Although organisations which clearly meet the existing
requirements of AS3806 should need to do little, the publishing of
the international standard is a good opportunity to do a health
check on their current compliance frameworks.
A new international compliance standard is currently being
developed that will provide a globally recognised compliance
benchmark for public, private and not-for-profit organisations.
The International Organisation for Standardisation (ISO) Project
Committee ISO/PC 271 – Compliance programs has developed a
final draft (ISO 19600:2014) which has now been approved to proceed
for publication. The Committee is chaired by Mr Martin Tolar, Managing Director of the GRC
Institute, and was charged with the development of the first
international compliance standard. Standards Australia is acting as
secretariat to the Committee and was assisted by an Australian
Mr Tolar has said that "The standard once finalised will
provide an international benchmark for all organisational
compliance programs and builds upon the experiences derived from
the Australian compliance standard AS 3806 since 1998."
Mr Tolar added, "Standards Australia and the Australian
Committee have played a leading role in developing the standard
through the rigorous international approval process that has taken
well over three years from inception to completion. This period was
necessary to ensure that all relevant member nations'
requirements are considered and so that a practical yet robust
standard is established. This will be a significant positive factor
in promoting international business sustainability."
As noted above, much of the drafting work undertaken in
developing the new standard is being undertaken by an Australian
committee. A current author of Australian Legal Compliance:
Making it Work and Clayton Utz Governance and Compliance
partner, Randal Dennings, was appointed by the Law Council of
Australia to represent it on the Australian committee.
The new standard is important as it has the potential to be
adopted by regulators internationally as the accepted benchmark for
making out due diligence defences, and ultimately for the
assessment of adequacy of organisational efforts in the context of
breaches or control failures.
Key enhancements of AS3806 that were incorporated into
the international standard
Key enhancements of AS3806 that were incorporated into the
international standard include the need for organisations to:
Articulate the relationship between the compliance management
system and an organisation's other related functions such as
governance, risk, audit, legal, environment, health and
Determine the scope of the compliance management system (ie.
does its coverage only extend to legislation, license conditions,
contractual obligations etc.? Or does it extend to all legal risks,
or even wider, all legal obligations, including those voluntarily
assumed, such as commitments made to customers and the broader
community as well as mandatory obligations?).
Focus upon the linkage between the risk and compliance analyses
and functions of the organisation – so that they may operate
together synergistically, and in particular assess the
organisation's control processes effectiveness from both
Be able to demonstrate evidence of the operation of the
compliance management system in practice – particularly in
seeking to achieve compliance targets, measurable goals and
objectives (including outsourced functions) within the context of
an accurate and regular reporting framework to the Board and Top
Take active steps to continue to develop and strengthen a
healthy organisational compliance culture linked to stated
In summary, organisations who clearly meet the existing
requirements of AS3806 should need to do little to meet the
requirements of the international standard. This being said, the
publishing of the new standard will provide a timely opportunity
for organisations to do a "health check" on their current
compliance frameworks and make any adjustments as required ahead of
any potential regulatory adoption.
Clayton Utz communications are intended to provide
commentary and general information. They should not be relied upon
as legal advice. Formal legal advice should be sought in particular
transactions or on matters of interest arising from this bulletin.
Persons listed may not be admitted in all states and
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
We discuss whether certain clauses commonly found in ordinary commercial contracts could be considered to be penalties.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).