Caroline Hayward, Yasmin Milligan and special guest author Lesley Townsley unpack the exciting world of regulatory compliance registers.
In this month’s edition of KWM inhouse series – from our inhouse to yours – we’re delving into the world of compliance management. In particular we’re going to explore the exciting world of regulatory compliance registers – what they are, how they’re used and how to make one from scratch. In this special edition, we’re pleased to be collaborating with KWM’s Senior Compliance Advisor, Lesley Townsley who is our resident compliance genius. We’ll also hear from Himashi Cameron, General Manager and Head of Compliance Advisory of the firm’s exciting new client facing, specialist compliance & governance practice, Owl Advisory by KWM. If you become overwhelmed with the concept of compliance management – don’t panic – Owl Advisory by KWM is just one call away and can create a new, or uplift your existing, compliance framework – including creating regulatory compliance registers!
What is compliance management?
Every legal team should have at least a basic understanding of compliance management – even if compliance as a role is undertaken by a separate team. Compliance Management may sit within the General Counsel team or it may form a part of a separate Risk & Compliance team (or a variation of both!).
Compliance management is the art (ART!) of understanding obligations, developing controls to manage those obligations, managing those obligations and controls and then embedding them into training and communication strategies. It’s a cycle!
Where does a regulatory compliance register fit in?
The first step in regulatory compliance is ‘IDENTIFY’. This involves compiling a regulatory compliance register to identify regulatory obligations including legislation, regulations, rules, codes and guidance.
The regulatory compliance register forms the basis of tracking those obligations through to controls then managing those controls.
For example, if you employee staff and your business is a national system employee, chances are you need to comply with the Fair Work Act 2009 (Cth). Within the Fair Work Act are numerous (numerous!) obligations that an employer must comply with. Among them, are the National Employment Standards, which state that an employee is entitled to at least four weeks of paid annual leave per year of service.
Looking forward…
The next step involves summarising the sections into an obligation register. The combination of the legislation and obligations registers is your compliance register. Then, taking it a step further – you could then track your controls by linking that obligation to its controls such as:
- Delegation of duties and responsibilities (such as clear position descriptions and governance framework)
- Annual Leave Policy
- Employment contract which refers to leave entitlement
- Payroll system which automatically calculates leave entitlement based on rules provided to it
- Training module on leave entitlements provided on induction
- Intranet pages listing entitlements and links to the training and policies; and
- Annual communication about taking annual leave with links to policy.
What are the benefits of having a register?
There are so many benefits to have a regulatory compliance register. Including:
- You know the regulatory, legal, and policy instruments that apply to your business.
- You know what your obligations are.
- Provide the Executive or Board with confidence that you’re across your regulatory obligations.
- Reduce the risk of being caught out by regulatory obligations that you may not be aware of.
- You can ‘tick off’ each obligation to ensure it is captured in a policy or procedure (ie you can make sure there are controls to manage that obligation).
- Reduces the risk of financial or reputation damage caused by non-compliance.
Priceless really!
How do I create one?
Here’s the fun part!
You have to assess your business activities on a granular level – look at what work your business undertakes – not just for clients but internally. You should start your assessment focussing on area of highest risk such as your licence to operate.
Other business activities include (as examples):
- Providing a professional service (such as legal service, auditing services, tax advice)
- Payroll services
- Have client information such as contact details
- Electronic marketing
- Managing employees
- Providing subscriptions to news websites
- Has the ability to access employee’s inboxes
- Receives payment
- Works with overseas entities; or
- Makes payments to third parties.
You would then assess what legislation applies to those activities which you can do using legal research skills (hello Thomson Reuters, LexisNexis and…Google). At this point, we would recommend seeking expert legal advice (see below for contacts).
Some examples?
If your business…
Has a library or even a printer or photocopier… | Chances are you’re going to need to understand your copyright obligations – so you need to understand the obligations of the Copyright Act 1968 (Cth). |
Pay staff… | You’re going to need to be across taxation (eg Payroll Tax Act 2007 (NSW)) and superannuation (Superannuation Guarantee (Administration) Act (Cth)) as well as obligations under the Fair Work Act. |
A curly one? Does your office have an internal café that serves food? | Then you may fall within the remit of a food regulation in your jurisdiction such as Food Act 2003 (NSW). You may even require a licence. |
If you market electronically… | You’re going to need to be across the Spam Act 2003 (Cth). |
Manage client information… | This is a biggy – Privacy Act 1988 (Cth). |
Can access employees inboxes… | Three words! Workplace surveillance legislation (such as… Workplace Surveillance Act 2005 (NSW)). |
Works with third parties overseas… | You definitely need to be across the Autonomous Sanctions Act 2011 (Cth). |
If you have inhouse counsel… | You need to be across the Legal Profession Act in your jurisdiction (*fingers crossed it’s a uniform jurisdiction*). |
This is your legislation register!
If you want to see a legislation register in action, some organisations, such as Universities will publish their legislation registers on their websites.
Does it all sound like too much?
Do not stress! Luckily, we have the solution for you.
Have you met Owl Advisory by KWM? Owl Advisory is uniquely placed to help you understand your compliance obligations and help many of our clients to create or uplift their obligations register.
To have a conversation about your compliance management please contact Tim Bednall, Partner KWM & Director Owl Advisory by KWM or Himashi Cameron, General Manager, Compliance Advisory, Owl Advisory by KWM.