Optimising implementation of reforms to better prevent and respond to child sexual abuse in institutions : Insights from public health , regulatory theory , and Australia ’ s Royal Commission

The Australian Royal Commission Into Institutional Responses to Child Sexual Abuse has identified multiple systemic failures to protect children in government and non-government organizations providing educational, religious, welfare, sporting, cultural, arts and recreational activities. Its recommendations for reform will aim to ensure organizations adopt more effective and ethical measures to prevent, identify and respond to child sexual abuse. However, apart from the question of what measures institutions should adopt, an under-explored question is how to implement and regulate those measures. Major challenges confronting reform include the diversity of organizations providing services to children; organizational resistance; and the need for effective oversight. Failure to adopt theoretically sound strategies to overcome implementation barriers will jeopardize reform and compromise reduction of institutional child sexual abuse. This article first explains the nature of the Royal Commission, and focuses on key findings from case studies and data analysis. It then analyzes public health theory and regulatory theory to present a novel analysis of theoretically justified approaches to the implementation of measures to prevent, identify and respond to CSA, while isolating challenges to implementation. The article reviews literature on challenges to reform and compliance, and on prevention of institutional CSA and situational crime prevention, to identify measures which have attracted emerging consensus as recommended practice. Finally, it applies its novel integration of regulatory theory and public health theory to the context of CSA in institutional contexts, to develop a theoretical basis for a model of implementation and regulation, and to indicate the nature and functions of a regulatory body for this context.


Australia's Royal Commission
Australia's Royal Commission Into Institutional Responses to Child Sexual Abuse (the Commission) was initiated on 12 November 2012 by the then Prime Minister of Australia, Julia Gillard, due to growing concern about the prevalence of child sexual abuse within public and private institutional contexts, the inadequacy of preventative and responsive measures undertaken by institutions, and active concealment of such abuse by institutions including the Catholic Church (Australian Government, 2013;Australian Government Royal Commission Into Institutional Responses to Child Sexual Abuse, 2014). This concern existed despite numerous prior inquiries into institutional CSA, which had less extensive powers, narrower scope, and lacked the support of state and territory governments. The Letters Patent gave the Commission a broad remit, including to "inquire into institutional responses to allegations and incidents of child sexual abuse and…what institutions and governments should do to better protect children against child sexual abuse and related matters in institutional contexts in the future… [and] to achieve best practice in encouraging the reporting of, and responding to reports or information about, allegations, incidents or risks of child sexual abuse " (Australian Government, 2013).
The Commission initially received $285 million in funding for four years, and this tenure was extended until December 2017 with further funding of $104 million (Australian Government Royal Commission Into Institutional Responses to Child Sexual Abuse, 2014). Six Commissioners were appointed with collective experience across multiple fields, and the Commission employed approximately 250 fulltime staff by April 2014 (Australian Government Royal Commission Into Institutional Responses to Child Sexual Abuse, 2014).
Broadly, the Commission engaged in three major fields of work. First, it convened private sessions to listen to survivors, bear witness to their experience, and learn from their accounts. Second, it conducted public hearings to formally conduct investigations and obtain detailed evidence about institutions and cases of particular interest. This function was supported by extensive powers, including the ability to call witnesses and compel testimony and the production of documents. Third, the Commission engaged in a detailed research and policy program, involving both work conducted by its own staff, and externally commissioned research conducted by Australian and international researchers. This program of research was organized around eight themes (causes; prevention; identification; institutional responses; government responses; treatment and support needs; institutions of interest; ensuring a positive impact).
By May 1, 2017, the Commission had engaged in 6706 private sessions with individual survivors. It has completed 57 extended public hearings and case studies, and had completed a comprehensive program of research. Over 40 externally commissioned research projects had been published on the Commission's website. As well, the Commission had released 11 Issues Papers on key themes, receiving expert contributions and other opinion to inform its deliberations. While its major final report will be released in December 2017, the Commission completed and released an Interim Report (Australian Government Royal Commission Into Institutional Responses to Child Sexual Abuse, 2014) and major reports including on Civil Litigation and Redress (Australian Government Royal Commission Into Institutional Responses to Child Sexual Abuse, 2015a) to enable immediate reforms to law, policy and practice.
In addition, the Commission engaged in a comprehensive program of public engagement, to create community awareness of its work and to build trust and confidence in its activity. This included engagement with the broader community including through media and numerous formal speeches, as well as with specific groups such as children, people with disabilities, people in correctional institutions, people experiencing homelessness, and people from culturally and linguistically diverse groups. The Commission developed a comprehensive website which made materials available for public consumption, streamed public hearings live to the public, and archived transcripts of evidence from hearings. Special measures were devised to give survivors facilities to share their experiences and views about desired reforms.
In May 2017, reporting the most recent data, the Chair of the Royal Commission, the Honourable Peter McClellan, stated that from an analysis of 6302 individual private sessions, almost one third (32%) of CSA reported to the Royal Commission concerned abuse in a government institution, and 59% concerned abuse in religious institutions (McClellan, 2017). Over one third (37%) concerned CSA in a Catholic Church institution, with 9% in Anglican institutions, 4% in the Salvation Army, 3% other Protestant institutions, and lower amounts in other institutions. Seven in 10 (70%) who reported CSA in a religious institution were male and 30% were female. The average age of first experiencing CSA in a religious institution was 10.3 years. Of those who reported abuse in a religious institution, over half (51%) stated the abuser was a person in religious ministry, and almost one quarter (22%) reported the abuser was a teacher (McClellan, 2017).

Case study investigations
The public hearings undertaken as part of the case studies revealed the features and actions of institutions where CSA occurred, and was concealed and facilitated. When this article was written, most of the case study findings had been published, although the larger studies concerning the Catholic Church remained in progress. These findings are instructive generally, and reveal similar themes to other national inquiries (Ryan, 2009;Wright, 2017, this issue), and inform the analysis in this article. Conceptually, they may be grouped under themes of: an organizational culture of concealment, corruption and protection of individual and institutional reputations; managers' and staff members' ignorance and inadvertence; absence of child protection policy or lack of compliance; lack of staff and student education about CSA; lack of effective reporting mechanisms internally and to external agencies; allowing known offenders to have continued access to children, enabling further abuse; allowing unsupervised private access to children; failure to prioritize children's welfare; and lack of external oversight.
In the Yeshiva hearing, for example, the Commission identified many of these problems (Australian Government Royal Commission Into Institutional Responses to Child Sexual Abuse, 2016). Regarding responses to allegations against three staff at Yeshiva Melbourne, it was found, for example, that within this extremely insular group there was a consistent pattern of total inaction despite repeated allegations by parents and children of CSA by several staff; ignorance amongst Rabbis about what constitutes CSA and the nature of grooming; rhetorical minimization of CSA; punishment and isolation of anyone who spoke out; absence of support for survivors; a lack of adequate policies, processes and practices for responding to complaints for over 20 years; and confusion about whether Jewish law allowed reporting of abuse to police leading to cover-ups. Similar findings were made in the hearing into the Marist Brothers, which focused on the prolific offending by two known offenders against multiple children periods in multiple locations over extended periods of time (Australian Government Royal Commission Into Institutional Responses to Child Sexual Abuse, 2015b). One of these offenders was promoted to Principal even after it was known he had sexually abused children; he then continued to offend and was transferred to another school, again as Principal, despite the school authority's knowledge of his further offending.
Similar findings have been made in other secular and non-secular educational settings. In Case Study 34, which concerned abuse at two private schools, several similar themes emerged (Australian Government Royal Commission Into Institutional Responses to Child Sexual Abuse, 2017a). In relation to the first school (Brisbane Grammar School), it was found that the school counsellor had a locked private room where he sexually abused boys who were seeing him for counselling. He abused multiple students for years at this first school, and then left the school in 1988 and joined the second school investigated in this case study. At the first school, the principal was told in 1981 by a student's father that his son had been abused by the school counsellor. The Commission found that the principal failed to investigate the allegations, failed to report the matter to the police or the school board of trustees, and that during this principal's tenure there was a culture where boys who made allegations of CSA were not believed and their claims were not acted upon (pp. 9, 73); and that there was a culture which did not encourage or facilitate the reporting by students to staff of CSA. It was found that during the period this counsellor was employed (1973)(1974)(1975)(1976)(1977)(1978)(1979)(1980)(1981)(1982)(1983)(1984)(1985)(1986)(1987)(1988), the school had no systems, policies or procedures to deal with allegations of CSA (p. 12), and there was no adequate system of record-keeping of the sessions or of the boys' absences from class, and this precluded prevention of further abuse.
In relation to the second school (St Paul's School), where the counsellor worked from 1989 to 1997, again with a system of a locked room, it was found that in 1996 the principal dismissed two boys' allegations of CSA by the counsellor, told them they were lying, and threatened to punish them if they continued making the allegations (p. 10). In January 1997, the counsellor was charged by police with offences regarding abuse of another student over a period of two years, and the counsellor committed suicide the next day (p. 10). Subsequently, this same principal at the second school was promoted to an executive director position with responsibility to create and implement child protection education policy throughout Brisbane; this appointment was by a Diocesan committee including two members who knew of the principal's prior failure to act, with one of these being the Archbishop of Brisbane (pp. 11,[57][58]. The Commission found the principal's inaction meant he failed his most fundamental obligation of keeping the students safe, and that there were no systems, policies or procedures to deal with allegations of CSA. The Commission also undertook analyses of claims made with respect to CSA in Catholic Church institutions and Anglican Church institutions respectively (Australian Government Royal Commission Into Institutional Responses to Child Sexual Abuse, 2017b, 2017c. For the Anglican Church, the Commission found there were 1119 complaints of CSA made to all 23 Anglican Church dioceses between 1980 and 2015, involving 1085 individual complainants, with 75% being male and the average age at the time of the first alleged incident being 11.8 years of age; these allegations involved 569 alleged offenders of whom 43% were ordained clergy and 94% were male (Australian Government Royal Commission Into Institutional Responses to Child Sexual Abuse, 2017c). These data were limited because not all complaints made to Anglican institutions such as schools were received and recorded by the diocese, and the data did not enable estimates of prevalence of offending by Anglican clergy and non-clergy. Even taking into account the different time periods studied, these data appear to show a higher frequency of complaints than those from an earlier study. This Anglican Church study used data from church files from 20 dioceses between 1990 and 2008, and found there were 191 allegations made by 180 individuals against 135 Anglican clergy and non-clergy, with 58% involving clergy, 76% of complainants being male, and large proportions of alleged abuse occurring in the alleged offender's home, especially those involving clergy (Parkinson, Oates, & Jayakody, 2012). While this study could not calculate the proportion of Anglican clergy to be subject to allegations, the authors estimated it as fewer than 1%. Caveats on this finding would include the general tendency for nondisclosure of CSA in all circumstances (Alaggia, 2005;Collin-Vézina, De La Sablonniere-Griffin, Palmer, & Milne, 2015), and, for CSA in Church contexts, for nondisclosure to the Church in particular.
Findings in the context of Catholic institutions were particularly notable. The Commission obtained data from 201 Catholic Church authorities to identify the number and features of claims of alleged CSA made to these authorities between January 1, 1980 and February 28, 2015, regarding abuse from 1950 to 2010 (Australian Government Royal Commission Into Institutional Responses to Child Sexual Abuse, 2017b). "Claims" were limited to those subject to a formal application for redress through judicial or nonjudicial processes, and those made where redress was not sought but which were substantiated after investigation by the Church or another body, or were otherwise accepted by the Church (Australian Government Royal Commission Into Institutional Responses to Child Sexual Abuse, 2017b). The survey also captured data on the number of clergy and non-clergy employed from 1950 to 2010 to enable estimation of the proportion of offenders. It was found that: 4445 claimants alleged incidents of CSA, involving 1880 identified offenders and 530 other unspecified offenders; 78% of claimants were male; the average age of claimants at the first alleged incident was 11.4 years (11.6 for males; 10.5 for females); 90% of alleged offenders were male; 37% of alleged offenders were nonordained religious, 30% priests, and 29% lay people. Allegations involved 1049 institutions. Of all Catholic authorities with priest members, 7.0% of priests were alleged offenders, and some authorities had much higher rates. Of all non-ordained religious who were alleged offenders, some institutes also had substantial proportions of offenders: 22% of non-ordained Christian Brothers were alleged offenders (n = 483). Given that many incidents of CSA are not disclosed at all, or are not disclosed to authorities (including the offending institution), the estimates generated are conservative. These data are broadly comparable to those in the United States. The John Jay College of Criminal Justice (2004) estimated 4% of Catholic priests and deacons from 1950 to 2002 were subject to allegations, and subsequent data placed this figure at 5%, involving 15,000 children (Terry et al., 2011;Terry, 2015).
This article is not focused on religious institutions generally or Catholic churches in particular, and it is beyond its scope to explore the nature of religious institutions, doctrines, and cultures. However, for several reasons it would be an oversight to omit any further mention of important characteristics of the Catholic Church, which appear relevant for this theoretical analysis. This institution has been the locus of the majority of institutional CSA revealed to the Commission, has been the subject of coverups and major inquiries in the USA, Canada, Ireland, Belgium, Germany and the Netherlands (Böhm, Zollner, Fegert, & Liebhardt, 2014;Ryan, 2009;Terry, 2015), and is the largest Christian church globally with over 3000 dioceses and archdioceses in scores of countries. Many scholars have sought to understand the factors contributing to CSA within it, and have criticized the separate and combined devastating effects of a range of its specific features (e.g., Doyle, Sipe, & Wall, 2006;Frawley-O'Dea, 2004;Keenan, 2012;Lothstein, 2004;Parkinson, 2016;Robertson, 2010;Robinson, 2007;Sipe, 2011;Tapsell, 2014). These may be understood as a group of five conceptually distinct features which are related to and reinforce one another: • Culture (an exceptionally strong hierarchical power structure requires complete obedience to Church rules to protect one's personal standing, job security and career prospects; strong obligations are owed by clerics to superiors and to the Pope; total conformity with organizational attitudes and beliefs is required; dissent is silenced; objectors are marginalized); • Dominance of internal organizational rules (where canon law and Church doctrine take priority over civil law and criminal law; the authority of national civil and criminal law is not recognized; the organization considers itself not only separate from but superior to civil society, and administers its own discipline even for matters which otherwise would attract sanctions by civil and criminal legal systems; there is internalized fusion of organizational and state-like power); • Protection of the institution's existence and reputation at all costs (complete secrecy of any impropriety is required at the cost of personal expulsion from the group; the top priority is the avoidance of "scandal", i.e., anything that can damage the reputation of the Church or its priests; protection is provided to individual sexual offenders; whistleblowers are punished and even excommunicated; secret internal administrative and governance mechanisms are used to deal with known and alleged offenders); • Governance that is authoritarian, and both centralized and fragmented (where authority and rule-making are both entirely at the behest of one individual, yet are also otherwise fragmented and where each bishop is endowed with almost unlimited authority over the management and administration of his diocese, subject to canon law and Papal direction); and • Sexual distortion and dysfunction (distorted masculinity, psychosexual development and personal sexual functioning is embedded by culture, conditions and rules including celibacy and rationalization of sex with males or boys as not violating celibacy; a limited homogenous ideal of personhood exists; illicit sex is treated institutionally as sin rather than crime).
While all these features are not shared by all CYSOs which have experienced problems in appropriate prevention and response to CSA, some of them are common features in cases of particularly inadequate institutional practice and coverups. Such features are instructive when analyzing questions about necessary approaches to regulation and oversight, informed by insights from public health and regulatory theory.

Public health theory and child sexual abuse
CSA has been recognized as a public health issue since the late 1980s (Koop, 1989) and it has continued to be understood as such (Djeddah, Facchin, Ranzato, & Romer, 2000;McMahon & Puett, 1999;Mercy, 1999;Zimmermann & Mercy, 2010). This is consistent with the recognition since the early 1990s of interpersonal violence generally as a public health issue, including violence affecting children at the population wide level (Mercy, Rosenberg, Powell, Broome, & Roper, 1993). Adopting a public health approach to such violence requires a multidisciplinary approach to the four dimensions of any public health response: defining and measuring the problem; identifying risk factors; developing and testing interventions; and implementing interventions (Hammond, Whitaker, Lutzker, Mercy, & Chin, 2006;Mercy et al., 1993). This systematic public health approachapplied to primary prevention community-wide, to secondary prevention for high risk groups, and to tertiary prevention after the eventcannot succeed without genuine commitment to prevention, early intervention, responding to root causes of violence, monitoring the efficacy of initiatives and refining them on an ongoing basis, and coordinated implementation of responses by agencies and communities (Mercy et al., 1993). Communities play a central role, and their full participation in violence prevention is essential to create ownership of the problem and its solutions (Hammond et al., 2006).
Conceptualizing CSA as a public health issue means the traditional tools of public health should be brought to bear on its prevention, identification, and response (Hammond et al., 2006;McMahon & Puett, 1999). It also means innovative measures should be considered and multi-pronged approaches may be necessary (Hammond et al., 2006). Innovative public health measures tailored to specific contexts include specialized courts for specific kinds of injury, such as exposure to lead, dust diseases, and drug offenses (Campbell et al., 2013). Researchers have urged the creation of networks of private and public organizational capacity, including community-based organizations, to respond proactively to CSA (Zimmerman & Mercy, 2010), constructing a new public health architecture for CSA (Zimmerman & Mercy, 2010). In the context of CSA in CYSOs, this requires a robust theoretically supported basis to ensure the method of implementation can be effective.
Public health theory is concerned with the optimal ways to design, implement, and evaluate programs to prevent risk to children (Mercy & Saul, 2009), at the population level and to groups of children at higher risk, and the promotion of good governance to enhance health (Gostin, 2008). In some contexts the use of law may be both necessary and optimal. While unintended consequences must be cautioned against, law may provide mechanisms and outcomes that cannot otherwise be provided. Scholars have recognized the benefits to public health of legal regulation in food safety, pollution, personal safety, immunization, and other fields (Gostin, 2008;Mello et al., 2013). Mello et al. (2013Mello et al. ( , p. 1979) view law as "an underutilized resource in public health". They consider that promising legal interventions are often hindered by opposition from industry, and failure to convince legislators of the need to act. They suggest that priority areas for public health law exist where there is a significant public health problem, where the mechanism underlying the problem is understood well enough to conclude legal responses are part of the solution, and where a specific legal intervention could be useful.
Such responses must be tailored to the context, and be practicable. A major challenge is in determining the method of moving from public health strategy to public health implementation: how should, or how must, a particular strategy be implemented to give it its best likelihood of being adopted, of having its intended results, and minimizing unintended adverse results? In responding to the challenge noted by Hammond et al. (2006), how can the public health strategy best achieve coordinated implementation in different agencies and communities, and how can the full participation of communities be achieved? Accordingly, once we know of good responses to the problem, we must devise suitable implementation and regulation, tailored to the context and the communities, agencies and individuals involved.
Driving any public health approach to a specific challenge must be a theory that at its core is true to the original concept of public health and its fundamental concern to promote social justice. Birn (1998, p. 1605) remind us public health was originally used "to distinguish actions governments and societies-as opposed to private individuals-should take to preserve and protect the people's health." Krieger (2005, p. 466) notes that the concept of social justice contains notions of distributive and procedural justice, human rights, and the actions required of states and private and public institutions to "oppose or condone exploitation and to protect, promote, or violate human rights". In developing her ecosocial perspective on public health, and demanding a focus on public health as social justice, Krieger (2011Krieger ( , 2016 firmly places political and social forces, especially race and class, at the centre of population health and health inequities. Krieger (2011) notes that "socially inflicted trauma" includes sexual assault. One might posit there are political, social and economic forces often underpinning CSA in CYSOs, cover-ups, failure to respond adequately, and inactivity from other powerful social agents like governing bodies and legislatures. In this context, the social and political factors of concern are not pure biology, race or class. Rather, a public health approach should accommodate a confluence of several ecosocial dimensions. With respect to the child, we should consider children's high physical, emotional and sexual vulnerability due to their age, development, and dependence on institutional authority figures, their inability to represent themselves individually and collectively; their sex, since girls are more often victimized generally, and boys are more often abused in religious contexts. In relation to the offender, factors include spiritual authority, and professional power over the child's status and advancement. In relation to the institution, we should respond to organizational hierarchical features exacerbating children's vulnerability and embedding the power of individual offenders and their protective institutions, such as in settings of religious authority, private education, and elite sports. Even when without gross culpability, several other factors require attention: institutions may lack the desire or capacity to independently develop and implement required best practices to prevent and respond to institutional CSA; others may both wish and have capacity to do so, but may be hindered in such efforts due to lack of skill, diffusion of the institution's activity across multiple locations and settings, and logistical and financial limitations.
These observations have theoretical and practical relevance for the questions of how best to coordinate, implement and monitor public health responses in this context, alongside the recruitment and retention of community participation, and the reasons why some approaches to these challenges are more suitable than others. For example, even if there is broad consensus about the practices CYSOs should adopt, does this context present features suggesting CYSOs themselves should be entrusted with these tasks, without external oversight? Or, is a different approach preferable, and if so, why? To approach this question, guidance can be obtained from the second body of theory drawn on in this analysis.

Regulatory theory and child sexual abuse
In the context of CYSOs, efforts to prevent, identify and respond appropriately to CSA involve multiple challenges including vulnerable children, high risk, and multiple sectors or industries serving children and youth which are fragmented and geographically widespread, and which have diverse workforces and varying levels of knowledge of and cultural commitment to CSA prevention (Mathews, 2017). Two core concerns of regulatory theory are: (1) what kind of approach to the setting and enforcement of rules is both appropriate to the context and likely to be successful; and (2) how can society and industry best secure compliance with rules and overcome resistance at the individual, organizational and cultural levels, created by factors including ignorance, resource scarcity, and fear of exposure (Baldwin, Cave, & Lodge, 2012). Applied to the context of optimal approaches to prevention, identification and responses to CSA in CYSOs, regulatory theory offers insights into key questions including: (1) does the context of CSA require stronger government oversight of CYSOs and other centralized supportive measures in designing and implementing CSA prevention policies and programs?; (2) is the optimal factor motivating policy compliance in CYSOs the development of genuine moral commitment to norms of behavior (Parker, 2006), and if so, how might this be developed in the context of CSA and CYSOs?; (3) do other major factors such as fear of sanctions, and fear of damage to reputation, influence individual and institutional CYSO practice and compliance, and what does this imply for optimal regulatory methods? Different regulatory models exist and are suited to different environments (Cave & Baldwin, 1999). Generally, direct government regulation is required for situations of high risk, high complexity, and uncertain industry or sector commitment to robust policy. Direct government regulation, where a formal directive such as through legislation is supported by the deterrent threat of a punitive sanction, is deemed preferable where the subject is inherently of high risk and significance, such as a major public health or safety issue, and where the government desires certainty about the nature of the policy, seeks universal application across an industry or sector, and existing regulatory bodies such as those internal to organizations may not have the capacity or commitment to respond to the particular problem. In contrast, self-regulation is suitable for settings where the subject matter is low risk, does not involve a strong public interest or health and safety concern, and can be effectively governed by the market. It will likely be effective where the industry or sector is cohesive, with individuals sharing a commitment to core goals. Co-regulation (industry-developed arrangements, supported by legislation to enable enforcement) and quasi-regulation (where the government imposes pressure to behave in a certain way but without legislative backing) are appropriate where the subject matter involves some kind of public interest, but less formal approaches are judged adequate to deal with the regulatory challenge, the regulation may only involve one branch of an industry, and it is appropriate for the industry to have ownership of the nature of the scheme.
The theory of responsive regulation prioritizes the nurturing of voluntary compliance through self-regulation and persuasive, informal enforcement escalating to coercion only if other methods fail, and has influenced a variety of fields including occupational health and safety law, environmental law, and public health regulation of food and alcohol (Baldwin & Black, 2010;Parker, 2013). This assumes regulated parties will comply due to intrinsic motivations and desire for social legitimacy, ideally eventually inculcating internalization of regulatory norms and trust between the regulators and the regulated (Parker, 2000).
However, it can be difficult for policy to attract intrinsic commitment (Parker, 2006). The central factor motivating policy compliance is thought to be the development of genuine moral commitment to a norm of behavior (Parker, 2006), which represents a cultural and ethical stance held by the institution, its leaders, and its staff. More significantly, it has been proposed that robust approaches with strong government regulation and oversight are required for contexts of high risk, major public health issues, and multiple industries or sectors which are fragmented and geographically widespread (Hutter, 2011;Mathews, 2017). Hutter (2011) warns that compliance is influenced by a complex nexus of legal, economic, social and political forces, which create multiple sites of tension and risk. A single large or fragmented organization can possess wide variance in culture, risk management, and compliance expectations. Organizational fragmentation, exacerbated by geographical diffusion, the presence of multiple professional groups, different levels of knowledge of regulatory obligations, and cultural differences, present additional challenges for compliance. In addition, regulation and compliance should be seen not as a short-term goal, but as a long-term strategy involving entire diversified organizations.
A fundamental challenge faced by any regulatory regime is the question of what strategy will produce optimal compliance. Theoretical understandings of compliance suggest three motivational factors influence compliance by organizations and individuals with regulatory requirements: fear of detection of non-compliance and associated sanctions; adverse reputational consequences upon exposure; and a desire to conform to an internal norm about what is the right thing to do (Yeung, 2004). Baldwin and Black's (2010) theory of 'really responsive regulation' identifies multiple factors influencing compliance: (1) behavior, attitudes and cultures of the actors; (2) the institutional setting; (3) the different approaches of the regulatory strategies; (4) the success over time of the overall regime; and (5) fluctuation in these elements. In a study of regulatory approaches in a child protection context, combining direct regulation and some self-regulation, it has been theorized that ten factors are required to optimize regulatory performance (Dorbeck-Jung, Vrielink, Gosselt, van Hoof, & de Jong, 2010): (1) Regulatees' ability and willingness to obey the rules; (2) Sufficient overlap between private and public interests within self-regulation; (3) A small number of actors in an organized and homogenous sector; (4) A high level of social responsibility in the regulated sector; (5) A high level of oversight of employees; (6) A high level of enforcement or pressure to respond to non-compliance; (7) Standards covering all essential matters; (8) Consistent regulatory strategies; (9) A high level of oversight of system performance; and (10) Corrective responses to counterproductive system performance.
The insights from regulatory theory are of great significance for an understanding of optimal forms of regulation in CYSOs to prevent, identify and respond to CSA. Insights from regulatory theory, combined with knowledge gained from the lived experience of CSA in CYSOs and the factors shown to have contributed to it, indicate major impediments to a regulatory strategy of organizational self-regulation or co-regulation. Even where the organization wished to do so, it is inherently challenging and often simply unviable for an organization by itself to develop a robust, scientifically and operationally sound policy infrastructure with effective implementation and oversight. Other organizations, whether through unconscious inadvertence or conscious opposition, will not be motivated or able to do so. The organizational, attitudinal and economic factors identified by Hutter (2011), and the features required for compliance posited by Dorbeck-Jung et al. (2010), will frequently be absent. In many cases, the development of sound and comprehensive policy, of cultural and individual commitment to it, and effective organizational oversight and enforcement, are fundamentally compromised. This may not be intentional or sinister; it may simply be a product of the nature of the organization and its lack of resources, knowledge and capacity. Moreover, in some settings this may be of lesser consequence due to lower risk of CSA. However, in some organizations, including those with higher risk of CSA, there may be an intrinsic absence of the qualities required for effective self-regulation of prevention, identification and response. The features of the Catholic Church enumerated earlier in this article present an embodiment of one such organization, both generally, and especially in the context of offending by ordained priests and non-ordained religious.

Challenges to reform and compliance: resources, individual attributes, diffusion and culture
Multiple obstacles must be overcome to create and successfully implement CSA prevention and response strategies in all CYSOs. Challenges are presented by individual factors (personal fears; lack of knowledge; unhelpful attitudes; lack of time), and organizational factors (including lack of financial resources, time and expertise; size and diffusion of the organization's work; staff turnover; and problematic culture) (Saul & Audage, 2007;Wurtele, 2012). These may be viewed as factors of inadvertence (ignorance, incompetence, denial) or intentional wrongdoing (cover-ups, reputational control, financial protection, complicity) (Lanning & Dietz, 2014). Accordingly, some CYSOs may not have cultural problems, and may possess intrinsic commitment, but implementation problems will still be posed by lack of scientific expertise, lack of financial resources, lack of time, high staff turnover, and the presence of volunteers (Wurtele, 2012). These organizations may still be reluctant to discuss CSA (Wurtele, 2012).
However, even more problematically, other CYSOs may possess cultural problems and a lack of intrinsic commitment to the problem of CSA, such that they intentionally cover up CSA, have a priority of protecting the institution's reputation, and may have senior staff who are complicit in CSA (Boyle, 2014;Lanning & Dietz, 2014). These circumstances may present an insuperable obstacle to self-driven change and sound practice. Such organizations are highly unlikely of their own volition, and without any external oversight, to embed the kinds of measures required, and to educate staff appropriately, to protect staff who make reports, to have leadership take credible responsibility, to create robust codes of conduct, to properly report alleged cases, to appropriately deal with suspected and known offenders, to have transparent decision-making, to resist protective measures to protect the institution's reputation, to instill a culture of ethical behaviour, and to voluntarily allow external oversight of their processes and outcomes.
The problem of poor organizational culture is particularly powerful and challenging for reform efforts. Sipe (2011, p.125) has concluded that in the Catholic Church, "culture trumps reason every time", meaning that an organization's internalized code of behaviourespecially when supported by the threat of sanctionswill exert an irresistible gravitational pull on individuals' actions, outweighing even a clear awareness of what ethics, logic and science would demand. Smith and Freyd (2014) have concluded that organizations having certain cultural characteristics are more likely to provide an environment within which CSA can both occur, and be the subject of inadequate responses. These cultural characteristics include the organization possessing: (1) strict membership requirements (with a high level of institutional or societal value being placed on membership); (2) the institution (and or its leaders) having a prestigious position in society; (3) the institution valuing its prestige, reputation and public image more than the welfare of the children it provides for; (4) strict hierarchies without viable reporting pathways; (5) relationships of power imbalance; (6) relationships of trust and dependency; (7) prestige or high value to the abused child in remaining in the organization, despite the experience; (8) Prestige or high value to the abused child in remaining connected to the abuser, despite the experience; (9) fear of the consequences that can be visited upon it; and (10) operational lack of an organizational strategy to deal with CSA (including lack of a lexicon around the issue; ignorance of the issue; outright denial of the issue; all characterized by absence of adequate screening; absence of adequate reporting mechanisms and recording systems; absence of staff training/education; absence of policy; overt coverups; use of rhetoric and euphemisms to describe allegations; reprisals and adverse consequences for victims and whistle-blowers). The range of measures that can be adopted to create healthier organizational culture has been explored in depth by Palmer (2016;Palmer & Feldman, 2017, this issue). Knowledgeable and ethical leadership in every CYSO is a precondition for effective and morally defensible responses. The culture established and exercised in both policy and daily demonstration by an institution's leadership is critical in shaping events, attitudes and behavior of individuals in the group. The Commission captured this in the Yeshiva hearing, where it stated (Australian Government, 2016, p. 80): "An institution can only act through its senior members. The views of senior members shape the responses of institutions to allegations and incidents of child sexual abuse and impact on the way the community thinks about child sexual abuse and how victims are treated when they decide to come forward. The actions and views of those senior members have a direct bearing on whether survivors may come forward at all." All these challenges inherent to the context of CSA prevention in CYSOs, involving individual factors, organizational factors, and cultural problems, have major consequences for not only the need for regulatory responses to prevent and respond to institutional CSA, but for decisions about what are the more appropriate regulatory methods. This applies to different kinds of organizations, of different size, geographical diffusion, employee/volunteer composition, child clientele, and both the general type of activity in which the organization is engaged and the ways in which this activity is conducted.

Emerging consensus on measures to prevent, identify and respond to CSA: seven dimensions
There is much agreement about what kinds of measures should be adopted by CYSOs to minimize risk and ensure appropriate responses. This is evident in approaches and organizational tools proposed by the Centers for Disease Control (Saul & Audage, 2007) and by other leading scholars (Wurtele, 2012(Wurtele, , 2014, which are substantially supported in other approaches and analyses (Parent & Demers, 2011;Valentine et al., 2016;Walsh et al., 2013). These models have subtle differences but all have a common fundamental basis, which emphasize the necessity for seven key prevention dimensions like those articulated in extensive detail by Wurtele (2012Wurtele ( , 2014 as further discussed elsewhere (Mathews, 2017). First, the CYSO must have a detailed organizational policy (including fundamental principles, definitions, objectives, a zero tolerance approach, endorsement by management, and designated contacts). Second, there must be safe screening and hiring practices. Third, there must be a robust and detailed Code of Conduct (specifying prohibited conduct across a range of situations, and acceptable conduct). Fourth, there must be measures for implementation and monitoring (including formal staff supervision, and external auditing). Fifth, actions must be taken to create safe environments (at a lower level, requiring further embedding and dissemination of policy and code of conduct, such as by prominent placement in workplaces, websites, and contractual appointments; at a higher level, requiring safe approaches to environmental structures). Sixth, there must be measures embedded to ensure staff appropriately report and respond to suspected cases, disclosures and allegations (including processes for making, recording and dealing with such reports, and for ensuring the child's safety). Seventh, there must be sufficiently detailed and sophisticated education and training of personnel about the nature and consequences of CSA, organizational policy, reporting duties, and legal and ethical obligations. Such education is viewed by Wurtele (2012) as the cornerstone of prevention.
Similarly, a range of scholars have analyzed preventative approaches from the perspective of situational crime prevention, which aims to alter the environment in which crime occurs to reduce the likelihood of offending, informed by the nature, location, timing and method of the crime (Boyle, 2014;Kaufman et al., 2012;Leclerc, Wortley, & Smallbone, 2011;Smallbone, Marshall, & Wortley, 2013;Terry & Freilich, 2012;Terry, 2015;Wurtele, 2012). For institutional CSA there is broad consensus about the kinds of institutional strategies that should be adopted, which fall within three conceptual categories articulated by Smallbone et al. (2013): (1) "increasing effort" (e.g., strategies to screen personnel; including material in job descriptions about expected and prohibited behaviour; having a specialized risk management position dedicated to CSA prevention; having a formal plan to reduce risk of harm; staff awareness and regular review of the plan); (2) "increasing risks to offenders" (redesign of the environment, e.g. eliminating hidden areas, strategic use of glass, windows and cameras; requiring staff to report abuse; enhancing opportunities for disclosure; inspections and reviews by an independent authority); and (3) "removing excuses/reducing permissibility" (ensuring the CYSO does not engender a culture of abuse or tolerance of it in any way, through formal codes of conduct unequivocally establishing acceptable and unacceptable conduct to ensure children are safe, and opportunities for CSA and grooming are minimized, e.g. regarding being alone with children, travel, overnight stays, bathing, communication, and grooming behaviors, and prohibition on taking children to the staff member's home). Similarly, Terry (2015) integrated sociocultural, psychological, situational, and organizational perspectives, and concluded that prevention approaches should focus on situational prevention, as well as education, and oversight and accountability (Terry, 2015, p. 120).
Accordingly, responses of these kinds seem well-supported. However, the central questions then relate to implementation, quality, consistency, practicability, and oversight and accountability. In their study of the Catholic Church, Terry et al. (2011) did not provide great detail on the required oversight and accountability mechanisms, and recognized that organizational change was still ongoing and may take decades. It was recognized that overall culture change was essential, and that such culture change must be led from the highest levels of management. Terry et al. (2011) concluded that mechanisms of transparency and accountability must be installed, and must become ordinary practice in every diocese. However, the problems in achieving this were not specified; and moreover, the specifics of what is involved in "accountability" and "oversight" were not articulated. Who is to be accountable, for what, to whom, and under what circumstances? Who or what bodies, internal or external, are to have oversight of these accountability mechanisms and cultural practices, and how is such oversight to be implemented? The challenges then become not only to work out the content of such education, code of conduct, appropriate responses to allegations, situational prevention, and the other strategies noted above, but to establish how best to implement each of these in a range of diverse CYSOs with different natures, levels of resources and commitment.

Applying principles and insights from public health and regulatory theory about regulation and implementation of recommended measures
These insights into the nature of CSA in CYSOs, public health theory and regulatory theory inform some conclusions about optimal implementation of measures to better prevent, identify and respond to CSA in CYSOs, and the required regulatory method of doing so. These conclusions are made on the basis that the measures described above have broad consensus as good practice. In advancing any centralized program based on direct regulation as informed by this analysis, it is important to promote the public health tenet that community participation and ownership is vital, and to the extent possible, modifications are permissible where appropriate. Accordingly, this approach should not be caricatured simply as a "top-down" approach relying only on direct regulation. Rather, guided by public health principles and insights, this approach requires the fostering of productive, collaborative partnerships with CYSOs, and strategies involving organizational leadership and individual staff members (Palmer, 2016), to help develop intrinsic organizational and individual attitudes to heighten the likelihood of compliance and sustained cultural change. The benefits of the preferred approach to CYSOs should be emphasized, including savings to CYSOs of money, time, expertise and personnel, and, more importantly, providing assistance in improving organizational capacity to protect the children and youth they serve, professionalizing staff and management, and minimization of organizational liability. As well, it is important to note that, in the spirit of public health as originally conceived and with regulatory theory as applied to high risk environments with diverse industrial participation and varied intrinsic commitment, government has not only a role to play, but an obligation to do so.
The following observations are not intended to define a comprehensive model, but they represent conclusions of applying the insights and theoretical principles explored in this article, and provide working suggestions. In general, the features of the context of CSA and CYSOs indicate that direct government regulation is required for situations of high risk, high complexity, and uncertain industry or sector commitment to robust policy. The optimal approach to implementing many of the required dimensions of regulation is a unified, centralized approach implemented by a central authority having the power and capacity to develop, communicate, administer and enforce the desired measures. This offers the greatest likelihood of promoting quality of design and best practice, avoiding fragmentation of policy and practice, using resources efficiently, and enhancing child protection. Achieving this requires a model of direct regulation, involving a small number of organizational actors in an organized, centralized and homogenous environment, which can: enable cooperative and coordinated support between major government and nongovernment actors; create consistent, sound, simple procedural structures; and aim to develop genuine organizational and individual commitment to the policy measures and practices through the development of attitudinal factors which underpin an internalized normative duty.
This approach would require a legislative scheme, endorsement by government and major nongovernment organizations, and financial support from the state. It would need to be supported and enforceable by an external framework of recognition and enforcement. A single, centralized national regulatory body should have responsibility for as many of the seven key dimensions discussed above as possible. This body could be supported financially and logistically by governments at national and or provincial levels. It could have considerable strength in its regulatory actions, being supported by a legislative scheme, or could at least have power to compel certain acts through organizational accreditation or registration requirements, or made a condition of receiving state financial support. In developing harmonized, common approaches to as many of the relevant aspects of the regulated subject matter as possible, this body could consult with peak organizations while retaining ultimate decision-making power. Mechanisms for providing aspects of the prevention approach could be simple, streamlined, and cost-efficient, such as using online methods for education. Quality assurance and review could be conducted at practicable intervals, conducted by one body or a small number of auditing bodies, themselves overseen by the central agency. At all stages of this approach, provision of support by the government regulator to CYSOs should aim to foster dispositions conducive to a child-centered approach.
Before continuing further, it can be noted that in 2015, the Australian state of Victoria created a legislative scheme to implement a set of Child Safe Standards in a range of CYSOs, embedded in the Child Wellbeing and Safety Act 2005 and established by Ministerial declaration on 31 December 2015 (Victoria Government Gazette G52). The standards were created as part of the state's response to the Betrayal of Trust Inquiry (Victorian Family and Community Development Committee, 2013), and are directed to all types of child maltreatment within CYSOs, going beyond CSA. The seven standards require CYSOs to: embed an organizational culture of child safety; create a child safe policy; create a code of conduct; screen, supervise and train staff; have processes for reporting and responding; have strategies to identify and reduce risk; and promote child participation. The legislative scheme includes enforcement and oversight measures, but remains a co-regulation model rather than a direct regulation model. This is because, while other materials provide further abstract detail about what the standards should achieve and how they could be implemented, the scheme requires CYSOs to create their own substantive approaches to each requirement. As a result, the scheme is vulnerable to the issues of design quality, fragmentation, cost and implementation identified earlier in this article.
The seven key prevention dimensions mentioned above present opportunities and challenges for implementation, but compared to models of self-regulation or co-regulation, a model of direct regulation arguably offers superior quality, cost-efficiency, and efficacy. Some of these dimensions involve common principles and arguably could readily be designed robustly, with expert input, and made applicable to virtually all CYSOs. There may be modifications needed in some circumstances, and there could be fundamental components to such approaches that are applicable universally, with additional components available where appropriate. As well, such a centralized approach would enable enormous savings of cost and time, would ensure substantially higher scientific quality, and would relieve organizations of the requirement to generate their own approaches to matters that can be designed by a central, specialized authority. One such example is that every sound policy in this context must possess several key components, many of which are universal, such as definitions of key terms, and the principles underpinning the policy. Core elements of a code of conduct could be promulgated to ensure prohibitions on high-risk contexts are clear and universal, and situations of the highest risk are avoided. While there may be exceptions in specialized contexts, in general there seems no plausible reason why common approaches to these matters cannot be developed through a process of consultation and consensus-building with community partners.
Similarly, regarding education and training, many elements are universal, such as: the definition of CSA; its prevalence; its criminality; its serious consequences; who experiences it, and at what ages; who inflicts it; the tendency towards nondisclosure; children's truthfulness in disclosure; the indicators of CSA: boundary violations; children's typical emotional, social and behavioural responses after victimization; legal and ethical duties to report, and processes for reporting. A high quality training program could be designed through a robust process of expert development, and delivered economically online. CSA education programs directed towards professionals serving children and youth have shown positive effects on knowledge, attitudinal dispositions, preventative behavior and reporting (Letourneau, Nietert, & Rheingold, 2016;Rheingold et al., 2015). In their best form, some aspects of education are arguably connected with cultural development through genuine change to individuals' empathic concern, especially amongst CYSO leaders, and these aspects of education may be the most challenging to achieve given their complexity (Mathews & Collin-Vézina, 2016). However, such efforts are required if society and its key institutions are to meet the social justice concern of public health, and to garner effective participation from relevant communities and their leaders.
To ensure appropriate reports are made of known and suspected allegations, this model of direct regulation could adopt the multipronged approach taken in the two Australian states of Victoria and New South Wales. Australia is a federated jurisdiction of eight states and territories, and these two states are the most populous jurisdictions, accounting for over half the national population (Australian Bureau of Statistics, 2017). Firstly, and tailored to CSA within CYSOs, there are legislative "reportable conduct schemes", which are a method of ensuring appropriate investigation and external oversight of allegations of CSA within CYSOs. A reportable scheme has existed in New South Wales since 1998, and schemes have recently been enacted in 2015 in Victoria under its Child Wellbeing and Safety Act 2005, and in 2016 in the Australian Capital Territory under its Ombudsman Act 1989. These schemes aim to overcome malfeasance and conflicts of interest where agencies investigate CSA allegations against their own staff, and instead seek to create a culture of integrity, transparency, and accountability to external independent oversight. Heads of specified agencies are compelled to notify an external independent agency of allegations involving their employees. This external independent agency, which depending on the jurisdiction is the Ombudsman, or an oversight body such as a Commission for Children and Young People, is empowered to monitor investigations, and may in some circumstances conduct its own investigation.
Secondly, these two states have additional reporting duties in criminal law, which require all adults to report knowledge or belief that CSA has been committed to the police (Crimes Act 1900 (NSW) s 316; Crimes Act 1958 (Vic), s 327). Victoria also has a new reporting duty applied specifically to those in management roles in organizations, requiring them to report known risk to a child of sexual abuse by someone in the organization to police (Crimes Act 1958 (Vic) s 49O). Victoria's reforms to these criminal law reporting duties were a response to recommendations of its Betrayal of Trust Inquiry (Victorian Family and Community Development Committee, 2013).
Thirdly, Victoria and New South Wales, along with every other Australian state and territory, have traditional mandatory reporting laws situated within child protection legislation. This separate reporting duty requires designated professionals to make reports of known and reasonably suspected CSA by any offender to government child protection agencies. However, these laws differ across states and territories, so that depending on the jurisdiction, these reporting duties may or may not extend to subsets of individuals in CYSOs. Studies have shown the generally positive effects of these duties in the context of CSA, using both pre-and postenactment time trend analysis (Mathews, Lee, & Norman, 2016) and longitudinal analysis over 20 years (Mathews, Bromfield, Walsh, Cheng, & Norman, 2017).
Finally, to ensure transparency and accountability, the general task of monitoring and auditing CYSOs requires independence, expertise and resources, and this must be supported by the availability and use of sanctions. Combined, the measures in this approach are consistent with insights from theory, and may in practice help to overcome many of the organizational, cultural, attitudinal and behavioural factors which have facilitated the infliction of CSA in CYSOs.

Conclusion
As shown by the case studies conducted by Australia's Royal Commission, the factors contributing to CSA in institutional settings occupy points on a spectrum ranging from ignorance and inadvertence to organized corruption, concealment and criminality. At their worst, cultural factors have knowingly facilitated continued offending, while in many other cases, problems have arisen simply from lack of attention to the need to prevent, identify and respond appropriately to CSA through effective policy and practice, and absence of external oversight.
Adopting a public health approach to institutional CSA requires a multidisciplinary approach to the four dimensions of any public health response: defining and measuring the problem, identifying risk factors, developing and testing interventions, and implementing interventions. Public health theory not only encourages but obliges action by states and private and public institutions to promote social justice, prevent child exploitation and protect children's human rights (Krieger, 2005(Krieger, , 2011. In this context, a public health approach must appropriately accommodate the ecosocial dimensions relating to the child, the institution, and the known factors which enable institutional CSA and which in their most damaging forms promote its concealment and allow it to be repeated. The considerable consensus about required responses indicate seven dimensions of activity to prevent, identify and respond to CSA in CYSOs (Wurtele, 2012). The challenges are to achieve coordinated implementation of such responses by agencies and communities, for responses to be practicable and tailored to the context, and to foster the participation of communities. Lived experience, public health and regulatory theory, and the nature of CSA in CYSOs, all indicate that organizational self-regulation is unviable to meet the social justice imperative in this context. A model of direct legislative regulation is required, driven by a posture of responsive regulation, tailored to the context, and with CYSOs being nurtured towards voluntary compliance and informal enforcement but with stronger coercive measures available if necessary to compel compliance and penalize breaches (Dorbeck et al., 2010;Hutter, 2011).
As with any policy response, limitations may become apparent, and a robust public health approach should identify these by monitoring outcomes, with refinements made through a commitment to ongoing review and improvement (Mercy et al., 1993). In the short term, it might be that such challenges include the attraction of genuine commitment, especially by organizational managers. Especially when first being implemented, policy responses should ensure that CYSOs are not fearful of their primary work being undermined by any new obligations in the CSA prevention context. Reassuring stakeholders about the precise nature, extent and practicability of any new policy measure, and of how it strengthens their organization, is an important part of recruiting and retaining participation by CYSOs and the development of authentic commitment. No policy response can eradicate CSA in CYSOs. However, driven by public health and a direct regulatory approach, a multi-dimensional model can be generated as a cooperative and supportive exercise to reduce the likelihood of CSA in CYSOs, to enhance its identification, and to end active concealment of known cases. Ultimately, such an approach may help to develop and embed new social norms and cultural shifts which promote the fundamental aim of reducing suffering and enhancing social justice.