COMPLIANCE CHARTER 1



Similar documents
Aegon Global Compliance

Compliance Policy AGL Energy Limited

ING Group Compliance Risk Management Charter and Framework

The Compliance Universe

Audit and Risk Committee Charter. Knosys Limited ACN (Company)

Audit and Risk Committee Charter. 1. Membership of the Committee. 2. Administrative matters

APPENDIX 50. Enterprise risk management - Risk management overview

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

Guidance Note: Corporate Governance - Board of Directors. March Ce document est aussi disponible en français.

Confident in our Future, Risk Management Policy Statement and Strategy

Audit, Risk and Compliance Committee Charter

Compliance Management Framework. Managing Compliance at the University

ENTERPRISE RISK MANAGEMENT POLICY

APES 320 Quality Control for Firms

CORPORATE GOVERNANCE. 1 Introduction. 2 Board composition and conduct

Policy (Board Approved)

University of New England Compliance Management Framework and Procedures

Financial Management Framework >> Overview Diagram

Council Meeting Agenda 27/07/15

Solvency Assessment and Management: Pillar II Sub Committee Governance Task Group Discussion Document 81 (v 3)

Governance, Risk and Compliance Charter

Annual Governance Statement 2013/14

Hunter Hall International Limited

Financial Services Guidance Note Outsourcing

Policy Document Control Page

How To Manage Risk At Atb Financial

Wirral Council: Job Role Descriptor HR USE ONLY

ENTERPRISE RISK MANAGEMENT FRAMEWORK

IFAD Policy on Enterprise Risk Management

Information Governance Strategy & Policy

ENTERPRISE RISK MANAGEMENT FRAMEWORK

Effective Internal Audit in the Financial Services Sector

RISK AND COMPLIANCE COMMITTEE CHARTER

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

Mandatory Provident Fund Schemes Authority COMPLIANCE STANDARDS FOR MPF APPROVED TRUSTEES. First Edition July Hong Kong

HEALTH SAFETY & ENVIRONMENT MANAGEMENT SYSTEM

PRINCIPLES OF CORPORATE GOVERNANCE FOR SUPERVISED INSTITUTIONS

Echo Entertainment Group Limited (ABN ) Risk and Compliance Committee Terms of Reference

COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES

SAI GLOBAL LIMITED Risk Management Policy

RISK MANAGEMENT STRATEGY

Corporate Governance Guidelines

Middlesbrough Manager Competency Framework. Behaviours Business Skills Middlesbrough Manager

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

(Effective as of December 15, 2009) CONTENTS

CD(SA) Director Competency Framework

A Guide to Corporate Governance for QFC Authorised Firms

Adopted by the Board of Directors of the Nordic Investment Bank on 17 December 2009 COMPLIANCE POLICY

GREAT PLAINS ENERGY INCORPORATED BOARD OF DIRECTORS CORPORATE GOVERNANCE GUIDELINES. Amended: December 9, 2014

INTERNAL AUDIT CHARTER AND TERMS OF REFERENCE

Principles of Best Practice applicable to the distribution of Life Insurance Products on a Cross-border Basis within the EU or a Third Country

Becoming Reactively Proactive Rethinking compliance risk management in today's environment

The Regulatory Framework for Social Housing in England Governance and Financial Viability standard requirement: Governance Annual Assessment

MFDA STAFF NOTICE THE ROLE OF COMPLIANCE AND SUPERVISION

ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES

The Risk Management strategy sets out the framework that the Council has established.

Board of Directors Meeting 12/04/2010. Operational Risk Management Charter

CORPORATE GOVERNANCE STATEMENT

Eclipx Group Limited Risk Management Policy

Board Charter. HCF Life Insurance Company Pty Ltd (ACN ) (the Company )

Revised May Corporate Governance Guideline

Operations. Group Standard. Business Operations process forms the core of all our business activities

Compliance. Group Standard

HORIZON OIL LIMITED (ABN: )

Notion VTec Berhad (Company No D) Board Charter

Internal Audit Standards

Outsourcing Risk Guidance Note for Banks

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

Corporate Governance Statement

How To Understand The Importance Of Internal Control

RISK MANAGEMENT FRAMEWORK

3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards.

Fraud Prevention and Deterrence

Module 4. Risk assessment for your AML/CTF program

14 December 2006 GUIDELINES ON OUTSOURCING

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

Achieve. Performance objectives

Explanation where the company has partially applied or not applied King III principles

Application of King III Corporate Governance Principles

Board Charter. May 2014

Compliance Plan. Contents

SHELL GENERAL BUSINESS PRINCIPLES

Appendix 14 CORPORATE GOVERNANCE CODE AND CORPORATE GOVERNANCE REPORT

MISSION VALUES. The guide has been printed by:

McKINSEY & COMPANY NONPROFIT BOARD SELF ASSESSMENT TOOL OVERVIEW

JOB DESCRIPTION. To provide a high level of customer care to all business users who raise faults or service requests via the Service Desk.

FMCF certification checklist (incorporating the detailed procedures) certification period. Updated May 2015

E Lighting Group Holdings Limited 壹 照 明 集 團 控 股 有 限 公 司 (incorporated in the Cayman Islands with limited liability) Stock Code : 8222

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards

Lancashire County Council Information Governance Framework

Application of King III Corporate Governance Principles

RISK MANAGEMENT STRATEGY AND FRAMEWORK

Standards for the Professional Practice of Internal Auditing

Canada Media Fund/Fonds des médias du Canada

Seven Bank, Ltd. Corporate Governance Guidelines

Transcription:

COMPLIANCE CHARTER 1 Contents 1. Compliance Policy Statement... 2 2. Purpose... 2 3. Mission and objective of the Directorate: Compliance... 2 3.1 Mission... 2 3.2 Objective... 3 4. Compliance risk management... 3 4.1 Definition of compliance risk... 3 4.2 Compliance risk appetite... 3 4.3 Risk tolerance... 3 4.4 Role and responsibilities of Council... 3 4.5 Role and responsibilities of the Management Committee... 3 4.6 Role and responsibilities of Directorate: Compliance... 3 5. Independence of the Directorate: Compliance... 4 6. Compliance methodology... 5 6.1 Compliance universe... 5 6.2 Compliance risk identification... 5 6.3 Compliance self assessment... 5 6.4 Compliance risk analysis... 5 6.5 Establishing risk mitigating strategies... 6 6.6 Compliance risk monitoring... 7 6.7 Compliance reporting... 7 6.8 Compliance incident management... 8 6.9 Compliance training and awareness... 8 1 Policy was not developed in accordance with the Policy: Policy/Rule Formulation Approved Council 21.09.2012-1-

1. COMPLIANCE POLICY STATEMENT 2 UNISA recognises its accountability to all its stakeholders under the legal and regulatory requirements applicable to its business and is committed to high standards of integrity and fair dealing in the conduct of its business. We are committed to complying with both the spirit and the letter of applicable requirements and to always act with due skill, care and diligence. The Council of UNISA is ultimately accountable to its stakeholders for overseeing compliance requirements. The responsibility to facilitate compliance throughout UNISA has been delegated to the Directorate: Compliance. The compliance function identifies, assesses, advises, monitors and reports on the compliance risk of UNISA. The management of compliance risk forms part of the overall risk management framework of UNISA. The Director: Compliance is responsible for the effective implementation of the Compliance Charter. However, it must be emphasised that the primary responsibility for complying with any regulatory requirement lies with all employees conducting the particular transaction or activity to which regulation applies. All relevant employees must therefore be conversant with appropriate legislation and subordinate regulations, conditions and rules promulgated by regulators as well as with the compliance manual and/or technical guidance notes applicable to their specific area of responsibility. Employees are expected to comply both with the letter and with the spirit of these requirements. If the key legislation governing our business is breached, UNISA could be fined severely. Damage to UNISA s reputation could result in an exodus of students. Compliance risks are serious and need to be controlled by all individuals at UNISA. The Compliance Charter sets out our approach to managing our compliance risks. Further guidance and procedures can be found in the compliance manual. Any breach of this Compliance Charter is considered serious and remedial action will result in disciplinary action that could ultimately lead to dismissal of the offender. 2. PURPOSE Effective compliance management is a very important contributor to the protection of UNISA s integrity and reputation and it helps to build trust. The Compliance Charter is geared towards strengthening the effectiveness of compliance within UNISA and accordingly describes the roles and responsibilities and operation of compliance management for UNISA. 3. MISSION AND OBJECTIVE OF THE DIRECTORATE: COMPLIANCE 3.1 Mission The mission of the Directorate: Compliance is to: 3.1.1 assist UNISA and its management to achieve the strategic objectives by compliance management practices that contribute to sound and responsible business practices; and 3.1.2 support UNISA with the necessary incorporation of these compliance management practices in its day-to-day operations. By pursuing this mission, the Directorate: Compliance subscribes to UNISA s core values. 3.2 Objective The objective of the Directorate: Compliance is to support UNISA and its management to: 2 The Compliance Policy Statement is an excerpt from the Generally Accepted Compliance Framework Principles, Standards and Guidelines published by the Compliance Institute SA Approved Council 21.09.2012-2-

3.2.1 embed compliance with laws, regulations, internal policies and procedures in every aspect of UNISA. 3.2.2 establish and maintain effective Compliance Risk Management and Control Systems, that includes monitoring and reporting. 3.2.3 provide timely advice to UNISA on relevant changes to the compliance environment. 3.2.4 promote the integrity of UNISA. 4. COMPLIANCE RISK MANAGEMENT 4.1 Definition of compliance risk Compliance risk at UNISA is defined as the risk of UNISA s reputation or integrity being tainted or its financial condition impaired due to its failure to comply with laws, regulations, internal policies or procedures. 4.2 Compliance risk appetite UNISA aims to be compliant with all applicable laws and regulations, internal policies and procedures governing its operations. 4.3 Risk tolerance The situation may arise where the application of a law, regulation or policy is open to interpretation. In such a situation UNISA may make a judgment as long as it has evidence of a reasonable explanation for its actions, and the interpretation does not result in UNISA taking any unacceptable risks. In making such judgement, UNISA will avoid business practices that do not display integrity or may damage UNISA s reputation. 4.4 Role and responsibilities of Council Council is ultimately accountable for compliance risk management. Council must provide stakeholders with assurance that the compliance methodology is designed and implemented effectively. To assist in discharging duties and responsibilities in respect of compliance risk management, Council has delegated to the Audit and Enterprise Risk Management Committee the responsibility to review the compliance risk management progress and maturity, the effectiveness of compliance risk management activities, the key compliance risks facing UNISA and the responses to address these risks. The Audit and Enterprise Risk Management Committee s responsibility for compliance risk management is expressed in its terms of reference. 4.5 Role and responsibilities of the Management Committee 4.5.1 The Management Committee is accountable to Council to provide the appropriate assurance that UNISA complies with all laws, regulations, internal policies and procedures. 4.5.2 The Management Committee is entrusted with the responsibility to oversee the implementation and the effectiveness of compliance management within UNISA. This includes, but is not limited to: a) the establishment of an effective Directorate: Compliance; b) ensuring that senior management shall have specific oversight for compliance; Approved Council 21.09.2012-3-

c) allocating adequate resources to the Directorate: Compliance; d) ensuring that Compliance Officers shall under all circumstances have direct access to senior management and all relevant information. e) knowing and applying compliance rules and monitoring compliance with these rules. f) ensuring that the Directorate: Compliance is independent. g) proactively seeks to enhance the authority of the Directorate: Compliance. h) reporting on compliance risk management to the Council via the Audit and Enterprise Risk Management Committee. i) ensuring that the Management Committee shall have specific oversight for compliance. 4.6 Role of the Directorate: Compliance 4.6.1 The Directorate: Compliance: a) advises the Management Committee and the Audit and Enterprise Risk Management Committee on the assessment and the definition of the compliance risk appetite and risk tolerance levels. b) advises the Management Committee and the Audit and Enterprise Risk Management Committee on the acceptance of specific risk events based on impact analysis. c) supports the Management Committee and the Audit and Enterprise Risk Management Committee to raise awareness of compliance risk appetite and established good business practices. d) supports the Management Committee by identifying, assessing and overseeing the mitigation of compliance risks. e) reports on compliance matters that warrants the attention of the Management Committee and the Audit and Enterprise Risk Management Committee. 4.6.2 The Directorate: Compliance is, on behalf of the Management Committee, responsible for ensuring that UNISA operates within a clearly defined compliance framework. 4.6.3 The Directorate: Compliance proactively advises the Management Committee on conduct that will ensure that the management and employees act in a manner that is compliant with approved standards, both from a strategic and operational perspective. 5. INDEPENDENCE OF THE DIRECTORATE: COMPLIANCE The Directorate: Compliance shall be independent from the operations of UNISA. This is established using the following principles: 5.1 The Directorate: Compliance has a formal status which is stated and communicated through this Charter. 5.2 A compliance officer is not placed in a position where a possible conflict of interest may occur between compliance responsibilities and any other responsibilities. Approved Council 21.09.2012-4-

5.3 The Directorate: Compliance employees are entitled to have access to the information and employees necessary to carry out their responsibility. 6. COMPLIANCE METHODOLOGY To ensure that the provisions of this Charter are fulfilled, the following compliance methodology will be followed: 6.1 Compliance Universe The compliance universe refers to the complete set of compliance risks applicable to UNISA. It outlines how compliance with legislation, regulations, internal policies and procedures is embedded in business processes and links ownership of compliance risks and risk mitigating actions to business or process owners. It will be the function of the Directorate: Compliance to translate legislation, regulations, internal policies and procedures into compliance obligations and to link these obligations to business processes and process owners. It will be the function of departmental management to ensure ownership of the compliance universe within the business, to define roles and responsibilities within business to maintain the compliance universe, and to manage compliance risks. 6.2 Compliance risk identification Compliance risk identification is the process of identifying compliance risks to prioritise the development and implementation of mitigation strategies. The Directorate: Compliance will work with the Legal Services Department and other role players to identify relevant compliance-related legislation, regulations, policies and procedures. It will further advise, support and engage with the Management Committee and/or Departmental Management on its own identification of compliance risks. 6.3 Compliance self assessment With the assistance and facilitation of the Directorate: Compliance, Departmental Management will be required to do an annual self-assessment to identify legislative, regulatory, policy and procedural risks. (A further advantage of the self-assessment is that it raises compliance awareness within the area in which it is undertaken.) 6.4 Compliance risk analysis Compliance risk analysis is the process of assessing the impact and likelihood of the identified compliance risk. The methodology and approach to compliance risk analysis will be in line with the methodology and approach conducted by the Directorate: Enterprise Risk Management, where appropriate. The Directorate: Compliance will initiate and participate in all risk analyses and in co-operation with departmental management, rate and rank the compliance risks. In the case of a disagreement on the results of a risk analysis, the Directorate: Compliance will escalate the disagreement to the Management Committee. Departmental management is required to ensure the execution and prioritisation of compliance risk analyses by: participating in all compliance risk analyses; working with the Directorate: Compliance to analyse compliance risks; working with the Directorate: Compliance to prioritise compliance risks; and approving the outcome of the compliance risk analyses. Approved Council 21.09.2012-5-

Departmental management should on a timely basis, involve and seek advice from the Directorate: Compliance in all matters that may cause significant or fundamental compliance risks for UNISA. 6.5 Establishing risk mitigating strategies 6.5.1 Compliance risk mitigation is the process of responding to unacceptable risks to bring them to an acceptable level. Responding to risks can be achieved through various strategies, inter alia: risk avoidance; risk reduction; risk transfer; and risk response. 6.5.2 The defined mitigation strategies should mitigate the impact and/or likelihood of the identified compliance risks. Compliance risk mitigation focuses on risk reduction by developing and implementing controls such as standards, procedures, policies and guidelines to prevent or reduce compliance risks. 6.5.3 The Directorate: Compliance will fulfil the following roles and responsibilities with regard to establishing risk management strategies: a) engage with the Management Committee on the acceptance of compliance risks; b) advise, support and engage with the Management Committee on the mitigation of compliance risks; c) advise, support and engage with the Management Committee on the design and implementation of controls used to mitigate compliance risks; d) raise issues with the Management Committee that may have an impact on the suitability of mitigation activities; e) report risk mitigation actions to the Risks, Ethics and Controls Committee, the Management Committee and the Audit and Enterprise Risk Management Committee. 6.5.4 Departmental management is required to: a) ensure ownership and operational accountability for compliance risks; b) establish and implement specific, appropriate activities to mitigate compliance risks; c) ensure that UNISA meets its obligations and embeds activities to mitigate compliance risks in business activities; d) take the measures necessary to ensure that employee behaviour is appropriately compliant; e) include in all job descriptions and conditions of employment a clause that holds the employee responsible and accountable for meeting his/her obligations and commitments to UNISA. Approved Council 21.09.2012-6-

6.6 Compliance risk monitoring 6.6.1 Compliance risk monitoring is the continuous process of examining whether sufficient compliance risk controls are designed and working effectively with the overall goal of being compliant with relevant legislation, regulations, internal policies and procedures. 6.6.2 Compliance risk monitoring makes it possible for UNISA to test if its mitigation strategies are working properly and to identify new and/or changed compliance risks. 6.6.3 The Directorate: Compliance will be required to fulfil the following roles and responsibilities with regard to Compliance risk monitoring: a) monitor progress of compliance risk mitigating actions until they are resolved; b) work with the Management Committee to document an annual monitoring plan; c) advice and support Departmental Management on monitoring compliance risk themselves; and d) ensure resolution of, or escalate to the Management Committee or Audit and Enterprise Risk Management Committee unaddressed or overdue items. 6.6.4 Departmental management will be required to: a) work with the Directorate: Compliance to ensure appropriate evaluation of the monitoring activities; b) address issues that arise out of monitoring activities; c) assign roles, responsibilities and accountability in the business for remediation of issues; d) define and formalise deadlines and milestones for remediation; e) resolve issues in a sustainable manner within agreed deadlines; f) provide the Directorate: Compliance with status updates on open compliancerelated items until the issues are resolved. 6.7 Compliance reporting 6.7.1 Compliance reporting is the process of timely, accurate and complete reporting on compliance risk management to all required stakeholders at the appropriate level. 6.7.2 Reporting allows for communication and discussion of compliance risks and provide a platform to learn lessons within UNISA. 6.7.3 The Directorate: Compliance will: a) provide a comprehensive and actionable overview of key compliance risks to every Risks, Ethics and Controls Committee meeting; b) advise management on lessons learned from incidents of non-compliance and implement controls to prevent future occurrences; and c) keep accurate records of material breaches. 6.7.4 Departmental management will: Approved Council 21.09.2012-7-

a) where input in compliance reports is required, ensure accurate, complete and timely information and address any issues that may arise from reported items; and b) engage with Directorate: Compliance to develop lessons learned to help business prevent future events. 6.8 Compliance incident management 6.8.1 Incident management is the process of identification, handling and reporting of significant events defined as compliance incidents. These incidents are occurrences that could potentially have an impact on UNISA s reputation and/or are expected to have news value and/or which the Directorate: Compliance will report to the Management Committee. 6.8.2 The development and maintenance of an environment in which stakeholders are encouraged to report compliance incidents to management and/or the Directorate: Compliance is essential to ensure compliance within UNISA. 6.8.3 The Directorate: Compliance will create a process including tools for the recording, reporting and managing of incidents. It will be required of management to: a) develop and maintain an environment in which employees are encouraged to report compliance incidents; b) ensure that any suspected compliance incident is reported to the Directorate: Compliance; and c) assign roles, responsibilities and accountabilities in the business for the remediation of incidents. 6.9 Compliance training and awareness A strong compliance risk management training and awareness program builds understanding of compliance risk management standards, processes and guidelines and reinforces UNISA s compliance culture. The Directorate: Compliance will take the primary role in supporting management to educate UNISA employees on compliance matters and act as a contact point within UNISA for compliance queries from employees. Approved Council 21.09.2012-8-

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information