Thinking about the likelihood and risk of rule breaking will help councils deliver a better community result and focus resources where they are most effective.
Local government has a regulatory oversight role in countless areas, including building, planning, food safety and animal management.
However they face the pressure of a growing list of responsibilities and requirements delegated by state/territory governments. In some cases, this occurs without increases in resources and training in how to enforce the regulation.
The issues around local government and regulation became clear in a July 2012 report issued by the Productivity Commission, Performance Benchmarking of Australian Business Regulation: the Role of Local Government as Regulator.
Initiated by the Council of Australian Governments, it focused on local government regulatory responsibilities that materially impact on business costs. It assessed whether they impose unnecessary compliance burdens on businesses or restrict competition.
The Commission identified a range of ‘leading practices’ for local government that it considered would significantly improve the cost-effectiveness of business-related regulation. The United Kingdom’s ‘Regulator’s Compliance Code’ was observed as an example.
The UK Code is designed to improve the quality and consistency of local government regulatory enforcement and inspection activities. It is underpinned by principles including that ‘regulators, and the regulatory system as a whole, should use comprehensive risk assessment to concentrate resources on the areas that need them most’.
In practical terms this suggests regulators should only perform inspections following a risk assessment, so resources are focused on those least likely to comply and where the risk is highest.
A risk-based assessment approach allows local government’s resources to be utilised more effectively. Local government can dedicate the majority of resources to areas where the risk of non-compliance is greatest.
What is a risk-based approach to regulation?
In a compliance and enforcement context, a risk-based approach to regulation focuses on risks associated with non-compliance with legal rules, rather than considering the legal rules in isolation.
Specifically, the regulator identifies and assesses the risk associated with non-compliance with a particular obligation or group of obligations and, based on this assessment, the regulator makes decisions regarding a range of compliance and enforcement matters.
These could be the nature and intensity of compliance and enforcement activity warranted for each obligation within the regulatory framework, how resources should be deployed, what monitoring and information-gathering mechanisms are needed, the regularity of audit and inspection, and the contents of public reporting to encourage voluntary compliance.
It allows the regulator to make informed choices regarding its compliance and enforcement activity and could enhance the efficiency of the regulator’s compliance and enforcement program.
Generally, the more severe enforcement approaches should be used to address situations where the risksassociated with non-compliance are highest. Where the riskassociated with non-compliance is relatively low, less intrusive enforcement tools and lighter enforcement responses would be justified.
How is risk assessed?
Risk is most commonly defined as the product of the probability and impact of non-compliance.
This is the likelihood of whether or not one or more regulated entities will not comply with the obligation in question.
Probability may also take into account past compliance records, and difficulty associated with achieving compliance, particularly where the obligation in question is particularly onerous.
The impact of non-compliance with a particular obligation may be the occurrence of a significant adverse event, e.g. injury/death or failure of a particular service/facility. In some cases, the obligation will be so trivial that non-compliance will have no or very limited impact e.g. failure to file a form within the prescribed deadline.
The assessment of both probability and impact of non-compliance should be based on criteria that have been identified in advance to ensure consistency and rigour in the assessment process. When defining risk criteria, things to consider include the nature and types of impacts that may occur and how they will be measured, how probability will be defined and applied, the time-frame and the levels at which risks are acceptable or become intolerable.
In most cases, the assessment will be qualitative and will often be undertaken in the context of uncertainty. The assessment will likely involve a certain degree of subjectivity on the part of those undertaking the risk assessment.
Ittherefore is important regulatory officials who undertake the risk assessment have the skills and experience, and as many perspectives as possible are reflected. It may also be worthwhile having it reviewed by an independent, objective third party.
The importance of effective implementation
The success of a risk-based approach to regulation depends how it is implemented.
Mechanisms will need to be put in place to ensure those responsible for applying the approach do so in a consistent manner. Monitoring and data collection will also be necessary to help detect instances of non-compliance and, in some cases, to provide evidence to support enforcement action.
Reporting and publication of compliance and enforcement activity undertaken is also important for the successful implementation of the approach.A well-publicised enforcement activity can be very effective deterrent to possible non-compliance.
There are clear benefits associated with a risk-based approach to regulation for the regulators in local government themselves, businesses they regulate, as well as ratepayers who fund the cost of local government regulators’ activities.
Dariel De Sousa is a consultant in the Regulation & Administrative Law group at Maddocks; Bronwyn Weir is a partner in the Regulation & Administrative Law group at Maddocks.