The cost of officer liability for psychosocial risk
Harrison Kennedy
Officer liability for psychosocial risk in Australia now reaches up to five years' imprisonment under the model WHS Act and 20 years' imprisonment under the Commonwealth industrial manslaughter provisions, and the duty that creates that exposure is personal and non-delegable. Every officer of a PCBU carries it, whether or not the organisation they serve has measured what sits on the risk register. That is the defining feature of the cost of officer liability: it is carried personally, and it is largely invisible to the boards carrying it, which is why so little of it is provisioned for.
This page sets out what officer liability under Australia's psychosocial compliance regime actually costs. It covers what the duty requires under section 27 of the model WHS Act (and the Victorian and Commonwealth equivalents), the penalty ceiling (fines, imprisonment, the Category framework), the prosecution precedent building behind Court Services Victoria, the defence costs that rarely appear in a pre-event business case, and the indirect cost layer (D&O, reputation, the flow-through to director appointments) that compounds after an event. It closes with what due diligence actually looks like in practice, and where the evidence has to come from.
The duty: personal, non-delegable, and unambiguous
Section 27 of the model WHS Act establishes the officer due diligence duty. The duty sits on officers personally rather than on the corporation, which means it cannot be satisfied by the organisation having an effective safety management system. It must be satisfied by each officer individually. Under the Act, officers include directors, company secretaries, and any person who makes or participates in decisions that affect the whole or a substantial part of the business.
The Act lists six reasonable steps that officers must take, and each applies to psychosocial hazards in the same way it applies to physical ones. Officers must acquire and maintain up-to-date knowledge of WHS matters, including the psychosocial dimension. They must gain an understanding of the operations of the business and the hazards those operations generate. They must ensure that appropriate resources and processes are available and used. They must ensure processes exist for receiving, considering, and responding to information about incidents, hazards, and risks. They must ensure there are processes for complying with any duty under the Act. And they must verify the provision and use of those resources and processes.
The word that matters most in all of that is verify. An officer cannot discharge the duty by approving a budget, signing off a policy, or trusting the executive team to handle it. The duty asks whether the officer personally verified that appropriate systems exist for psychosocial risk, and whether those systems are actually being used. When the regulator asks what the officer personally did, the documentation has to exist. The Psychosocial Compliance Internal Audit Checklist sets out what that documentation should cover.
The criminal ceiling: five years, and rising
The penalty structure for officer non-compliance is graded across three categories, and each carries personal exposure.
Category 1 covers reckless conduct that exposes a person to risk of death or serious injury. The maximum individual penalty is five years' imprisonment, in addition to substantial fines. Category 1 is the offence most associated with industrial manslaughter prosecutions in the WHS framework.
Category 2 covers failure to comply with a health and safety duty that exposes a person to risk of death or serious injury, without the recklessness element. The maximum penalty sits in the hundreds of thousands of dollars for individuals and millions of dollars for corporations.
Category 3 covers failure to comply with a duty without the higher-risk element. Lower penalty ceiling, but the offence is easier to prove and appears more frequently in completed enforcement outcomes.
Industrial manslaughter has raised the ceiling further in every jurisdiction that has adopted it. Under the Commonwealth industrial manslaughter provisions effective July 2024, the maximum individual penalty is 20 years' imprisonment and the maximum corporate penalty is $20,400,000. Queensland has had workplace-specific industrial manslaughter on its statute books since 2017. Victoria and Western Australia adopted it later. Every major Australian jurisdiction now has either adopted industrial manslaughter provisions or is actively considering them, and psychosocial harm that results in a workplace fatality sits within reach of those penalties.
The prosecution precedent: Court Services Victoria and what follows it
The landmark psychosocial case in Australia remains Court Services Victoria, fined $379,157 in October 2023 after pleading guilty to charges arising from the death by suicide of a coronial registrar at the Coroners Court. The prosecution was brought by WorkSafe Victoria under the state's OHS Act, and the court's reasoning made explicit that psychosocial hazards were to be treated with the same gravity as physical ones. Every Australian regulator has since cited that precedent when explaining the consequences of psychosocial non-compliance.
The penalty in that case landed on the organisation. The next generation of cases is unlikely to stop there. SafeWork NSW reported a 66% prosecution rate on completed investigations in the second half of 2025. In a single three-day operation in October 2025, the regulator conducted 570 unannounced inspections and issued 736 notices. For organisations in NSW with 200 or more workers, psychosocial compliance is now checked during every inspector visit. The regulatory infrastructure that supports officer-level prosecutions is being built out: dedicated psychosocial inspector cohorts, mandatory psychosocial checks, expanded codes of practice, and funding to back the enforcement workload. The question facing officers is not whether personal prosecution is possible. It is when, and in relation to which incident.
The defence cost no one budgets for
Defending a WHS prosecution is a substantial standalone cost, entirely separate from any fine that follows conviction.
Based on published Australian WHS case outcomes and comparable criminal defence engagement scales, a contested Category 2 prosecution commonly runs $150,000 to $750,000 in defence costs. A contested Category 1 prosecution, which typically involves senior counsel, expert witnesses, extended hearings, and multiple pre-trial applications, commonly runs $500,000 to $2,000,000 before any fine is imposed. Industrial manslaughter matters sit at the upper end of that range or above it. Defence costs are rarely recoverable in full, even on acquittal.
For an officer, defence cost interacts with the question of who pays. The organisation's directors' and officers' liability insurance may cover some portion of the legal representation, depending on policy wording, the allegations, and the conduct that is alleged. Where the D&O policy covers legal representation, it commonly does so only up to a defined sub-limit. A seven-figure defence bill with a six-figure sub-limit leaves a gap that an officer pays personally.
The indirect cost layer
Beyond fines, imprisonment, and defence cost, officer liability exposure produces a second layer of cost that rarely appears in a pre-event business case but consistently appears after one. The same pattern shows up in the broader cost of psychosocial non-compliance: the visible costs are a fraction of the total picture.
D&O insurance. Premiums tend to lift after a psychosocial event, and exclusions tighten at renewal. Psychosocial-specific exclusions have begun appearing in Australian D&O policy schedules. D&O policies commonly exclude criminal penalties and conduct involving recklessness or wilful default, which means the officer faces personal financial exposure for the penalty itself in addition to any gap in defence-cost cover.
Reputation and recruitment. Publicised psychosocial incidents produce durable employer-brand damage, and the flow-through into recruitment commonly produces a 2x to 3x cost-per-hire uplift in affected workforce bands. The effect persists across multiple recruitment cycles and is larger in sectors where psychological safety is a factor in candidate decisions, including professional services, education, and healthcare.
Director appointments. Board appointments become materially harder to secure when a director's register carries an unresolved psychosocial exposure. Australian nominations committees increasingly ask about WHS and psychosocial exposure as part of the due diligence process for director candidates, and ASX listing governance norms now treat material psychosocial failings as a disclosable matter.
Institutional investor and auditor scrutiny. In PE-backed and ASX-listed organisations, institutional investors and external auditors routinely ask what the board sees about psychosocial risk. A gap in that evidence raises flags across the governance cycle, from annual report disclosure through to board composition questions.
The compounding effect matters for the personal business case. An officer facing a prosecution is rarely facing only the fine on the page. The direct cost, the defence cost, the D&O gap, the reputation cost, and the flow-through to future appointments all accrue in sequence.
What due diligence actually looks like in practice
The common thread across the duty, the penalty ceiling, the precedent, and the cost layers is evidence. A regulator deciding whether to prosecute an officer asks a specific question: what did this officer personally do to ensure psychosocial hazards were being managed systematically? The answer that protects an officer is a documented, continuous, verifiable record of hazard identification, risk assessment, control implementation, and control review, produced across every site and worker category, updated in real time, and available to the board.
In practice, that evidence requirement has four elements: a psychosocial hazard register that is current, a risk assessment methodology that is documented and applied, a control framework that reflects the hierarchy of controls, and a review cadence frequent enough to be meaningful. Each of those four elements has to be produced continuously, not point-in-time. An annual engagement survey and a respectful workplace policy do not discharge the duty. The regulator is looking for evidence that psychosocial risk is being managed on the same operating cadence as physical safety, with the same documentation standard, and visible to the governance layer. Running this manually is itself a substantial cost; running it without a system at all is the exposure pathway.
Officers do not personally execute this work. They verify that it is being executed, and they verify that the organisation has the resources and processes to execute it. ReFresh's psychosocial compliance platform is built to produce that verification layer: the continuous system of record that officers rely on when a regulator asks. The framework for how officers should structure and exercise their due diligence is covered in our guide to officer due diligence for psychosocial risk. The broader cost picture for the organisation is covered in our pages on the cost of psychosocial claims and the cost of psychosocial non-compliance. Jurisdiction-specific regulatory detail is covered on the New South Wales, Victoria, Queensland, Western Australia, and Commonwealth reference pages.
Check where your personal exposure sits
Most officers carrying psychosocial exposure cannot describe it in the specificity a regulator would expect. A 5-minute psychosocial compliance readiness survey will give your governance team a structured view of where your organisation currently sits against regulator expectations, and where the main personal exposure concentrations are. If you would prefer a conversation, Harrison runs 20-minute compliance gap walkthroughs: no pitch, just a structured look at current posture against what the regulator is now asking for.