Takeaways from the Driving Risk-Based Regulation conference

How the Civil Aviation Authority New Zealand is advancing its intelligence-led & risk-based approach to regulation

Keith Manch, Chief Executive & Director – Civil Aviation Authority (CAA) New Zealand opened the conference as the international keynote on day one. He started at the very beginning, with the definitions of ‘intelligence-led’ and ‘risk-based regulation’ as seen in Dr Grant Pink’s book ‘Navigating Regulatory Language: An A to Z Guide’.

Intelligence-led: to see intelligence as a core element of regulatory approach, and use intelligence to inform decision-making about how to manage key compliance risks.

Risk-based regulation: involves a regulator targeting or directing regulatory resources and activities towards the most serious regulatory risks facing them.

Keith went on to educate us on the journey that the Civil Aviation Authority has been on:

• Addressing the challenge of transitioning from traditional regulatory approaches to a more modern approach
• Identifying the key building blocks and developing the capability to truly be intelligence-led and risk-based
• Examining the importance of relationships and collaboration with industry while avoiding regulatory capture

Another interesting point Keith made was to avoid the trap of becoming ‘data rich but insight poor’. Data feeds into intelligence but by itself, it doesn’t create intelligence. It needs to be understood and aligned with the right people, skills and tools to form intelligence.

Embedding a risk-based approach in protecting Australia’s critical infrastructure

Tracey Mackay, Director Strategic Information and Analysis, Critical Infrastructure Regulatory Operations and Analysis Branch | Security Regulation Division – Cyber and Infrastructure Security Centre (CISC) | Department of Home Affairs.

The CISC was established in 2021 within the Australian Department of Home Affairs. It drives an all‑hazards critical infrastructure regime in partnership with governments, industry and the broader community.

Critical infrastructure are those physical facilities, supply chains, information technologies and communication networks, which if destroyed, degraded or rendered unavailable for an extended period, would significantly impact the social or economic wellbeing of the nation, or affect Australia’s ability to conduct national defence and ensure national security.

CISC actively assists Australian critical infrastructure owners and operators to understand the risk environment and meet their regulatory requirements – for the shared benefit of all Australians.

Driving a risk-based approach to regulation, and embedding a risk-based approach in protecting Australia’s Critical Infrastructure requires CISC to get the balance right.

“Security is paramount, but if we lock up a system as tight as we can, it’s likely to become inaccessible and inefficient” says Tracey Mackay.

CISC uses Objective RegWorks as their Regulatory Management System to manage their aviation and maritime compliance business, from storage and assessment of Transport Security Programs received from industry, to planning and recording results of compliance activity, to enforcement activity such as issuing infringements.

This allows multiple teams across their regulatory compliance business visibility of work underway, for example in relation to a specific industry participant or allocated to a regional office. The important message that Tracey made was that data is key to continually reviewing and informing their program.

Tracey showed an example of dashboard reporting in the Regulatory Management System of their National Operations Compliance and Coordination team, providing a snapshot of compliance activity by month across their regional offices.

She mentioned their dashboards are automated to refresh overnight so that users have close to real-time information at their fingertips. Using this approach to detect trends in underperformance, whether at the individual or group level, allows the CISC to address issues with industry early.

Exploring the Right Touch Regulation model developed by the Professional Standards Authority UK

Alan Clamp, Founding trustee Institute of Regulation & Chief Executive Officer

Professional Standards Authority – Health and Social Care, UK delivered the international keynote to begin day two.

The main focus of Alan’s presentation was the ‘right touch insurance model’, a model the Professional Standards Authority UK uses to profile and assess the risk of harm in the Health and Social Care sector. Alan highlighted the 3 categories for profiling risk as:

1. Intervention
2. Context
3. Agency

Alan noted that these are not the only factors that underpin risk, extrinsic factors such as scale of risk, means of assurance and sector impact should be considered. He talked us through an in-practice example using the model to determine whether UK Sonographers should be regulated. The data revealed that Sonographers should not be regulated at that time but that the profession was headed for exponential growth in the coming years and reassessment would be necessary.

Exploring the first data sharing cross-jurisdictional platform 'Connect for Safety' project

Stéphane Breton, Principal Project Officer - Connect for Safety – Department of Communities and Justice, NSW.

Sarah Bounden, Principal Service Improvement Specialist – Department Families, Fairness and Housing Victoria.

Connect for Safety (powered by Objective Reach) was developed as a need to better share information to improve child safety outcomes had been a recognised challenge for several years following Australian state and federal government enquiries. The barriers to information sharing across borders meant workers in each state had limited or no visibility of vital information that could change the outcomes of their cases - and children's lives.

One of the main challenges to information sharing was the different technologies and methods used by each state and territory agency. It meant information was hard to find, match and share across systems, and there was no market-ready solution available to address it until Objective developed its Reach product.

Connect for Safety (Objective Reach) is today delivering huge benefits to the community:

• Intelligent data matching across any data quality – match partial, phonetic, and fuzzy data with results ordered by match confidence.
• Improved risk assessment – clearly understand the circumstances of each case and more effectively evaluate risks due to a more complete family history.
• Secure information sharing – and improved decision-making with the ability to access relevant information in seconds.
• Better cross-agency coordination – due to a centralised hub facilitating data sharing nationally.

It was intriguing to hear from Sarah and Stéphane about the unique Connect for Safety project, in particular:

• Leveraging data and information sharing to reduce risks for children and young people
• Establishing a good governance structure
• Addressing privacy and confidentiality restrictions to enable inter-jurisdictional collaboration
• Using technology to facilitate data sharing without compromising privacy concerns

A full and insightful two days

It was a fascinating two days hearing from a number of government regulators on how they’re embedding risk-based regulation approaches in their agencies. We’d like to extend a warm thank you to The Hatchery for organising such a thought-provoking conference and having us on board as a sponsorship partner.