How independent do our regulators need to be? Is COVID-19 testing our assumptions?
By Neil Quarmby, CEO of Intelligence Rising
The COVID-19 outbreak in Australia draws attention to regulatory design and whether or not we learn from events and previous reviews. A key question arising from this and other catastrophes in recent years is just how much of an independent regulatory system the public wants compared to what the bureaucracy wants.
In a recent posting, I noted that one area of open debate is the extent to which our prevention systems need to remain independent of the policy and programs they seek to assure. I mentioned in passing the case of medical regulatory systems being embedded in their policy arms and hence potentially lacking the independence to achieve the objects of the law they administer. This commentary warrants additional explanation.
I have not been a great advocate of either/or. When writing on regulatory failures in Intelligence in Regulation, I did not consider structural independence a necessary feature for success. Meaning there are reasonable circumstances for having a statutory regulatory body with complete independence from policy arms and there are other reasonable cases to have the statutory body embedded in the policy arm of the jurisdiction it regulates. Personalities, poor decision-making and risk-aversion are more likely to cause regulatory failure than who hosts the function. In other words, I had assumed a fully independent regulatory body can be captured by their policy arm just as much as an embedded authority… My assumptions here born from managing in three different levels of regulatory environments each with differing levels of legal/administrative independence.
Independence is a core principle of regulation (A Freiberg, Regulation in Australia, the Federation Press, 2017, p.165) but is rarely examined in academia or general public discussion unless applying to a specific circumstance (usually failure).
There have always been a number of core problems in the idea of embedding the regulator in the policy arm:
1. Who do you embed them with? Especially where most regulators naturally cross over the divides between Departments (which are a construct of the programs they administer).
2. How easily can statutory officers or regulatory appointees access their Minister or an associated Minister? Is there a policy filter?
3. Who produces the strategic regulatory intelligence picture? Does the threat and harm picture get filtered? This is an important question where the policy or weakness in policy is actually facilitating harm and threat behaviours. In some cases, the regulator may have to take action against the Department for decisions that run contrary to regulations.
4. Who reviews the regulator and who designs it? If within the Department, the independence of performance review may be lost.
One commentator has assigned his perceived failure in US response to COVID19 to the lack of independence of intelligence and operational response authorities: “...poor judgments soon contaminate all the policymaking arms of the federal government with almost no resistance or even reasonable questioning.” [M Zenko: The Coronavirus Is the Worst Intelligence Failure in U.S. History, March 25, 2020]
While this commentator has some clear bias, there is some resonance in the argument about how independence is playing out in all countries across the world. Even in Sweden, a singular sense of world view is embedded across all levels of government, cannot be challenged, and leading to greater, unfolding harm.
In the Australian case, one could argue that there is clear evidence in the results to date of contemporary, good practice, regulatory design and action. While there will always be issues of preparedness and accountability, action was relatively swift and decisive at addressing the risk.
There are two basic styles of macro-risk responses: the first is to separate the threat from the whole through quarantine zones; and the second is to close down the whole to get at the threat. While there is no right or wrong in such choices, isolating the threat and harms from the whole is core to modern risk-led approaches and is dependent on having sophisticated intelligence systems in place to continually reassess the various shades of at-risk behaviours such that varied forms of geographically-zoned responses can be taken proportionate to risk manifestation. It is interesting that in Australia, animal-borne diseases would be handled with the intelligence-led approach, while the same option is not available to regulatory prevention of human-borne diseases. Why?
Underneath this question lies a fundamental operational question: if the regulator is positioned for bureaucratic expedience can it still maximise its harm prevention outcomes? In other words, has the push for efficiency of administrative systems enabling regulators to operate led to an undermining of their ability to act in faith with their principle of independent decision-making?
The history of biosecurity regulation in Australia is a fascinating case. Australia’s quarantine services have traditionally had significant powers (greater than police forces) and have acted immediately and quite drastically to any incursions. As the first point of interaction with any goods or people entering Australia, they have had to work closely with customs, policy makers and health services. Indeed, traditionally, the quarantine service officer could act independently of the other arms of government to ensure the often-extreme risks are handled objectively.
The sense that the world had resolved much of the people-born viruses in the late 1900s plus the irregularities in response arrangements between states and the federal government led to a number of watershed moments. First, Australia’s ‘people’ quarantine-centers were progressively closed and sold off. Second, Australia’s biosecurity tactical and operational regulatory arm became focused on animal and plant risk and disease vectors. Once these shifts had occurred by the end of the 20th century, it seems a readjustment to deal with human threat issues as they emerged in the 2000s was administratively difficult.
A series of reviews of biosecurity culminated in the Beale Review in 2008 made some critical findings for Australian regulation [Beale et al, One Biosecurity - Working in Partnership, Commonwealth of Australia, 2008]:
“Of a number of models available, the Panel prefers a clearly independent statutory authority … the National Biosecurity Authority. The National Biosecurity Authority’s functions would include protecting Australia’s biosecurity status in accordance with Australia’s treaty obligations and Appropriate Level of Protection. The Authority would administer the proposed Biosecurity Act including import permit decisions, pre-border and border functions and export certification. It would also manage and oversee quarantine facilities and support a national program of monitoring and surveillance of national priority exotic pests and diseases. It would be the Commonwealth’s emergency response agency for incursions of pests and diseases. The head of the Authority would be referred to as the Director of Biosecurity and would have the personnel and management powers and obligations of a Secretary under the Financial Management and Accountability Act 1997.” p.XIX
Would it have been of more comfort to have a single head of biosecurity regulation trotted out each day to handle questions supported by the chief medical officer, rather than a doctor talking about regulation? (This seemed to make a difference in the State’s fire responses…)
“The Government should move away from the current mandated target approach and instead adopt a comprehensive risk-return approach to deciding where to direct resources across the continuum…. Risk management needs to be backed by strategic intelligence that is reliable and constantly updated. To support this, the National Biosecurity Authority should include an intelligence gathering unit, with a particular focus on the region and Australia’s trading partners. The Authority should improve information gathering on border interceptions and also establish a post-border monitoring and surveillance program for national priority exotic pests and diseases…. A managed risk approach needs appropriately skilled and trained staff. (pp.XXVI- XXVII)
Would regulated responses have been clearer with a common intelligence picture able, in part, to be provided to the people on a daily basis and tailored for their zone of residence and area of work? This is the approach taken in the pest/animal regulatory world which has taken on a greater professionalization of its intelligence function – including linkages with national security counterparts.
While the Review considered submissions suggesting human health security be separated from animal and plant security, the Panel found that “…the [new] Biosecurity Act should incorporate human health elements, providing a comprehensive approach to biosecurity risk management.” P.131
While the recommendations of the Beale Review were all accepted, the core idea of a single statutory regulator separated from the Departments was not, leading to an interesting divergence in the biosecurity world. The regulatory functions of the quarantine inspection service were absorbed into Departments. However, because the biosecurity regulatory function crosses Departmental interests, regulation had to be divided on bureaucratic lines. Hence, the one national biosecurity act of the Commonwealth, has ended up with two core regulatory functions: one in the Department of Agriculture focused on threats to plants and animals, and the other in the Health Department focused on threats to people. The regulations are then neatly separated into two parts (Biosecurity (Human Health) Regulation 2016 and the animal/plant protections in five Goods Determinations) to assist in the creation of boundaries of separation of the biosecurity regulatory function across departments. The Department of Agriculture component responded to the Review’s recommendations for improved intelligence and integrated response systems by investing heavily in intelligence capability; and was thus an early adopter of regulatory intelligence in Australia. But the health regulatory arm?
The Beale Review noted the cultural difference: “While Biosecurity Australia seeks information from the Department of Health and Ageing in relation to human health risks that should be taken into account during an Import Risk Analysis, the Panel observes that … the Department of Health and Ageing does not have Biosecurity Australia’s expertise in biological risk assessment, nor the scope of health expertise at times to respond to particular Import Risk Analyses, it seeks input from expert advisers or committees.” (p.103) The suggestion here is that the regulatory decision-system benefits from including a diversity of interests and opinion; whereas the human health regulatory system was decided and advised by the same professional skillset in immunology and clinical sciences. The skillset in diagnosis and viral transmission is critical, but is case relevant and needs to be overlaid with a range of other industry, behaviour and threat/harm factors to inform community and business controls. Hence, the Beale Review had pointed to the need for an integrated intelligence system supporting decisions.
Complex enough? Well add an additional layer of Federation in which state officials can be appointed as regulatory officers of the Commonwealth and/or under their own health regulation. State health regulation is embedded in Departments but enforcement work appears to have been taken over by police officers… Presumably as Health Departments have little regulatory enforcement DNA.
It is interesting to use the reform of the Aged Care regulatory system in Australia as a counterpoint. Here the three regulators that were artificially constructed in the bureaucracy have been brought into one body due to multiple Review findings of systemic weaknesses and lack of independence in the design of the whole. The operating culture of the three organisations had developed on divergent paths over time and, without a common intelligence picture, Reviews found inconsistencies undermining the harm prevention intent. The two independent statutory regulators (one for quality the other for complaints) came together in a year. The regulator embedded in the Health Department (the enforcement and licensing arm) has taken two years to extricate itself to join with the other two. The end-point? A much simpler and contemporary design which should enable improved prevention outcomes. (Although it is worth noting that it is potentially the quality of our aged care regulatory system that protected the largest group of the most vulnerable from COVID-19 – especially when compared to the Spanish and Italian circumstance). It is interesting that the Beale Review proffered a similar solution for biosecurity; however, it was not enacted.
But maybe this is all just academic! Regardless of questions of independence, Australia’s regulatory staff and their enforcement colleagues appear to have just ‘got on and done’ the business of harm prevention for all Australians. They have not had the option of flexible and adaptive zonal response; however, the single zonal solution may have landed in the same place. It will be interesting to see how the inevitable review process will land on the issue of regulatory independence and the need for an integrated regulatory intelligence system in the months/years to come, or whether efficiency is seen as more important.