Guidelines for legal compliance

Page 1 of 5
Guidelines for legal compliance
A legal compliance programme is a set of structures and procedures designed to ensure that an
organisation complies with its legal obligations. No single model will suit all organisations, however
some key elements should be addressed in all compliance programmes.
The following commentary provides an overview of legal compliance and its implementation by way
of policy. MyLawGuide has identified the following elements as typical of best practice when
implementing a legal compliance programme to deal with an organisation’s legal responsibilities.
Good governance and legal compliance
Effective legal compliance is one of the cornerstones of good governance. Governance is the
responsibility of board (or council) members.
The CEO is responsible for legal compliance. This responsibility may be delegated to a compliance
officer, company secretary, or similar executive position.
Legal compliance is compulsory
It is important that whoever has responsibility for legal compliance within an organisation
understands the absolute requirement that all organisations, and the employees who work for
them, must comply with the law. The executive within an organisation responsible for legal
compliance, which by default is the CEO, must therefore ensure that all relevant and applicable laws
are known by that organisation’s employees.
Ignorance of the law by the organisation, or by one of its employees, is no excuse for noncompliance.
Legal Compliance Policy
Employees are typically required to comply with all policies, including the legal compliance policy,
when signing their employment agreements. Employment agreements may state something similar
to the following:
“An employee must comply with such particular rules and policies of which he/she is
informed. The employer may amend such rules or policies from time to time as operational
requirements dictate. The employer shall ensure that an employee is given appropriate
notice of any alterations.”
Note the words “of which he/she is informed”. It is very important that the employees are informed
of all policies, including the legal compliance policy. Not informing an employee of a policy may
render that policy ineffective, as a policy. The law applies to all employees, regardless of whether or
not the employer has a legal compliance policy. However, it is best practice for employers to ensure
that employees understand their responsibilities in respect of the law.
Appoint a compliance officer
An effective legal compliance programme needs someone in control to develop and operate it, to
educate employees, to investigate compliance matters and to take the appropriate action following
© MyLawGuide LP 2014
Page 2 of 5
investigation. The compliance officer must report to management and the CEO periodically and as
issues arise.
Develop an appropriate line of communication
A line of communication must be established and made known to employees so that compliance
issues can be raised with the compliance officer directly and discreetly.
Establish a record keeping system
A system of recording accurately, securely and completely all compliance matters raised must be
implemented and maintained.
Educate
Employees must be educated and trained periodically by appropriate teaching methods on all
relevant statutory obligations and the organisation’s policies.
Incorporate in performance reviews
Employees must be made aware that compliance is required under their employment agreement
and that their adherence to statutory requirements and the organisation’s policies will be a factor in
performance reviews. Employees must be made aware that breaches may result in disciplinary
action.
Give disciplinary guidelines
Employees must be made aware of the penalties for statutory breaches, as well as the disciplinary
consequences under their employment agreement.
Establish internal auditing and monitoring
To assess the effectiveness of the legal compliance programme, there should be ongoing evaluation
of performance to identify and resolve problems in the programme by internal auditing and
monitoring.
Respond to compliance breaches
Where breaches are detected, as well as responding to the particular breach by disciplinary action,
consideration should be given to whether further education or some other action is required.
© MyLawGuide LP 2014
Page 3 of 5
New Zealand Standard for Compliance Programmes
Although no single model will suit all organisations, Standards New Zealand Limited has published
NZS/AS 3806:2006, a compliance programme standard which helps organisations develop a
compliance programme demonstrating a commitment to compliance with legislative requirements,
industry codes and organisational standards as well as standards of good governance, ethics, and
community expectations. A new standard for compliance management systems, ISO 19600, is
expected to be released shortly.
The following is a basic legal compliance programme model which can be used as a starting point for
creating a programme appropriate for your organisation’s structure.
Please see the “Free Licence to Use” at the foot of the template for more details on your rights to
use this template.
[Your organisation’s name]: Legal Compliance Programme
1. Purpose
The purpose of this legal compliance programme is to ensure that all employees understand
and adhere to the law as well as to the policies of [organisation name]. The programme is
designed to educate employees, ensure compliance with all statutory requirements and
policies, foster an ethical environment, establish a mechanism to detect and identify
breaches of the law or policy or other unethical behaviour, and audit compliance with, and
adherence to, law and policy.
2. Structure
[Describe the different management positions and hierarchy within your organisation,
including who reports to whom. An organisation chart, either inserted into this section or
referenced as an appendix, would be useful.]
3. Compliance Officer
The compliance officer is responsible for ensuring that all employees are aware of and
understand relevant statutory requirements and the policies of [organisation name]. The
compliance officer, who administers the legal compliance programme, reports to the [title of
relevant senior executive].
The compliance officer’s responsibilities include the following:



To designate appropriate supervisory employees and officers to assist in
administering the programme;
To ensure that all employees receive and acknowledge in writing that they have
received, reviewed, and understand the policies of [organisation name] and will
comply with their requirements;
To develop and facilitate suitable regular and periodic training programmes
designed to understand relevant statutory requirements and policies, and obtain
and maintain necessary technical training and certifications;
© MyLawGuide LP 2014
Page 4 of 5







To investigate reports of suspected breaches and to make independent
determinations as to whether a breach has occurred;
To recommend to management disciplinary action for breaches;
To ensure that all reports of suspected breaches and investigations remain
confidential;
To establish and maintain appropriate systems and internal controls to implement
the [organisation name]’s policies and the legal compliance programme;
To conduct both periodical and regular audits of employees, departments, and sites
of [organisation name] to ensure that they are in compliance with all relevant
statutory requirements and policies;
To recommend hiring such consultants, auditors, or other persons as may be
necessary to ensure that each employee receives adequate training and to conduct
audits and investigations; and
To make recommendations to the [title of relevant senior executive] that may better
facilitate compliance with both the law as well as the policies of [organisation
name].
4. Reports
The compliance officer will report monthly/quarterly [delete one] to the [title of relevant
senior executive] concerning all activities regarding the organisation’s legal compliance
programme.
5. Investigations
The compliance officer shall investigate all reports of suspected breaches. The reports may
either be on the compliance officer's own initiative or in response to a complaint. All reports
shall be documented, reviewed, and evaluated and the compliance officer shall safeguard
the confidentiality of all reports and investigations. The compliance officer shall also institute
necessary policies to prohibit any form of retaliation against any person who makes a report.
The compliance officer may recommend that [organisation name] retain such consultants or
auditors as may be necessary to conduct a proper investigation and consult with any outside
legal advisers as may be retained for such purpose. In conducting an investigation, the
compliance officer shall have access to all necessary documents, including e-mail, and
authority to interview any employee. After concluding an investigation, the compliance
officer shall make a report and submit it to the [title of relevant senior executive] with
recommendations for appropriate disciplinary action.
6. Audits
The compliance officer shall regularly (at least annually) and periodically audit the
organisation’s compliance with all relevant statutory requirements as well as the policies of
[organisation name]. Additionally, the compliance officer and the Chief Financial Officer shall
jointly audit the effectiveness of, and compliance with, [organisation name]'s financial
controls and procedures. In conducting such audits, the compliance officer may recommend
that [organisation name] retain such consultants or auditors as may be necessary. Such
audits may be of any office, department, site, or employee. After concluding such audit, the
compliance officer and Chief Financial Officer, as appropriate, shall submit a report to the
© MyLawGuide LP 2014
Page 5 of 5
[title of relevant senior executive] and make appropriate recommendations for
improvement.
7. Training
The compliance officer shall provide, or arrange to have provided, regular training necessary
to ensure compliance with all relevant statutory requirements and policies, as well as the
necessary technical training for specialized positions and to obtain (and maintain) necessary
certifications. Such training must be provided to all employees, including management. For
new employees, this training shall be provided as part of new employee induction. At the
conclusion of each training session, the compliance officer shall obtain a written
acknowledgement from every employee that they understand the relevant statutory
requirements and that they have received, reviewed, and understand [organisation name]’s
policies and that they will comply with all relevant statutory and policy requirements. The
compliance officer will maintain a file of all training sessions, attendance at such training
sessions and acknowledgement forms.
8. Cooperation
All employees are required to fully cooperate with the compliance officer in administering
the legal compliance programme. All supervisory employees are responsible for ensuring
that their subordinates cooperate, are aware of, understand, and comply with all relevant
statutory requirements and policies of [organisation name].
END
Free Licence to Use
These Guidelines and the Model Legal Compliance Programme are available under licence at no cost
for internal use by organisations. Adaptation is permitted. Recipients may also forward these
materials to third parties provided they make no changes or deletions to the materials, including
deletion of, or changes to, the “Free Licence to Use” and the note titled “For Further Assistance”.
These materials may not be on-sold, nor are they to be adapted by third parties for commercial
purposes. MyLawGuide reserves all rights, including moral rights, in the materials.
For further assistance
MyLawGuide makes law easy for organisations in New Zealand. MyLawGuide would be delighted to
assist you with your legal compliance needs.
To obtain your free licence and an editable version of these materials, please email
david.callaway@mylawguide.com, or phone 021 929 088.
Click on the following links to register for MyLawGuide’s “News” and “Legislation Watch” services.
For more information go to www.mylawguide.com.
© MyLawGuide LP 2014