Updated Regulatory

Environment

John Clark & Jon Round

Safety Programme Managers

Performance Based Regulation

19 May 2015

Performance Based Regulation

As the Industry Continues to Evolve…

How do we Continue to Provide Safety Assurance?

1945 2014

Marginal rate of improvement has levelled over time

Significant reducing trend in incidents and events over past

50+ years driven by the expansion of prescriptive rule-

based regulation But further

improvements

require a new

approach

Rate of Safety Incidents

The long term decline in safety incidents and events in

the UK since 1945, which was driven by the expansion

of compliance-based regulation, has levelled out.

Generating further improvements requires a Risk and

Performance based approach.

Short term trend is not

stable

Our current system has worked very well

These are the key drivers for our change in approach

Transforming the CAA to a performance based regulator

The operating environment

The regulatory framework

The need to maximise opportunities from Industry’s SMS

Delivery of the better regulation agenda

The Delta in Safety Risk Assurance

• Prescriptive rules can effectively address safety risks if:

– The Regulator knows about the risk

– The Regulator is convinced of the need to address the risk

– The Regulator knows a solution for the risk

– The Regulator has adopted a proposed solution to the risk

– The Regulator has revised/updated the prescriptive rule to reflect any changes in safety risk

– The Regulator has applied the rule only in a targeted manner to entities faced with such risks

– The Regulator takes into account the impact which the prescriptive rule has on the entities being regulated

– The Regulator understands the impact which the proposed mitigation has on the total system

– Industry complies with the prescriptive rule targeted to address the risk

– The Regulator enforces compliance with the prescriptive rule

The Delta in Safety Risk Assurance

• But in reality:

- Entities experience very different

levels and types of risks

- Compliance with prescriptive rules

enables many areas of key risk to be

addressed, but not all areas

- There will always be a gap or delta in the actual risks encountered by an entity and those risks which are effectively addressed by prescriptive rules.

- Something is needed to contextualise the prescriptive rules, ensuring that the mitigation is proportionate and targeted to effectively address specific risks

PERFORMANCE BASED REGULATION

• A holistic, “entity”* based approach, in the context of unique sectors

within the total system

• Targeted, consistent, and proportionate oversight commensurate with

the actual risks

• New conversations based on risk and performance between the

regulator and stakeholders as well as amongst stakeholders

Transforming the CAA to a performance based regulator *Entity – a single approval, or group of approvals that can be overseen better in an integrated manner

Our Vision

To transform the CAA into a Performance Based

Regulator, working with industry to demonstrably

reduce safety risk across the total aviation system

and develop the capabilities required for future

regulators.

Transforming the CAA to a performance based regulator

Page 1 ESP Briefing, December 2013

The European Context

EASA Pivot to Performance Based Regulation The PBR Programme and associated IT deployments are designed to provide the link

between industry SMS and the requirements placed on National Authorities

Co

mp

ete

nt

Au

tho

rit

y

Management System (the driver)

ARA/ARO.200: The competent authority shall establish and maintain a management system, including as a minimum: (1) documented policies and procedures to ... achieve compliance with Regulation (EC) No 216/2008 (2) a sufficient number of personnel to perform its tasks and discharge its responsibilities. Such personnel shall be qualified to perform their allocated tasks and have the necessary knowledge, experience, initial and recurrent training to ensure continuing competence. A system shall be in place to plan the availability of personnel, in order to ensure the proper completion of all tasks

Oversight Programme

ARA/ARO.GEN.305: ….must be developed taking into account the specific nature of the organisation, the complexity of its activities, the results of past certification and/or oversight activities (required by ARO.GEN and ARO.RAMP) and shall be based on the assessment of associated risks.

Ap

pro

ved

O

rg

an

isati

on

Management System

ORx.GEN.200 (a) 3: The identification of aviation safety hazards entailed by the activities of the operator, their evaluation and management of associated risks, including the actions to mitigate the risk and verify the effectiveness

Rules introduced by the European Aviation Safety Agency (EASA) set the

context for the UK’s transformation to Performance Based Regulation.

Page 1

Context

EASA Pivot to Performance Based Regulation

Recognising that Risk and Performance Based Regulation is central to the EASA system, the UK is moving from:

• Solely relying upon prescriptive rules to identify the safety risks and prescribed mitigation towards:

• Exploiting our many sources of safety risks drawn from individual entities, sectors and the total aviation system

• Targeting those areas in the total aviation system that represent actual and emerging major safety risks to UK passengers and the public

• Using prescriptive rules within the context of addressing the actual risks

• EASA Performance Based Environment (1 Aug 2014)

We will be focussed on Total Aviation System Risk in three Dimensions: The ‘Total Risk Picture’ covers both the complete aviation system in terms of the breadth of the aviation system (service providers, regulators, accident investigators), the depth of the system from the individual pilot/engineer/controller up to the system level, and the interfaces between sectors

Total System EASA

System

UK system

Sector

Entity

Individual

Regulatory Change Management

International Civil Aviation

Organisation

Neighbouring States & FABs

Foreign Accident Investigations

Non-UK Airlines in UK

UK Airlines Overseas

UK CAA Risk Capability

General Aviation

Training Organisations

Aircraft Maintainance

Design & Production

Air Navigation Service Providers

Airports

Airlines

Ground/Non CAA Regulated

Military

Crown Dependencies Overseas Territories

UK Citizen

CAA Oversight

Breadth Depth

Primary components of Performance Based Regulation

PBR ENGAGEMENT

Transforming the CAA to a performance based regulator

•ICAO •European Commision •EASA •Neighbouring NAAs •PBRIG •Opportunities within industry

Transforming the CAA to a performance based regulator Feedback (Sharing knowledge and lessons learnt – Internally & Externally)

INTELLIGENCE RISK OUTCOME ACTION CHECK FEEDBACK

CAA view

Our Actions

Entity

Actions

Entity

view

Risk List

(current

& future)

Agreed

Desired

Outcomes

Identify

Options for

Action (cost/benefit)

Compliance

and

Performance

Proactive

Leading

Indicators

Assessment

Actions

Delivered &

Measured

Total System

Actions

Data

Intelligence

Rules

Risks/Issues: • What CAA knows

• What others know

Planned changes

Incidents &

Accidents

Performance Based Oversight – Core Regulatory Decision Making

CAA Risk List

Performance

Comparison

CAA

Governance of

Safety

International

influence

Unregulated

Sectors

Linear Model

OVERSIGHT (Visits, Desk etc)

Performance Based Oversight Phases

Milestone 2

Prep phase

Milestone 3

CAA Internal review meeting

Milestone 5

Check & Feedback

Milestone 4

Accountable Manager meeting

Milestone 1

Entity set-up

OVERSIGHT

(visits, desktop, phone etc)

Transforming the CAA to a performance based regulator

From Internal Review Meeting to Accountable Manager Meeting

Collaborative Internal Review Meeting

Prepares the Oversight Manager

Effective Accountable Manager Meeting

Transforming the CAA to a performance based regulator

Q-Pulse

• Standard audit and event planning tool

• Standard findings and observations tracking tool

• Powerful Management information

• Implemented across all major capabilities

Output - The Triangle

Red

Amber

Approval status Green

29

23

17

13

8

37 Complexity

Matrix Rating

Annual audit 4 days (FOI, IO, GS & CS) Check R x 2 (FOI +CSI) Check T 1 per fleet (FOI) Check F 1 per fleet (FOI) Check M 2 days (FOI/IO) Check C x 2 (CSI) SAG >4 (FOI/IO) Cabin safety SAG x2

Annual audit 4 days (FOI, IO, GS & CS) Check T 1 per fleet (FOI) Check F, min 2 (FOI) Check M 1 day (FOI/IO) Check C x 2 (CSI) SAG x 2 (FOI/IO) Cabin safety SAG x2

Annual audit 3 days (FOI & IO) Check T & F, 1 day each (FOI) Check M 1 day (FOI/IO) SAG x 1 (FOI/IO)

Annual audit 2 days (FOI & IO) Check T & F, 1 day each (FOI) Check M 1 day (FOI/IO) SAG x 1 (FOI/IO)

Annual audit 2 days (FOI & IO) Check T & F, 1 day each (FOI) Check M ½ day (FOI/IO) SAG x 1 (FOI/IO)

1 day audit per 24 months. (IO) 1 flight check per 24 months (FOI) ½ day desktop (IO)

“Continual oversight” Monthly meetings FOI’s x 3 AA = desktop

Safety Risks

Multiple Privileges can be itemised 2

Contains Safety Actions on same form 1

Risk Assessment Guide

Flexing Oversight parameters

• Vary oversight period (allowable by EASA in some areas)

• Vary days per entity to achieve oversight (already achieved with complexity principles)

• Target specific risks with specific checks (Timing, already done today , what will be different will be a better record of the decision making)

Q

pulse

EPT in

CRM

= PBO

The PBO equation

(Baseline oversight + Risk)

(The ability to vary oversight according to performance)

Transforming the CAA to a performance based regulator

Human Factors

• Initial change resistance in CAA, specifically looking outside technical specialist area

• Risk is not a precise or binary thing. We now require a more sophisticated use of judgement

• Natural resistance to see risks in own area unless observed by others:

• Thus the need for an independent facilitator in risk conversation

• The desire for a precise rating of the risk as opposed to doing something practical about it

Transforming the CAA to a performance based regulator

Questions?