Risk-based Oversight (RBO): A way of performing oversight, where:
- planning is driven by the combination of risk profile and safety performance; and
- execution focuses on the management of risk, in addition to ensuring compliance.
Risk Profile: The elements of risk that are inherent to the nature and the operations of the regulated entity, this includes:
- the specific nature of the organization/operator;
- the complexity of its activities;
the risks stemming from the activities carried out.
Safety Performance: The demonstration of how effectively can a regulated entity (e.g. operator) mitigate its risks, substantiated through the proven ability to:
- comply with the applicable requirements;
- implement and maintain effective safety management;
- identify and manage safety risks;
- achieve and maintain safe operations;
the results of past certification and/or oversight also need to be taken into account.
EASA explains the relationship between Performance-based Oversight (PBO) and Risk-based Oversight (RBO) as:
The concept of "performance" conveys the idea of tangibly measuring the health of the system under scrutiny and ultimately assessing its overall performance. Performance indicators, as a means to measure, may specifically help to either identify risks within that system or measure safety risks or monitoring actions mitigating these risks. This means that a PBO can also support the identification of areas of greater risk and serve the risk assessment and mitigation exercise. This is where PBO meets RBO. 
The implementation of Safety Management Systems signals a shift from reactive and compliance based oversight to a new model that includes proactive and performance-based tools and methods.
Recognising that compliance alone cannot assure safe operations, and that effective and affordable regulatory oversight needs to be targeted, most regulators have altered the relationship between the operators and the Competent Authorities to ensure that greater oversight is applied to those that need it. To achieve this, Inspectors need to be able to assess safety performance and the key factors that influence it. If an Operator's Compliance Monitoring Function demonstrates that regulatory and procedural compliance is being monitored effectively internally then it will attract less external oversight.
A risk-based approach to oversight entails the assessment of the performance influencing factors, organisational changes and other safety performance indicators that make up an operator's risk profile. An operator's risk profile will inevitably be dynamic. The regulator must have a process that acquires and analyses different sources of intelligence that provide insight into the changing risks in an operation such as:
- reported occurrences;
- reorganisation and restructuring (e.g new management and reporting structures, new operating bases, new aircraft types, changing working practices);
- retirement/departure of a key employee (e.g new accountable manager, safety manager, or operations director);
- financial health of the organisation;
Those operators with a high-performing SMS and clear safety leadership will attract less oversight.
Accidents and Incidents
The following events in the SKYbrary database of Accident and Incident reports feature Ineffective Regulatory Oversight as a contributory factor:
On 22 April 2019, a Eurocopter-Kawasaki BK-117C-1 helicopter was being positioned for the aeromedical evacuation the following day of a sick crewman on a fishing vessel when it was unintentionally flown into the sea at night. The three crew members were able to evacuate from the partially submerged aircraft before it sank. The accident was attributed to the single pilot’s loss of situational awareness due to loss of visual depth perception when using Night Vision Goggles. The relevant aircraft operator procedures and the applicable regulatory requirements were both found be inadequate relative to the operational risk which the flight involved.
On 24 October 2021, a Shorts SD360 intending to land at the international airport serving Ndola did so at the recently closed old international airport after visually navigating there in hazy conditions whilst unknowingly in contact with ATC at the very recently opened new airport which had taken the same name and radio frequencies as the old one. The Investigation found multiple aspects of the airport changeover and re-designation had been mismanaged, particularly but not only failure to publish new flight procedures for both airports and ensure that NOTAM communication of the changes internationally had been effective.
On 27 April 2021, a Boeing 737-400 commenced a night takeoff at Porto in good visibility without seeing a runway inspection vehicle heading in the opposite direction on the same runway. On querying sight of an opposite direction aircraft on a discrete frequency the driver was told to quickly vacate the runway. The aircraft became airborne 300 metres before reaching the vehicle and passed over and abeam it. Both vehicle and aircraft were following the controller’s clearances. The detailed Investigation confirmed controller error in a context of multiple systemic deficiencies in the delivery of runway operational safety at the airport.
On 26 December 2019, an Airbus Helicopters AS350 on a commercial sightseeing flight over the Hawaiian island of Kauai impacted terrain and was destroyed killing all seven occupants. The Investigation concluded that the experienced pilot had decided to continue the flight into unexpectedly encountered cloud contrary to Company Policy. Contributory factors were identified as the delayed implementation of a Hawaiian aviation weather camera programme, an absence of regulatory leadership in the development of a weather training program for Hawaiian air tour pilots and an overall lack of effective regulatory monitoring and oversight of Hawaiian air tour operators’ weather-related operating practices.
On 13 November 2020, a Boeing 727-100 configured for cargo operations veered partially off the landing runway at Kigali after a late touchdown on a wet runway before regaining it approximately 1,000 metres later. The Investigation concluded that viscous hydroplaning after touchdown which occurred a significant distance left of the runway centreline had been contributory but absence of a prior go-around was causal. It was also found that the flight crew licences were invalid and that there were significant discrepancies in respect of the aircraft registration, the status of the operator and the validity of the Air Operator Certificate.
- ^ "Practices for risk-based oversight"; Edition 1, published by EASA 22 November 2016