Chain of responsibility compliance – the ‘Big 5’ components for the new year
We have previously written on the changes coming to the Heavy Vehicle National Law (HVNL) and the Chain of Responsibility (CoR) laws and outlined a plan of attack to get your business practices in shape by the time that the new laws come into force – see the June edition.
Although no fixed commencement date has been given for the amended Heavy Vehicle National Law and the Chain of Responsibility laws, we continue to be told that ‘mid-2018’ is the target – and means there isn’t much time left to prepare.
To ensure you are ready for when the new laws take effect, we have prepared a five-step attack plan below.
And in the meantime, we recommend that you keep your right foot firmly planted, for two reasons:
1. The CoR laws are already in force, right here and right now. You are required to be compliant with them today. If you don’t already have in place compliance measures to deal with the current CoR laws, you are running the gauntlet. With the most recent prosecution netting a total penalty of $982,000, deferring getting your compliance right could be an expensive delay.
2. It takes time to develop, implement and ensure that any new compliance measures are working. Typically, it is at least a 9-12 month process to scope, design, implement, allow time for implementation to become embedded and then conduct checks to ensure that implementation has been properly rolled out and is functioning effectively.
Apart from following our month-by-month plan from the June edition of ATN, what should you be focusing on?
The bang-for-your-buck items are what I call the ‘Big 5’. Getting the Big 5 right will mean that you are very comfortably advanced with your compliance.
One key outcome of this is that if an incident does arise or a gap is identified by the regulators, they will be far more likely to sit down and work with you to resolve it, rather than making an example of you in Court.
If you haven’t worked on the Big 5, you won’t be able to convince the regulators that you are on your way to doing the right thing and are far more likely to be prosecuted as an example to others.
Here is a five-step attack plan:
Step one: Policy/procedures
You need a CoR compliance policy and working procedures. Your policy can be a half-page aspirational corporate statement, but it then needs to be backed up with a more substantive internal policy document (e.g. CoR compliance handbook) which gives your people information on the CoR, what is required, how you have chosen to manage compliance, what to be on the look-out for and what to do if an issue is identified. Such a document is also useful for providing to your third party counterparts in the Chain, as an example of you seeking to control/influence their compliance conduct. You should also develop a suite of working procedure/task flow type documents for any CoR process in your business e.g. loading.
Step two: Awareness/training
You should have a CoR induction program for your people, essentially to raise awareness of your policy and working procedures and instruct them in how to implement these. Ongoing tool-box talks should be used to raise issues that have been identified or ‘bumps’ encountered in implementing your compliance practices and how to resolve them. It doesn’t hurt to share this information with third parties in your Chain.
Step three: Contractual compliance clauses
You should have CoR compliance clauses in every supply chain contract or applicable terms and conditions – including supply/procurement, transport, warehousing/logistics and customer terms. This must be more than just a ‘you will comply with all laws clause’ and should mandate compliance with your policies and procedures where suitable. It doesn’t hurt to include CoR KPIs and non-payment penalties either.
Step four: Compliance monitoring
You need to monitor CoR compliance within your supply chain. Random spot checks and periodic internal or third party audits should be conducted. Any problems need to be assessed to determine the cause of the failure, who is responsible and how it can be addressed to prevent it happening again. All such steps should be documented and retained as evidence.
Step five: Executive reporting
In order to discharge their independent duty, your Executive needs to receive periodic summary or dashboard-style CoR compliance performance reporting e.g. how many non-compliance issues have arisen; are there any unexpected/unusual spikes in non-conformance; who in the Chain was responsible; have they been satisfactorily addressed; if not, what is being done to address them.
Nathan Cecil is a partner at Holding Redlich.
T: 02 8083 0429
M: 0405 239 402
E: nathan.cecil@holdingredlich.com
This article, which has ben edited, first appeared in the December edition of ATN. Subscribe here.