The International Organization for Standardization has now published the international standard for compliance management systems ISO 19600-2014.
ISO 19600 is based on and will replace AS 3806-2006, the Australian Standard for compliance programs – as a result, when regulators adopt ISO 19600 as their compliance benchmark for regulated entities, Australian companies who already have an AS 3806-aligned compliance system will find they have a competitive advantage when they compete internationally.
What do you need to do now?
The principles in ISO 19600 are substantially similar to those in AS 3806, so any organisation whose compliance system already aligns with AS 3806 will have little to do apart from a quick health check.
For those organisations with compliance systems that needed some work to make them align with AS 3806, this is a further reason to finalise this.
Australian organisations which have adopted AS 3806 should take note of the following requirements of ISO 19600:
- consider compliance obligations which are mandatory (eg. legislation, licences and permits) and voluntary (eg. internal codes of conduct, industry codes);
- ensure your compliance management system is planned and developed within the context of your organisation's commercial environment, objectives, strategic direction and organisational values;
- the express list of the kinds of documentation which must be present to support the compliance management system;
- adopt a risk-based approach to compliance and in particular, develop an organisational risk appetite for legal compliance risks;
- integrate your compliance management system with your business processes;
- align your operational targets with compliance obligations;
- ensure your organisational culture and the actions taken by your leaders promote a compliance culture; and
- engage with external and internal stakeholders to determine their compliance expectations of your organisation.
These features are arguably implicit in AS 3806, but have been given greater, stand-alone emphasis in ISO 19600.
Clayton Utz communications are intended to provide commentary and general information. They should not be relied upon as legal advice. Formal legal advice should be sought in particular transactions or on matters of interest arising from this bulletin. Persons listed may not be admitted in all states and territories.