How does Legal Compliance apply to the University?
Why did the University establish the Legal Compliance Framework?
The Legal Compliance Framework was developed in 2008/2009 following a recommendation made by the Auditor General. Until then, aside from specialty areas like Health, Safety & Wellbeing and Research Ethics, management of our legal compliance across the whole University could not be demonstrated.
The Legal and Risk Branch developed a high-level framework with area-specific tools and resources to help staff identify and manage legal obligations and formalise existing compliance responsibilities.
In late-2009, a pilot was undertaken in the Schools of History and Politics and Medical Sciences. A staged rollout plan was completed in 2014.
Why has the University mandated the Legal Compliance Framework?
As a large statutory corporation, the University must take its legal compliance obligations seriously but recognises that keeping track of all legal requirements is difficult. The Framework makes it easier for staff to identify their obligations and allows the University to demonstrate measures taken to act within statutory requirements.
From a risk management perspective, having a mandated legal compliance framework makes sense. When legislation impacts on our activities, the law cannot be ignored. The Framework provides piece of mind to staff and to the University Council. We can readily demonstrate our compliance to external organisations (e.g. TEQSA, NHMRC, Auditor-General).
How are University staff involved in the Legal Compliance Framework?
The Framework is designed to reach across the University and equip staff from all areas with the basic knowledge and information needed to meet compliance obligations. Each area will have at least one Local Compliance Officer (LCO) who will be aware of legislation most likely to impact on the area's activities. Each area also has a Local Area Head (LAH) who is responsible for certify local compliance during the annual legal compliance certification process. LCOs support LAHs to resolve non-compliance at the local level.
Designated Specialist Officers (DSOs) are located across the University and their area of work gives them an insight into specific categories of legislation. This expertise can assist other staff and contact details for specialists are included in the Legislation Directory webpages. These resources can be accessed by all University staff.
Some senior staff members are required to certify compliance on behalf of their area. Similarly, each category of legislation has a designated University Compliance Owner (UCO) who monitors compliance across the whole University in the category.
More information can be found in the Legal Compliance Handbook which can be downloaded from the website.
What does it mean to be compliant?
Legal compliance refers to behaving in accordance with legislation, or meeting a mandated standard, activity or behaviour set out in an Act of Parliament (legislation), Code or Guideline (legislative instruments). 'Non-compliance' is a failure to conform to requirements set out in these statutes, either deliberately or inadvertently.
What is a "non-compliance case"?
A non-compliance case is an actual or potential breach of State or Federal Legislation. The breach may be inadvertent because of a change in law or activity. Once identified at the local level, staff must advise the University Compliance Centre about the issue. The nature of the non-compliance is specified and recorded on the Compliance Register in consultation with the local area. Other University compliance role holders and managers are notified automatically.
The majority of non-compliance cases are non-intentional breaches and do not invoke any suggestion of illegal activity or misconduct.
How do I identify a non-compliance?
It can take a great deal of discussion before an issue reaches the status of a 'non-compliance'. If you are concerned about an issue but are unsure as to whether a matter relates to legal compliance or something else such as University policy, staff or student conduct, contract management, see Integrity and Public Accountability. The University Compliance Centre or any of the legal counsel in Legal & Risk Branch can be contacted via the Legal & Risk Helpdesk.
What are the consequences of non-compliance?
The consequences and penalties associated with non-compliance vary considerably.
Most instances of non-compliance are simple oversights and can be quickly corrected. But any failure to comply can expose the University to embarrassment, investigation, legal prosecution and institutional cost. It may also expose employees and managers to personal criminal prosecution or civil liability. Deliberate non-compliance may be serious misconduct under the enterprise agreement.
University-wide breaches of the Competition and Consumer Act can result in fines of up to $1.1million per offence or 10% of the University’s annual turnover per breach. Breaches by individual employees may result in fines of up to $500,000.
Breaching the Liquor Licensing Act may lead to the University having its liquor licence suspended, revoked or have further conditions imposed on it.
Breaches of the Copyright Act may result in copyright owners issuing legal proceedings against to the University (as an institution) or an individual (personally).
These consequences can usually be avoided when legal compliance obligations and subsequent risks are identified and effectively managed by an area.
Why should I report a non-compliance case?
Reporting all non-compliances ensures that the University has a central record of legal issues that are being worked through. Some cases can take years to resolve and it is important that the corporate knowledge surrounding these cases be captured and retained for future staff. Evidence of the action being taken may also assist the University should any future legal action arise. External regulators and investigating agencies are reassured that our response processes are effective.
Reporting a non-compliance early will ensure actions are taken immediately, before a breach or potential breach becomes more serious. Talking to the University Compliance Centre means that other support services such as legal, insurance or risk management can be offered where necessary.
The Legal Compliance Policy requires all personnel to report incidence of actual or near non-compliance.
What are some examples of non-compliance?
Here are some examples of non-compliance:
- A staff member misquotes a course fee to a potential student (Breach of the Competition and Consumer Act)
- A staff member alleges her employment was terminated because the University could not accommodate her commitment as a carer (Potential breach of the Fair Work Act)
- A Senior Manager finishes employment at the University and orders his notebooks to be destroyed and all of his emails to be deleted (Breach of the State Records Act)
- A school hosts its end-of-year exhibition at an off-campus location, selling alcohol without obtaining a liquor licence (Breach of the Liquor Licensing Act)
- The personal details of 60 staff members, including their phone number and address, is accidentally emailed to a staff member (Breach of the Privacy Act)
- Testing of a drone commences without proper licensing (Breach of the Civil Aviation Safety Regulations)
What should I do if I think a law is being breached within the University?
Talk to someone. The Legal Compliance Framework involves staff from across the University, not just Legal and Risk Branch. The website can help you identify a Local Compliance Officer (LCO) and you could discuss it with them or your Head of School (contact information is available here). If the issue is confidential, or if you are unsure what action to take, contact the Manager Compliance on 8313 0482.
Most incidents or non-compliances are not intentional and may only become obvious once they have happened. Reporting can ensure actions are put into place early, before a breach or potential breach becomes more serious. The Framework provides tools for managing compliance at the local area level, not for investigating or blaming staff. There are other processes in place to deal with illegal activity (see Integrity and Public Accountability).
How is legal compliance activity monitored?
Each area has staff members with nominated compliance roles. When a non-compliance matter is identified, it should be reported to the University Compliance Centre (UCC). Heads of Faculty or Division (HFD) are automatically notified of any non-compliance recorded on the central register (Register of Non-Compliance Activity). The HFD is provided with a quarterly report updating any action taken to resolve each reported case.
Non-compliance cases are also reported to the Vice Chancellor and President (and to the Audit, Compliance and Risk Committee).
Once a non-compliance has been identified, recorded and notified, the UCC continues to liaise with the relevant staff until the issue is resolved. While the UCC can provide assistance, the capacity to resolve any the issue rests with the management team for each areas.
How does the University know that all Schools and Branches are being compliant?
The Legal Compliance Framework includes an annual certification process. All areas of the University provide an Certification of Compliance to the Vice-Chancellor and President, who in turn reports this to the Audit, Compliance and Risk Committee and then to Council.
Local Area Heads (e.g. Heads of School or Branch Heads) are required to certify compliance in their area, while University Compliance Owners, are required to certify compliance within their categories of legislation. This process provides assurance to executive managers and out governing bodies that all facets of our legal obligations are covered.
Certifications acknowledge non-compliance issues that have occurred and provide demonstrable evidence that the University is attending to its compliance obligations.
How do I know if I have been compliant with laws?
Compliance resources on the Legal and Risk website can help. Legislative summaries give an overview of individual Acts as they apply to the University and provide a good starting point for increasing your compliance knowledge.
It helps to be aware of any legislation that might be relevant in your day to day work. If you know the name of the Act, start by searching for a resource or contact the Designated Specialist Officer named in the material or the University Compliance Centre for clarification.
What happens if I am found to be non-compliant? Who can help?
The Legal Compliance Framework has been specifically designed to ensure that all staff can readily access the support and advice they need in their local area.
Each School or Branch has staff members who have been nominated as Local Compliance Officers (LCO) and should be able to assist in resolving local-level non-compliance issues. These officers are listed on your local area webpage page on the Legal Compliance website. Similarly, certain staff have been nominated as Designated Specialist Officers (DSO) and should be able to assist in resolving University-wide compliance matters.
In all cases, Legal and Risk will offer support where required, particularly if specialist legal advice is needed or an external body becomes involved.
Why do I need to know about legal requirements? Isn't this just something my Manager needs to worry about?
All University staff have an obligation to observe the law and be compliant - not just Managers or Heads of School. We are all affected by legislation to varying degrees and must manage our compliance obligations individually.
In some cases, an employee may be personally responsible for a non-compliance, which means that if the University is found to be in breach of an Act, the individuals responsible for the breach are also personally liable, and may face fines or a criminal conviction. The University's insurance will not cover an employee for penalties or legal costs where deliberate or negligent illegal activity is involved.
How will I know what an Act requires of me?
Deciphering the requirements of an Act and applying it to your work situation can be tricky even if you have a legal background. The University Compliance Centre (UCC) has developed a range of resources including online legislation summaries which provide overviews of Acts as applies to the University. These are a good starting point for staff to improve their general compliance knowledge.
If you are still unsure of your compliance obligations contact the University Compliance Centre. Email the Helpdesk or phone 8313 4539.
Will I have to change what I am doing to be legally compliant?
Probably not. Compliance is largely about common-sense and transparent processes. Most people appreciate their legal obligations. The Legal Compliance Framework helps with the details and connects the dots across the University to allow us to illustrate our compliance to external agencies and funders.
If there are activities that you are not sure about, the University Compliance Centre can help you work through your legal obligations and provide reassurance or help find a better solution.
What happens if I ignore laws that I don't agree with?
Sometimes the law can be badly expressed, it can be inconvenient and restrictive. However, compliance with State and Commonwealth law is not discretionary.
Ignoring laws can lead to external sanctions being imposed on both the University and staff members, and internal disciplinary measures (including Code of Conduct) being enforced.
Equally, it is important to address laws that excessively restrict your work at the University. Please contact us to discuss.
Do all Universities have the same legal compliance obligations?
No. All Universities must abide by law within the jurisdiction in which they operate. But the laws applying to each institution will be dependent on activities conducted. There is considerable overlap in the obligations of Australian Universities, but each will have a different approach to management of compliance.
The Legal Compliance Policy has been mandated by the University of Adelaide Council as the most effective way of dealing with our legal compliance obligations.
Isn't legal compliance just more red tape?
No. The Legal Compliance Framework is designed to reduce red tape by raising awareness of compliance and supporting self-management of legislative requirements at a local level.