Skip to content

Health and safety management: Don’t let the paper trail tail wag the risk management dog



In July, the HSE published a research report [1] into the perceived impact on business of health and safety requirements generated by business organisations themselves and through market practice (“blue tape”), as opposed to those obligations which derive from regulation and its enforcement. Briefly, the HSE identified a number of drivers for these additional non-legislative rules including fear of civil litigation, insurers’ requirements, customer demands and the use of accreditation in the procurement process by both the private and public sector.

The HSE’s stated aim is to promote proportionate risk management. In this context, the report focussed on the specific challenges faced by SMEs in navigating business-driven health and safety obligations which in some cases appeared disproportionately burdensome.  However, as part of this analysis, the report also identified concerns around health and safety practice which are potentially applicable to organisations of all sizes and which are discussed here.


The concerns highlighted the importance of making sure that a box ticking mentality does not take over the health and safety function such that paperwork becomes divorced from or is substituted for effective health and safety management on the ground. The evidence revealed that a fear of civil claims drove a focus on paperwork to ensure that businesses could not be held responsible for an incident. Whilst not necessarily compromising health and safety management, this paperwork could become a workstream in itself and be perceived as burdensome. However, noteworthy from a risk management perspective, was the observation that, in legal proceedings, businesses are also exposed where their paperwork over-states what they do [2]. The focus should be on managing the real risks and a system with proportionate paperwork which reflects what is happening on the ground. 

Issues were identified where insurers requested disproportionate actions and risk management processes; for example, after a farm worker sprained an ankle, requesting sight of a “written risk assessment for holes in fields”. Where there are over-the-top health and safety rules in an organisation, they can be ignored or perceived as pointless. As identified by the report, the bigger risk is then that sensible and necessary health and safety measures become tarnished by association and are thus undermined. 

Accreditation is no guarantee of compliance

There were concerns that in some cases accreditation (at least in construction), for example to meet procurement requirements, was an exercise somewhat divorced from the actual management of risks. Evidence from inspectors revealed that the fact of accreditation was no guarantee of legally compliant systems. Moreover, some accreditation processes were overly paper-based; there was evidence that accreditation paperwork was generated for clients without site visits and thus without assessment of whether risks were being managed. In short, accreditation may risk providing false assurance of effective health and safety management. The report noted:

“For construction work, certification against a scheme alone is not sufficient proof of organisational capability for work on site. Only project-specific scrutiny can provide robust assurance of this.” [3] 

Similarly, we would add that, when investing in a project or buying a company, accreditations are no substitute for proper due diligence.

Using consultants

Employers are required to have a competent person to help them meet their legal duties and where they have a competent person in-house that person should be used in preference to an external person [4]. That said, the HSE recognises that third party consultancy advice is an essential part of the health and safety system. For example, specialist advice will be required for complex risks or where there is a lack of knowledge in-house. However, in this regard it makes two key points:

  • seeking third party advice does not exonerate a business from responsibility for its health and safety risks, and
  • consultants should help duty holders to build their capabilities to manage the ongoing risks arising from their businesses.

Whilst acknowledging that some apprehension about litigation risk is valid, the HSE expressed concern that there were indications that some consultants levered off the fear of liability to market their services and thus reinforced the notion that health and safety is too difficult for a business to manage itself. Further, there were indications of commercial pressures on some consultants to tie customers inappropriately into longer-term contracts (as opposed to providing targeted one-off advice) and there was a risk that such contracts could militate against an employer building its own capacity to manage day-to-day risks.

Duty holders perceived they were securing legal compliance when buying third party advice. However, the views of regulatory inspectors were somewhat different. Their perceptions revealed concerns that consultants were producing generic or irrelevant advice which did not address business specific risks and which delivered “under compliance”. Further some consultants were advising on matters outside their expertise. The research also indicated that some consultants did not carry out site visits as part of preparing their advice or provide a handover on completion of their work. The first point brings questions around whether specific risks are being identified and the second point, again, underlies an approach which does not help duty holders develop their own competence.

Inspectors also perceived that commercial drivers (a fear that customers would question costs if they received short, simple documents which would be better suited to their needs) seemed to lead to some consultants producing large, smart-looking documents which quite often contained generic material (such as blank risk assessment templates). This finding echoes the comments of Charles Haddon-Cave QC in the Nimrod Review[5] :

“This is sometimes known in the consultant trade as the ‘thud’ factor: clients are thought to be more impressed when ‘weighty’ consultants reports land on their desks and feel they are getting ‘value for money’.”

He also observed that hefty reports can give clients a sense of comfort that a thorough job has been done. (Again, highlighting a potential risk of false assurance.)

The HSE said that the profession needed to drive better standards across the piece and that it would continue to take enforcement action against consultants where appropriate. As said above, using a consultant does not relieve an employer from its responsibilities, the HSE can prosecute both employer and consultant.  

The HSE recognised that customers are not always able to assess the quality of the advice they receive. That said, whilst for many businesses it may be difficult to evaluate advice from a technical perspective, the above does provide some initial common-sense red flags. For example, has the consultant visited the site, and is its advice in a digestible and actionable format which shows knowledge and understanding of the specific operations and site layout (as opposed to, for example, generic blurb about health and safety requirements)?

HSE’s Conclusions

The research found that those responsible for “blue tape” were not always held to account for the additional burdens they created or required to assess whether it added value. Moreover, the HSE’s work on better regulation was unlikely to get the desired results if wider business practice was creating additional unnecessary health and safety obligations. That said, the report recognised that blue tape can support regulatory compliance and made it clear that the HSE’s aim is not to dispense with accreditation or say that consultants shouldn’t have a role in the health and safety system. The research assisted the HSE to understand how blue tape impacts businesses and interplays with regulation (“red tape”) and thus enables it to engage with the system to promote proportionate risk management. 

[1] Understanding the impact of business to business health and safety ‘rules’, Health and Safety Executive, first published 2019. 
[2] Analogously, in the Vedanta case concerning where a parent company could be liable for the activities of its subsidiary, the Supreme Court commented that there may well be liability where a parent company in published materials says it supervises the activities of its subsidiaries and then doesn’t do so.
[3] Page 44.
[4] Management of Health and Safety at Work Regulations 1999 (regulation 7(8)).
[5] The Nimrod Review, an independent review into the broader issues surrounding the loss of the RAF Nimrod MR2 Aircraft XV230 in Afghanistan in 2006, dated 28 October 2009.

If you require further information about anything covered in this briefing note, please contact Claire Sheppard, or your usual contact at the firm on +44 (0)20 3375 7000.

This publication is a general summary of the law. It should not replace legal advice tailored to your specific circumstances.

© Farrer & Co LLP, September 2019

Want to know more?

Contact us

About the authors

Claire Sheppard lawyer photo

Claire Sheppard

Senior Counsel

Claire has over 25 years’ experience in environmental law. She advises clients on environmental issues in a transactional and regulatory context.

Claire has over 25 years’ experience in environmental law. She advises clients on environmental issues in a transactional and regulatory context.

Email Claire +44 (0)20 3375 7538
Back to top