Page 1 of 5 Guidelines for legal compliance A legal compliance programme is a set of structures and procedures designed to ensure that an organisation complies with its legal obligations. No single model will suit all organisations, however some key elements should be addressed in all compliance programmes. The following commentary provides an overview of legal compliance and its implementation by way of policy. MyLawGuide has identified the following elements as typical of best practice when implementing a legal compliance programme to deal with an organisation’s legal responsibilities. Good governance and legal compliance Effective legal compliance is one of the cornerstones of good governance. Governance is the responsibility of board (or council) members. The CEO is responsible for legal compliance. This responsibility may be delegated to a compliance officer, company secretary, or similar executive position. Legal compliance is compulsory It is important that whoever has responsibility for legal compliance within an organisation understands the absolute requirement that all organisations, and the employees who work for them, must comply with the law. The executive within an organisation responsible for legal compliance, which by default is the CEO, must therefore ensure that all relevant and applicable laws are known by that organisation’s employees. Ignorance of the law by the organisation, or by one of its employees, is no excuse for noncompliance. Legal Compliance Policy Employees are typically required to comply with all policies, including the legal compliance policy, when signing their employment agreements. Employment agreements may state something similar to the following: “An employee must comply with such particular rules and policies of which he/she is informed. The employer may amend such rules or policies from time to time as operational requirements dictate. The employer shall ensure that an employee is given appropriate notice of any alterations.” Note the words “of which he/she is informed”. It is very important that the employees are informed of all policies, including the legal compliance policy. Not informing an employee of a policy may render that policy ineffective, as a policy. The law applies to all employees, regardless of whether or not the employer has a legal compliance policy. However, it is best practice for employers to ensure that employees understand their responsibilities in respect of the law. Appoint a compliance officer An effective legal compliance programme needs someone in control to develop and operate it, to educate employees, to investigate compliance matters and to take the appropriate action following © MyLawGuide LP 2014 Page 2 of 5 investigation. The compliance officer must report to management and the CEO periodically and as issues arise. Develop an appropriate line of communication A line of communication must be established and made known to employees so that compliance issues can be raised with the compliance officer directly and discreetly. Establish a record keeping system A system of recording accurately, securely and completely all compliance matters raised must be implemented and maintained. Educate Employees must be educated and trained periodically by appropriate teaching methods on all relevant statutory obligations and the organisation’s policies. Incorporate in performance reviews Employees must be made aware that compliance is required under their employment agreement and that their adherence to statutory requirements and the organisation’s policies will be a factor in performance reviews. Employees must be made aware that breaches may result in disciplinary action. Give disciplinary guidelines Employees must be made aware of the penalties for statutory breaches, as well as the disciplinary consequences under their employment agreement. Establish internal auditing and monitoring To assess the effectiveness of the legal compliance programme, there should be ongoing evaluation of performance to identify and resolve problems in the programme by internal auditing and monitoring. Respond to compliance breaches Where breaches are detected, as well as responding to the particular breach by disciplinary action, consideration should be given to whether further education or some other action is required. © MyLawGuide LP 2014 Page 3 of 5 New Zealand Standard for Compliance Programmes Although no single model will suit all organisations, Standards New Zealand Limited has published NZS/AS 3806:2006, a compliance programme standard which helps organisations develop a compliance programme demonstrating a commitment to compliance with legislative requirements, industry codes and organisational standards as well as standards of good governance, ethics, and community expectations. A new standard for compliance management systems, ISO 19600, is expected to be released shortly. The following is a basic legal compliance programme model which can be used as a starting point for creating a programme appropriate for your organisation’s structure. Please see the “Free Licence to Use” at the foot of the template for more details on your rights to use this template. [Your organisation’s name]: Legal Compliance Programme 1. Purpose The purpose of this legal compliance programme is to ensure that all employees understand and adhere to the law as well as to the policies of [organisation name]. The programme is designed to educate employees, ensure compliance with all statutory requirements and policies, foster an ethical environment, establish a mechanism to detect and identify breaches of the law or policy or other unethical behaviour, and audit compliance with, and adherence to, law and policy. 2. Structure [Describe the different management positions and hierarchy within your organisation, including who reports to whom. An organisation chart, either inserted into this section or referenced as an appendix, would be useful.] 3. Compliance Officer The compliance officer is responsible for ensuring that all employees are aware of and understand relevant statutory requirements and the policies of [organisation name]. The compliance officer, who administers the legal compliance programme, reports to the [title of relevant senior executive]. The compliance officer’s responsibilities include the following: To designate appropriate supervisory employees and officers to assist in administering the programme; To ensure that all employees receive and acknowledge in writing that they have received, reviewed, and understand the policies of [organisation name] and will comply with their requirements; To develop and facilitate suitable regular and periodic training programmes designed to understand relevant statutory requirements and policies, and obtain and maintain necessary technical training and certifications; © MyLawGuide LP 2014 Page 4 of 5 To investigate reports of suspected breaches and to make independent determinations as to whether a breach has occurred; To recommend to management disciplinary action for breaches; To ensure that all reports of suspected breaches and investigations remain confidential; To establish and maintain appropriate systems and internal controls to implement the [organisation name]’s policies and the legal compliance programme; To conduct both periodical and regular audits of employees, departments, and sites of [organisation name] to ensure that they are in compliance with all relevant statutory requirements and policies; To recommend hiring such consultants, auditors, or other persons as may be necessary to ensure that each employee receives adequate training and to conduct audits and investigations; and To make recommendations to the [title of relevant senior executive] that may better facilitate compliance with both the law as well as the policies of [organisation name]. 4. Reports The compliance officer will report monthly/quarterly [delete one] to the [title of relevant senior executive] concerning all activities regarding the organisation’s legal compliance programme. 5. Investigations The compliance officer shall investigate all reports of suspected breaches. The reports may either be on the compliance officer's own initiative or in response to a complaint. All reports shall be documented, reviewed, and evaluated and the compliance officer shall safeguard the confidentiality of all reports and investigations. The compliance officer shall also institute necessary policies to prohibit any form of retaliation against any person who makes a report. The compliance officer may recommend that [organisation name] retain such consultants or auditors as may be necessary to conduct a proper investigation and consult with any outside legal advisers as may be retained for such purpose. In conducting an investigation, the compliance officer shall have access to all necessary documents, including e-mail, and authority to interview any employee. After concluding an investigation, the compliance officer shall make a report and submit it to the [title of relevant senior executive] with recommendations for appropriate disciplinary action. 6. Audits The compliance officer shall regularly (at least annually) and periodically audit the organisation’s compliance with all relevant statutory requirements as well as the policies of [organisation name]. Additionally, the compliance officer and the Chief Financial Officer shall jointly audit the effectiveness of, and compliance with, [organisation name]'s financial controls and procedures. In conducting such audits, the compliance officer may recommend that [organisation name] retain such consultants or auditors as may be necessary. Such audits may be of any office, department, site, or employee. After concluding such audit, the compliance officer and Chief Financial Officer, as appropriate, shall submit a report to the © MyLawGuide LP 2014 Page 5 of 5 [title of relevant senior executive] and make appropriate recommendations for improvement. 7. Training The compliance officer shall provide, or arrange to have provided, regular training necessary to ensure compliance with all relevant statutory requirements and policies, as well as the necessary technical training for specialized positions and to obtain (and maintain) necessary certifications. Such training must be provided to all employees, including management. For new employees, this training shall be provided as part of new employee induction. At the conclusion of each training session, the compliance officer shall obtain a written acknowledgement from every employee that they understand the relevant statutory requirements and that they have received, reviewed, and understand [organisation name]’s policies and that they will comply with all relevant statutory and policy requirements. The compliance officer will maintain a file of all training sessions, attendance at such training sessions and acknowledgement forms. 8. Cooperation All employees are required to fully cooperate with the compliance officer in administering the legal compliance programme. All supervisory employees are responsible for ensuring that their subordinates cooperate, are aware of, understand, and comply with all relevant statutory requirements and policies of [organisation name]. END Free Licence to Use These Guidelines and the Model Legal Compliance Programme are available under licence at no cost for internal use by organisations. Adaptation is permitted. Recipients may also forward these materials to third parties provided they make no changes or deletions to the materials, including deletion of, or changes to, the “Free Licence to Use” and the note titled “For Further Assistance”. These materials may not be on-sold, nor are they to be adapted by third parties for commercial purposes. MyLawGuide reserves all rights, including moral rights, in the materials. For further assistance MyLawGuide makes law easy for organisations in New Zealand. MyLawGuide would be delighted to assist you with your legal compliance needs. To obtain your free licence and an editable version of these materials, please email david.callaway@mylawguide.com, or phone 021 929 088. Click on the following links to register for MyLawGuide’s “News” and “Legislation Watch” services. For more information go to www.mylawguide.com. © MyLawGuide LP 2014
© Copyright 2024