A Workplace Death. An Upheld Conviction. And a Standard Every C-Suite Officer Should Understand.

A post written by Wade Needham (April 15, 2026), and reproduced with permission.

Two judgments totaling 75,000 words were handed down across 2024 and 2026. Not everyone will read them. Everyone should understand what they establish.

Years ago, during commissioning work at Port Hedland for the Roy Hill project, someone asked me how I knew the night shift crew were following the isolation procedure for livening the sub stations. I could name the critical risk. I could point to the training records, the procedure, the sign-off sheet, the safety advisor on shift. And when they asked how I knew it was being followed at 2am when nobody was watching, I paused. Long pause. Then I said something like “Well, the reports don’t show any issues.”

I have never forgotten that pause. Because I knew, in that moment, that I was describing paperwork. Not reality.

That is the most dangerous sentence in safety governance. The reports don’t show any issues. It is the sentence that sat underneath everything that went wrong at the Port of Auckland. I wanted to distil down elements of the judgement I found insightful.

But first, a too-long, don’t-want-to-read summary for those short on time.

TL;DR: Pala’amo Kalati was 31 years old. Governance obligations exist because the consequences of their absence are not abstract. They are not reputational. They are human. A New Zealand CEO who was dedicated, conscientious, and well-resourced was convicted of failing to exercise due diligence as an officer. The High Court dismissed his appeal on 31 March 2026. He was not negligent. He had audit recommendations he knew were not being progressed, a report telling him his own data was unreliable, a subordinate’s initiative that stalled without follow-through, and hard controls that were available but not pursued. The standard is not effort. It is whether a reasonable officer in the same circumstances would have taken further steps. If your monitoring systems are not detecting work as done, particularly in remote, after-hours, or decentralised operations, the gap that convicted this CEO exists in your organisation. The question is whether you find it before an incident does.

Tony Gibson was not a bad CEO. I want to be clear about that because the easy reading of this judgment is to make him the villain, and nothing is ever black and white. The High Court of New Zealand accepted that he was dedicated, conscientious, hands-on, respected by his workers, rated in the upper quartile of CEOs by his board chair. The prosecution’s own expert said he was the type of CEO who would be down at the container terminal at 2am if he thought there was an issue. Frontline staff volunteered that he was a “really good, good person.” No resource constraints were ever placed on safety under his watch. He introduced lash platforms after personally observing an unsafe practice and launching a worldwide search for a better solution. He ran 30 workshops a year with staff. He formed a strategic alliance with other ports that included a shared health and safety workstream.

He was not negligent. The High Court accepted that. And it was not enough.

On 31 March 2026, the High Court dismissed his appeal. First conviction of a CEO of a large, complex New Zealand organisation for breach of the officer due diligence duty. Fined $130,000. Costs of $60,000. Appeal on conviction: dismissed. Appeal on sentence: dismissed.

And here is where it gets uncomfortable. Because Gibson was not convicted for what he did wrong. He was convicted for what he did not notice was missing.

The smoke detector that was not wired in

Think of it this way. You can have smoke detectors in every room of the house. You can test them. You can replace the batteries. You can run drills with the kids. But if the detector in the back bedroom is not actually wired to the alarm panel, you will not know there is a fire until you smell smoke. And by then your first sgnal is the incident report.

That was POAL’s night shift. The documentation existed. The training existed. The three-container-width exclusion zone rule existed. Ship supervisors did checks each shift and uploaded them into PortSafe, the compliance reporting system. The reports looked clean.

The night shift was not clean. Stevedores were regularly breaching the exclusion zone. Not working in pairs as required. Some using phones or listening to music on vessels. The non-compliance was a regular feature, not an aberration. And POAL’s monitoring systems did not detect it.

The smoke detector was in the room. It was not wired in.

This failure did not sit with the CEO alone. POAL had a health and safety team of ten, a senior manager leading that function, operational performance coaches, shift supervisors with monitoring responsibilities, and a board that wanted to be directly involved in safety oversight. The failure ran somewhat through every layer. But the officer due diligence duty exists precisely because someone at the apex of the organisation is expected to ensure the system works. That person does not have to do everyone else’s job. They have to take reasonable steps to verify that the system is doing what it claims to be doing.

A stevedore named Pala’amo Kalati died on 30 August 2020. He was 31 years old. A container fell from a crane and crushed him. He was working in the exclusion zone, on the night shift, at the Fergusson Container Terminal.

What the Court held against the CEO

The charge was narrow. Two of six non-exhaustive due diligence obligations, in respect of one critical risk, in one area of the port’s operations. The prosecution accepted that Gibson otherwise complied with his due diligence obligations. This was not a case about a CEO who did not care. It was a case about specific omissions in the presence of specific information. And it is worth noting that Gibson was acquitted on the particular relating to changes made under the COVID-19 pandemic plan, where the Court found there was insufficient evidence that POAL was significantly out of step with industry practice on formalised change management. The judgment is not one-directional. But where it did convict, the reasoning is precise.

  • A 2018 KPMG audit recommended improvements to safety reporting, including lead indicators. The executive did not advance those recommendations in a timely manner. Gibson knew.
  • A March 2019 critical risk report on handling loads acknowledged that the data on incidents, near misses, and non-compliance was “likely not reflective of actual events.” Gibson received that report.
  • A manager named Lander proposed a restructuring that would have put coaches into the stevedore crews and improved monitoring of work as done on the night shift. It was declined by his superiors, the General Manager and Senior Manager of Terminal Operations, without reference to Gibson. Lander proposed it again in mid-2020. Again declined. The High Court found Gibson must have been made aware of this second proposal and ought to have made enquiries about the lack of progress.
  • Gibson was personally aware that hard controls like geofencing were desirable for the exclusion zone. But while waiting for the technological solution, he did not pursue non-technological hard controls. Controls that were available. Controls that were implemented rapidly after the fatality.

Read those again. Audit recommendations not progressed. A report telling him his own data was unreliable. A subordinate’s initiative that stalled without adequate executive follow-through. Hard controls available but not pursued. Each one, on its own, looks like a reasonable oversight in a complex operation. Together, they paint a picture of a CEO who had the information but did not connect the signals.

That is the question this judgment forces you to sit with. And the High Court’s answer is: a reasonable officer in the same circumstances would have.

Would you have connected them? Honestly? In a business running 24/7 with 650 workers and a major automation project consuming executive bandwidth, and a pandemic in the middle of the charge period?

You do not get to bank due diligence credit

This is the hardest principle in the judgment, and it is the one most likely to be misunderstood.

The High Court accepted every positive step Gibson took. It listed them. It acknowledged them. And then it said this:

“Reasonable conduct for the most part does not excuse unreasonable conduct in another part.”

That is not a standard of perfection. The Court was explicit about that. But it means the volume of effort you put into safety does not create a reserve you can draw against when specific omissions are identified. You do not get to say ‘look at everything else I did.’ The question is always whether a reasonable officer in the same circumstances would have taken further steps. If the answer is yes, the positive steps are context. They are not a defence.

For every CEO and managing director who has ever thought ‘we do a lot on safety’ this judgment is a direct challenge to that framing. Doing a lot is not the test. Doing what a reasonable officer would do in respect of specific known risks is the test. And those are not the same thing.

Work as done versus work as planned

If you take one concept from this judgment, make it this one: the gap between work as done and work as planned is not an academic distinction. It is a due diligence obligation.

Most operations I have worked in have this gap at some point in time. I would be surprised if yours does not. The question is whether you have a system that detects it or a system that papers over it. At POAL, PortSafe was doing the papering. Checks went in. Data looked right. Nobody was lying. The system just was not built to see what was actually happening at 2am on the container vessels.

Ask yourself the Gibson question. Not the comfortable version. The real one. If a worker on a night shift or on a remote crew is not following a critical safety procedure right now, how would you know? Not how would you find out after something goes wrong. How would you know before?

What is the mechanism? Is it a reporting system that depends on the worker or supervisor choosing to report it? Because that is a behavioural control on a behavioural control. And behavioural controls for critical risks are precisely what the Court found to be insufficient when hard controls (barricading) were reasonably practicable. Show me the incentives and I’ll show you the outcome.

What was in place before the fatality

POAL’s controls for the critical risk of handling suspended loads were overwhelmingly behavioural: the three-container-width rule (a procedural instruction to workers), training, lash leading hand supervision, ship supervisor checks, toolbox meetings, and the PortSafe reporting system. Most of these controls had been identified as early as 2016 and were still considered effective by POAL in 2018.

There were no physical barriers, no signage preventing access to exclusion zones around operating cranes, and no technological hard controls such as geofencing. The only hard control introduced during Gibson’s tenure relevant to the handling loads risk was the lash platform, which addressed a different aspect of the same critical risk (twist-locks falling from suspended containers over the wharf, not the exclusion zone around crane operations on ships).

POAL had been exploring technological hard controls (GPS or laser-based geofencing) from as early as October 2016. Gibson noted in Board minutes that ‘new technology solutions are evolving to further de-risk this hazard’ and committed to updating the Board when available. His performance agreement for July 2020 to June 2021 still referenced this. None were implemented before the fatality.

What was implemented after the fatality

Within a very short period of time after the fatality, an unambiguous full exclusion zone encompassing the entire bays a crane was working was put in place. Initially, cones were placed at access points to prevent workers accessing the exclusion zone. Subsequently, moveable signage was introduced and placed at access points, stating ‘Overhead operations. Do not enter.

The Judge noted:

“Hard controls are not limited to novel technological controls. Hard controls include things like signage, barriers and adequate lighting. No such controls were in place in the period leading up to Mr Kalati’s death. I am led to the inescapable conclusion that no-one at POAL, including Mr Gibson, turned their mind to the need for additional hard controls in the absence of technological controls.”

The High Court endorsed this, noting that ‘the ready availability of additional hard, non-technological controls was demonstrated by their swift implementation after the fatality.’

The convergence you should be watching

I wrote previously about the Star Entertainment judgment and the gap between safety compliance and safety governance. Bekier was about a CEO who possessed alarming information and failed to ensure it reached the board. The filtering was deliberate.

This case is the structural equivalent. The CEO had information. KPMG recommendations. Critical risk reports acknowledging underreporting. Awareness of monitoring gaps. A subordinate’s improvement initiative that stalled without adequate follow-through. He did not filter it from the board. He did not connect it into a recognition that his systems were not giving him a true picture.

In Bekier, the filter was a person. In Gibson, the filter was the system. The Courts did not distinguish between the two. Officers and directors who receive information signaling governance risk and fail to follow through face personal accountability. Investors  allocating capital into businesses where officers cannot answer the questions this judgment raises, you are pricing governance risk at zero. That is not a compliance observation. It is an investment one.

There is a third dimension to this convergence that gets less attention. The owner’s.

POAL is 100% owned by Auckland Council. The council appoints the board. It receives Statements of Corporate Intent. It has a CCO Oversight Committee with governance and oversight responsibilities. Under the Port Companies Act, it has no legal power to involve itself in operational matters. But it has every power to set governance expectations and hold the board accountable for meeting them.

Here is the timeline of what the council did after Pala’amo Kalati’s death.

  • In October 2020, the mayor commissioned an independent review by Construction Health and Safety New Zealand, led by CHASNZ chair Roger McRae.
  • In March 2021, the review found systemic failures, including gaps between executive management’s understanding of safety controls and what was actually happening in practice, and a night shift culture where ‘control adherence differed from training and procedures, in particular for high-risk work such as lashing’.
  • The mayor publicly stated that the council would hold the board accountable and that if the board did not carry out its role, it would be replaced.
  • A senior councillor called the council “a lazy port owner.”
  • The board chair stepped down. The board was largely reconstituted with directors carrying explicit health and safety credentials, including a health and safety lawyer and an engineer with workplace safety experience. CEO resigned.
  • A port health and safety sub-committee was established with regular public reporting to the council. The CEO was explicitly required to prioritise safety over productivity and profitability.

Every one of those measures could have been implemented before anyone died. The shareholder had the structural mechanisms. It did not use them to interrogate the quality of safety governance at its portfolio company until the cost of not doing so became undeniable. The question for any institutional owner reading this is whether you are waiting for the same trigger, or whether your governance architecture is designed to act before it arrives?

And here is the bit that matters if you think this is a New Zealand problem. Section 44 of the New Zealand HSWA is modelled on section 27 of the Australian Model WHS Act. The High Court in Gibson endorsed the relevance of Australian case law. This is not a foreign jurisdiction precedent. It is a direct read-across.

The principles, distilled
  • Officers may rely on subordinates, but reliance must be reasonable and supported by proper enquiry. Not assumed.
  • Positive steps do not excuse unreasonable omissions. You do not bank credit.
  • Common practice is relevant but not determinative. The High Court corrected the District Court on this point, finding that the trial judge had too readily discounted the relevance of what equivalent officers were doing at the time (Hat Tip Craig Mariott’s evidence). That correction matters because it shows the law developing in a balanced direction. But it still means that if the whole industry is below standard, that is collective exposure, not individual protection.
  • External audits can provide false assurance. If you do not understand the scope and limitations of the audit, the comfort you take from the results is misplaced. Sound familiar? Were you involved in the terms of reference or were these proposed by the auditor?
  • The pace of improvement matters. Being on a journey is not a defence if the pace is unreasonable relative to known critical risks. The prosecution’s own expert conceded that POAL and Gibson were on a journey and seemed to accept that within another six months, the accident might not have occurred. The High Court noted that concession but still upheld the conviction. Pace was the variable.
  • And one that should be welcome: a hands-on CEO should not be penalised for being hands-on. The Court quoted the Whakaari judgment: ‘It would be entirely antithetical to the purposes of HSWA if being responsible was a path to liability and being irresponsible was an escape from it.’ Good. But it does not lower the bar. It clarifies that engagement is not an aggravating factor, thankful for this.
So what do you do with this?

Go back to the smoke detector. Your job is not to install more detectors. Your job is to make sure the ones you have are wired in.

If you are a CEO or managing director, the questions below test whether your systems are giving you a true picture of work as done, or whether you are describing paperwork. If you are a non-executive director, they test whether your board’s information architecture would survive the scrutiny that POAL’s did not. If you are an institutional owner, they test whether your portfolio companies can answer them before you need to ask.

  1. Can you name your top three critical risks and describe the specific controls? When were those controls last verified through direct observation of work as done, not through a management self-report?
  2. Do you know the status of outstanding audit recommendations without needing to ask someone?
  3. Has an operational improvement proposal with safety implications been blocked by middle management in the past twelve months? How would you know?
  4. Are your critical risk controls primarily behavioural or hard? If behavioural, has anyone documented why hard controls are not reasonably practicable?
  5. When was the last time you got information about safety that made you uncomfortable? If the answer is “I can’t remember,” your system might be filtering. Not deliberately. Structurally. Which is exactly what happened at POAL.

This judgment did not convict a negligent CEO. It convicted a dedicated one who could not answer the right questions about the right risks at the right time. That distinction matters. Because it means the standard is not about character. It is about systems, verification, and pace.

Pala’amo Kalati was 31 years old. The governance obligations I have written about exist because the consequences of their absence are not abstract. They are not reputational. They are human.

If you are sitting with questions about your own governance architecture after reading this, that is the right response. The wrong response is to read it, nod, and change nothing. I have watched that play out more times than I care to count. It never ends well.

Hat tip to Maritime New Zealand for prosecuting a case that will shape officer accountability on both sides of the Tasman for a generation.

Be useful and share your insights for others – including parts of the judgement not referenced

Wade Needham
Director | Investment Governance & Stewardship | Natural Resources | Safety Governance Quality is an Investable Signal |

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© Workplace Safety Services P/L (ABN: 68091088621) and SafetyAtWorkBlog, 2008-2026. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Kevin Jones and SafetyAtWorkBlog with appropriate and specific direction to the original content.

Concatenate Web Development
© Designed and developed by Concatenate Aust Pty Ltd