Legislative Compliance Policy and Procedures

Application

All University members and University operations, including research, learning, teaching, and commercial activities.

Purpose

To support the University’s compliance with its legislative obligations and to create a positive compliance culture by reporting on and continuously improving legislative compliance management.

Background

The University is committed to complying with its legislative obligations, and to identifying and responding appropriately to non-compliances where necessary.

Effectively managing legislative compliance helps the University to:

  • act consistently with Taumata Teitei – Vision 2030 and the Strategic Plan 2025
  • fulfil its research, learning, teaching, and commercial objectives
  • maintain proper standards of integrity, conduct, and concern for the public interest and student well-being
  • protect and enhance the University’s resources, reputation, and credibility
  • avoid legal liability (and potential personal liability for University members)
  • avoid enforcement action, criminal prosecution, fines, and other costs and penalties.

Note – Council has a duty to maintain proper standards of integrity, conduct, and concern for the public interest and student well-being under section 281(1)(f) of the Education and Training Act 2020.

The University aims to create a positive compliance culture where all University members are encouraged to raise any legislative compliance concerns or risks for investigation and resolution.

This policy forms part of the University’s Risk Management Framework. The University’s risk appetite in the legal/regulatory compliance risk category is low.

Policy

Identification of legislative obligations

1. The Deputy General Counsel, in consultation with relevant senior managers, will identify the key legislative compliance obligations relevant to the University’s operations and record these obligations in an obligations register.

Notes:
- The University’s online obligations register is contained in ComplyWith.
- While every effort is made to identify the key legislative obligations which University members must comply with in the normal course of their employment or involvement with the University, the obligations register is not exhaustive and does not cover certain specialised legislation. But the University and University members must still comply with all relevant legislative and common law obligations.

2. Staff members who learn of legislation or legislative obligations relevant to their role within the University that do not appear in the obligations register are to refer such legislation or obligations to the Deputy General Counsel for review and possible inclusion in the obligations register.

Allocation of responsibilities

3. The Deputy General Counsel, in consultation with relevant senior managers, will allocate responsibility for ensuring compliance with obligations in the obligations register to relevant staff members (obligation owners).

Notes:
- The allocation of obligations to obligation owners is recorded in ComplyWith.
- An obligation owner may be responsible for an activity that has obligations from more than one item of legislation. For example, the staff recruitment activity has obligations from the Education and Training Act 2020, Fair Trading Act 1986, Human Rights Act 1993, and the Criminal Records (Clean Slate) Act 2004.
- Some items of legislation have obligations for more than one activity and accordingly there may be multiple obligation owners for an item of legislation.
- Responsibility for the same obligation may be allocated to multiple obligation owners for compliance within their individual span of control.

4. Where appropriate, obligation owners are to notify the Deputy General Counsel of changes to their position description or responsibilities so that the allocation of obligations can be updated to reflect those changes.

Updating legislative obligations

5. The Deputy General Counsel will make sure that there are processes in place to:

  • dentify law changes that add new obligations or change existing obligations in the obligations register
  • update the obligations register accordingly when law changes come into force.

Note - ComplyWith identifies law changes and updates the obligations register when law changes come in force.

6. After a law change, the Deputy General Counsel will:

  • allocate, in consultation with relevant senior managers, responsibility for any new obligations to obligation owners
  • notify obligation owners of changes to their existing obligations and/or new obligations for which they are responsible.

Note - ComplyWith notifies obligation owners of changes to their obligations. To receive email notifications of relevant changes, obligation owners should set up a “My List” of legislation in the obligations register and enable law change email updates.

Compliance with legislative obligations

7. Obligation owners are to:

  • support the University’s commitment to legislative compliance
  • assess the impact of allocated obligations on the operations for which they are responsible
  • integrate the obligations into policies, procedures, and processes to ensure compliance
  • implement the policies, procedures, and processes to ensure compliance (including by communicating with, and providing or arranging any required training for, relevant University members)
  • where a University position has key compliance-related tasks, the obligation owner will liaise with Human Resources to ensure that the relevant position description records those tasks, or a description of the obligation, and will keep the position description updated
  • complete compliance surveys when required and implement any corrective action plans in a timely way
  • support the continuous improvement of legislative compliance by encouraging University members to raise any legal compliance-related concerns or risks
  • proactively investigate and resolve any concerns or risks that are raised, and update policies, procedures, processes, or position descriptions as required.

8. After a law change, obligation owners are to:

  • assess the impact of any new or changed obligations on the operations for which they are responsible
  • integrate the new or changed obligations into policies, procedures, processes, or position descriptions to ensure compliance
  • implement the changed policies, procedures, and processes to ensure compliance (including by communicating with, and providing or arranging any required training for, relevant University members).

Management of non-compliances

9. University members who cause or become aware of a non-compliance with a legal obligation (other than a privacy breach) must report the non-compliance to their line manager and the Deputy General Counsel via legalcompliance@auckland.ac.nz as soon as practicable. The Deputy General Counsel will inform the relevant obligation owner of the non-compliance.

Note - A privacy breach must be managed in line with the Privacy Breach Management Procedures.

10. The obligation owner, in consultation with their manager, the Risk Office, and the Deputy General Counsel as required, must:

  • assess and evaluate the nature and scope of the non-compliance and the level of actual or potential consequences related to it using the Risk Management Framework and the Risk Matrix
  • take any appropriate steps to control and correct the non-compliance
  • deal appropriately with any consequences of the non-compliance
  • investigate the non-compliance to determine its cause
  • implement any corrective actions required to prevent it from occurring again.

Compliance surveys and reports

11. The Deputy General Counsel will carry out an annual legal compliance survey. The survey will require obligation owners to report on the compliance status of their obligations and record a corrective action plan for any partial or zero compliances identified.

Note - Compliance surveys are run online using ComplyWith.

12. The Deputy General Counsel, in consultation with obligation owners and relevant senior managers where required, will analyse the results of each compliance survey to identify material legislative compliance issues, risks, and trends.

13. The Deputy General Counsel will report on the results of each compliance survey to the Registrar including:

  • a brief description of the purpose and scope of the survey
  • the status of compliance and material issues, risks, or trends identifie
  • corrective actions taken or proposed to address any material issues or risks.

14. The Registrar will report on the results of each compliance survey to Council through the Audit and Risk Committee including:

  • a brief description of the purpose and scope of the survey
  • the status of compliance and any serious issues, risks, or trends identified
  • corrective actions taken or proposed to address any serious issues or risks
  • an overview of the key law changes since the last report.

15. The Deputy General Counsel may carry out additional compliance surveys for a specific purpose or operational area at the request of, or with the prior approval of, the Registrar.

Corrective action plans

16. Obligation owners must implement any corrective actions recorded in their compliance survey for a partial or zero compliance in a timely way and update the status of their corrective actions on a quarterly basis.

17. The Deputy General Counsel will track the status of the outstanding corrective actions and engage with obligation owners and their managers where required to assist in the resolution of partial or zero compliances.

Definitions

The following definitions apply to this document:

Common law means a body of unwritten laws based on legal precedents established by the courts.

ComplyWith means ComplyWith Legal Compliance, a legal compliance software product used by the University.

Legislation comprises Acts of Parliament, and secondary legislation made under an Act such as regulations, Orders in Council, and certain codes of practice.

Note - An example of an Act of Parliament and regulations made under that Act is the Health and Safety at Work Act 2015 and the Health and Safety at Work (Hazardous Substances) Regulations 2017. An example of a code of practice that is secondary legislation under the Education and Training Act 2020 is the Education (Pastoral Care of Tertiary and International Learners) Code of Practice 2021.

Obligation is a legal obligation contained in an item of legislation that the University must comply with.

Obligation owner is the staff member (or staff members) who are allocated responsibility for ensuring compliance with an obligation.

Registrar means the Registrar of the University.

Staff member means individuals employed by the University on a full or part time basis. This includes permanent, fixed-term, and casual staff members.

University means ‘Waipapa Taumata Rau - University of Auckland’ and includes all its subsidiaries.

University member includes members of Council, committee members, staff members, committee appointees, the University’s companies’ staff and board members, and contractors working for and on behalf of the University, and students.

Key relevant documents

Document management and control

Owner: Registrar
Content manager: Deputy General Counsel
Approved by: Vice-Chancellor
Date approved: 17 May 2023
Review date: 17 May 2028