The Dysfunctional Regulator: Safety practices you must learn from High Reliability Organisations

Another avoidable tragedy

I recently read a heartbreaking article in The Australian’s aviation section about a now single mother, Julie Black, whose husband (the late David Black, an aerial application specialist) tragically died in an air disaster in 2013.

David, a loving husband, father of three young children, a Chief Pilot, a mentor and Julie’s business partner, was killed when the right wing of his aircraft separated while conducting water bombing on a bushfire. What has followed since has been a shining example of the resilience of families in regional communities. Julie and her children have fought through the most trying of circumstances to move forward with their lives. Julie’s story is both inspirational and tragic.

Most difficult for Julie and her family has been the systemic review of the incident that led to David’s death. Most heartbreaking must have been the revelation, made in the review, that the aviation regulator’s failure to perform its role effectively led to the fatality. Even more galling must have been the discovery that similar accidents had occurred on the same model aircraft in the United States years earlier, recommendations from which were not heeded right here in Australia.

Outcomes from the US regulator had involved an enhanced testing regime specific to the aircraft, with full knowledge of known deficiencies. Unfortunately for David, Julie and their children, the same testing was not effectively implemented or undertaken here. To know their father’s death could have been avoided will always haunt those children.

One hell of a dust up

Those of you who know me know I’ve been fortunate enough to work incredibly closely with the aerial application (what you might know as crop dusting) community, and I know first-hand how hard they work to make their family businesses viable. It’s no stretch to say these are some of the hardest working people I know.

In the case of Julie and David, and many others though, it’s not enough just to work hard. Sometimes you need to rely on experts and regulators, and when those experts fail to perform, it leaves you incredibly vulnerable. The crop dusting community is a great example of an industry in which regulation and bureaucracy constantly falls down. All too often the community is confronted with an unwieldy bureaucracy whose primary role is to help them make their businesses more efficient and effective, with a by-product of improved safety.

I continue to hear repeated stories about how these agencies cannot support the community’s needs. At a recent national seminar, I listened to members of another family business who continue to await the outcomes of a serious incident investigation, unable to completely move on until the final report is released. Yet again, this family had recently been told their draft report would be released by the investigatory body, with ongoing delays leading to a complete erosion of trust. Frustration turned to anger when this family, under high levels of stress and trying to hold their business together were told the primary investigator had taken stress leave. How ironic!

Don’t get me wrong, all regulators have a challenging role and it’s always difficult to keep all parties happy. Having worked within or alongside regulators across work, health and safety (WHS), aviation, and transport, I’ve noticed some common trends. Poor and/or ineffective standards, regulations that are too complex and difficult to interpret, a lack of attention to detail, and miscommunication can all lead to inadequate safety oversight. So the question is, do we really have what is commonly labelled ‘The Dysfunctional Regulator’? Why do incidents that are avoidable continue to occur?

Heads in the clouds

In my experience the single largest failure of regulators is their inability to translate regulation to outcomes in to operating in-house safety management systems (SMS). They expect operators to have effective SMSs; reliable systems and processes to proactively identify hazards and risks, implement effective risk controls and monitor the effectiveness of those controls. SMSs generally include quality management processes and key performance indicators to ensure the system continues to improve.

Yet how effective are those processes at the regulator’s end? The all too common answer is that if the regulator was subjected to the same audit and surveillance processes it administers, it would likely fail its own audit! Don’t get me wrong, the role of the regulator is challenging – large amounts of systemic information from multiple sources. All the more critical to be a recognised leader in the application of SMS and to have effective management systems to support it.

When I was recently invited by a regulatory body to manage what they labelled ‘unacceptable risks’, as Safety Director I asked the obvious question: what process had they utilised to determine the risk was unacceptable? I wasn’t trying to be difficult; I had many competing demands across multiple areas of legislation, and I simply needed to prioritise these regulatory ‘issues’ in accordance with the good SMS practice at my firm.

"...the single largest failure of regulators is their inability to translate regulations into real outcomes in operating in-house safety management systems (SMSs)."

The answer from the regulator? We can’t tell you our process for the determination of an ‘unacceptable risk’. The regulator couldn’t articulate a sound understanding or even a basic application of risk management (consequence and likelihood based on adequate evidence and trends). Instead, the inspectors’ next move was to tell us they were just doing their job under the legislation (i.e. “I’m the regulator, don’t ask me difficult questions, just do as you’re told.”)

As you can imagine, this approach did nothing but break down trust, lead to higher costs to us as an organisation, and for little or no safety gain. Not the outcomes any of us should expect from our regulators.

Are you just 'keeping the regulator off your back'?

How often do industries and operators within them, who have the depth of knowledge and experience related to best practice, end up employing personnel to ‘keep the regulator off their back’? I can’t tell you how many times I’ve seen this happen.

So I’m keen to share with you the basic requirements for effective regulation and/or guidance material for enacting that regulation. In essence, it’s my view effective regulators create materials that:

• are simple and easy to understand
• do not impose unnecessary costs
• boost levels of participation within an industry and its capacity for growth
• are scalable and proportionate to the type of operation
• address safety risks proportionate to the risks involved
• specify the desired safety outcomes and how they meet the intent of the regulation.

From many regulators, they don’t even get past the first dot point, even though the above requirements are stated within their own operating practices. I’ve seen all kinds of regulatory practices in my time; some are over-prescribed, others pitched by legal teams not trained to write in plain English. Even worse, I’ve seen regulators preferring to hide behind layers of legal jargon, rather than directly apply a fairly simple rule.

A better approach

As a firm believer in the efficacy of well-handled regulation, I believe both regulators and industry operators should be encouraged to study up on the four main characteristics of High Reliability Organisation (HRO) safety culture, and how to apply them first:

1. Reporting - I’ve often seen regulators define the critical internal voice i.e. their own people asking the difficult questions of themselves, as a problem. In contrast, highly reliable organisations speak up and reward their staff for having the difficult conversations when something is not quite right. It creates a culture where personnel know their hard work can foster positive change rather than accepting the status quo.
2. Information sharing - In an HRO, leaders are competent and involved, and effectively use safety intelligence and risk management in their operation, rather than opinion based guidance from regulatory staff. Too often human personalities drive the outcomes in the absence of adequate evidence. Hence the need for an effective SMS.
3. Flexibility - HROs are competent and trusted, and empowered to seek and fix latent weaknesses – without the need for over prescriptive regulation.
4. Education - HROs get to hear bad news straight away and make necessary changes rapidly and effectively. If you propose changes on the basis of an audit, and get little feedback, the inevitable outcome is that staff tend to stop reporting – with poor safety outcomes.

Which brings me back to Julie, who’s struggle with the haphazard nature of regulation in her husband’s case is exactly what happens when high reliability is found wanting. While Julie’s story is enormously tragic, there is also a degree of hope, which is one of standing up for the little guy, and trusting in your instincts that something has gone awry.

It is Julie’s efforts, as well as the efforts of many others, that will help make sure our operators and regulators are held accountable for the safety outcomes they aspire to. Through boosting their professionalism and putting real people’s safety needs first, they can better protect other families to ensure they don’t have to experience the same tragic pain and suffering as Julie.

If you’re ready for an appraisal of your own traits against those of HROs then take a look at our ‘from the inside out’ program.

Have a safe and happy weekend,

Ben