Policy Legislative Alerts and Non-Compliance Reporting Procedure

Legislative Alerts and Non-Compliance Reporting Procedure


Print Friendly and PDFPrint Friendly

Intent

This procedure outlines the process for managing legislative alerts as an integral part of the JCU Compliance Framework and its three pillars of Inform, Comply and Assure. This procedure will assist the University in meeting its legislative compliance obligations in line with JCU’s Risk Management Policy and Compliance Policy.

In conjunction with the Annual Compliance Declaration (ACD) process, a higher degree of assurance can be achieved regarding compliance status at the Divisional and University levels.

Scope

This procedure applies to staff at JCU with specific responsibilities for legislative compliance activity including the Compliance Obligation Owners and Responsible Officers (see definitions below). This procedure does not apply to JCU Singapore.

Definitions

Except as otherwise specified in this Procedure, the meaning of terms used are as per the Policy Glossary.

Code

A statement of recommended practice developed internally by the University or externally by another body (may be mandatory or voluntary).

Compliance

Adhering to the requirements of laws, industry and organisational standards and codes, principles of good governance and accepted community and ethical standards.

Compliance failure

An act or an omission whereby the University does not meet its compliance obligations, processes or behavioural obligations.

Legal risk

The potential for financial loss or reputational damage if the University fails to be aware of and implement legislative or regulatory requirements that could impact operations, results in a breach of compliance, or through action or inaction gives rise to potential litigation against the organisation, its staff or students.

Obligation

A requirement specified by laws, regulations, codes or organisational standards.

Compliance Obligation Owner

The position title/role within the University having a specific duty or task to manage a particular compliance obligation (registrations, licenses, permits, regulatory reporting, etc.).

Responsible Officer

Responsible for providing guidance and support to all employees; monitoring legislation, regulations and codes for any changes or new statutory requirements; reporting non-compliance issues and ensuring legislative requirements are met within their Divisions. In some cases a Risk Champion is also a Responsible Officer.

1. Responsibilities

1.1 As per the JCU Compliance Framework, the University Executive, Chief of Staff, Compliance Obligation Owners, and Responsible Officers have specific obligations in being informed of, and ensuring compliance with, various legislative obligations. This group which consists of Risk Champions, Directors, Deans, College Managers and Operations Managers.

1.2 The procedure also applies to the Chair and/or Secretary position within JCU Controlled Entities. Legal staff within the Legal and Assurance Office have access to the legislative alerts and these are distributed to Responsible Officers.

2. Compliance Obligation Registers (LexisNexis)

2.1 All references to Compliance Obligation Registers in this procedure refer specifically to LexisNexis, and does not include other regulatory or legislative compliance registers or processes.

2.2 Each Compliance Obligation Owner is assigned to a Compliance Obligation Register on LexisNexis. Compliance Obligation Registers are accessible via the Regulatory Compliance Portal. These are HTML-based and certain fields are editable. The intent is for the Compliance Obligation Owner to have access to the latest legislative updates, and to manage obligations through the compliance register that require action.

2.3 In order for the University to remain informed of its legislative compliance obligations, JCU subscribes to a series of compliance modules from LexisNexis (who specialise in providing regulatory and legislative compliance solutions). The compliance modules consist of a number of compliance obligations registers, developed and maintained in collaboration with legal subject matter experts. These legislative compliance modules are applicable to the Tertiary Education Sector and are in alignment with the specific legal environment within which JCU operates.

2.4 The Compliance Module Alert Map, maps the Compliance Obligation Owners to nominated compliance modules and associated module Legislative Alert notifications to be received. The Module Alert Map is maintained centrally by the Legal and Assurance Office and is subject to change.

2.5 The legislative compliance modules include:

Core Modules

Elective/Industry Modules

Anti-Bribery & Corruption

Bio-security

Competition & Consumer

Cyber Security

Corporations

Facilities Management

Employment

Intellectual Property

Environment

Modern Slavery

Privacy & Data Protection

Social Media

Tax

Tertiary Education (Cth)

Workplace Health & Safety

Electronic Transactions (New)

2.6 Within each of these compliance modules are the corresponding compliance registers. Compliance Obligation Owners have been selected based on their role and function and have been assigned access to the Regulatory Compliance Portal. Compliance Obligation Owners will receive Legislative Alerts that an update to current legislation has or may occur and may have an impact on their area of responsibility.

2.7 Compliance Obligation Owners responsibilities will be to ensure they and their respective areas (Divisions, Departments, Directorates, Offices):

  • are kept informed of all compliance matters,
  • take required actions to ensure their respective areas remain compliant;
  • to maintain the compliance registers (assign owners, manage risk of non-compliance, etc.); and
  • to monitor and report on compliance.

2.8 The University is subject to a variety of obligations around regulatory reporting, incident notification, accreditation, registration or licensing. The legislative alerts process with LexisNexis is one element of the compliance framework JCU has in place to ensure compliance with regulatory and/or legislative bodies.

3. Legislative Alerts

3.1 The legislative alerts process relates to the Inform pillar within the Compliance Framework. The process flow diagram (Appendix 1) illustrates the linkages between the legislative alerts process, routine monitoring of compliance activities (including internal policy compliance and review) and the annual compliance declaration process.

3.2 In ensuring legislative compliance, the designated Compliance Obligation Owner needs to address the following:

  • Assess relevance of alert to JCU activity
  • Communicate and distribute relevant information
  • Ensure records, policies and procedures are maintained/reviewed where applicable
  • Monitor compliance (or delegate this to the appropriate level) in accordance with their role accountabilities
  • Coordinate reporting (non-compliance and annual assurance processes)

3.3 To assist Compliance Obligation Owners, periodic alerts on updates to regulations and legislation will be sent by LexisNexis via email. The JCU Legal and Assurance Office also receive these alerts. Two types of email alerts are:

  • FYI (For-Your-Information)
  • Action Required

3.4 On receipt of the Legislative Alerts, Compliance Obligation Owners are to:

Step

Action for Alerts

1.

Determine whether the Legislative Alert (FYI or Action Required) requires that JCU needs to be informed or whether it triggers a need to review any change in policy, process, procedure, or system.

2.

If an action due to a Legislative Alert is required, the Compliance Obligation Owner can provide guidance to their departmental area and manage the Legislative Alert on the Regulatory Compliance Portal.

If required, as an additional step, the Compliance Obligation Owner can also manage this as a risk in RiskWare.

3.

Continue to monitor compliance within the Division/Business Unit by maintaining the Regulatory Compliance Portal.

4

The Risk and Compliance Officer will monitor the effectiveness of the Legislative Alerts and use of the Obligations Compliance Registers and provide guidance where required.

4. Non-Compliance Incident Reporting

4.1 Responsible Officers/Compliance Obligation Owners are required to identify and maintain records of all non-compliance incidents (or potential breaches) within their area of responsibility. Formal reporting of non-compliance incidents and their management is to be made to the Chief of Staff as soon as the Responsible Officer/Compliance Obligation Owner becomes aware of the incident.

4.2 When a non-compliance is identified, Management must:

  • investigate circumstances relating to the compliance breach;
  • notify Responsible Officer/Compliance Obligation Owner of compliance breach; and
  • ensure timely and adequate corrective actions are taken to reinstate compliance.

4.3 The internal non-compliance reporting process is detailed below:

Step

Action

1.

Staff member and/or Responsible Officer/Compliance Obligation Owner identifies a non-compliance/s or potential non-compliance/s.

2.

Responsible Officer/Compliance Obligation Owner to identify corrective actions for medium or high risk non-compliances and include those on the Internal Non-Compliance Report (NCR, Appendix 2) and submit to Chief of Staff for review.

3.

Where a NCR has been notified, the Responsible Officer/Compliance Obligation Owner develops a Compliance Action Plan that may require consultation across the University given the areas impacted by the legislative compliance requirement.

The Compliance Action Plan may also require endorsement by a management or governance committee of JCU, such as Academic Board or Vice Chancellor’s Advisory Committee (VCAC).

4.

The Responsible Officer monitors implementation of the Compliance Action Plan, including any reporting requirements to JCU committees.

5.

The Risk and Compliance Officer monitors effectiveness of the compliance reporting and corrective action process, through Riskware reporting.

4.4 Further guidance on LexisNexis functionality can be found in the LexisNexis Regulatory Compliance User Guide (Appendix 3).

Related policy instruments

Compliance Framework

Compliance Policy

Risk and Compliance Intranet Site

Risk Management Policy

Schedules/Appendices

Appendix 1 - Legislative Alerts and Non-Compliance Incident Report Process

Appendix 2 – Internal Non-Compliance Incident Report Template

Appendix 3 - LexisNexis Regulatory Compliance User Guide

Administration

NOTE:  Printed copies of this procedure are uncontrolled, and currency can only be assured at the time of printing.

Approval Details

Policy Sponsor

Vice Chancellor

Version no

21-1

Date for next Major Review

08/04/2024

Revision History

Version

Approval date

Implementation date

Details

Author

21-1

08/04/2021

08/04/2021

Procedure established to support implementation of the Compliance Policy

Risk and Compliance Officer

Keywords

Compliance Framework, Compliance Obligation Owner, Compliance Policy, Legislation, Alerts, Register, Non-compliance, Responsible Officer, Risk Champion, Risk Management, Reporting