Foreign Interference Policy
James Cook University (JCU) is committed to complying with the Australian Government’s national security legislation, and to give compliance obligations priority consideration before proceeding with any international engagement. This Policy identifies responsibilities, processes and systems for assessing and countering foreign interference risk, and managing the various legislative compliance obligations (where they pertain to foreign interference) including the:
- Autonomous Sanctions Act 2011
- Defence Trades Control Act 2012
- National Security Legislation Amendment (Espionage and Foreign Interference) Act 2018
- Foreign Relations (State and Territory Arrangements) Act 2020
The University Foreign Interference Taskforce (UFIT) Guidelines on Countering Foreign Interference in the Australian University Sector released in 2019 provide additional regulatory requirements on the University. The implementation of these recommendations is monitored through the Integrity Unit within the Tertiary Education and Quality Standards Agency (TEQSA).
This Policy must be considered in conjunction with the JCU policies, procedures, and accountabilities which govern the establishment and management of international agreements, contracts, joint ventures, MOUs, recruitment processes and partnerships.
The Policy applies to members of Council, staff, students and affiliates of the University and relevant University Controlled Entities engaging in foreign arrangements or otherwise representing the University with a foreign government, agency, corporation or individual.
This policy applies to all University activities, campuses (including transnational locations and operations), arrangements and locations involving University business. This includes, but is not limited to, all the University’s physical and digital environments, research, teaching, infrastructure projects, financial investments, donations, travel, procurement, third-party arrangements, University-controlled entities (subsidiaries), articulation arrangements, staff and student recruitment activities and engagement activities.
Except as otherwise specified in this Policy, the meaning of terms used are as per the Policy Glossary.
Is a person (other than a Staff member or Student, including Higher Degree by Research Candidates) who is affiliated with JCU by letter of appointment or invitation to work, research or study at the University for a particular activity and typically for a prescribed timeframe and who is bound to comply with the University’s policies during that period (for example, visiting scholars and adjunct appointees).
Corporations that operate on a commercial basis are excluded from the definition of ‘State/Territory entity’ and ‘foreign entity’ under the Act. The following are not commercial corporations (and are therefore captured by the Foreign Arrangements Notification Scheme
This means the list of all persons and entities who are subject to targeted financial sanctions under Australian sanctions law, as maintained by the Department of Foreign Affairs and Trade.
Reporting required when a contact, either official or social, with a foreign national seems suspicious, persistent or unusual in any respect, or becomes ongoing, or where a person or group seeks to obtain information they do not need to know in order to do their job. Such contact should be reported irrespective of whether it occurs within or outside Australia. It is not necessary to report contact as part of official meetings provided a formal record is produced detailing the topics discussed.
Defence Industry Security Program (DISP)
DISP means the Department of Defence’s program under which program members are able to perform functions, services or capabilities for the Department of Defence.
Facilitation payments are payments made to officials with the intention of expediting an administrative process. The payment is meant to smooth the process of a service that the payer is legally entitled to. Facilitating payments are considered bribes and are prohibited by law.
As per the Foreign Arrangements Scheme given effect through the Foreign Relations (State and Territory Arrangements) Act 2020, any written arrangements, agreements, contracts, understandings or undertakings between State and Territory entities and foreign entities. They may be legally-binding or not legally-binding. This includes but is not limited to any of the following types of arrangements between the University and a Foreign Entity:
A foreign entity is defined under the Act as a foreign country, university without institutional autonomy, government, or department, agency or entity of a foreign government.
Under the Act, a foreign government includes a foreign national or sub-national government (including a department, agency or other public authority of that government). Some foreign tertiary education institutions, such as government military academies, would be considered part of the foreign government.
Foreign nationals may include, but are not limited to, embassy or foreign government officials, including trade or business representatives.
A foreign university does not have institutional autonomy when it is substantially under the control of a foreign government (including government or political appointees to the governing body), or its education, research or the academic staff are required by a law or the university’s governing documents to adhere to political principles or doctrine. A foreign university’s governing body may be referred to as the university council, committee, primary committee, senate, or board of trustees.
Universities with institutional autonomy separate from government, with freedom in relation to their internal governance, curriculum, research, teaching and discussion, and ability to publish those things, are not within scope of the Act.
For the purposes of the Scheme, Australian public universities are considered non-core State/Territory entities and therefore can only enter into non-core foreign arrangements. A non-core foreign arrangement is an arrangement between:
– a non-core State/Territory entity and a core foreign entity, or
– a non-core State/Territory entity and a non-core foreign entity.
Sensitive or Classified Information
This means official and confidential information created or managed by the University requiring protection from misuse or loss, which if eventuated, would harm the University’s operational or strategic objectives.
A University location where significant proprietary information, intellectual property and/or research outcomes are held.
Undue influence is when someone, because of their status or position, seeks or is able to derive an outcome that is favourable to them by exerting pressure over another person. That pressure is designed to get a member of the University to act in a way that is contrary to the University's best interests or their employment obligations, for example, to comply with University policies and procedures.
Foreign Interference Risk
1. A proactive approach by the University to the threat of foreign interference helps to safeguard the University’s reputation, protect academic freedom, demonstrate its understanding of national security interests; maintain the confidence and support of partner organisations; and ensure JCU can maximise the benefits of education and research endeavours.
2. Foreign interference occurs when activities are carried out by, or on behalf of a foreign actor, which are coercive, covert, deceptive or corrupting and are contrary to Australia’s sovereignty, values and national interest.
3. Foreign interference can result in:
3.1 compromise of JCU’s valuable research, or other sensitive data;
3.2 cultivation of the JCU community for espionage against Australia; or
3.3 foreign governments gaining an undue commercial, technical or intellectual advantage to the disadvantage of JCU.
4. Foreign interference can occur through:
4.1 improper attempts to obtain Sensitive or Classified Information from students or staff via foreign delegations, seminars and collaborations;
4.2 targeting, compromising and recruiting staff and students to further a Foreign Entity’s interests;
4.3 actions by or for a Foreign Entity that are inconsistent with academic freedom and JCU’s values, such as demands or inducements to change academic programs for the benefit of a foreign political, religious or social agenda;
4.4 efforts to alter or direct the University’s research agenda into particular areas of research (this may occur through subtle forms of undue influence and engagement, and through funding arrangements that may lead to a loss of future value and/or control of intellectual property);
4.5 seeking access to, or influence over, particular persons or areas of activity through various forms of funding arrangements (e.g. donations) or collaborations, facilitation payments, or inducements targeted at individuals; and
4.6 cyber targeting by exploiting network vulnerabilities and unauthorised access.
5. By being aware of foreign interference risks, properly managing those risks, and applying appropriate security to sensitive information and knowledge, the risk that such information might be used to advantage a foreign nation rather than Australia is reduced.
6. Any Australian citizen or permanent resident who is found to have failed to act to defend the national interest may be subject to disciplinary and/or criminal proceedings.
7. JCU Council members, staff, affiliates and students are subject to the Australian law regardless of the jurisdiction in which a facilitation payment is made. If a bribe is given to a public official or if irregularities in financial accounting records are ignored or intended to conceal a bribe there may be an investigation by the Australian Federal Police and criminal charges that can lead to imprisonment. This would also constitute corrupt conduct.
8. The University’s Conflict of Interest Policy and Procedures including the Conflict of Interest Procedure; Declaration of Interest – Senior Management and Specified Staff Procedure; Reportable Gifts and Benefits Procedure; Staff External Professional Activities and Secondary Employment Procedure (replacing the Statement on Staff External Activities – Existing Policy) provide further information on managing any conflict of interest or undue influence concerns.
9. The University’s Cybersecurity Policy and Cybersecurity Management Plan provide further information on responsibilities with respect to Cybersecurity, promotion of an intentional Information Security culture; Information Security risk management and response to threats.
Activities that increase foreign interference risk
10. Defence Industry Security Program (DISP). JCU has signed a Defence Science Partnering Deed which provides access to Defence for research collaborations, secondments and exchanges, scholarships and access to equipment and infrastructure. Engaging in Defence collaborations increases the foreign interference risk for JCU.
11. As part of the Deed, JCU is required to be a member of the DISP. Membership of DISP commits JCU to maintain certain Governance, Personnel, Physical and ICT security requirements. This creates obligations around policy and procedures, due diligence (particularly in recruitment), threat assessments and security risk assessments and raising the security awareness of staff more broadly.
12. The Chief of Staff fulfils the role of Chief Security Officer (CSO) for the purposes of this membership. Reporting obligations under the DISP include:
- Significant security incidents
- National security incidents
- Cybersecurity incidents including, unauthorised foreign entity access to classified information or assets
- Eligible data breaches
- Contact reporting
- Incidents involving staff or students with security clearance
- Potential criminal serious incidents where relevant to security concerns
13. Defence Trade Controls Act. The University supports academic researchers to meet their obligations under the Act, but it is ultimately the responsibility and liability of each academic to understand the potential strategic defence risks that may attach to their research and to seek assistance in managing this risk by arranging for a permit to be issued.
14. Autonomous Sanctions. Working with individuals, countries or organisations under Sanction can affect a broad range of University activities and the level of vigilance applied to manage this risk should reflect the level of international engagement activity. In particular, where the engagement is new or changing, staff should refer to the DFAT website for details about the governing regimes and geopolitical features, and check whether any of the entities and individuals involved are on the Consolidated List.
Responsibilities for Reducing Risk - Due Diligence
15. All Colleges, Directorates, Research Centres and Institutes are responsible for undertaking an assessment on whether a proposal, that originates in the applicable College, Directorate or Division, to enter into a foreign arrangement is subject to the requirements of the Foreign Arrangement Notification Procedure, in particular by applying the checklist at appendix 1 of that Procedure.
16. All Colleges, Directorates, Research Centres and Institutes are responsible for undertaking risk mitigation and due diligence assessments (see the UFIT Countering Foreign Interference Guidelines) on any overseas travel, international visits to JCU, visiting scholar appointments, collaborations, recruitment (including HDR students), secondments, exchanges, partnerships and scholarships where a foreign interference risk may apply.
17. Specifically, Colleges, Directorates, Research Centres and Institutes are to:
17.1 making notifications as required under the Foreign Arrangement Notification Procedure;
17.2 seek advice from the Chief of Staff if pre-employment checks identify foreign interference-related concerns regarding a candidate’s previous employment with a Foreign Entity;
17.3 promoting the use of the Foreign Contact Concern Report (appendix 1) by staff or affiliates who have contact with a foreign national that seems unusual, suspicious, persistent or ongoing and relating to a foreign national's involvement or interest in University operations or infrastructure;
17.4 if required for the University’s compliance with DISP obligations, undertaking additional background checks and collection of relevant information specific to the University’s DISP participation as advised by JCU Connect; and
17.5 for those staff, students or affiliates with Defence security clearance separates from JCU (ie when their employment contract or study is ended), facilitate their removal from building and information system access permissions, and complete the Personnel Security Assessment – Exit checklist available from the Chief of Staff.
Additional Roles and Responsibilities
18. The Chief of Staff has responsibility for:
18.1 fulfilling the governance framework requirements for membership of the DISP (including Security Officer and CSO responsibilities) as determined by the Australian Government’s Department of Defence (Defence) including foreign contact concern reporting, overseas travel briefing and debriefing where required;
18.2 notifying the Government of existing, proposed and confirmed foreign arrangements, subsidiary arrangements entered under the auspices of a foreign arrangement and substantial variations to previously-noted foreign arrangements in accordance with the Foreign Arrangement Notification Procedure; and
18.3 acting as JCU’s central point of contact regarding Minister for Foreign Affairs declarations or DFAT advice pertaining to the commencement, continuation, alteration or cessation of the University’s foreign arrangements; and
18.4 as the CSO and JCU’s Risk Management Coordinator, undertake appropriate threat, risk and security assessments as required and in response to Governance, Personnel, Physical and ICT security requirements.
19. The Technology Services Directorate is responsible for:
19.1 considering foreign interference risk management requirements in the University’s information security risk and compliance management, plans and procedures;
19.2 considering the sharing of IT network data, relevant to foreign interference risk, with the Australian Government that has been approved for release by Chief Digital Officer;
19.3 supporting initiatives to embed cyber-security as a whole-of-organisation security culture issue; and
19.4 including foreign interference in cyber-threat models for information security risk management.
20. JCU Connect are responsible for:
20.1 ensuring that foreign interference risk is considered with respect to any research collaboration, research grant application or other research related agreements that are submitted to JCU Connect for review or approval;
20.2 making notifications as required under the Foreign Arrangement Notification Procedure;
20.3 where a Defence research collaboration is entered into which requires Information security classifications or the establishment of Sensitive Areas, seek the Chief Security Officer (the Chief of Staff) assistance in ensuring that the security risks are addressed, as per DISP requirements;
20.4 advising University researchers on Defence Export Control System permit completions where the Defence Trade Controls Act applies;
20.5 ensuring JCU complies with all Australian sanctions laws (including assessing sanctions permit requirements) in respect of the University’s research activities that are submitted to JCU Connect for review or approval, and notifying the Chief of Staff if there are any contraventions of the sanctions regime; and
20.6 promoting the use of the Foreign Contact Concern Report (appendix 1) by researchers who have with a foreign national that seems unusual, suspicious, persistent or ongoing and relating to a foreign national's involvement or interest in University operations or infrastructure.
21. International Directorate are responsible for:
21.1 ensuring that foreign interference risk is considered with respect to any International collaboration, agreement, MOU, partnership proposal or related agreements that are submitted to the International Directorate for review or approval;
21.2 making notifications as required under the Foreign Arrangement Notification Procedure;
21.3 seeking advice from the Chief of Staff if the International Directorate’s foreign interference checks identify potential concerns;
21.4 assisting with the identification and engagement of at-risk student groups (including student associations, cultural groups, outbound mobility students and research students) to provide them with foreign interference information and education (consulting the Chief of Staff as necessary) at point-of-need as required; and
21.5 promoting the use of the Foreign Contact Concern Report (appendix 1) by students or staff who have contact with a foreign national that seems unusual, suspicious, persistent or ongoing and relating to a foreign national's involvement or interest in University operations or infrastructure.
22. The Graduate Research School are responsible for:
22.1 ensuring that foreign interference risk is considered with respect to any research education collaboration, applications or other related agreements that are part of the Graduate Research School’s operations;
22.2 making notifications as required under the Foreign Arrangement Notification Procedure;
22.3 seeking advice from the Chief of Staff if the Graduate Research School’s foreign interference checks identify potential concerns;
22.4 promoting the use of the Foreign Contact Concern Report (appendix 1) by students who have contact with a foreign national that seems unusual, suspicious, persistent or ongoing and relating to a foreign national's involvement or interest in University operations or infrastructure.
22.5 ensuring the compliance obligations of the United Nations Sanction and/or an Australian Autonomous Sanction (UNAS) regime in place for HDR students;
22.6 alerting staff considering Cotutelles, via Cotutelle procedures and information resources, about requirements to adhere to the Foreign Arrangement Notification Procedure; and
22.7 conducting a secondary check when advice has been received from the Advisor/ College of the proposed Cotutelle and assessing the Cotutelle arrangements against the Foreign Arrangement Notification Procedure.
23. For Controlled Entities, the Manager, Commercial Operations is responsible for:
23.1 making notifications as required under the Foreign Arrangement Notification Procedure;
23.2 ensuring that foreign interference risk is considered with respect to any Controlled Entity entering into any international agreement or collaboration, or arrangement.
Related documents and legislation
Date for next review
Chief of Staff
Foreign interference, non-core foreign arrangement, institutional autonomy
|Contact person||Chief of Staff|