Research reports

Corruption risks associated with public regulatory authorities

This report provides an overview of the corruption risks associated with public regulatory authorities in Victoria. It explores the causes of these risks, the factors that drive corruption risks in these authorities, and potential prevention, reporting and detection measures.

Regulatory authorities are responsible for ensuring the proper delivery of vital services in Victoria that impact on our safety and the good running of the State. This includes, for example, undertaking inspections and licensing for firearms, overseeing building regulations, ensuring the safety of energy services, and the regulation of gambling and liquor activities. 

This report was informed by an analysis of IBAC findings from investigations and research, consultation with key regulators and information from other integrity agencies in Victoria and nationally.


HTML version of report

  • Definitions




    Business Licensing Authority


    Consumer Affairs Victoria


    Environment Protection Authority


    Energy Safe Victoria


    Independent Commission Against Corruption New South Wales


    Victoria Police Licensing and Regulation Division


    New South Wales


    Organisation for Economic Cooperation and Development

    Regulatory capture

    Regulatory capture is the process by which regulatory agencies or their employees inappropriately identify with the interests of the client or the industries they are tasked with regulating


    Roads and Traffic Authority


    Victorian Auditor-General’s Office


    Victorian Building Authority


    Victorian Competition and Efficiency Commission


    Victorian Commission for Gambling and Liquor Regulation


    Victorian Ombudsman


    Victorian Public Sector Commission

    1 Overview

    This report provides an overview of the corruption risks associated with public regulatory authorities in Victoria. It explores the causes of these risks, the factors that drive corruption risks in these authorities, and potential prevention, reporting and detection measures.

    Regulatory authorities are responsible for ensuring the proper delivery of vital services in Victoria that impact on our safety and the good running of the State. This includes, for example, undertaking inspections and licensing for firearms, overseeing building regulations, ensuring the safety of energy services, and the regulation of gambling and liquor activities.

    This report was informed by an analysis of IBAC findings from investigations and research, consultation with key regulators and information from other integrity agencies in Victoria and nationally.

    Regulation of business and community activities is a key public sector function, undertaken by a range of public bodies. Regulation applies to individuals, community organisations and business, in various forms, from complying with legislative requirements through to self-regulation. The regulatory functions undertaken by public bodies should serve the public interest by helping to achieve economic, social and environmental objectives.

    There is no standard model for a public regulatory authority in Victoria. Some public bodies have regulation as one of numerous functions they undertake, while others focus solely on regulation. There are significant differences between regulators in terms of functions, size, budgets and governance. For simplicity, we refer to Victorian public regulatory authorities as 'regulators' or 'regulatory authorities' throughout this report.

    IBAC’s role includes informing the public sector and community about the risks and impacts of corruption, and ways it can be prevented. IBAC’s intelligence and research reports like this report, help raise awareness of corruption risks and drivers to assist public sector agencies to identify corruption, and to expose and prevent it.

    In this report, IBAC has identified certain corruption risks that are particularly relevant to public regulatory authorities and those with regulatory functions. These risks include mismanaged conflict of interest, bribery, and fraudulent reporting.

    Although this report highlights corruption risks that are most relevant to public regulatory authorities, this does not equate to a finding that corruption is occurring in these bodies. Nor does it mean that these bodies are not already taking steps to mitigate these corruption risks. IBAC also notes that not all of the risks and drivers identified in this assessment apply to all public regulatory authorities. However, these risks are highlighted so that regulators can make informed assessments of the risks facing the sector and apply prevention and detection strategies that are appropriate for their organisations.

    1.1 Key corruption risks

    • Victorian public sector regulatory authorities face particular corruption risks due to the nature of their work. Responsibilities for inspections and licensing, combined with high degrees of discretion and access to sensitive information provide opportunities for corruption to occur.
    • The mismanagement of actual, potential and perceived conflicts of interest is a heightened corruption risk for regulatory authorities. This is particularly the case where regulatory officers work collaboratively with the industries they regulate, and for regulatory bodies that receive revenue from the industries they regulate. Complaints and notifications received by IBAC in relation to regulators have highlighted mismanaged conflicts of interests as a key corruption risk for regulators.
    • The boards of regulatory authorities face risks around actual, potential or perceived conflicts of interest, with board members often having close links to the regulated industries. While such links or experience may be desirable from an operating perspective, the conflicts that emerge need to be carefully considered and properly managed.
    • Inspectors have high levels of discretion and autonomy. These factors can increase risks associated with employee misconduct and corruption, especially when employees conduct inspections unaccompanied.
    • Many employees of regulatory authorities have high levels of access to sensitive personal and business information, sometimes with relatively low levels of accountability. The inappropriate accessing and use of sensitive information is a significant corruption risk that has been frequently detected in IBAC’s investigations across the public sector.
    • Regulatory authorities’ employees based in regional locations may face heightened corruption risks in relation to identifying and managing conflict of interest. Conflicts of interest are more likely to arise in smaller communities because of the greater chance of regulators knowing the individuals or organisations they are regulating. IBAC also found that when corrupt conduct does occur in regional offices, it may be more difficult to detect and report because regulatory officers may be geographically remote from management oversight.
    • IBAC identified that reporting of regulatory outcomes varied across regulators. There was particular variation in the breadth of information being reported back to the regulated entities. There is evidence to suggest a lack of transparency by regulators can enable misconduct and corruption, and also hide it when it does occur.

    1.2 Key prevention and detection strategies

    This report also provides information on prevention and detection strategies currently being used by some Victorian public regulatory authorities. This highlights good practices occurring across the sector which could be considered for wider application.

    • All public bodies should have robust frameworks in place to prevent and detect actual, potential and perceived conflicts of interest. This includes proactive and clear policies for identifying, declaring and managing all conflicts of interest, and to have a gifts, benefits and hospitality policy and an associated public register.
    • To mitigate corruption risks associated with inspections and ensure greater accountability, regulators should consider specifying that high risk inspections must be conducted by at least two inspectors.
    • To prevent information misuse, regulators should have robust information security management and training for all employees that addresses the value of sensitive information held and how it could be misused.
    • Transparent public reporting by regulators is an important way of assuring the community that these public bodies are operating with integrity. Improved transparency and reporting of regulators' performance and decision making may also help reduce the risk of corrupt conduct going undetected.
    • Taking a risk-based approach to regulation ensures that regulatory activities are well targeted and make the best use of resources. It is also a way of increasing transparency and reducing the risks of corruption and misconduct by employees of regulatory bodies.
    • Joint inspections of business practices or premises by different regulatory authorities represent a good practice that helps improve both the quality and integrity of regulatory action. Joint inspections improve the transparency of decision making by different regulators and provides regulators with increased oversight and understanding of each other’s practices. There is scope for this approach to be applied more broadly.
    • As for all organisations, it is important for regulators to have sound processes for recruiting and vetting employees. All public bodies, including regulators, should maintain high standards of integrity in recruitment and baseline screening practices.

    IBAC encourages public regulators to consider the issues outlined in this report and to tailor corruption prevention strategies to best suit their particular risk profile, noting not all measures will be suitable for all regulators.

    1.3 Methodology

    1.3.1 Scope and definitions

    IBAC identified 55 Victorian regulatory authorities as suitable for the scope of this assessment. The selected regulatory agencies were based on the former Victorian Competition and Efficiency Commission’s (VCEC) 2013 biennial report on the Victorian regulatory system, which listed 59 regulators.1 While other departments and public bodies may undertake some regulatory activities as a normal part of business, these public bodies have not been included in this assessment due to differences in how they report on their regulatory functions. These public bodies may still benefit from reviewing their practices in light of IBAC’s findings in this report.

    Of the 55 regulatory authorities assessed, 19 were classified as ‘major regulators’ by VCEC. This is because of the substantial difference in the resources available to them and the breadth of their operations compared with the smaller regulators. This report uses the VCEC’s definition of a major regulator.

    1.3.2 Information sources

    This assessment draws on data from 1 January 2011 to 31 December 2017 and is compiled from an analysis of IBAC intelligence, complaint and notification holdings, and information from police and integrity bodies, as well as a review of academic literature and reports from similar interstate, Commonwealth and international bodies.

    IBAC also gathered information from a range of sources, including consultations with integrity bodies, and completed an in-depth look at six individual regulatory authorities to review risks specific to certain regulatory functions. These six reviews are in chapter 5 and were developed in consultation with the relevant agencies


    In a 2013 report, the Victorian Competition and Efficiency Commission defined a regulatory agency as:

    ‘… a state government entity (either independent or within a department) that derives, from primary or subordinate legislation, one or more of the following powers in relation to businesses or occupations: inspection; regulatory advice to a third party; licensing; accreditation; and standards monitoring and enforcement.

    Entities which do have some regulatory functions, but are not considered government business regulators are excluded, such as: local government; water corporations; organisations external to government with delegated powers (for example, the Law Institute of Victoria); third party auditors; and Commonwealth and interstate regulators.’

    Victorian Competition and Efficiency Commission, The Victorian Regulatory System, September 2013

  • 2.1 Regulatory authorities in Victoria

    In 2014, it was estimated that the 55 agencies reviewed for this report administered 171 different pieces of legislation and a further 191 regulations. They issued around 2.9 million licences on an ongoing basis.2

    In 2013, major regulators accounted for 91 per cent of staff employed by regulators, 90 per cent of expenditure, and 94 per cent of business permits and licences issued or renewed.

    Major regulators include:

    • Consumer Affairs Victoria (CAV)
    • Earth Resources Regulation Branch
    • Energy Safe Victoria (ESV)
    • Environment Protection Authority (EPA)
    • Essential Services Commission
    • Victorian Building Authority (VBA)
    • VicRoads
    • Victoria Police Licensing and Regulation Division (LRD)
    • Taxi Services Commission
    • WorkSafe Victoria.3

    Regulatory authorities are either established on a statutory basis, operating with some independence from the relevant Minister, or as branches of government departments. Often, they receive support from departmental staff or units. Regulatory authorities vary in terms of organisational structure, funding, staff and the industry being regulated. Accordingly, the corruption risks they experience are also varied.

    Since 2014, Victoria’s regulators have experienced significant changes, including machinery of government changes, implementation of the Victorian Government’s ‘reducing red tape’ initiative4 and technological advances. These changes have likely generated efficiencies5 and improved accountability of Victorian regulators. However, there is no recent study of the performance of Victorian regulators to confirm this.

    2.2 Governance and oversight of regulatory authorities

    Regulatory authorities are guided by recommendations issued by the Department of Treasury and Finance. These recommendations cover implementing regulation, reporting regulation and reducing the burden of red tape. Additionally, regulators have mandatory reporting requirements under the Statement of Expectations that relevant ministers issue to regulators each financial year.

    The Department of Treasury and Finance’s Victorian Guide to Regulation provides advice to regulatory authorities on their legislative requirements to submit business and regulation impact analysis statements when developing policy. This guide and its associated toolkits are focused on policy and the administration around regulation rather than the regulatory activity itself. The documents do not provide guidance to regulators on how best to conduct regulatory activities, and do not cover corruption risks and prevention measures.6

    The Office of the Commissioner for Better Regulation also provides best- practice advice on the cycle of activities, as shown in Figure 1.


    Designing risk-based regulation Applying risk-based approaches to regulating
    Developing policy Administering regulatory processes Undertaking compliance and enforcement
    Monitoring and evaluation

    The Victorian Government also promotes risk-based regulation, with regulators encouraged to ensure regulation is:

    • targeted — allocate effort to the areas of most serious harm
    • effective — judge risk accurately and introduce regulatory responses that seek to prevent harm or improve outcomes
    • proportionate — ensure regulatory responses are proportionate to the problem they seek to address
    • transparent — open the processes and outcomes to the public and regulated community
    • inclusive — develop regulation in partnership/consultation with community, business and government
    • consistent — apply decision-making processes consistently and predictably to different parties and situations
    • authoritative — maintain an authoritative understanding of the environment and information on the level of compliance
    • accountable — set clear standards and prepare to be judged on the decision-making process and outcomes.8

    Internationally, the Organisation for Economic Co-operation and Development (OECD) provides a set of principles for the governance of regulators for best practice.9 Consultations by IBAC with Victorian regulators indicate some major regulators (including EPA) use these principles to guide governance arrangements and policies.

    2.3 Allegations of corrupt conduct or misconduct

    2.3.1 Terminology

    IBAC receives ‘complaints’ from the public and ‘notifications’ from public sector agencies. A complaint/notification may include multiple allegations, all of which are individually assessed. The report includes summaries of allegations received by IBAC as a means to illustrate some key points. IBAC notes there are limitations with the use of these examples, including:

    • allegations are unsubstantiated at the time of receipt
    • allegations can be incomplete, lack detail, from an anonymous source or may not individually name the subject of the allegation
    • allegation data is not a comprehensive or reliable indicator of the actual prevalence of particular activities, or the risk mitigation practices and compliance activities already in place.

    Despite these limitations, analysis of allegations can assist in identifying trends or patterns and provide practical examples of identified trends.

    2.3.2 Allegations trends

    Between 13 February 2013 (when IBAC became fully operational) and 31 December 2017, IBAC received a total of 289 complaints/notifications regarding Victorian regulators, comprising 735 allegations.10 The allegations concerned a wide range of corrupt conduct or misconduct. The most complained about behaviours were poor administration, misuse of position, failure to take appropriate action, and misconduct in public office. As well, there were specific and multiple instances of alleged bribery and licensing processing issues. Also of concern were allegations of detrimental action following protected disclosures, as well as deception and fraud-related allegations.

    Most complaints/notifications were regarding the following five regulators:

    • VicRoads (75 complaints/notifications)
    • WorkSafe (44 complaints/notifications)
    • VBA (33 complaints/notifications)
    • Country Fire Authority (22 complaints/notifications)
    • Office of the Legal Services Commissioner (22 complaints/notifications).

    Allegations made against these five regulators included receiving financial bribes for licenses, failure to issue licences in line with legislation, collusion to prevent compensation, and covering up inappropriate conduct. As stated previously, these figures relate to allegations and are not findings of corrupt conduct. It should be noted these regulators all have high interaction rates with the public which may make them more likely to be the subject of complaints. Nevertheless, analysis of allegations can highlight corruption risks or aspects of a regulator’s work that might create public perceptions of corruption.

    Most regulators have access to sensitive personal or commercial information about their clients. Many allegations to IBAC related to misuse of information or information mismanagement, which is concerning given the sensitive information often held.

    Figure 2 shows the number of allegations made about 25 regulators over a four-year period.




    In addition to allegations received by IBAC, the Victorian Ombudsman (VO) also receives complaints11 related to the conduct of regulatory authorities. From 2011 to 2016 (inclusive) the VO received 10,352 complaints regarding regulators. These complaints covered a wide range of issues, from customer service complaints to corrupt conduct.12 The number of complaints of corrupt conduct being reported to the VO has decreased over the years – possibly due to IBAC’s establishment and increasing awareness that allegations of corruption should be made to IBAC.

    This allegation and complaint data does not capture all allegations made about regulators to other complaint handling bodies (including Victoria Police, various commissions and to Commonwealth agencies) unless these have been referred on to IBAC.

  • 3.1 Conflict of interest

    A conflict of interest is where an employee has private interests that could improperly influence, or be seen to influence, their decision or actions in the performance of their public duties. Conflict of interest is a key integrity issue impacting the entire public sector. There is the potential for conflicts of interest to occur across many processes from recruitment to procurement to policy-making.13 This section will cover conflict of interest for regulators’ employees, including management, board members and other employees.

    The existence of an actual, potential and perceived conflict of interest is not an integrity issue in itself. However, if this conflict is not declared and managed appropriately, it can negatively impact upon the employee, the regulator, the industry and the Victorian public sector.

    While conflict of interest remains a risk for regulators, there is already a range of information available to regulators on how to detect, manage and report any which occur. This includes guidance from the Victorian Public Sector Commission (VPSC) and Victorian integrity bodies as discussed later in this report. However, more practical and targeted training for regulators could encourage reporting and better support regulators to identify and properly manage conflicts of interest.

    Regulatory activity increases the potential for conflict of interest. Employees of Victorian regulatory authorities are therefore considered to be at a heightened risk of conflict of interest due to the nature of their work. This is so for a number of reasons. Firstly, it involves interaction between the regulator, industry and the community. Secondly, some employees of regulatory authorities have a high level of discretion, which may make it more difficult to detect and appropriately manage conflict of interest.

    Another factor is that a significant number of regulators, including major regulators, receive limited government funding and rely on their regulatory activities for revenue. Some regulatory authorities have recognised these funding arrangements present potential conflicts of interest and have negotiated with the government for their funding to be reorganised. For example, EPA is undergoing a restructure under which it will move to a combined government funding model that reduces reliance on funding sources linked to its regulatory activities.14

    The Victorian Commission for Gambling and Liquor Regulation and the Victoria Police LRD are two regulators that are funded via government appropriations. The revenue from their regulatory activities is not used to support their activities, but goes into consolidated revenue, which mitigates any actual or perceived conflict of interest in that regard.

    3.1.1 Conflict of interest by regulatory employees

    Conflict of interest by employees is a heightened risk for regulatory authorities. For example, regulators often play an important role in encouraging public involvement with industry, educating industry, as well as regulating industry activity.15 This means regulators can benefit from their employees attending industry events where staff can learn more about and educate industry. If these events include private benefits, such as gifts or accommodation, the event may create risks of actual, potential and perceived conflicts of interest that need to be properly managed. This management may include the regulator and employees regularly updating and managing the gifts, benefits and hospitality register, as well as identifying which events may not be suitable for government employees to attend.

    3.1.2 Conflict of interest by board members

    Declaring and managing conflicts of interest is an ongoing issue for regulatory authorities that are overseen by a board. Appointment of board directors (and sometimes other members) is the responsibility of the relevant Minister.16 The VPSC has published information for board members to assist with upholding the integrity of the appointment process. This includes advice on the preferred skills, expertise and qualities of board members, as well as detailed information on managing conflicts of interest.17

    Notwithstanding this policy advice, the poor identification and management of conflicts of interest remains a risk as board members are often directly or indirectly connected to companies in the industry subject to regulation. Board members are indeed often sought or preferred for their industry or sector knowledge. Additionally, board members may also have obligations to other public or private boards. This can heighten the risk of actual or perceived conflicts of interest.

    3.1.3 Conflict of interest by regulators in regional areas

    The declaration and management of conflict of interest can be further complicated for regulatory authorities’ employees who live and work in regional areas.

    Many regulators have regional offices. Some of these offices are in smaller communities where there may be an increased potential for forming personal relationships with industry members. While simply knowing a client does not in itself constitute a conflict of interest, any perceived conflict of interest could be damaging to the reputations of the employee and the authority if the regulator does not manage these conflicts of interest appropriately.

    While the complaints data does not reflect a higher proportion of cases for regional offices, some stakeholders consulted by IBAC believe the data may reflect under-reporting. If so, this may be attributable to lower levels of oversight and awareness of reporting mechanisms in regional areas. There are some reports suggesting corruption risks are higher in smaller communities, with regulators and their employees more likely to share the community’s values, social systems and reinforcement by being a part of the local community.18 However, these risks can be mitigated via a range of appropriate conflict of interest management approaches, such as targeted controls, increased staff awareness, transparency and enhanced risk identification.


    During the course of preparing this report, IBAC was informed of a board chair of a public entity whose private company provided strategic advice as a consultant to the regulator. They were subsequently appointed CEO of that same regulator. While it is not suggested that any conflict of interest was poorly managed, the example highlights the intricate relationship that often exists between board members and industry.

    This example also demonstrates that conflicts of interest may unavoidably arise through the interactions of regulators and businesses, and the existence of the conflict of interest itself is not an integrity issue. The benefits associated with the industry experience of executives and board members, for example, can outweigh the risk so long as the risks are appropriately identified, reported and managed by both the person reporting the conflict and the regulator.

    3.2 Bribery

    3.2.1 Bribery during inspections

    Inspections are an important part of regulators’ compliance and investigative functions. Inspections should be risk based or intelligence led.19 The regulated entity should not be able to choose inspection targets and dates20 to optimise the effectiveness of the inspections.

    The primary corruption risks for inspections are the offering or solicitation of bribes or other inducements to pass inspections and ‘tipping off’ business prior to inspections by regulator employees. The tipping- off of inspections has been documented to IBAC as a particularly high risk for the sex industry, which is co-regulated by CAV and the Business Licensing Authority, and local councils. This is highlighted in the following case study.


    Between 2002 and 2010, a local council worker accepted more than $130,000 in bribes from three illegal brothels for not investigating the establishments for breaches of rules and regulations. As well, the worker tipped off the operators about inspections by a co-regulator.21 While this incident related to corruption by a local government employee rather than a regulator employee, it demonstrates how intelligence sharing between co-regulators is vulnerable to misuse.


    In 2013, IBAC received a notification from a regulator alleging a senior inspector, in the company of a junior inspector, requested a free regulated item from a regional business where they were conducting an inspection. The incident was reported and included in an inspection report by another senior inspector.

    It was further alleged that a director and a manager at the regulator had separately requested the alleged incident be redacted from the report as it ‘cast the [the agency] in a negative light’. The report writer refused to amend the report and was allegedly later threatened with demotion if he did not comply.

    3.2.2 Bribery during licensing and registration

    Licensing and registration is an area of high risk for corrupt behaviour. There is an incentive for industry to offer benefits in return for licences or registrations, or to bribe regulators to speed up the process. Such corrupt behaviour can undermine the integrity and effectiveness of regulatory systems. It can have implications for public safety, fair competition between regulated entities, and for confidence in the fairness of public sector decisions.

    The Western Australia Corruption and Crime Commission found that bribery risks are heightened where:

    • there are ‘bottle necks’ in the delivery of services
    • transactions are undertaken by inexperienced workers
    • there are close relationships between regulators and industry
    • significant costs are incurred by delays or withholding of licensing/registration
    • licensing/registration occurs in the context of an agency’s revenue raising capacity.22

    Such risk factors also apply to Victorian regulators that issue licences and registrations. Often, regulators are the sole source of a licence or registration and, in the case of many regulators, these processes are performed by inadequately trained staff. 23 It is important that all staff receive appropriate training, including in integrity awareness and corruption prevention, even where these staff are experienced in their roles.

    VicRoads is subject to a high number of complaints regarding licensing and registration, however not all of those are related to bribery. This high number of complaints may be attributable, in part, to the large number of transactions and the population it serves. It may also reflect factors related to its licensing processes, including junior staff performing licensing functions (often with personal discretion), and the fact that VicRoads directly receives an income from its regulatory activities.

    The following New South Wales Independent Commission Against Corruption (ICAC NSW) case study illustrates these risks.


    ICAC NSW received information that a Roads and Traffic Authority (RTA) officer had engaged, or was about to engage, in misconduct.

    The investigation found that between 2004 and 2006 the RTA manager had voluntarily entered a scheme with an associate to unfairly advantage applicants in the driving test. The RTA manager provided confidential information to his associate, who shared this with an external driving instructor. The driving instructor then instructed his clients on what to expect in the test and the RTA manager would allocate the applicants to a lenient driving examiner.

    The driving instructor received cash payments of around $1300 to $1500 from each applicant issued with a licence. The payment was shared between his associate and the RTA manager.

    The RTA manager also created emails that falsely purported to have been sent from Land Transport New Zealand. The emails represented 10 people as holding a particular class of driver licence in New Zealand that met RTA’s mutual recognition arrangements. In some instances, it was found that the RTA manager received cash, cannabis and other kickbacks to ensure those people improperly received a NSW driver licence under the mutual recognition arrangements.

    In response to Operation Sirona, RTA introduced a range of integrity reforms.

    Notwithstanding these changes, there continue to be examples of bribes being accepted to unlawfully provide driver licences. For example, in 2016, a NSW government official pleaded guilty to three charges and was sentenced to 12 months’ home detention for making a false document to influence the exercise of public duty, corruptly receiving a benefit while an agent, and dealing with proceeds of crime.25 This example shows how bribes can still be offered to regulators even after major investigations and reforms have been undertaken, and that corruption prevention and detection are consistently required for public regulators.

    3.3 Fraudulently reporting on performance

    Another risk is reporting inspections which have not been conducted. As with bribery, such corrupt behaviour has the potential to undermine public confidence in regulatory systems and reduce the overall effectiveness of regulatory regimes.

    This risk was highlighted in a 2017 report by the Victorian Auditor- General’s Office (VAGO) into the regulation of liquor-licensed venues. The regulatory body, the Victorian Commission for Gambling and Liquor Regulation (VCGLR), measured its performance by the number of inspections performed. Inspectors were found to be reporting inspections that appeared to be conducted in short timeframes, across multiple venues simultaneously, and sometimes without talking to the licence holder.26 One mitigation for these corruption risks for inspections is the requirement of two inspectors per inspection.

    VCGLR has sought to reform its approach to measuring and reporting performance which assists in irregularities being detected.27 This includes data integrity checks, requiring data analysts to review all inspection data and referring any inspections identified as raising integrity issues to the relevant executive for consideration. Further to this, the VAGO report found ‘VCGLR has identified and started to address many of these [compliance] issues since late 2015, and its proposed actions to better organise and train its inspectors and target its activities based on relevant data and indicators of risk are reasonable’.28

  • Regulators have unique risks due to the nature of the industries they regulate and their regulatory activities. IBAC identified the following drivers that can increase the corruption risks faced by regulatory authorities.

    4.1 Lack of transparency

    Research has identified links between misconduct in Australian regulators and a lack of effective transparency.29 The OECD argues transparency is not only a key feature of good public governance but transparency in regulation also offers citizens and business the opportunity to better understand and comply with rules and legislation. Transparency provides more accountability for the actions of regulators, with bribery more common in countries with low levels of transparency in government.30

    Public reporting of regulatory activity and performance is most commonly done via annual reports, but varying standards make comparisons between years and regulators difficult. Further, VAGO has noted that Victorian regulatory authorities have previously only provided inconsistent, inadequate, high-level data.31 This data gives little insight into how they are performing their regulatory functions. Improved transparency of regulators’ performance may help reduce the risk of corrupt conduct going undetected.

    4.2 Industry and regulatory capture

    Australian integrity bodies have identified inappropriate relationships between public sector bodies and the private sector as a key corruption risk.32 With an increased reliance on private industry to deliver what were once public services, there is potential for conflicted relationships. This can lead to regulatory capture, where regulators and their employees potentially begin to align their values and actions with that of the industry they are regulating – rather than with the values and legislated purpose of the regulator.

    Enforcement officers are particularly vulnerable to regulatory capture, as their discretionary powers potentially allow for favouritism or selective non- enforcement. Regulatory capture is also a particular risk for regulators that negotiate compliance via collaboration with industry in order to implement better systems. Regulatory capture can happen slowly and it can be difficult for regulatory authorities to detect if employees are inappropriately identifying with the interests of the industry they are regulating.33

    4.3 Integrity history of employees

    The employment of people with histories of misconduct or corrupt conduct is a corruption risk affecting the whole public sector. This issue of the recycling of corrupt employees is highlighted in IBAC’s forthcoming report, Corruption and misconduct risks associated with employment practices in the Victorian public sector.34 It is a risk of particular relevance to regulatory authorities whose staff have access to sensitive information and where they can exercise discretion in decision-making.

    Regulators often require specialised skills and experience to perform work such as inspections and enforcement. It can be difficult to recruit and retain the best employees for these positions as these skills may also be in demand in the private sector. Such competition can mean that employees with histories of misconduct or corrupt conduct in other agencies are considered for employment in public bodies because they hold the requisite skills. For illustration, the employment in public bodies of former Victoria Police officers who resigned under investigation or were terminated due to misconduct is an issue that has been examined by IBAC, including in investigations.

    Although most regulators conduct basic background checks, better vetting of potential employees could mitigate the risk of employing unsuitable people into regulatory roles. NSW ICAC has recently found employment application fraud is a common issue across the NSW public sector and has published advice on how public bodies can strengthen employment screening35 which also mitigates the risk of hiring employees who may lack integrity.

    4.4 Targeting by organised crime groups

    It is well established that organised crime groups target public sector employees to elicit information to aid in their offending.36 While IBAC has seen evidence of this within its investigations, the extent to which those groups target regulators is an intelligence gap.

    Regulatory authorities often have access to sensitive personal and business information. This can be either directly supplied to them by industry or consumers, through direct access to Victoria Police or other government databases, or via a request to another government agency for information. Primarily, it is the responsibility of the public body receiving the information to use it only for the purposes for which it was requested and secure it in line with the Victorian Protective Data Security Framework.

    With regulators becoming more intelligence led, there has been an increase in the amount of personal information they hold, which likely increases opportunities and consequences of unauthorised access and release of information. Additionally, there is a heightened need for regulators to make staff aware of the risks that come with holding such information. In 2016, the Victorian Law Reform Commission published Use of Regulatory Regimes in Preventing the Infiltration of Organised Crime into Lawful Occupations and Industries, which includes a model for assessing the risk of infiltration of organised crime groups. This model could be used by regulators to minimise their risk of infiltration.37

    Organised crime groups are documented as having high levels of involvement with some regulated industries, including the sex industry, the security industry, firearms dealers, adult entertainment venues, and the gambling industries.38 It is therefore likely that agencies that regulate these industries are attractive targets for organised crime groups. Regulators should consider the risks presented by organised crime groups, particularly in relation to information security.

  • The corruption risks and drivers identified on the previous pages present challenges that affect different regulatory bodies in different ways. This chapter provides an in-depth look at six regulatory authorities and reviews the risks and drivers specific to their regulatory functions, and how these authorities are responding. The initiatives regulators are implementing to mitigate corruption risks have been developed by the regulators themselves, independently from IBAC.


    What does Consumer Affairs Victoria (CAV) do?

    CAV is a business unit of the Department of Justice and Regulation, regulating Victoria’s consumer affairs. It advises and assists government, the public and businesses on matters including renting and accommodation, estate agents, building, shopping and trading. CAV administers 30 Acts of the Victorian Parliament, including those regulated by the Business Licensing Authority (BLA).

    CAV monitors and regulates the conduct of BLA licensees, and provides support and information to the BLA during the licensing processes. CAV has an ongoing monitoring role to ensure licensees comply with any conditions imposed by the BLA, and investigates and assesses matters referred from the BLA.39 CAV also undertakes inspections and other compliance and enforcement activities in relation to BLA-regulated activity, as well as those relating to renting, building and renovating properties, retirement villages, and shopping-related consumer rights.

    What does BLA do?

    BLA is an independent statutory authority comprising two independent Governor-in-Council appointments. Those appointees make licensing decisions, supported by a Registrar and CAV staff within the Regulatory Transaction Centre. While it is independent, it shares an office and receives funding and administrative support from CAV, including staff from the Regulatory Transaction Centre. BLA provides licences to businesses that are required to be licensed to operate lawfully and further regulates these businesses. IBAC considered both BLA’s regulatory activity and related CAV regulation for this report.

    BLA licenses a range of service providers or traders including conveyancers, estate agents, motor car traders, rooming house operators, second-hand dealers and pawnbrokers, and sex work service providers. BLA can make decisions about licence and registration applications, publishes a register of licensees and, in some circumstances, seeks information and advice from CAV or Victoria Police. BLA can (and frequently does) choose to delegate licensing decisions to CAV. It also maintains public registers for information purposes for the above licensing and registration schemes.

    Corruption risks for CAV and BLA

    IBAC assesses the key corruption risks for CAV in undertaking the compliance and enforcement activity for BLA-regulated services, including:

    • breach of professional boundaries during inspections
    • bribery in both licensing and inspection and activities.

    A key driver of these risks is the possibility of regulatory capture of employees. Regulatory capture is the process by which regulatory agencies or their employees inappropriately identify with the interests of the client or the industries they are tasked with regulating.

    CAV employees conducting inspections are often doing so with some autonomy to ensure effective regulation, and are often dealing with industries with heightened corruption risks. This makes breaches of professional boundaries and bribery unavoidable corruption risks for CAV and there are mitigations in place, as detailed on the next page.

    Bribes could be offered to CAV enforcement and compliance officers to sign- off on regulated activities without undertaking any inspections or for information tip-offs about future inspections by CAV or its partner authorities.

    What CAV and BLA are doing to mitigate risks

    CAV is implementing initiatives to promote an integrity-focused culture. Key activities include:

    • monitoring and reporting on integrity measures, such as conflicts of interest, outside employment and declaration of private interests
    • improving integrity governance, including conflict of interest declarations as a standing agenda item for CAV governance meetings
    • reviewing and monitoring relevant risk registers to ensure integrity, fraud and corruption matters are reflected appropriately
    • working with the Department of Justice and Regulation’s Fraud Prevention and Integrity Unit to organise workshops with regional CAV staff on conflict of interest, including strategies to better manage potential or actual conflicts.

    There is a high risk that bribes may be offered to CAV employees undertaking compliance and enforcement activity. Due to this, CAV has implemented controls including:

    • limiting the number of face-to-face meetings between CAV staff and licensees, and introducing strict protocols to manage any necessary meetings
    • mandatory privacy and security compliance training for staff
    • publishing information privacy and records management principles and processes on its intranet
    • regularly rotating CAV staff between teams so they work across different industries.

    CAV has also advised it has implemented a framework of intelligence-led, risk-based and outcomes-focused compliance activities under the CAV Operating Model.40 This project, conducted over several years, has involved the introduction of analytic and information management capabilities and new organisational structures.


    What does Energy Safe Victoria (ESV) do?

    ESV is the independent technical regulator responsible for electricity, gas and pipeline safety. ESV also promotes energy awareness in Victoria. Its work includes licensing and registering electricians, investigating gas and electrical safety issues in homes and businesses, and supporting registered training organisations to train gasfitters in commercial, industrial and domestic gas appliances.

    Corruption risks for ESV

    ESV is funded by fully recovering its costs from industry rather than through government funding. With the number of licences issued over the past several years increasing, this funding model is sustainable. Additionally, the issuing of certificates of electrical safety accounts for the majority of ESV’s fee income with gas and electricity industry levies.

    ESV is responsible for the entire regulatory cycle of the safety electricity supply and the electrical industry and most of the gas industry – from assessment of technicians through to compliance of the electrical and gas industries and manufacturers. As such, it is challenging to fully assess corruption risks as its range of activities and oversight span training, licensing and inspection. Notwithstanding this, IBAC found that ESV is likely to face key corruption risks around fraud and information misuse in assessing technicians.

    Previous reviews of energy sectors have recommended that comprehensive bribery and corruption risk assessments be conducted across all regulatory activities so risks can be best identified and managed. Previous reviews have also found that people working in high-risk jurisdictions, including those with inspection and enforcement duties, should receive increased levels of training to combat the increased risk of bribery.41

    ESV is a unique regulator, with detailed oversight and interaction with industry, and has previously been perceived as less connected to its departmental oversight than other regulators. This is derived partly from its greater reliance on recruiting technical specialists from industry rather than from the broader public service. Anecdotal reports and allegation data suggest this may contribute to employees feeling disconnected from the rest of the Victorian Public Service (VPS), and may mean employees require more targeted education and training around how to report and detect suspected corruption.

    What ESV is doing to mitigate risks

    ESV has recently updated its website to encourage complaints from the public, including information about protected disclosures. It has also established a complaints portal on its website. These new measures aim to provide a higher level of transparency and assurance to the community about its dealings with ESV. This can be an important risk mitigation strategy for preventing corruption.

    A review of Victoria’s gas and electricity framework was underway at the time of this report, with an interim report released in October 2017 and the final report submitted to the Minister in December 2017.42 This review examined ESV’s governance arrangements for monitoring and enforcing compliance with safety obligations and regulations by energy network businesses.43 It also included an examination of the ESV practices highlighted above and presented draft recommendations to strengthen ESV, including in areas of governance, capabilities and preparedness, which are in the process of being implemented.


    What does the Environment Protection Authority (EPA) do?

    As Victoria’s primary environmental regulator, EPA is responsible for ensuring compliance with environmental legislation, as well as enforcing the legislation. There is no standard approach to environmental regulatory authorities across Australia, with each state and territory having its own legislation, regulators and funding arrangements.

    EPA’s regulatory activities cover compliance and enforcement, licences and approvals, and environmental auditing. EPA also monitors air quality, water quality, odours, noise, land quality and waste. In 2016/17, EPA conducted 1796 inspections, issued 13,096 fines for environmental offences and issued more than 2800 other notices and warnings to both industry and the public.44

    Corruption risk for EPA

    IBAC assesses EPA’s key corruption risk is regulatory capture for both the authority and individual employees, including those in regional offices.

    The authority’s regulatory capture risks include the potential for favouritism or selective non-enforcement. If EPA failed to consistently exercise its powers, it could be perceived as intentionally aligning its interests with industry. For example, a 2011 review identified EPA not using enforcement measures such as licence suspensions/revocations or prosecutions on businesses they knew would be significantly financially impacted.45

    What EPA is doing to mitigate risks

    In 2010, VAGO reported that EPA was not effectively regulating business and industry’s management of hazardous waste. VAGO found EPA’s monitoring and inspection activities lacked coherence, purpose and coordination.46 Since this review, EPA has strengthened its accountability measures47, including implementing fraud and corruption control plans in their governance models.

    EPA has recently partnered with co-regulators to conduct inspections and educational campaigns across the construction industry. This is a proactive approach that encourages accountability by all participating regulators. It also provides greater understanding of co-regulation, which can assist information sharing and regulators’ accountability.48

    EPA was the subject of an independent review undertaken by a Ministerial Advisory Committee. This inquiry examined EPA’s role, power, tools, governance and funding, and how EPA can best manage the environmental challenges affecting current and future health, liveability and prosperity in Victoria.49 The Committee’s report, delivered in March 2016, made 48 recommendations to the government. The government supported 40 recommendations in full, seven in principle and one in part,50 and committed $182.4 million to equip EPA to implement reforms.51

    The panel recommendation to develop a new funding model for EPA, to reduce reliance on funding sources that may produce actual or perceived conflicts of interest, was supported by the government, as was the implementation of a funding model to ensure EPA maintains its independence. Also, the Environment Protection Act 2017 introduced a new governing board for the regulator, designed to provide a more contemporary approach to governance and to improve oversight of EPA’s regulatory functions.

    EPA also has a range of lower level administrative controls for preventing conflict of interest including: cyclical fraud and corruption audits by an external auditor; full police checks on recruitment for authorised officer roles; and not having dedicated officers in work programs assessed by EPA to have high regulatory capture risk due to frequent interaction with industry.


    What does the Victorian Building Authority (VBA) do?

    VBA is the government regulator of building and plumbing practitioners across Victoria. This includes the registering, licensing and disciplining of both building practitioners and plumbers. VBA also undertakes inspections, investigations and audits to enforce compliance with the relevant legislation.

    VBA was established as a new building industry regulatory authority in 2013 through amendments to the Building Act 1993 (the Act). The amendments abolished the former Building Commission and Plumbing Industry Commission and created VBA with a new governance framework and independent board. The intent of the amendments was to establish a new governance framework to deliver governance across the building industry and to address criticisms and systemic issues associated with practices within the former Building Commission and Plumbing Industry Commissions.

    Corruption risks for VBA

    VBA is a self-funded statutory authority and receives income from licensing, permits and registration, with most of its income coming from building permit levies.52 As discussed in this report, regulation as a means of revenue raising for public agencies can be problematic and can impede corruption prevention initiatives.53

    IBAC assesses the key corruption risks for VBA are conflict of interest, as employees oversee building surveyors and assess builders’ registrations, and bribery in relation to builders’ registrations.

    What VBA is doing to mitigate risks

    In 2012, the VO identified concerns about the vulnerability, lack of integrity, independence and administration of the registration system for building practitioners and made recommendations to strengthen the Victorian building regulator.54

    There has been significant legislative change since 2013. Amendments to the Act, that increase the powers of the regulator to undertake its compliance functions, are being progressively introduced through to July 2019.

    These changes include:

    • new offences for working without a building permit
    • extension of VBA’s inspection powers to owner-builder sites
    • redefinition of circumstances where a building surveyor may not act
    • a checklist that relevant building surveyors must use when lodging building permits with councils
    • updated powers to issue directions to fix building work
    • two new indictable offences under section 16B of the Act, which affect people and corporates in the business of building
    • extension of conflict of interest provisions.

    In relation to conflict of interest, VBA maintains policies for employees on managing and declaring conflicts of interest as well as gifts and hospitality. Specifically for the VBA Board, conflict of interest is addressed and managed via its Charter and in additional policies with a standing item on each agenda for commissioners to disclose conflicts of interest and excuse themselves from discussions when a conflict arises.

    In relation to the risk of bribery, VBA requires employees to formally report any bribery attempt and disclose this to senior VBA personnel.

    In response to the other changes, VBA is:

    • introducing a strategy to regulate Victoria’s building and plumbing industries and setting goals and outcomes to work towards
    • improving complaints handling processes and undertaking risk-based performance audits
    • developing and refining its monitoring and evaluation framework
    • implementing a new approach to discipline for building practitioners, known as the Show Cause and Internal Review process
    • investigator training and increasing proactive practitioner investigations
    • establishing an intelligence unit to identify serious, systemic non- compliance.

    VBA has also recently commenced education and regulatory activities with co- regulators. These joint inspections are likely to deter corrupt activity and improve standards across regulatory bodies.


    What does the Victorian Commission for Gambling and Liquor Regulation (VCGLR) do?

    VCGLR is an independent statutory authority which comes under the Department of Justice and Regulation portfolio. VCGLR was established in 2012 with the mandate to integrate Victoria’s gambling and liquor operations and to focus efforts on developing a regulatory approach underpinned by harm minimisation. It involved the merger of the former Victorian Commission for Gambling Regulation and Responsible Alcohol Victoria.

    VCGLR collects revenue from its regulatory activity on behalf of the government. This revenue is paid directly into a consolidated fund. VCGLR does not control these funds and they are not recorded as income. Instead, VCGLR receives grant funding from the Department of Justice and Regulation to be applied to delivering outputs associated with the regulation of gambling and liquor industries in Victoria. This funding arrangement helps to mitigate any actual or perceived conflicts of interest.

    Corruption risks for VCGLR

    IBAC assesses there are two key corruption risk areas for VCGLR: fraudulent reporting on performance and regulatory activities; and the soliciting or taking of bribes by VCGLR compliance employees.

    VCGLR’s focus on compliance, enforcement and licensing quotas (rather than harm minimisation) may indirectly encourage misreporting on performance. VAGO and IBAC have identified there is a risk of VCGLR performance targets being prioritised over effective regulation.

    Bribery within compliance activities remains a key risk for many regulators and ongoing education is required to mitigate this.

    In 2010, VAGO recommended the former Victorian Commission for Gambling Regulation provide reports following inspections; however, in early 2017 this was yet to be implemented by VCGLR.55

    What VCGLR is doing to mitigate risks

    VCGLR activities have been subject to various audits by VAGO, most recently in Regulating Gambling and Liquor (February 2017). Since this report, VCGLR has undertaken training reforms to improve integrity awareness and corruption prevention. This included the provision of new e-learning modules that include training on the VPS Code of Conduct. Training reforms also include the roll-out of an inspector training program within VCGLR’s Compliance Division. This training is mandatory for all existing and new staff in the division and incorporates awareness and understanding of divisional integrity controls and the VPS Code of Conduct. The training is compulsory for all staff and forms part of the induction training for new employees.

    VAGO’s 2017 report concluded that VCGLR needed to take measures to more effectively monitor legislative compliance in the gambling and liquor industries.56 Poor monitoring of compliance, while not amounting to corruption, can contribute to an environment in which corrupt conduct may occur and remain undetected. It should be noted that VAGO found VCGLR’s plans and actions to further develop its risk-based approaches to licensing and compliance were largely sound. VAGO also highlighted VCGLR’s refocused attention on improving the way it manages, develops and deploys its regulatory staff, particularly compliance inspectors.

    Since VAGO’s 2017 report, VCGLR has implemented a risk-prioritisation tool to guide inspections of licensed premises, and is progressing its implementation of a risk-based framework for the assessment and determination of liquor licensing applications. The risk-prioritisation tool identifies high-risk venues using risk factors such as trading hours, capacity, venue compliance and suitability. This approach leads to greater consistency and objectivity in assessing applications, allowing for targeting and consideration of mitigating measures for higher risk applications. Such a risk-based approach helps mitigate corruption risks through a uniform approach to inspections and licensing.


    What does the Victoria Police Licensing and Regulation Division (LRD) do?

    LRD is responsible for the regulation of the firearm, private security and weapon industries in Victoria. It regulates these industries under the Firearms Act 1996, the Private Security Act 2004, the Control of Weapons Act 1990 and their associated regulations. All employees of LRD are Victoria Police employees, with most being Victorian Public Service employees.

    LRD’s regulatory activities include issuing and renewing licences and permits for the ownership, use and sale of a firearm. For the private security industry, LRD provides different types of licensing: crowd control, security guard, private investigator, private security business, firearm dealers, as well as licences for cash-in-transit activities. Additionally, it manages the weapon industry and progresses applications to the Chief Commissioner of Police for weapon approvals in Victoria. Items subject to the weapon approval process include prohibited weapons, controlled weapons and dangerous articles. It also conducts compliance and enforcement activity across the three previously mentioned Acts.

    Corruption risks for LRD

    LRD is a unique regulatory body due to its wide reach across Victoria, the potential danger of the industries it regulates, and its direct access to personal and law enforcement information. Because of this, and due to it being the only regulatory authority embedded in Victoria Police, it has a distinct governance structure designed to mitigate a number of corruption risks identified for other regulators, including risk assessment processes for all compliance and enforcement activity. Further mitigations are detailed in the section on page 28.

    IBAC assesses that the key corruption risks for LRD include secondary employmentoutside interests and conflict of interest in regulated areas not being declared in line with Victoria Police policy, and unauthorised disclosure of information and misuse of systems specific to LRD business.

    Victoria Police employees are prohibited from undertaking any secondary employment or unpaid work in the security or investigative industries. Employees cannot participate in the commercial operation of the firearm or weapon industries, nor be involved in club management. Based on IBAC’s analysis of complaints and historical rates of reporting to Victoria Police by its employees across all business areas, it is highly likely that declarations of secondary employment, outside interests and conflicts of interest with these industries are being under-reported.

    Analysis of IBAC intelligence holdings and allegation data showed that unauthorised disclosure and misuse of systems by LRD employees was likely to be occurring. This could be attributed to a high level of access to Victoria Police systems, as well as a high number of Victorian Public Service employees who may not receive the same level of training around privacy information legislation and use of law enforcement data as uniformed police officers.

    LRD regulates industries that have well-established links to organised crime groups, such as the weapon and firearm market and the private security industry. IBAC assesses that this makes LRD particularly at risk of being targeted by organised crime groups and individuals for information and permissions.

    What LRD is doing to mitigate risks

    Victoria Police advises that it regularly reminds its employees of their obligations under Victoria Police’s policies governing secondary employment and outside interests, declarable associations and conflict of interest. All employees are trained in these policies upon employment and some units have refresher training for employees moving from other areas of the organisation. LRD also conducts compliance audits to ensure secondary employment applications are up-to-date. Despite these measures, IBAC continues to receive complaints and notifications alleging breaches of these policies, reinforcing the need for ongoing staff training and education.

    Victoria Police has ensured all LRD employees have undertaken mandatory privacy legislation training from the Victoria Police Privacy Unit to mitigate information security risks. It also maintains an LRD information portal accessible to all LRD employees that contains standard operating procedures in the use of information. Additionally, induction training for new employees includes requirements around privacy, conflicts of interest, data protection and the use of law enforcement systems.

    Victoria Police is also working to implement Recommendation 6 of the independent 2015 review into Victoria Police by the Victorian Equal Opportunity and Human Rights Commission.57 This recommendation relates to employees leaving the organisation, including those who resigned under investigation. Victoria Police has also advised IBAC it has processes in place to ensure further scrutiny of former Victoria Police officers applying for entry into the private security industry. LRD is also:

    • implementing a formal risk-based methodology for its compliance and enforcement activities to ensure a continued focus on priority risks
    • recording all telephone calls within LRD for training, quality assurance and complaint resolution purposes.

    Victoria Police has long-established working relationships with other regulatory bodies, including the Game Management Authority, EPA and Parks Victoria. This can help facilitate more efficient use of government resources and joint education initiatives.

    Victoria Police has advised it is also progressing a new, organisation-wide initiative that is designed to further mitigate the risk of conflict of interest. The initiative involves a review of organisational processes for managing conflict of interest declarations, with a view to progressing to a completely automated process that would enable declarations to seamlessly follow employees to new positions, allowing managers to easily access and review both individual declarations and trends/risks in their control.

    • recruitment practices to ensure they align with best practice in screening to ensure the attitudes and expectations of all future Recruits align to the values and vision of the organisation, including an emphasis on respect and diversity
    • collecting and monitoring information about reasons for attrition at all stages of recruitment processes as part of broader monitoring under the Equity and Diversity Strategy
    • instituting exit interviews for all resignations and retirements and collect and monitor data in relation to reasons for leaving and attrition of particular groups by gender, rank/level and work type '.
  • As outlined in this report, regulators face a range of corruption risks and drivers tied to the nature of their work and operating environments. The ‘Regulators in focus’ chapter outlines how some major regulators are responding and the strategies they are employing to help mitigate these risks.

    Public sector agencies have responsibility for ensuring the integrity of their organisations, and individual agencies are best placed to assess their risks and operating environment, and implement corruption prevention strategies accordingly. A range of prevention and detection strategies to help address the corruption risks faced by regulators are available, and agencies need to choose the strategies that will best suit their situation, noting not all measures will be suitable for all regulators.

    6.1 Robust information security management

    A greater awareness of the value of sensitive information held by regulatory agencies and how it could be misused is likely to lead to better information management practices and, in turn, fewer opportunities for corruption.58 Educating employees on the risks associated with working with personal, health or commercially sensitive information – as well as the relevant legislative provisions around handling such information – will ensure employees are more accountable in how they access and disclose information. Additionally, employees may be more likely to detect and report colleagues who do not manage such information appropriately.

    Robust systems to detect the misuse of information can also assist regulators to identify employees who are inappropriately accessing and disclosing information. Such systems might include regular and random audits of database access. An analysis of IBAC’s investigations suggests the size of the regulator does not always correlate to the strength of the systems available to detect information misuse.

    IBAC and other integrity agencies have information suggesting regulators may be inaccurately recording, manipulating and misusing data to meet performance targets. Raising awareness among employees of best practice, available reporting mechanisms and the implications of corrupt conduct may assist in identifying the inappropriate access, use or recording of information.

    6.2 Strong conflict of interest frameworks

    Conflict of interest is a natural, and sometimes unavoidable, part of business and this is no different for the Victorian public sector. How these conflicts are declared and managed is of utmost importance to public bodies and their employees. All organisations are responsible for cultivating a culture that encourages reporting of conflicts of interest, the appropriate management of conflicts of interest and transparency in how conflicts of interest are being managed.

    One way to mitigate risk is to ensure the right policies are in place and complied with, including:

    • conflict of interest policies (covering how to identify, declare and manage actual, perceived and potential conflicts of interest)
    • gifts, benefits and hospitality policies and public registers.

    The VPSC has published guidelines and support materials to assist agencies with implementing these policies and practices.

    6.3 Proactive management of inspections

    Inspections have been highlighted as an area of heightened corruption risk. To mitigate risks including bribery and the fraudulent reporting of performance, regulators could consider specifying that all inspections must be conducted by at least two inspectors to ensure greater accountability.

    Additionally, some regulators have provided inspection and/or compliance reports to the regulated entity following regulatory activity. This provides greater accountability and transparency.

    6.4 Recruiting and vetting of employees

    IBAC acknowledges the difficulty regulators may have attracting employees with suitable skills, qualifications and experience to regulatory roles. However, like all public sector agencies, public regulatory authorities need to maintain high standards of integrity in recruitment. This should include assessing potential employees on their likelihood of breaching the Code of Conduct for Victorian Public Sector Employees based on previous actions and behaviours. Other strategies may include strengthening frameworks around the employment life cycle and baseline screening practices, as discussed in IBAC’s forthcoming report on Corruption and misconduct risks associated with employment practices in the Victorian public sector.59

    IBAC and the VO have previously highlighted that corruption risks associated with recruiting the wrong people can be minimised by approaches such as:

    • requiring prospective employees to complete a statutory declaration in relation to their prior work history, including whether they have ever been the subject of an investigation for a criminal or disciplinary matter
    • requiring candidates to sign a waiver allowing the employer to check prior disciplinary history across the public sector.60

    Additionally, regulators can look to the VPSC for ongoing guidance around how corruption risks in employment can be addressed.

    6.5 Increased collaboration

    As stated previously, some regulators have collaborated to conduct joint inspections and further educate the industry on its obligations. Victoria Police LRD, in particular, has long-established partnerships with co-regulators. This not only benefits industry through simplified inspections, but provides a greater level of accountability for regulators and a mechanism for information sharing between regulators.

    WorkSafe Victoria, CAV, ESV, EPA and VBA visited the Geelong and Surf Coast region in February 2017 to conduct more than 100 inspections of building sites.61 While this was reported in the media prior to the inspections occurring and was likely to have alerted the industry, the inspections were also designed to deliver information about best practice and to encourage compliance.

    These joint initiatives, which replicate practices conducted by some federal government authorities, are likely to reduce corruption risks and increase accountability due to public regulators working directly with industry partners. This improves transparency of decision making and regulatory activity.

    Another avenue of collaboration is through forums convened with other regulators. Within Victoria, the Commission for Better Regulation holds a Regulators’ Forum that brings together leaders of Victoria’s largest regulators and departmental staff to share best practices and discuss challenges. The Regulators’ Forum also provides IBAC with an opportunity to inform regulators of key corruption risks and to encourage a culture of reporting.

  • The diversity of regulatory authorities and activities in Victoria presents unique corruption risks. Responsibility for inspections and licensing, combined with high levels of discretion and access to sensitive information, provide opportunities for corruption to occur. The need for strong integrity measures around regulation is particularly important given the inherent risks and cost to the community should regulated services or industries be corrupted.

    Regulators face heightened risks in relation to the management of conflicts of interest, the integrity histories of employees, and being targeted for information. In highlighting these risks, IBAC seeks to inform the public sector and community so that they are better equipped to prevent corrupt conduct within public bodies and report such conduct when it occurs.

    Regulators are working together and with government departments to identify and manage corruption risks. This report highlights some of the good practice being undertaken, noting additional opportunities for public regulatory authorities to strengthen their corruption resistance.


    1 Victorian Competition and Efficiency Commission, The Victorian Regulatory System: September 2013. From this list of 59 regulators, IBAC identified 55 public bodies which still existed at the time of the assessment following machinery of government changes. The Commission’s functions have since been transferred to the Office of the Commissioner for Better Regulation and the Department of Premier and Cabinet.

    2 The Victorian Competition and Efficiency Commission, Terms of Reference – improving the efficiency and performance of the Victorian regulators, 2014.

    3 As defined by the Victorian Competition and Efficiency Commission in The Victorian Regulatory System, September 2013.

    4 Department of Treasury and Finance, Reducing the regulatory burden, 2017.

    5 For example, during consultations for this report, Victoria Police informed IBAC it has experienced positive feedback and increased compliance from implementing an online payment and lodgement process for services from its Licensing and Regulation Division.

    6 Commissioner for Better Regulation (2016). Victorian Guide to Regulation: A handbook for policy-makers in Victoria.

    7 Victorian Competition and Efficiency Commission (2015). Smart regulation: Grappling with risk: Supporting paper.

    8 The Australasian Environmental Law Enforcement and Regulators Network), (2013). Principles and considerations for using risk assessment in environmental regulatory agencies, 2013. In Victorian Competition and Efficiency Commission (2015). Smart regulation: Grappling with risk: Supporting paper.

    9 OECD (2014). The Governance of Regulators, OECD Best Practice Principles for Regulatory Policy, OECD Publishing.

    10 This excludes allegations, complaints/notifications regarding the Victoria Police Licensing and Regulation Division because of how such allegations are recorded in in IBAC’s case management system.

    11 Due to the differences between IBAC’s and the VO’s case management systems for complaints/notifications and allegations, complaints data is used for VO rather than allegations. A complaint/notification may include a number of allegations of reportable behaviour.

    12 This does not include complaints about LRD as, since 2013, the VO has not accepted complaints about Victoria Police and, prior to 2013, could not classify complaints specifically against the LRD.

    13 Victorian Ombudsman (2014). Conflict of interest in the Victorian public sector – ongoing concerns. March 2014.

    14 Victorian State Government (2017). Independent Inquiry into the Environment Protection Authority. Final Report. p 384.

    15 Corruption and Crime Commission (Western Australia) (2015). Report on the Misconduct Intelligence Assessment of the Western Australian Public Sector.

    16 Ministers are responsible for most appointments to public entity boards, but can receive advice from the committee of the board, the board, or the relevant body. The exception to this is when the board has a right under its legislation to appoint a director by co-option. Victorian Public Sector Commission (2015). Director Selection and Appointment.
    10 March 2015.

    17 Victorian Public Sector Commission (2018). Welcome to the Board: Directors’ Guide to Public Entity Governance.19 March 2015.

    18 Adams, Gary; Hayes, Sharon; Weierter, Stuart; and Boyd, John (2007). ‘Regulatory Capture: Managing the Risk’. Australian Public Sector Anti-Corruption Conference. Presented on 24 October 2007 – Sydney.

    19 Hampton, Philip (2005). The Hampton Report – Reducing administrative burdens: effective inspection and enforcement. Published in March 2005 for Her Majesty’s Treasury UK.

    20 Independent Commission Against Corruption (New South Wales) (2016). Regulatory Functions.

    21 The Age (2011). "Council worker ‘accepted brothels’ bribes." Published 10 November 2011.

    22 Corruption and Crime Commission (Western Australia) (2015). Report on the Misconduct Intelligence Assessment of the Western Australian Public Sector.

    23 The Victorian Auditor-General’s Office identified this as an issue for the Victorian Commission for Gambling and Liquor Regulation in 2017. Victorian Auditor-General’s Office. (2017). Regulating Gambling and Liquor. 8 February 2017, p 37.

    24 Independent Commission Against Corruption (New South Wales) (2007). Report on an investigation into corrupt issuing of driver licences (Operation Sirona). 20 Sep 2007.

    25 Ford, Mazoe (2017). ABC News. ‘Bodyguard star Paulini pleads guilty in Sydney court to bribing a public official.’ 4 September 2017.

    26 Victorian Auditor-General’s Office (2017). Regulating Gambling and Liquor. Published 8 February 2017. p 30.

    27 ibid. p 49.

    28 ibid. p xi.

    29 Adams, Gary; Hayes, Sharon; Weierter, Stuart; and Boyd, John (2007). ‘Regulatory Capture: Managing the Risk’. Australian Public Sector Anti-Corruption Conference. Presented on 24 October 2007 – Sydney.

    30 Clarke, George R.G. (2014). Does over- regulation lead to corruption? Texas A&M International University.

    31 Victorian Auditor-General’s Office (2015). Victoria’s Consumer Protection Framework for Building Construction. May 2015. pp 33, 37 and 58; and Victorian Auditor- General’s Office (2015). Regulating Gambling and Liquor. February 2017. p xii.

    32 Corruption and Crime Commission (Western Australia) (2015). Report on the Misconduct Intelligence Assessment of the Western Australian Public Sector.

    33 Adams, Gary; Hayes, Sharon; Weierter, Stuart; and Boyd, John (2007). ‘Regulatory Capture: Managing the Risk’. Australian Public Sector Anti-Corruption Conference. Presented on 24 October 2007 – Sydney.

    34 IBAC (2018). Corruption and misconduct risks associated with employment practices in the Victorian public sector (forthcoming).

    35 Independent Commission Against Corruption (NSW) (2018). Strengthening employment practices in the NSW public sector.

    36 Australian Institute of Criminology (2013). ‘Organised crime and public sector corruption: A crime scripts analysis of tactical displacement risks.’ Trends and issue in crime and criminal justice No. 444 December 2013; Independent Broad based Anti- Corruption Commission. (2015). Organised crime group cultivation of public sector employees. Published 24 September 2015.

    37 Victorian Law Reform Commission (2016). Use of Regulatory Regimes in Preventing the Infiltration of Organised Crime into Lawful Occupations and Industries. p 31.

    38 Victorian Law Reform Commission (2015). Use of Regulatory Regimes in Preventing the Infiltration of Organised Crime into Lawful Occupations and Industries. Consultation Paper June 2015. pp 14-26.

    39 Parliament of Victoria (2013). Parliamentary Debates (Hansard): Legislative Council Fifty-seventh Parliament, First Session. ‘Questions on notice: Wednesday 27 November 2013 (Extract from book 16)’. p 37.

    40 Consumer Affairs Victoria (2016). Annual Report 2015-16: Our Direction.

    41 Cummins, Tom and Swaika, Prateek (2014). Bribery and Corruption: Implications for energy companies. Published 1 June 2014 in Energy Source Issue 13 – June 2014.

    42 Department of Environment, Land, Water and Planning (2017). Review of Victoria’s Electricity and Gas Network Safety Framework: Interim Report. October 2017.

    43 Department of Environment, Land, Water and Planning (2017). Review of Victoria’s Electricity and Gas Network Safety Framework. October 2017.

    44 Environment Protection Authority (2017). Annual Report 2016-17.

    45 Krpan, Stan (2011). Environment Protection Authority. ‘Compliance and Enforcement Review: A review of EPA Victoria’s approach’. February 2011. pp 172 and 187.

    46 Victorian Auditor-General’s Office (2010). Hazardous Waste Management. 9 June 2010.

    47 Victorian Auditor-General’s Office (2014). Environment and Sustainability Sector: Performance Reporting. 26 June 2013.

    48 Environment Protection Authority (2017). Builders aware in Geelong and the Surf Coast. 20 April 2017.

    49 Government of Victoria (2016). Independent Inquiry into the Environment Protection Authority. 31 March 2016.

    50 Department of Environment, Land, Water and Planning (2017). Andrews Labor Government Response to the Independent Inquiry into the Environment Protection Authority. 17 January 2017.

    51 Environment Protection Authority (2018). EPA welcomes new Governing Board. 23 May 2018.

    52 Permit levies are calculated in relation to the total cost of the building work being undertaken and are paid by the applicant to the applicant’s choice of building surveyor before the permit is issued. It is the responsibility of the building surveyor to then pay the VBA all amounts of building permit levies received for building permits issued.

    53 Corruption and Crime Commission (Western Australia) (2015). Report on the Misconduct Intelligence Assessment of the Western Australian Public Sector.

    54 Victorian Ombudsman (2012). Own motion investigation into the governance and administration of the Victorian Building Commission.

    55 Victorian Auditor-General’s Office (2017). Regulating Gambling and Liquor. February 2017. p 53.

    56 ibid. p xi.

    57 Victorian Equal Opportunity and Human Rights Commission (2015). Independent Review into sex discrimination and sexual harassment, including predatory behaviour in Victoria Police: Phase One Report – Dec 2015. Recommendation 6 states: 'Victoria Police review recruitment and exit processes, including:

    58 Van der Wal, Zeger; Graycar, Adam; and Kelly, Kym (2015). ‘See No Evil, Hear No Evil? Assessing Corruption Risk Perceptions and Strategies of Victorian Public Bodies’. Australian Journal of Public Administration, vol. 75, no. 1, pp 3-17.

    59 IBAC (2018). Corruption and misconduct risks associated with employment practices in the Victorian public sector.

    60 IBAC and Victorian Ombudsman (2015). Victorian public sector must screen out corruption risks. October 2015.

    61 Environment Protection Authority Victoria (2017). Building regulators heading to Geelong and Surf Coast. Published 14 February 2017.vv