• What does mean to be data-driven & how does that differ from intelligence?

• Why dashboards and descriptive reports aren’t enough

• Integrating analytics, intelligence and operations into one coherent function.

• Lessons learned from restructuring, building platforms, and changing decision-making culture

• Providing insights into the structure and setup of intelligence teams

• Delving into how to get traction and embed with regulatory functions

• Sharing learnings and benchmarking activities as the function evolves

• How do you translate field-based observations into a systemic regulatory approach

• How to bring inspectors, case officers and compliance staff into the design of risk models

• How can regulators overcome a “captain’s pick” culture and gain trust in model outputs

• Keeping models fresh: building feedback loops, retraining, incorporating qualitative intel

• Building effective partnerships between the frontline and analytics teams

• How AI-enabled OSINT technologies can improve intelligence-led investigations in an anti-corruption environment

• The risks associated with the procurement and deployment of AI-enabled OSINT technologies in an anti-corruption environment

• Procurement and governance considerations for the use of AI-enabled OSINT technologies in an anti-corruption environment

• Understanding the role the Regulatory Intelligence Handbook plays in strengthening modern regulatory practice

• Delving into why regulatory intelligence matters, how it supports effective risk-based regulation, and what makes it distinct from other analytical functions

• Providing insight into the opportunities for better decision-making, collaboration, and system stewardship across the public sector

• Why are metrics important?

• Lessons for introducing metrics: Building a regulatory KPI from scratch and the behaviour you are trying to change vs the metric you are actually measuring

• What to do once you’ve established the metric and how to get the best outcomes

• What moves the dial: Identifying drivers of regulatory compliance

• Understanding the elasticity of behaviour of the regulated

• How do you decide where to invest your resources and what drives the metric

• Why VGCCC adopted a risk-based, intelligence-led regulatory model and the transition journey

• Learn how VGCCC restructured people, processes, and technology to transition to an intelligence-led, risk-based regulatory approach

• Understand the steps taken to close data gaps, create feedback loops, and disseminate actionable intelligence across the organization

• Shifting people, culture & capability: Lessons from transitioning an existing workforce to risk-responsive ways of working, including capability gaps, cultural resistance, and practical change management

• Moving beyond operational metrics (inspections, complaints, fines) into outcome-based reporting

• Using data to demonstrate impact (e.g., harm reduction, avoided homelessness, improved consumer protection)

• How to build performance stories that resonate with ministers, media, and the public

• How do we tell our story better?

• How can we navigate enduring threats through preventative action and system level thinking

• What are some of the other indicators we can name and measure over time, where the scale of the problem and threat change as opposed to elimination

• Taking intelligence and data and turning it into targeted

• What regulators get wrong about hiring?

• How to build capability, and why technical skills matter more than sector experience.

• What is the journey like when building it from scratch?

Skye Bowie will share lessons from leading regulatory transformation at QBCC, focusing on how to bridge risk, intelligence and frontline decision-making in practice. Drawing on experience designing and embedding a risk-based approach, she will reflect on what worked, what proved harder than expected, and what she would redesign if implementing the model today in an AI-enabled regulatory environment.

• Moving from tactical, investigation-support intelligence to proactive, ROI-driven compliance targeting

• How regulators decide who to target, where the biggest regulatory return lies

• Translating risk scores and models into frontline action

• Hear how the Aged Care Quality and Safety Commission have embedded the use of analytics and intelligence in regulatory decision-making

• Learn from the challenges and opportunities faced by the Commission as they implemented these changes, during a once-in-a-generation reform process

• An overview of the development of the Commission's Regulatory Strategy and operating model, including aligning the use of analytics and intelligence to decisions at the strategic, operational and tactical level

• Understand how analytics and intelligence tools and services have supported the shift from reactive to proactive regulation

• How the ATO leverages its large data repository to identify candidate populations, profile behaviours, and patterns indicative of illegal phoenixing and support frontline enforcement with tactical intelligence.

• Exploring the use of data, analytics, and visualisation to tell the story

• Governing data sharing across the Phoenix Taskforce: navigating legislative constraints, privacy, ethical considerations, and custodianship obligations when supporting state and federal partner agencies.

• How we continue to be future focused to combat illegal phoenix activity.

• Strategic intelligence in practice: Annual environmental scanning to identify sector-wide regulatory risk priorities and inform agency strategy

• Tactical and operational intelligence integration: Tip-off reports and translating intelligence into prioritization, case selection, and regulatory treatment across the organization

• Lessons from ASQA’s maturity journey: What worked, what didn’t, and how other regulators can design an intelligence blueprint at different stages of maturity

Discussion 1: Setting up intel function and how it works with your agency?

• How your intel team can get traction, often not well integrated into the enforcement teams

• How data team works with the intel team

Discussion 2: New methods for gathering and synthesising data and intelligence

• How do you organise it and get insights out of it?

• How can you do that with a limited budget?

Workshop Overview

As regulators continue to adopt intelligence led and data driven operating models, the ability to systematically collect, validate, and interpret publicly available information has become a core capability.

Modern Open Source Intelligence (OSINT) has evolved well beyond ad hoc online searches. It now underpins risk identification, strategic intelligence, operational targeting, and evidence based regulatory decision making.

This workshop presents a contemporary and defensible OSINT framework tailored to regulatory, compliance, and integrity environments. It focuses on how open data, digital identifiers, and publicly accessible records can be transformed into structured intelligence outputs that support prioritisation, investigations, and proactive regulatory action.

Participants will be introduced to a disciplined approach to OSINT that emphasises:

• Triangulation across digital identifiers (email, username, phone)

• Verification and corroboration of sources

• Separation of fact from analytical judgement

• Structured reporting scripts for large language models to amplify and automate OSINT collection and analysis

In a digital environment shaped by paywalls, platform restrictions, and increased detection of online activity, the workshop also addresses how to adapt collection methods to remain lawful, ethical, and discreet.

You will leave with practical tradecraft, AI powered workflows, and a curated suite of tools that can be immediately applied within government and regulatory contexts.

Key Takeaways

• A repeatable OSINT workflow suitable for regulatory and investigative settings

• Practical techniques for building defensible, data driven intelligence products

• Clear guidance on ethical, lawful, and proportionate collection practices

• A curated spreadsheet of 100+ verified OSINT tools and resources, mapped to specific use cases

• Ready-to-use prompt frameworks and structured reporting templates for immediate operational application