Earlier this year, the Secretaries Committee on Transformation commissioned a review, led by Barbara Belcher, into whole-of-government internal regulation. This review was intended to examine the regulations the Commonwealth imposes on itself from a perspective where regulators are required to justify each regulation that has been put in place, and to try and identify areas where red tape can be cut or the Commonwealth public sector can regulate itself more efficiently.
The overall focus of the review was identifying how the internal regulations placed on Commonwealth entities could be changed to enable a shift to a culture of risk management, rather than regulation. The final report of the review (the Belcher Report), which was released in August, sets out a number of observations regarding the way in which Commonwealth agencies are regulated. The Belcher Report also provides a range of recommendations to address the issues identified in the course of the review.
Findings of the Report
In her report, Ms Belcher found that Commonwealth agencies are under a significant regulatory burden. In particular, agencies are often required to report on the same information to a number of different sources, often with slightly differing formats for the presentation of the information.
Agencies are also required to comply with a wide range of mandatory regulatory requirements, which are often not clearly expressed. In some instances, it is difficult for agencies to determine whether a requirement is mandatory or not, as many mandatory requirements are in documents referred to as ‘guidelines’, and a number of better practice guidelines are expressed in mandatory terms.
The Belcher Report also notes that the way in which many agencies perform administrative tasks increases their administrative burden. In particular, it is suggested that a risk-averse culture in the public service has resulted in very high levels of scrutiny being applied in circumstances where the risk to the relevant agency, and to the Commonwealth generally, is comparatively low.
A centralisation of decision-making at the SES level has also made it increasingly difficult for the large volume of internal regulatory decisions to be signed off on in a timely and efficient manner.
Finally, the Belcher Report noted that the regulatory burden imposed on an agency is often disproportionate to the risks being mitigated by the relevant regulations, particularly for smaller agencies.
What does the Report recommend?
A key theme throughout the Belcher Report is that both agencies regulating other Commonwealth entities, such as the Department of Finance or Public Service Commission, and agencies themselves should try to adopt an approach to risk that is proportionate to the risks that the agency is trying to manage. This can be done by:
- ensuring that internal administrative decision-making is delegated to APS or EL officers where appropriate, rather than being concentrated at the SES level
- establishing less onerous reporting and other compliance requirements for smaller agencies, or agencies which deal with small amounts of Commonwealth money
- avoiding creating additional regulations where a better approach might be to better enforce existing ones, or to address the relevant risk in other ways
- developing a culture of risk management that prioritises managing significant risks, and avoids unnecessary or disproportionate responses to less serious risks
- developing templates and precedent documents for higher and lower risk activities, particularly in procurement and human resources.
The other key theme of the Belcher Report is that regulation should be simpler, clearer and easier to understand. The recommendations to solve this problem include that agencies should:
- be careful to frame mandatory requirements using mandatory language such as ‘must’ rather than more ambiguous words such as ‘shall’
- ensuring that mandatory requirements are not included in documents that are described as ‘guidelines’
- ensuring that documents are drafted so that agencies can see what mandatory requirements they need to comply with easily, and in particular making sure that those requirements are not scattered throughout the relevant document
- providing more templates and precedents to assist in complying with requirements, and ensuring that policy documents contain worked examples to illustrate how requirements should be complied with.
The report has also recommended the amendment or elimination of a wide range of regulatory requirements imposed on Commonwealth entities, notably including:
- removing requirements for baseline security clearances, and instead relying on employment screening
- eliminating some information collection requirements, including compliance certification under the Public Governance, Performance and Accountability Act 2013, the requirement to bi-annually publish indexed lists of file names under the Harradine Motion and evaluations of external law firms under the Legal Services Directions 2005
- moving to online, continuously updated reporting in areas such as contracts, grants, consultancies and appointments
- streamlining a range of investment and assurance processes to focus on higher risk projects
- streamlining and reducing property, fraud and financial reporting requirements, with a focus on reducing the compliance burden for smaller entities.
These recommendations will be difficult to implement, given that they will require the simplification and consolidation of many of the more than 8,000 requirements contained in over 14,000 pages made up of 600 documents that Commonwealth entities are presently required to comply with. The recommendations also run against the current trend to centralise decision-making, including on internal administrative matters, at higher levels of the APS.
Nonetheless, the report has the potential to create a worthwhile shift towards risk assessment within the APS, while making it easier for agencies to determine what their obligations are and how they are meant to comply with them. The author commented in the opening pages of the Report that:
‘…the openness with which I was assisted across entities suggest a willingness, indeed and eagerness, to be rid of the layers of process that currently exist.’ (at page 7)
So, where there’s a will there’s a way.
Regulating using a risk-based approach is consistent with modern regulatory practice.