Policy (Board Approved)

Transcription

1 Policy (Board Approved) Compliance and Regulatory Management Document Number GOV-POL Policy Statement Stanwell Corporation Limited (Stanwell) is a Queensland company Government Owned corporation. Stanwell owns coal-fired, gas-fired and hydro power stations which are used to generate electricity. As a diversified energy business, Stanwell sells this electricity both into the National Electricity Market and directly to retail customers, trades gas and coal and maintains an extensive portfolio of rural and residential properties. Stanwell shifts revenue between generation and other energy markets depending on market conditions. Stanwell operates within a highly complex, highly regulated environment and is subject to a multitude of legal, regulatory and governance requirements (compliance obligations). Stanwell recognises that in order to ensure that it meets its compliance obligations (as well as standards of good corporate governance, ethical and community standards), an effective, responsive, organisation-wide compliance management system is required. Stanwell is committed to: 2.0 Scope implementing, maintaining and continually improving an effective and responsive compliance management system to enable it to address all of its compliance obligations to get it right ; and maintaining a culture of integrity and compliance, and conducting its business activities lawfully in a manner that is consistent with its compliance obligations. The Compliance and Regulatory Management Policy covers all of Stanwell s compliance obligations. These compliance obligations include: legislative obligations, including State and Commonwealth Acts, Regulations, local laws, by-laws, planning schemes and rules; permits, licences and other forms of authorisations; contractual obligations; regulatory policies and codes; industry codes and standards; shareholding Minister and other State or Commonwealth government requirements; and Stanwell s policies, procedures, Code of Conduct, Safeguards, operational strategies, plans and delegations. WRITTEN BY:... NAME: Maria Maraj Approved via Board Meeting Minutes : BD ENDORSED/CHECKED BY:... NAME: ELT APPROVED BY:... NAME: Board DATE:... Doc No: GOV-POL-20 Revision No: 4 Revision Date: Page: 1 of 10

2 The Compliance and Regulatory Management Policy applies to Stanwell s directors and employees, and to all contractors working for or at Stanwell (at its operational or non-operational sites) in their capacity as a director, employee or contractor of Stanwell (Our People). 3.0 Purpose Compliance and Regulatory Management at Stanwell is aimed at ensuring that the organisation is able to meet all of its compliance obligations and appropriately respond to any compliance and/or regulatory issues. To enable Stanwell to do this effectively, Stanwell has in place a Compliance and Regulatory Management System that operates across the whole business. Stanwell s Compliance and Regulatory Management System includes: this Compliance and Regulatory Management Policy; the Compliance and Regulatory Management Procedure; obligation-specific compliance procedures, detailed operational procedures and training to support Stanwell s compliance obligations; an integrated Events, Risk, Audit and Compliance Management electronic tool; and a dedicated, autonomous and skilled Compliance and Regulatory team. The purpose of the Compliance and Regulatory Management Policy is to establish the overarching principles and commitment to action for Stanwell with respect to achieving compliance by: every person within Stanwell accepting personal responsibility for compliance and acting ethically and with integrity; further embedding Stanwell s values Safe, Responsible and Commercial and engendering a culture of good governance, ethics, integrity and compliance; identifying a clear compliance and regulatory framework within which Stanwell operates; promoting a consistent, rigorous and comprehensive approach to compliance and regulatory management; and developing and maintaining practices that facilitate and monitor compliance. The Compliance and Regulatory Management Policy is a Code of Conduct framework policy. 4.0 Compliance and Regulatory Management System Stanwell s Compliance and Regulatory Management System is aligned with Stanwell s values, corporate strategy and objectives as articulated within Stanwell s Statement of Corporate Intent and Corporate Plan. The Compliance and Regulatory Management System is aligned with the best practice standards and principles outlined within the International Standard ISO 19600:2014 Compliance management systems Guidelines. Stanwell s Compliance and Regulatory Management System includes: an effective Board and senior management organisational structure which endorses an ethical and positive compliance culture within Stanwell. This includes everyone at Stanwell being responsible for compliance; commitment by the Board, CEO and all levels of management through their actions and decisions to Stanwell s values and to ensuring Stanwell has an effective and responsive compliance and regulatory management system; Doc No: GOV-POL-20 Rev:4 Rev Date: Page 2 of 10

3 compliance responsibilities being clearly articulated and assigned; providing education and training to ensure that every person at Stanwell is competent to fulfil their role in a manner consistent with Stanwell s compliance culture and commitment to compliance, and to discharge their compliance responsibilities effectively; consequences for an individual s failure to comply with Stanwell s compliance obligations. This may include discipline action in accordance with Stanwell s management of performance and conduct procedure in the event of an individual s wilful or negligent breach of their stated compliance obligations; the integration of compliance and regulatory management across all other business functions (including Health and Safety, Environment, Risk, Trading and Financial Risk), the alignment of their policies, processes, procedures and operational requirements to the Compliance and Regulatory Management System 1 and the integration of compliance obligations in Stanwell s day-to-day operations; processes to systematically identify new and changed obligations and their implications for Stanwell s business activities and regular identification and evaluation of compliance and regulatory risks; and regular reporting to senior management, the Audit and Risk Management Committee and the Board in relation to Stanwell s compliance issues, compliance breaches, systemic compliance issues and compliance and regulatory risks. The Board-approved Compliance Breach Reporting Mechanism 2 is included in Attachment 1. Stanwell is committed to regularly monitoring, measuring and assessing the effectiveness of its Compliance and Regulatory Management System and compliance performance. Stanwell s Compliance and Regulatory Management Procedure (delegated to the CEO for approval) documents in detail how Stanwell implements, evaluates, maintains and continually improve compliance; it outlines the structure, key processes, tools and additional activities that Stanwell has implemented to ensure it meets all of its compliance obligations and appropriately responds to compliance and/or regulatory issues. 5.0 Responsibilities and Authorities Everyone is responsible for compliance at Stanwell. Specific responsibilities and authorities are detailed below. Division/Position Responsibility Board The Stanwell Board retains the ultimate responsibility for legal and regulatory compliance and is charged with overseeing, reviewing and ensuring the effectiveness of Stanwell s compliance systems, including the Compliance and Regulatory Management System. The Board is responsible for: ensuring that Stanwell has appropriate frameworks and 1 All compliance policies, procedures and processes must align to this Policy and the Compliance and Regulatory Management System. For the avoidance of doubt, this includes health and safety compliance, environmental compliance, spot trading compliance, retail operations and processes, financial risk and settlements processes, procurement processes, information technology processes and industrial relations and employee relations processes. 2 The Board approved the Compliance Breach Reporting Mechanism on 29 May Doc No: GOV-POL-20 Rev:4 Rev Date: Page 3 of 10

4 Division/Position Responsibility controls in place and that they operate effectively to ensure compliance; determining the appropriate level of compliance that the Board is willing to accept in the conduct of Stanwell s business activities; and approving this Compliance and Regulatory Management Policy. The Board is advised regularly on compliance related issues including any compliance breaches. Audit and Risk Management Committee The Board has established the Audit and Risk Management Committee (ARMC) to, amongst other things: review and oversee systems of risk management, internal control and legal compliance; review the effectiveness of Stanwell s Compliance and Regulatory Management System for identifying, monitoring and managing compliance with relevant laws, regulations and associated government policies; review and if necessary make recommendations to the Board on breaches of key compliance requirements; and review and if necessary make recommendations to the Board on the outcomes of investigations into Reportable Conduct and Stanwell s compliance with its regulatory obligations in respect of these. Chief Executive Officer The Chief Executive Officer (CEO) is accountable to the Board for ensuring implementation and management of Stanwell s Compliance and Regulatory Management System. Specifically, this includes: ensuring a compliance culture is promoted within Stanwell; the commitment to compliance is maintained and that noncompliance and noncompliant behaviour are dealt with appropriately; and appointing an adequately resourced and skilled Compliance and Regulatory team that has the authority and capacity to act independently and is not compromised by conflicting priorities, particularly where compliance is embedded in the business. Chief Financial Officer The Chief Financial Officer (CFO) is responsible for the oversight of the implementation and operation of Stanwell s Compliance and Regulatory Management System. The CFO is accountable to the CEO for overseeing the Compliance and Regulatory Management System to ensure: the ongoing effectiveness, integrity and relevance of the Compliance and Regulatory Management System to Stanwell s Doc No: GOV-POL-20 Rev:4 Rev Date: Page 4 of 10

5 Division/Position Responsibility operations; the Compliance and Regulatory Management System accords with the requirements of Stanwell s Board; and to the extent relevant, the Compliance and Regulatory Management System complies with principles of good corporate governance and achieves applicable standards. It is the responsibility of the CFO (with the support of Legal, Internal Audit and the Compliance and Regulatory team) to ensure that compliance issues and compliance breaches are adequately investigated and all issues are reported to appropriate parties in a timely manner. General Manager Corporate Services The General Manager - Corporate Services is accountable to the CFO for the implementation, review and management of Stanwell s Compliance and Regulatory Management System. This also includes reporting on compliance issues and compliance breaches directly to the Executive Leadership Team, the ARMC and the Board as required. The General Manager - Corporate Services is accountable for: the design, consistency and integrity of the Compliance and Regulatory Management System; ensuring that awareness of compliance is promoted within Stanwell; ensuring that Stanwell has appropriate systems to identify, record and communicate its compliance obligations; ensuring that compliance obligations contained within Stanwell s Compliance Obligations Register are accurate and current; the active management of those compliance obligations, including ensuring that appropriate controls are implemented; delivering (with the assistance of the Senior Compliance and Regulatory Advisor) training and presentations to Our People in relation to compliance and regulatory issues; and providing effective advice to Our People on compliance and regulatory matters, including how to best comply with Stanwell s compliance systems. The General Manager Corporate Services also has the support of the CEO to: access all levels of the organisation, including direct access to the Chairman of the Board, CEO, senior management, and the opportunity to contribute early in decision-making processes; access all documented information and data needed to perform compliance tasks and fulfil compliance responsibilities (including reporting); and access expert advice on relevant laws, regulations, codes and organisational standards (as required). Doc No: GOV-POL-20 Rev:4 Rev Date: Page 5 of 10

6 Division/Position Responsibility For the avoidance of doubt, it is not the responsibility of the General Manager - Corporate Services through the design and implementation of the Compliance and Regulatory Management system to ensure compliance by Directors, employees, individual business units or contractors. Executive General Managers 3 Each Executive General Manager is accountable to the CEO for compliance obligations (both within their business units and across the organisation) for which they are responsible. This includes: active management of those compliance obligations for which they are responsible; on-going identification, assessment, management, reporting, review and monitoring of compliance issues; ensuring adherence to this Compliance and Regulatory Management Policy; and periodic certification to the ARMC regarding compliance. Group Manager Internal Audit The Group Manager Internal Audit may be requested by the CEO, CFO or ARMC to review the Compliance and Regulatory Management System, associated compliance tools and processes against set criteria to: confirm the effectiveness of the Compliance and Regulatory Management System, compliance controls or processes; identify any suggestions for improvement in the Compliance and Regulatory Management system, compliance controls or processes; and investigate compliance issues or breaches. Managers and Supervisors Managers and Supervisors are responsible for ensuring effective implementation and maintenance of the Compliance and Regulatory Management Policy and that Our People adhere to the associated procedures, systems and guidelines. This includes: complying with Stanwell s compliance obligations; mentoring and coaching to promote compliance behaviour and encouraging employees to raise compliance concerns; attending and supporting compliance and regulatory training activities and ensuring that their employees meet their training and competence requirements and develop an awareness of compliance obligations (particularly those relevant to their 3 Executive General Mangers (EGMs) include other persons identified by the CEO from time to time to act in an EGM role. For the avoidance of doubt, the CFO also has the responsibilities of Executive General Managers in addition to the CFO-specific responsibilities. Doc No: GOV-POL-20 Rev:4 Rev Date: Page 6 of 10

7 Division/Position Responsibility roles); integrating compliance obligations into existing business practices and procedures in their areas of responsibility; actively participating in the management and resolution of compliance-related incidents, issues and breaches in accordance with the Compliance and Regulatory Management Procedure; reporting and escalating all compliance concerns, issues and breaches in accordance with the Board-approved Compliance Breach Reporting Mechanism (as included in Attachment 1 and further outlined within the Compliance and Regulatory Management Procedure). Managers and Supervisors are also encouraged to identify and raise with the Compliance and Regulatory team or senior management any areas of concern and opportunities for improvement of Stanwell s Compliance and Regulatory Management System. Our People Everyone at Stanwell is responsible for compliance. Our People have a responsibility to ensure that their activities on behalf of Stanwell comply with all applicable obligations. Our people are required to: be aware of and adhere to this Compliance and Regulatory Management Policy, other policies and procedures relating to their workplace activities and Stanwell s compliance obligations; in accordance with the Code of Conduct, perform their duties in an ethical, lawful and safe manner; incorporate compliance management practices into their dayto-day activities; use available compliance and regulatory resources as part of the Compliance and Regulatory Management System, including to manage compliance obligations, associated compliance tasks and report compliance issues and breaches; undertake training in accordance with the compliance program and implement the practices learned in training; and report and escalate all compliance concerns, issues and breaches in accordance with the Board-approved Compliance Breach Reporting Mechanism (as included in Attachment 1 and further outlined within the Compliance and Regulatory Management Procedure). Doc No: GOV-POL-20 Rev:4 Rev Date: Page 7 of 10

8 6.0 Review and Consultation (Prior to Approval) This document is required to be reviewed, as a minimum, every two (2) years or in response to any material changes. The Board is responsible for approving this Compliance and Regulatory Management Policy. 7.0 Communication Plan (After Approval) This Compliance and Regulatory Management Policy will be communicated to key stakeholders using education and training as detailed above and via GenNet. 8.0 Definitions ARMC CEO CFO Compliance Compliance issue Compliance breach Compliance and Regulatory Management System Compliance commitments Compliance obligations Compliance requirements EGM Executive Leadership Team Our People Stanwell Audit and Risk Management Committee Chief Executive Officer Chief Financial Officer An outcome of Stanwell meeting all its compliance obligations One or more acts, omissions or events relating to Stanwell s compliance obligations that, after further investigation, may or may not be identified as a compliance breach. One or more acts or omissions by Stanwell or Our People which results in the failure by Stanwell to meet its compliance obligation(s). The policies, procedures, processes, tools and activities Stanwell has implemented to ensure it is able to meet all of its compliance obligations and appropriately respond to any compliance and/or regulatory issues Requirements that Stanwell chooses to comply with Stanwell s compliance requirements and compliance commitments. Requirements that Stanwell must comply with Executive General Manager Chief Executive Officer and the Executive General Managers Stanwell directors, employees and all contractors working for or at Stanwell (at its operational or non-operational sites) in their capacity as a director, employee or contractor of Stanwell. Stanwell Corporation Limited and its subsidiaries. Doc No: GOV-POL-20 Rev:4 Rev Date: Page 8 of 10

9 9.0 References (Including Information Services) ISO 19600:2014 Compliance management systems Guidelines GOV-POL-30 Code of Conduct The Way We Work at Stanwell GOV-PROC-28 Compliance and Regulatory Management Procedure OHS-PROC022 Stanwell Safeguards 10.0 Revision History Rev. No. Rev. Date Revision Description Author Approved By New compliance policy. Previously Risk and Compliance Management Policy GOV-POL-04 was in place Review on completion of Compliance System Upgrade Project Policy rewritten to address the requirements of the integrated Stanwell Corporation Position titles updated following Organisational Review. Change not required to go to the Board D Farrelly A Osborne Board Board M. Maraj Board M. Maraj General Manager Corporate Services Scheduled 3-year review. Policy updated to ensure alignment with the International Standard for Compliance (ISO 19600:2014 Compliance management systems Guidelines) (released in December 2014). M. Maraj Board Doc No: GOV-POL-20 Rev:4 Rev Date: Page 9 of 10

10 Attachment 1 Compliance Breach Reporting Mechanism (minimum standards) Immediate Reporting Periodic Reporting Actual Impact Rating = Major or Severe Chair Audit and Risk Management Committee Actual Impact Rating = Moderate, Major or Severe CEO Compliance Certification Report Actual Impact Rating = Minor, Moderate, Major or Severe Members of the Executive Leadership Team Actual Impact Rating = Low, Minor, Moderate, Major or Severe Responsible Executive General Manager Senior Compliance and Regulatory Advisor Low impact Compliance Breach occurs Minor impact Moderate impact Major impact Severe impact Doc No: GOV-POL-20 Rev:4 Rev Date: Page 10 of 10