“The biggest risk for employers today is the explosion of overlapping legislation—one incident can trigger four different regulators at once.”
– Warwick Ryan, Hicksons | Hung & Hunt
I recently spoke with Warwick Ryan, Employment Law Partner at Hicksons | Hunt & Hunt, to explore what’s actually happening when employment matters escalate into litigation.
What stood out wasn’t just the legal complexity. It was how closely it ties back to how organisations actually operate day to day.
Risk is no longer linear
One of the biggest changes isn’t a new law—it’s how many laws now apply at the same time.
A single incident can trigger Work Health & Safety, Fair Work, Workers Compensation, and Human Rights legislation. Each with different regulators, different expectations, and very little alignment between them.
The result is that risk is no longer contained. It compounds.
At the same time, penalties have escalated significantly. Six-figure fines are now common, and in some cases can reach into the millions. Many of these are uninsurable, which shifts the conversation from compliance to real financial exposure.
For sectors like NDIS, aged care, healthcare and community housing, this is not theoretical. It’s part of everyday operations.
Where organisations fall down
When issues escalate, the patterns are consistent.
Organisations either don’t have the right policies, the policies lack detail, or they cannot show that employees understood and applied them.
Even in situations where an employee has clearly breached a rule, outcomes can still go against the organisation. This can happen because the policy wasn’t specific enough, the consequences weren’t clearly stated, or there is no evidence of training and understanding.
More broadly, there is often a gap between what organisations believe they have documented and what is actually defensible.
Records matter—but they need to be contemporaneous, consistent, and capable of standing up under scrutiny.
Risk is created in execution
Risk is created in execution. The most important insight from the discussion was risk is rarely created in policy. It is created in execution.
“It’s one thing to have a policy. It’s another thing to have the systems
that allow that policy to function properly.”
Across multiple examples, organisations had done the right thing on paper. Processes were documented, risks were identified, and controls were designed.
But those processes were not consistently followed, enforced, or supported by effective communication from frontline staff.
As Warwick highlighted, this is compounded by the way organisations are structured. What used to sit across separate functions—
“HR, workplace health and safety, and workers compensation—now needs to be managed together”.
Yet many organisations still operate in silos, which makes responding to these situations slow, fragmented, and inconsistent.
In one case, policies existed but there was no reliable feedback loop to surface issues as they emerged. Incidents occurred multiple times before anything changed, ultimately leading to regulatory involvement and significant penalties.
If organisations cannot see what is happening in day-to-day interactions, they cannot manage risk effectively.
What good looks like
There is no single solution, but there is a clear pattern in organisations that are defensible.
It is those organisations that
- understand what their people actually do
- can identify the risks within those activities
- they implement clear, detailed policies
- they ensure those policies are properly communicated and understood
- they create accountability through documentation and follow-up.
Most importantly, they can prove it.
That proof comes from documented training, policy acknowledgement, records of issues being raised, and evidence that those issues were followed up and addressed.
The Donnabrook perspective
Across the sectors we work with, the challenge is rarely awareness. They very likely know or have a strong sense of what is happening.
But it is documented, manageable visibility.
Frontline teams are dealing with complex, high-volume, and often emotionally charged interactions every day. Yet many organisations still rely on manual notes, inconsistent reporting, and retrospective review to understand what is happening.
At the same time, communication platforms are evolving. Voice interactions can now be captured, structured, and analysed in a way that provides real operational insight tailored to specific words, concepts or phrases that need to be tagged-and-flagged.
This creates an opportunity to move from reactive documentation to proactive visibility and early intervention.
Because in this environment, risk begins in everyday interactions—and whether those interactions are visible, understood, and acted on.
Regulatory bodies referenced
SafeWork NSW (Work Health & Safety): https://www.safework.nsw.gov.au
State Insurance Regulatory Authority (Workers Compensation NSW): https://www.sira.nsw.gov.au
Fair Work Commission (Employment disputes): https://www.fwc.gov.au
Australian Human Rights Commission (Discrimination & harassment): https://www.humanrights.gov.au
