Six Questions Every Director Should Be Asking About Compliance

AU Energy Compliance, Building and Construction, Consumer, Financial Services, NZ Energy Compliance

The obligation to ensure adherence to general and specific laws applying to your company’s operations is at the heart of your responsibilities as a company director – both under the Corporations Act 2001 (Cth) and at common law. The most recent set of hearings before the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (Royal Commission) are a sage reminder of the need for organisations (of all sizes) to reflect on how they are managing issues of governance and compliance within their business. You can follow some of our previous coverage of the Royal Commission here (


The consequences of failing to meet your obligations as a director can potentially expose the organisation to actions by shareholders, along with civil penalty enforcement action by the Australian Securities and Investments Commission (ASIC). The enforcement outcomes which can be sought by ASIC do not end with civil action but can also extend to criminal prosecution (depending on the facts) along with administrative disqualifications orders. Directors should also remember that their obligations are personal ones, which in some circumstances may also give rise to personal liability for debts and other losses incurred by the company.

Let’s now consider what it is that you should be asking as a director about compliance within your organisation in wake of recent events.

1. How do we manage our compliance obligations?

It may seem like a base line question to ask but it remains an important one for a director to ask no matter the size of the organisation and you shouldn’t feel uncomfortable asking it. Your obligations as a director are personal and do encompass you understanding how the organisation is managing legal and regulatory risk (inter alia) as part of the overall management of its operations. As such, it is important that you are familiar with the location and contents of the organisation’s compliance framework along with the policies and other controls that form part of that program — as an absolute minimum.

2. How are we embedding our compliance framework into everyday decision making?

It’s all good and well to have an elaborate set of compliance documentation and be able to point to that as your compliance framework, but if members of your organisation are not adhering to those mechanisms or understand how they apply to the work they are doing each day, then how effective is that compliance system in practice? As a director, you should be asking do we (as an organisation) need to better incorporate those controls into our work practices – of course, how you do so is a matter that should be approached based on the size and nature of your organisation.

3. How do we ensure that our compliance framework is current?

Compliance is not a set and forget suite of documentation you put in place and archive. How is your organisation managing its compliance obligations on an ongoing basis? Who within your organisation is monitoring changes in the law or keeping abreast of regulatory guidance by your relevant regulators so that your organisation remains on top of its compliance obligations on an ongoing basis. The directors of all companies should consider compliance as an evolving process and should ensure that the organisation has in place a mechanism that enables the compliance framework and controls to be updated as changes take place.

4. How are we testing adherence to our compliance obligations?

It is critical to have a compliance framework in place but if adherence to that framework is not being tested on a regular basis through monitoring and audits, how can you have confidence that the organisation is meeting its obligations? The process of periodic monitoring and auditing is just as key to managing compliance successfully as having a framework to start with. The governance around how that process takes place is also worth focusing on – are those charged with responsibility for monitoring and auditing sufficiently independent from the work processes to ensure that audits are transparent and robust?

5. What is our breach reporting process?

If a breach does take place, how does your organisation manage that process –  both in relation to assessing the facts that give rise to the concern but also in how that is then escalated within the organisation. A common compliant by regulators is that organisations can have cumbersome and slow assessment processes that can result in breach reporting delays and an overly legalistic approach being applied to the process. Are your breach reporting systems operating so that you can meet any reporting deadlines prescribed by legislation? If not, how are you managing any delays in meeting those obligations when it comes to communication with the regulator and is that considered satisfactory?

6. What kind of relationship do we have with our regulators?

As a director, you should be familiar with the regulatory history of the company that you are a director of. Is there a regulatory history? If so, what is that history and how has the organisation managed the failings that gave rise to those concerns. What kind of relationship does the company now have with its regulators and how can we best manage that, so the company is considered as demonstrating a compliance mentality and posing minimal regulatory risk. It is important that your regulators have confidence in your ability to meet your regulatory obligations and act with candour in dealing with them.

It may be considered by some as a soft compliance skill but the art of maintaining sound regulatory relations is important in managing the reputation of the company and should be considered a part of the overall compliance framework.

If you would like us to run a free webinar for Company Directors, please leave a comment below or contact the Compliance Quarter by clicking here.


Future Directions for Compliance in the Construction and Building Industry

Future Directions for Compliance in the Construction and Building Industry

Building and Construction

On 27 April the Building Ministers’ forum (BMF) met to discuss recommendations in the final report ‘Building Confidence – Improving the effectiveness of compliance and enforcement systems for the building and construction industry across Australia’ (the Report).[1] In this article we look at some compliance and enforcement recommendations contained in the Report. This will be of interest to any business in Australia involved in construction or property development.

Compliance in Construction
Sydney Australia, 2 May 2018. Photo Connor
By Dr Drew Donnelly, Compliance Quarter.

Background to Compliance in Construction: The Report

The Report was independently commissioned by the BMF to independently assess compliance and enforcement problems within compliance in construction systems across Australia. It is aimed at strengthening implementation of the National Construction Code across jurisdictions (states and territories). A specific concern motivating the Report was the death of 71 people in the Grenfell Tower fire in London in June 2017, which has been attributed to highly combustible polyethylene cladding.[2]

The Recommendations

Some (but not all) of the key recommendations in the Report are listed below:

  • Each jurisdiction should require the following categories of registration for building practitioners:
    • Builder
    • Site or Project Manager
    • Building Surveyor
    • Building Inspector
    • Architect
    • Engineer
    • Designer/Draftsperson
    • Plumber
    • Fire Safety Practitioner.[3]
  • Requirements for registration and training should be consistent across states and territories;[4]
  • Each jurisdiction should establish formal mechanisms for collaborative partnership between regulators (whether state or local government) and private building surveyors (where they have been given and enforcement role);[5]
  • Each jurisdiction should give regulators broad monitoring powers and an ability to carry out compliance and enforcement action;[6]
  • Each jurisdiction should develop more pro-active audit strategies for the oversight of the construction of commercial buildings with annual reporting on outcomes;[7]
  • Each jurisdiction should implement measures to mitigate conflicts of interest in the responsibilities of private building surveyors. Private building surveyors often have both design and compliance responsibilities;[8]
  • Each jurisdiction should require that building approval documentation be prepared by certain types of registered practitioner in accordance with the National Construction Code;[9]
  • Independent third-party review should be introduced for certain designs and buildings;[10]
  • On-site inspections of building work should be introduced at identified notification stages.[11]

The BMF has provided in-principle support for the Report with Ministers to examine the Report’s findings and recommendations in detail and agreeing to discuss future directions at the next BMF meeting.

For more information, contact the team by clicking here.


[2] For the Report go to—BMF-Expert-Assessment.pdf.

[3] The Report, p15.

[4] The Report, p17.

[5] The Report, p20.

[6] The Report, p21.

[7] The Report, p22.

[8] The Report, p25.

[9] The Report, p26.

[10] The Report, p27.

[11] The Report, p34.