In the 2003 Royal Commission into the failure of HIH Insurance, Justice Owen described 'corporate governance' as, "the framework of rules, relationships, systems and processes within and by which authority is exercised and controlled within corporations. It encompasses the mechanisms by which companies, and those in control, are held to account." With the 2018 amendments to the Heavy Vechicle National Law (HVNL) introducing mandatory business practices and a shared safety duty, HVNL compliance is a major corporate governance issue for businesses in the supply chain.
Important: When considering safety, most businesses in the supply chain focus on the safety of their product, their people and their premises. Many such businesses don't focus on the safety of their supply chains, assuming that supply chain safety is the responsibility of their suppliers and/or independent transport contractors.
A shared safety duty under the HVNL
It has been just over a year since the sweeping changes to the HVNL commenced on 1 October 2018. The Chief Executive of the National Heavy Vehicle Regulator (NHVR), Sal Petroccitto, described the changes as, "A significant leap forward in recognising that everyone in the heavy vehicle supply chain has a role to play in ensuring safety."
The Chain of Responsibility (CoR) laws under the HVNL make each party in the supply chain responsible for their role in supply chain safety. Businesses can be in breach of the laws simply for failing to have business practices in place aimed at addressing CoR risks as part of their transport activities – without any need for an on-road incident to have occurred. Further, businesses in the supply chain can be held liable for on-road breaches of mass, dimension, load restraint, speed, fatigue and vehicle roadworthiness, to the extent that they perform any task or part of a task relating to those matters – and regardless of whether they own or operate a heavy vehicle.
The CoR laws require a new way of thinking about supply chain safety.
Businesses need to consider their role in a shared safety duty aimed at ensuring safe loads, safe drivers and safe vehicles. Likewise, executives of supply chain businesses have an independent duty to exercise due diligence to ensure that their business is doing the right thing.
Positive safety duties
With ongoing changes to the HVNL framework forecast, it is important to stay abreast of developments. Your business must continue to establish, implement and document business practices to ensure CoR compliance. As you would by now be aware, the most recent amendments to the HVNL require that all parties in the Chain take all reasonably practicable steps to ensure the safety of their 'transport activities'.
Under the HVNL, executives (directors and any person concerned in the management of a corporation, partners in a partnership and managers of an unincorporated association) have a proactive and positive duty to exercise due diligence to ensure their business complies with all its CoR obligations.
The CoR parties have a positive obligation to ensure the safety of transport activities and not do anything that could cause a breach of road laws or the HVNL.
Businesses that do not take all reasonably practicable steps to ensure the safety of their transport activities, or that require or put undue pressure on other parties within the supply chain that requires, results in or encourages them to breach a relevant safety standard are routinely prosecuted and fined.
Caution: Penalties under the new HVNL have been dramatically increased. Maximum penalties are $3 million for corporations and $300,000 and up to five years in jail for executives.
Your business can be prosecuted if it fails to have in place business practices aimed at managing CoR risks relating to transport activities it performs (either solely or in in conjunction with another supply chain party).
Your business can also be investigated and prosecuted for failing to develop and implement business practices aimed at ensuring CoR compliance, without any need for an on-road incident to first occur as a catalyst.
Prosecutions and investigations have been brought in, among others, the construction, primary production, consumer products, landscaping, retail, waste and local government sectors.
In addition, courts can disqualify individuals from running a transport business or being in charge of any relevant 'transport activity' and make orders for businesses to be subject to a program of performance management and oversight by the regulators, called a 'supervisory intervention order'.
CoR obligations can be breached in many ways and the most common mistakes that can create breaches of CoR compliance stem from:
- not knowing where your business or role fits in CoR: There are many businesses that don't know their place in the CoR framework. Knowing your role in the CoR can impact on the type of responsibilities you are expected to perform. You need to know where you fit in the chain so the right process can be implemented to meet your requirements under the HVNL
- not having the right CoR system management processes in place: When implementing your compliance processes you should consider the broader risk. This means thinking about how CoR compliance positions itself within existing risk management systems
- not monitoring CoR compliance: Once your business has designed and implemented its CoR compliance management framework, you must measure and monitor compliance to ensure that the systems implemented are successfully ensuring safety. In order for executives to discharge their duty at this point, they need to receive compliance performance reporting.
A recap on the Big 5 mandatory business practices
We have previously outlined the 'Big 5' required business practices to get you acquainted with the legislative changes.
The 'Big 5' business practices include addressing CoR risks and compliance in:
- policies and working procedures
- induction and ongoing education processes
- assurance contract terms in each supply chain contract
- assurance systems
- performance reporting for executives.
Executives: How to meet your proactive and positive duty
Relevantly, it is worth repeating how executives can demonstrate compliance performance reporting.
Mandatory positive executive due diligence includes taking reasonable steps to:
- obtain and keep up-to-date knowledge about how the business is ensuring its transport activities are safe
- understand how and in what capacities the business engages in transport activities
- understand the hazards and risks, including risks to the public associated with the business's engagement in transport activities
- ensure the business has and uses appropriate resources to eliminate or minimise those hazards and risks
- ensure the business has and implements processes:
- to eliminate or minimise those hazards and risks
- for receiving and considering information about those risks
- for responding to information about those hazards and risks
- for complying with the business's duty to ensure, so far as is reasonably practicable, the safety of its transport activities, and ensure it does not cause or encourage contravention of the HVNL
- check that the resources and processes referred to above are in fact being provided, used and implemented by the business, its management and staff, and that they are effective in eliminating or minimising identified hazards and risks.
It is not feasible to expect executives to personally go out and obtain the required information and perform all the compliance checks. For executives to be able to discharge their duty, they will largely rely on receiving information from others within their business. Without receiving such information, executives will not be able to discharge their duties.
CoR compliance reporting
Once your business has designed and implemented its CoR compliance management framework, you must measure and monitor compliance to ensure that the systems implemented are successfully ensuring safety. In order for executives to discharge their duty at this point, they need to receive compliance performance reporting.
Executives need the right information and only the right information. Anecdotal evidence suggests that, where there is any doubt about relevance, information is included and submitted to the executive. As a result, the executive ends up with pages of figures and tables, which they typically cannot properly assess in context, either in a reasonable time or at all.
What are the most important things to report?
The most meaningful report is the number and severity of breaches that have occurred. Breaches slipping through the cracks are the things that most need to be addressed. These incidents suggest defective compliance management, training or implementation.
It is also important to know the number of incidents that are still arising but are being picked up before a truck hits the road - that is, the number of CoR near misses. These incidents suggest either that system and process design is not eliminating incidents at the source, or that training on how to conduct processes is not effective, but that at least final checks and balances are detecting and remedying problems.
Some general CoR compliance system 'health check' information is useful. For example, confirming that all supply chain contracts have mandatory CoR compliance clauses included and that all CoR-facing employees and contractors have been properly inducted and have received any scheduled refresher training.
This publication does not deal with every important topic or change in law and is not intended to be relied upon as a substitute for legal or other advice that may be relevant to the reader's specific circumstances. If you have found this publication of interest and would like to know more or wish to obtain legal advice relevant to your circumstances please contact one of the named individuals listed.