the entities involved, not only the Person Conducting a Business or Undertaking, but all other duty holders including Officers. This involved determining who held what duty, when, and how and how the duty was discharged and breached.
I then examined the action, or lack of it, that led to the injury or risk. Remember, you don’t need an injury to occur to be prosecuted, you just need a foreseeable risk to be present that was not adequately controlled.
I examined the risk relating to the work at the time, what hazards existed, what risks were involved, whether the risks were foreseeable and how they were identified, consulted upon, eliminated (as the law requires in the first instances) or controlled to a level that was reasonably practicable. effectively, this is an examination of the safety management system.
Not all evidence I considered was documents, procedures, audits or checklist etc. In fact, most of it was statements, interviews and observations from workers and those present at the time. Quite often, badly written documents or processes that were not followed were used against organisations (go and see Dave Provan at ForgeWorks on Safety Clutter!).
I then assessed the level of control and how adequate that was, including training, supervision, oversight, instruction, to name a few. Would a reasonable person (or business) in the same position have done the same, acted that way, or controlled the risk accordingly?
After all that, if the duty holders are identified, actions and foreseeability determined, risks assessed and controls objectivity determined and reasonably practicability considered, it is still not a foregone conclusion that charges will be laid.
Every Regulator must also consider the Prosecution Guidelines of their relevant Director of Public Prosecutions. This is a list of criteria all regulatory/prosecutorial agencies must consider before laying any charge.
There are 20 elements to consider before laying a charge, arguably one of the most important is to determine whether a prosecution is in the public interest.
Therefore, the laying of charges required me to examine the event at hand, cause or contributing factors, the investigation and its process, the evidence obtained, the weight and relevancy of the evidence against the level of evidential proof required to prove beyond all reasonable doubt, the category of breach and level of knowledge of those involved, and the DPP Prosecution Guidelines.
If any element along this path failed or was not strong, charges should not be laid. As a decision maker, you cannot ‘wing it’ or ‘give it a crack to see how it goes’, as Governments are Model Litigants and if their case is flawed or weak, they are required to disclose that to the Defence at the earliest opportunity. This prevents regulators from laying weak charges hoping for a guilty plea (and therefore a win!). you simply cannot do it.
Due to the complexity of the law, the complexity of investigating challenging safety events, and legislative and policy guidelines, not every breach of the law results in a charge or prosecution. I know I certainly wanted to hold some organisations to account, but the evidence was simply not there. That didn’t mean no action was taken, just not the most severe. It also doesn’t mean a breach didn’t occur, it means a charge could not be proved beyond all reasonable doubt (which is a very high criminal standard of proof).
In conclusion, Regulators undertake complex investigations and are bound by complex law that requires high levels of investigative competency and process. If everything comes together, charges can be laid using the evidence and guidelines required in that jurisdiction. If charges are not laid, it doesn’t mean a business is safe or an incident/event didn’t happen, it just means it could not be proved beyond all reasonable doubt. There will always be other compliance action in lieu of prosecution.
s.271 of the Model WHS Act is the confidentiality provision. It is incredible restrictive and prevents detailed information from an investigation being shared and, even then, only in very specific situations, such as with the victims family members. Therefore, you may never really know how an investigation did not end in charges. More on this in another blog post!
My advice to all is to look hard at your hazard and risk management processes and ensure they are accurate, regularly reviewed, and properly controlled.
Think critically about what you are doing, how you’re doing it and why. Focus on the purpose, not necessarily just the outcome.
Boards and senior leaders should demonstrate visible leadership and ask the right questions around safety risk management.
Understand your duties and exercise due diligence.
As a Regulator for 6 years, I never once asked for Lost Time or Total Recordable Injury Frequency Rates. They were irrelevant to me and the prosecution. I was, however, all about the risk and controls!
I encourage senior leaders to move away from the intense focus on LTIFR / TRIFR as measures of success, you’re creating an illusion of safety. They are part of the picture, but not the whole answer. It’s important to periodically look in the ‘rear-view mirror’, but the focus should always be on going forward.
The better safety systems I’ve seen create a psychologically safe workplace built on trust where workers didn’t fear raising issues relating to the work they do. Consultation and inclusion were imbedded.
Error is normal, so learn from it. As a Regulator, I didn’t care what investigation methodology you used or how it was done, as long as the risks were identified and managed properly to a level that was reasonably practicable. I always found that involving workers at the outset yields the best outcomes.
To prevent a charge under the WHS Act and show your safety system is identifying risk, eliminating it where possible, and controlling the remainder to a level that’s reasonably practicable, it's all about evidencing effective risk identification, risk management, consultation, and control effectiveness (making sure you now your controls are working effectively). This does not mean lots of documentation. You can still comply with the law without paperwork (see SafeWork NSW v Wollongong Glass Pty Ltd for more on that).
If you skip these, brace yourself for a possible prosecution. I've deliberately left out Enforceable Undertakings as these deserve a post of their own. They are a valuable, but under used, compliance tool.
Commentaires