• Section 1 - Purpose and Context
• Part A - Introduction
• Part B - Application
• Section 2 - Definitions
• Section 3 - Policy Statement
• Part C - Compliance Management Program
• Section 4 - Procedures
• Part D - Roles and Responsibilities
• Part E - Consequences of Non-Compliance
• Part F - Awareness and Training
• Section 5 - Guidelines

Section 1 - Purpose and Context

Part A - Introduction

(1) The University is committed to complying with all relevant Australian (Commonwealth) and NSW laws relating to its governance and operations and recognises its obligations to its students, its staff, and the wider community to provide a safe environment that adopts the highest standards of accountability.

(2) The University maintains a high standard of diligence in all areas of accountability through the promotion of a positive compliance culture, and the maintenance of a uniform and responsive, risk-based compliance management program under its Compliance Management Framework.

(3) This policy:

1. sets out how the University enables and assures compliance with its legislative obligations without compromising the efficiency, or the achievement, of its strategic objectives
2. promotes the highest standards of university governance and supports the Board of Trustees to fulfil its functions as prescribed by section 22 of the Western Sydney Act 1997 (NSW) and
3. is, in conjunction with the Compliance Management Program (“Program”), consistent with the Australian Standard Compliance Management Systems Guidelines (AS ISO 19600:2015).

Part B - Application

(4) This policy applies to all University staff, whether full-time, part-time, casual, paid or voluntary, and all its current and future activities.

(5) This policy should be read in conjunction with relevant University policies, including the Code of Conduct and Integrity Compliance and Reporting Policy (Conflicts of Interest, Gifts, Benefits).

(6) University controlled entities are expected to establish and implement their own Compliance Policy but may resolve to adopt this Policy by resolution of its managing authority.

Section 2 - Definitions

(7) For the purposes of this policy, definitions that apply can be found in the Policy DDS Glossary, in addition to the following:

1. Compliance means meeting the requirements of all relevant laws, and internal codes of conduct and policies applicable to the University as a whole and to individual schools and units
2. Compliance Attestation means the annual acknowledgment and demonstration of the University's attendance to, and management of, its overall compliance obligations, which is completed by the Compliance Network
3. Compliance Culture means the values, ethics and beliefs that exist throughout the University, and interact with its structures and systems, to produce relationships and behaviours that are conducive to both positive compliance and strategic outcomes
4. Compliance Directory means the list of NSW and Commonwealth laws governing the University and the sector
5. Compliance Incident means any incident or situation that potentially or actually breaches the University's compliance requirements
6. Compliance Incident Reporting means notifying the Compliance Program Unit of potential risks or actual incidents of non-compliance via the University Compliance Incident Reporting Register
7. Compliance Incident Reporting Register means the online database to which potential and actual compliance incidents can be reported to the Compliance Program Unit
8. Compliance Management Framework means the relationship between the strategic and operational components of its compliance management program, overarching benchmarks of standards, and compliance risk management
9. Compliance Management Program means a set of interrelated or interacting systems, processes, activities and controls to achieve organisational compliance
10. Compliance Network means those University staff within particular operating units who are designated on the Compliance Directory as Accountable Compliance Representatives or as Compliance Contacts with subject matter expertise and are responsible for the operational compliance of laws on the Compliance Directory that are assigned to them
11. Compliance Program Unit means the independent business unit within the University that has the objective responsibility of overseeing, maintaining and applying the Compliance Management Framework
12. Compliance Self-assessment means the continuous review and assessment of the University's ability to comply with specific assigned laws on the Compliance Directory, which is completed by the Compliance Network

Section 3 - Policy Statement

(8) The University requires all University staff to:

1. retain the responsibility for compliance even for activities that are outsourced to third parties
2. be individually responsible and accountable for their own awareness of, and compliance with, applicable laws, mandatory training and policy documents
3. integrate with other University functions of legal, governance, training and development, risk, and audit
4. embed regularatory compliance obligations in University mandatory training, policy documents, processes, and practices for managing relationships with external and internal stakeholders and
5. report and manage Compliance Incidents through the University's Compliance Incident Reporting Register.

(9) The University maintains a Compliance Incident Reporting Register where the disclosure, investigation and management of potential and actual breaches of law, University policy and University procedure are reported, recorded, managed and corrected.

(10) The University additionally requires staff in the Compliance Network to:

1. complete self-assessments as to the risk of non-compliance with the assigned laws, including recording key information such as specific obligations, compliance status, and internal controls and
2. annually attest that there is no material non-compliance of the assigned laws within their operating areas.  Annual compliance attestations provide assurance to the Board of Trustees that there is no material non-compliance of assigned laws that could adversely affect the University's ability to comply with its legislative obligations.

Part C - Compliance Management Program

(11) Under its Compliance Management Framework, the University recognises that effective management of its legislative compliance obligations is a shared responsibility, and can only be achieved where:

1. compliance responsibilities are clearly assigned and
2. every level of management is aware of, and understands its role in, managing compliance obligations.

(12) The University has embedded the continual improvement enhancement principle of "Develop, Implement, Evaluate, Maintain" in the Program and its specific procedures. The University ensures there is a consistently applied and well understood process for the:

1. development of awareness of, and accountability for, legislative obligations through its Compliance Directory
2. implementation of compliance culture and compliance verification processes through the assignment of Compliance Directory laws to its designated compliance network, reporting on the Compliance Incident Reporting Register, and completion of any relevant training
3. evaluation of the University's overall operation and management of compliance through its continuous Compliance Self-assessment, annual Compliance Attestation, and root cause analysis of reported non-compliance incidents. These are intended to be an assessment, acknowledgment and demonstration of the University's attendance to, and management of, its compliance obligations and
4. maintenance of the Program, this Policy, and associated procedures through the independence of, and regular monitoring by, the Compliance Program Unit, as well as the regular reporting by the Unit to the University's Audit and Risk Committee on the Program.

(13) Each member of the Compliance Network is provided a Compliance Operational Handbook to direct them through the Compliance Management Program.

Section 4 - Procedures

Part D - Roles and Responsibilities

(14) The Director, Compliance is responsible for operationalising this Policy.

(15) The Compliance Network is responsible for:

1. facilitating compliance across the University with assigned laws
2. communicating any changes to those laws to the University including the Senior Executive Group
3. advising Policy Document Unit Heads of any required updates
4. creating and disseminating applicable training to relevant stakeholders
5. undertaking training and/or relevant qualifications relevant to their roles
6. promoting a compliance culture
7. continuously self-assessing and annually attesting to the risk of non-compliance in their operating areas and
8. disclosing, investigating, managing and correcting potential and actual breaches of law, University policy documents on the Compliance Incident Reporting Register of of which they are aware as it pertains to their operating area, but also in other areas if known.

(16) University staff are responsible and accountable for their own awareness of, and compliance with, applicable laws, University Policy Documents and relevant training, and for reporting any Compliance Incidents.

(17) The Compliance Program Unit monitors all incidents recorded on the Compliance Incident Reporting Register.

Part E - Consequences of Non-Compliance

(18) The University regards non-compliance with this Policy as a serious matter and, depending on severity and impact, will take appropriate action, which may include disciplinary action.

(19) Non-compliance with legislative and other obligations can expose the University and individuals to risks, including physical, financial and reputational risks, and the University regards non-compliance with this Policy as a serious matter and a breach of its Code of Conduct.

(20) Non-compliance may result in a report to an external reporting agency such as NSW Independent Commission Against Corruption (ICAC) or the NSW Auditor-General.

Part F - Awareness and Training

(21) The University ensures that the University staff, including the Compliance Network, has access to training initiatives and communication mediums designed to raise awareness and to assist them in carrying out their responsibilities and duties, including through induction.

Section 5 - Guidelines

(22) The Compliance Operational Handbook can be requested from the Compliance Program Unit.