REGULATORY RISK MANAGEMENT UNDER WORK CHOICES Information handling

REGULATORY RISK MANAGEMENT UNDER WORK CHOICES. Information handling and the use of legal privilege. Mark D. Perica Senior Industrial Officer CPSU 1

Why regulatory risk management? n Work Choices is designed to prohibit and prosecute the legitimate activities of Unions. n The hostile regulatory environment increases our exposure to proceedings, prosecutions, fines or even criminal liability. n The risk of liability in that environment is enhanced by: q q n Government agencies set up to scrutinise the conduct of unions, and Increasing employer activism. It is therefore strategic to try to manage the regulatory risk. 2

Examples of increased risk of liability – unions responsible for conduct of officers and members n An officer must not do anything that would cause the contravention of a Federal Court or AIRC order or direction made under WRA or the RAO Schedule when the officer knows or is reckless as to whether the conduct would contravene the order or direction. [Part 3 of Ch 9 of RAO Schedule] n n Penalty: person $2, 200 or body corporate $11, 000 Courts are eager to shoot liability back to the Union: q Union will generally be liable for the actions of individual officers or members other than in exceptional circumstances: Nicholson J in CFMEU v Clarke [2006] FCA 245 - 17 March 2006. 3

Examples of increased risk of liability – nuclear option is possible n Some of the new grounds of deregistration are bizarrely broad: q q An organisation prevents or hinders the achievement of Parliament’s intention in enacting the RAO Schedule or an object of the WRA in relation to continued breach of an award, order of the AIRC or collective agreement or its continued failure to ensure member’s compliance or in any other respect: S 28(1)(a)(i) of RAO Schedule. A substantial number of the organisation’s members, in relation to a continued breach of an award, AIRC order or collective agreement, or in any other respect, hinders Parliament’s intention or the objects of the WRA: s 28(1)(a)(ii) of RAO Schedule. q An organisation engages in industrial action that prevents, hinders or interferes with the activities of a federal system employer or the provision of a public service by a Commonwealth, State or Territory authority: s 28(1)(b) of the RAO Schedule. 4

What is Risk Management? n Really no more than extension of strategic planning. q n “What are the risks of liability under Work Choices of undertaking an activity (e. g. industrial action or enterprise bargaining) and how do we control, minimise or avoid those risks? ” Risk Management is a systematic process of making an evaluation of risks to the Union. It is designed to avoid, reduce and control risks, including regulatory risks [ Risk Management Standard AS/NZ 4360: 2004 at p v] n Risk Management Guidelines [p 4]: q “the culture, processes and structures that are diverted to realising potential opportunities whilst managing adverse effects” 5

What is Risk Management n Risk Management is a praxis, not a policy (i. e. developed by reflection/action/reflection) which includes establishing the context in which risk of breach occurs, identifying the risk, analysing, evaluating, treating, monitoring and communicating risk. n It is a process for action and paper trail designed to control risk – may include a decision to disobey the law. n In practical terms could include the development of a general risk management policy, the performance of a risk analysis, the generation of checklists and training curricula. 6

The objectives of Risk Management n n n n To promote a rigorous basis for decision making and planning within campaigns and enterprise bargaining. Better identification of opportunities and threats. Creates a culture of pro-activity not re-activity. Improved incident management and reduction in loss and the cost of risk. Improved confidence and trust of the rank and file. Improved compliance with Work Choices. Allows conscious decision making in relation to civil disobedience and other non-complying activities. [Source: AS “Risk Management Guidelines”] 7

Why risk management for Work Choices? n A policy and culture of regulatory risk management will: q q Minimise the prospect of unconscious breaches of Work Choices; Provide evidence in a plea in mitigation for a reduction in the quantum of fines in the event of a breach; [builds forensic case for “reasonable steps to avoid” argument] q Prevent reactive “death by a thousand cuts” breaches and allow planning for conscious decisions to breach. 8

The process of Risk Management ESTABLISH THE CONTEXT EVALUATE RISKS MONITOR AND REVIEW ANALYSE RISKS RISK ASSESMENT COMMUNICATE AND CONSULT IDENTIFY RISKS TREAT RISKS Based on the Australian Standard AS/NZ 4360: 2004 and the Guidelines to that Standard 9

STEP 1: Establish the Context 10

Step 1: Establish the context: organising drive, industrial campaign, enterprise bargaining n Need to consider the environment in which you operate. This includes the identification of the actors who affect the activity and who may be affected by the activity. You can then establish the boundaries in which regulatory risks must be managed and guide decisions on risk management. n Need to consider: q q What is the activity you wish to undertake – e. g. organising drive, common law strategy, enterprise bargaining? What outcomes are you seeking in bargaining/campaign activity/organising? What is your strategy for getting there? What is the environment: are bosses hostile or co-operative? Is the workplace “hot” or docile? Majority organised or minority organised? Develop Risk evaluation criteria – what is our “risk appetite”? How much risk are we willing to take in the environment? 11

Step 1: Establish the context: Internal Actors: Nodes of risk for a union n Executive – authority under the rules. Commission proceedings and Deeds - Common Law Courts look at these matters with rigour. Executive Officers – are they operating within their powers and are the delegations adequate for the execution of forms or the initiation of proceedings? Staff – is their conduct compliant and do they have power under the rules to initiate processes? 12

Step 1: Establish the context: Internal Actors: Nodes of risk for a union n n Delegates – are they trained and do they get adequate assistance from the Union? Is there some control/protocol as to what is said by whom in negotiations? Rank and File – when can they act with the authority of the Union? What is the protocol for negotiations? q Need to identify risk on a regulatory risk register at each level, educate persons at each level and provide training to treat any risks. 13

Step 1: Establish the context: Rank and File and External Actors n Rank and File q q n Hot Shops: Need more risk analysis than less militant areas. Need to generate check lists and training for militants. Unguided Missiles: we all know who they are. They need to be informed of the “big picture”. External Actors q q q Boss: Freehills at fifty paces or relatively friendly? Customers: any rabid litigators or union hating ideologues? Government and Government Agencies: are they likely to intervene? 14

Step 2. Identify the regulatory risks 15

Step 2: Identify the regulatory risks n This involves identifying risks which arise from the environment you have established through Step 1. Your aim is to develop a complete list of regulatory risk and what each involves. It may include: q q n Best method for identifying potential risks; [previous experience of enterprise bargaining/organising with particular employer] Examine the sources of possible risk in campaigns, organising, or enterprise bargaining; [develop a check list at each level] Examine all potential regulatory risks – from internal actors from secretary to shop floor, the employers, and customers; Examine each risk from the perspective of both internal and external sources. Create a regulatory risk register which plots the risk before you engage in the activity. 16

Step 2: Identify the regulatory risks n ACTU “A Risk Management Guide for Unions” identifies key areas of risk. Handy for the creation of checklists: Minimise the prospect of unconscious breaches of Work Choices: q q q Right of Entry Agreement making Industrial Action Secret Ballots Freedom of Association 17

Step 2: Identify the regulatory risks n Ask yourself: q q q What are the best methods to identify the risks which are likely to occur for the activity? Who should I consult to assist me in identifying risks? Industrial Action What regulatory risks are relevant to this union activity? What risks are more likely? Are the risks internal/external or random? 18

Step 3: Analyse the Risk 19

Step 3: Analyse the risk n After the context is defined and the regulatory risk is identified the next step is to assess the impact of the risk. You want to separate acceptable risks from major risks which need to be managed. 20

Step 3: Analyse the risk n Risk Analysis involves deciding the relationship between the likelihood [frequency or probability of risk] and the consequences of the regulatory risk you have identified. n The level of risk should be analysed in relation to what you are currently doing to control that risk. Control measures decrease the level of risk. 21

Step 3: Analyse the risk – Calculating the level of risk Key: Extreme: An extreme risk requires immediate action. [i. e. damages through a common law proceeding or deregistration] High: A high level of risk requires action, as it has the potential to damage the organisation. [e. g. disobeying an s 496 order] Moderate: Allocate specific responsibility for moderate risk and implement monitoring or response procedures. [e. g. penalties for right of entry breaches or prohibited content demands] Low: Treat a low level risk with routine procedures. 22

Step 3: Analyse the risk – Calculating the level of risk n Evaluate the likelihood of a risk occurring according to the ratings in the left hand column. n Evaluate the consequences if the incident occurred, according to the ratings on the top row. n Calculate the level of risk by finding the intersection between the likelihood and the consequences. (A risk that is likely to occur and has minor consequences is a high level risk) 23

Step 3: Analyse the risk – Calculating the level of risk Risk analysis questions: § Are there any controls currently in place to manage the regulatory risk? § § § If there are, is there any remaining risk? What are the consequences if the risk should occur? Therefore what is the level of risk? 24

Step 3: Analyse the risk – Calculating the level of risk 25

Step 4: Risk Evaluation 26

Step 4: Risk Evaluation n This step involves evaluating the risks by comparing the level of risk with your risk tolerance and criteria taking into account: q q Importance of the activity you are managing and its outcome (e. g. might be bargaining trendsetter) Degree of control you have over the risk Potential and actual losses which may arise from the risk Benefits and opportunities presented by risk. 27

Step 4: Risk Evaluation – Deciding whether a risk is acceptable n An acceptable risk is not necessarily one which is insignificant. n You may decide the risk is acceptable because: q q q n The risk of prosecution is so low it doe not warrant spending time and money on it; The risk of prosecution is low and the benefits presented by the activity outweigh the costs of treating it; The opportunities presented by the regulatory risk are much greater than the threats. Risks which are acceptable should be listed in priority for treatment under Step 5. 28

Step 4: Risk Evaluation 29

Step 5: Treat the regulatory risk 30

Step 5: The treatment of regulatory risk n After evaluating the risk you have identified in a particular activity, the next step is to treat the risks you have decided are unacceptable. n You do this by: q Identifying the options which you could use to treat the risk; Selecting the best option in terms of feasibility and cost effectiveness; q Preparing a risk treatment plan. q 31

Step 5 – The treatment of regulatory risk We really only have three options: n q q q n Retain risk; Avoid the risk; Control the risk. Risk Control is a method of reducing the likelihood of the risk occurring, or reducing the consequences of the risk or both. 32

Step 5 – The treatment of regulatory risk Regulatory Risk Control can be achieved by: n q q A training regime for executive, industrial and other staff or delegates and of rank and file on compliance issues; Adequate supervision of drafting of Commission documents and other documents by competent officers and “made simple” check lists at each level of the union (use ACTU document as a guide); Testing; Compliance Officer: Inspection and process controls of critical document such as logs, bargaining period documents by a compliance officer – need a central point and responsibility for compliance. 33

Step 5 – The treatment of regulatory risk Where the risk is unavoidable strategies should be put in place to deal with it: n q q Planning for contingencies (e. g. a fund or levy out of which to pay the fines/damages); Minimising exposure to the source of the risk – taking steps to avoid the risk by training and check lists, or even use of corporate veil. 34

Step 5 – The treatment of regulatory risk 35

Step 6: Review of Risk Management Plan Practical example: Cadbury Schweppes protected action application 36

STEP 6 – Constant Review of Risk Management Plan In the course of an organising or enterprise bargaining campaign, constantly monitor and evaluate your risk management strategies. You need to: n q q q Monitor the existing risks; Identify new risks; Identify trouble spots or indicators of a changing environment. 37

Example: Cadbury Schweppes – there but for the grace of God…. n The organiser passed the proposed deed to them and said words to the effect “sign this and it will all go away”: SDP Acton in AFMEPKIU v. Cadbury Schweppes [PR 973290, para 21]. 38

Example: Cadbury Schweppes n n Go through risk management exercise. Evaluate Risk: q q n Always a risk in parallel negotiations for statutory collective agreement and common law deed for prohibited content; Risk of confusion over claims and risk of liability for claims for prohibited content, inability to take protected action. Treat Risk: q q Treat risk by the development of protocol for contemporary but distinct and separate negotiations. Never together - always discuss separately; Training for rank and file, delegates and organising staff on the perils of expressly linking the two and the strategic advantage of keeping the two negotiations separate. 39

Legal Privilege: what can it do for us? 40

Legal Privilege – can it help us? n Risk management is about managing and avoiding risk. It involves creating documents to establish endeavours to avoid or control risk. n Is there any way we can avoid or control risk of liability through utilising legal privilege to protect sensitive documents from the eyes of employer plaintiffs, the OEA or the Office of Workplace Services. n e. g: Branch executive “seeks advice” on industrial action strategy or union lawyer prepares a document in relation to wild cat strike activity in anticipation of a s 496 order. 41

Legal Privilege – what is it? n Legal privilege is a “common law rule of evidence” by which certain communications are prevented from disclosure to a Court or other quasi judicial body or otherwise: Baker v Campbell (1983) 153 CLR 52 at 84. 42

Legal Privilege – what is it? n Not all lawyer/client communications. n Mere fact that the person speaking is a lawyer and the person to whom he speaks is his client affords no protection: Minter v Priest [1930] AC 558 at 568. n Privilege only arises in certain circumstances. There are three types of privilege: q q q advice privilege; litigation privilege; third party litigation privilege. 43

Advice privilege n This is written or oral communications passing between a lawyer and their client are privileged from disclosure, whether as evidence in legal proceedings or otherwise, provided the communications are confidential and made for the dominant purpose of seeking or being furnished with advice from or by that lawyer: Esso Australia Resources Limited v Federal Commissioner of Taxation (1999) 201 CLR 49 at 65. 44

Litigation privilege n This attaches to written or oral communications between a lawyer and client made or prepared in confidence for the dominant purpose of being used in existing or reasonably contemplated judicial or quasi judicial proceedings: Grant v Downs (1976) 135 CLR 674 at 682. 45

Third party litigation privilege n This is invoked to prevent disclosure of confidential communications, including documents, passing between a lawyer and third parties, or the client and third parties, if made when litigation is on foot or reasonably contemplated and the dominant purpose of the communication was related to the proceeding [Pratt Holdings v Commissioner for Taxation (2004) 207 ALR 227] 46

When is the communication “confidential”? n Written or oral communications made in confidence between one person to another: Ritz Hotel Ltd v Charles of the Ritz Ltd (no 22) (1988) 14 NSWLR 132. n It does not include: q q q “Objectively observable facts”: National Crime Authority v. S (1991) 29 FCR 203; Discussions which take place in front of a third party: Lewis v Theodoropoulos (1987) 4 MVR 115 (FC); Communications which are in the public domain such as documents which constitute or evidence transactions, even if delivered to a solicitor or counsel for advice or for use in litigation: Baker v Campbell (1983) 153 CLR 52. 47

What does “dominant purpose” mean? n Purpose for which the document came into existence: ACCC v Safeway (1998) 153 ALR 393. n The use of the document after it is brought in existence is not material in establishing privilege: Arrow Pharmaceuticals v Merck (2004) 210 ALR 593. n Can’t make a document privileged if it’s originally made primarily for a purpose other than litigation or advice, eg, internal union documents can’t be made privileged after the event by seeking advice. 48

Does it extend to industrial officers without a practising certificate? n No it does not!! n Legal advice given by an industrial officer of a trade union who is not a legal practitioner does not attract privilege: Wood v Commonwealth Bank of Australia (1996) 67 IR 46 n Nor is legal advice given by an “in house counsel” who, though holding academic legal qualifications, is not admitted as a legal practitioner: GSA Industries (Aust) Pty Ltd and Constable (2002) 1 Qd R 233 49

In house lawyers with practising certificates? n Law is uncertain: q q Queensland Court of Appeal authority for the proposition the minimum requirement to attract the privilege is admission to practice as a barrister and solicitor: Glengallan Investments Pty Ltd v. Arthur Anderson (2002) 1 Qd R 233; Is admission a “sufficient condition”? – that is doubtful. 50

In house lawyers with practising certificates? n n New ACT Supreme Court case suggests we need more than a practising certificate: Cth of Australia and Air Marshall Errol John Mc. Cormack [2005] ACTA 35 [23 August 2005] Essential to privilege that lawyer holds a practising certificate but also: q q must be independent and free from control of employer; must be free from conflicting obligations and pressure and retain personal responsibility to the client; must be consulted in a professional capacity about a professional matter; consideration must be given to the minimum academic and practical qualifications that must be held by a salaried legal advisor which included a practising certificate. ` 51

Legal Privilege: does it give us anything? n n n No privilege for industrial officers without practising certificates. Unions with in-house lawyers even with practising certificates can probably claim it but not with great confidence. Safety would require an “internal firm” model. Safest quarantine is the use of external lawyers. If you wish to quarantine documents through the use of privilege have to keep in mind confidentiality, dominant purpose test and no retrospective privilege. In the end the potential for use of LPP is pretty limited. 52

Conclusion: be alert not alarmed n Risk Management is not bureaucratic overkill but a useful strategic tool. It is essential that Unions engage in some form of risk management. q n A minimal approach would be to conduct a regulatory risk audit before engaging on e. g. an organising campaign or enterprise bargaining, working out how would unacceptable risk would be treated. The paper trail will assist in avoiding liability or limiting liability in the event of prosecution. Legal Professional Privilege. Although the circumstances of its use are limited, it does present a method of quarantining some documents or communications from scrutiny, at least by the engagement of external lawyers. 53

Select Bibliography n Risk Management q q q n ACTU Risk Management Guide for Unions, [coming soon] Standards Australian/New Zealand Standard, Risk Management – AS/NZ 4360: 2004 Standards Australia Risk Management Guidelines Companion to AS/NZ 4360: 2004, HB 436: 2004 Legal Professional Privilege q q Desiatnik, Robert Legal Professional Privilege in Australia (Lexis. Nexis Butterworths)( Second Edition, 2005) Mac. Nicol, Suzanne Law of Privilege (Law Book Company, 1992) 54