Compliance Policy

1. Purpose

1.1 The Compliance Policy (the policy) describes UTS’s commitment to managing its compliance obligations in line with the UTS 2027 strategy.

2. Scope

2.1 This policy applies to all staff and affiliates and all compliance activities of the university.

2.2 The UTS Compliance Framework (SharePoint) (the framework) applies to all university processes with internal and external compliance obligations.

3. Principles

3.1 Meeting compliance obligations protects and supports the continued success of UTS’s business, functions, stakeholders and reputation.

3.2 UTS seeks to identify and manage compliance obligations through a combination of its operational, governance and risk management activities.

3.3 UTS applies principles of good governance and compliance oversight by:

building a culture of compliance at both an institutional and individual level
recognising that good compliance practices demonstrate the university’s commitment to its students, staff and the community
ensuring strategic objectives are achieved by legitimate and sustainable means supporting the long-term vision of the university
embedding compliance activities into the university’s governance and operational structures (to support good decision-making while safeguarding its assets, reputation and community)
acknowledging that compliance is a shared responsibility of the university community, and must be embedded in its decision-making, behaviour and administrative processes, and
monitoring, reviewing, auditing and reporting on its activities in line with the framework.

3.4 UTS recognises that non-compliance has negative consequences including avoidable risks for staff, students and the wider community, financial and/or reputational damage and institutional and individual liability.

4. Policy statements

Culture of compliance

4.1 UTS will continue to build a culture of compliance by incorporating compliance behaviours and considerations into:

university processes and management systems (including corporate planning, governance activities, risk management tools, internal audit and review functions and general operations)
training and development programs to provide compliance information and skills relevant to individual responsibilities (as outlined in the framework), and
individual work plans to ensure all staff are aware of their compliance responsibilities and are supported in meeting these obligations.

4.2 To ensure compliance quality and integrity, the Office of General Counsel (OGC):

supports UTS by reviewing compliance obligations
provides advice and feedback to staff with compliance obligations
monitors compliance activities through the framework (SharePoint), and
provides assurance testing of key controls and recommends improvements where required.

Compliance framework and obligations

4.3 The UTS Compliance Framework (SharePoint) implements this policy by identifying mechanisms through which UTS supports compliance management and mitigates compliance risks. The framework is informed by the following:

International Standards ISO 37301:2021 Compliance management systems – Requirements with guidance for use
NSW Treasury Guide for Audit and Risk Committees: Compliance Management (available at NSW Treasury: Internal audit and risk management)
the regulatory compliance requirements of the Tertiary Education Quality and Standards Agency (TEQSA)
the UTS 2027 strategy, which guides the university’s direction, activities, priorities and decision-making
UTS annual reviews and management sign-offs, compliance reports and corporate and division plans under the strategy, and
governance processes and policies that support risk management, quality and compliance activities at UTS including, but not limited to, ESOS compliance (refer ESOS Compliance Policy), higher education standards (refer Academic Standards Framework (available at Academic Board documents)) and work health and safety (refer Health, Safety and Wellbeing Policy).

Compliance management

4.4 UTS has standardised compliance processes that maintain the university’s compliance obligations (refer the framework (SharePoint)). The Audit and Risk Committee maintains oversight of these processes in line with the framework.

4.5 The Legal Compliance Register (Staff Connect) identifies legislative and regulatory obligations relevant to UTS.

4.6 Council and Academic Board are responsible for ensuring alignment to the Higher Education Standards Framework (Threshold Standards) 2021 (Cwlth) in line with the university’s Academic Standards Framework and the Statement of Assurance — Conferral of Awards (available at Academic Board documents).

4.7 The Research Committee of Academic Board has oversight of research quality and performance. Research activities at UTS are managed through delegations, policies and procedures under the direction of the Deputy Vice-Chancellor (Research). UTS is committed to the principles outlined in the Australian Code for the Responsible Conduct of Research.

4.8 UTS works to achieve the expectations and requirements of the higher education sector, the NSW Government and the federal government. Staff are supported by managers and supervisors to meet their individual compliance requirements. Senior leaders report regularly on the development and compliance requirements in their portfolios in line with the framework.

4.9 The OGC must be consulted for advice and assurance before any submission by Council, the Vice-Chancellor or another means to an external department or government authority to confirm a compliance requirement.

Policy breaches and non-compliance

4.10 Breaches of this policy, non-compliance with delegations or breaches of the framework must be reported to the Head, Compliance and Assurance or another OGC staff member as soon as possible. Staff may also report issues of non-compliance to a supervisor who may escalate the issue on their behalf.

4.11 The Head, Compliance and Assurance will assess the nature of the breach or non-compliance and refer for management in line with the Code of Conduct, relevant Enterprise agreement or other relevant policy (including, but not limited to, the Research Policy, the Privacy Policy or, in the case of serious wrongdoing, the Whistleblowing and Public Interest Disclosures Policy).

4.12 Failure to report non-compliance is considered a breach of this policy.

4.13 A report that constitutes a public interest disclosure will be managed under the Whistleblowing and Public Interest Disclosures Policy, and the relevant protections will be provided.

4.14 As part of a non-compliance resolution process, changes to associated business practices will be reviewed and, where necessary, updated to avoid further non-compliance.

5. Roles and responsibilities

5.1 Policy owner: The General Counsel and Executive Director, Risk and Compliance is responsible for policy enforcement and application, ensuring that its principles and statements are observed. The General Counsel and Executive Director, Risk and Compliance is also responsible for the approval of any associated university level procedures, and for the approval and management of the UTS Compliance Framework (SharePoint).

5.2 Policy contact: The Head, Compliance and Assurance supports the General Counsel and Executive Director, Risk and Compliance in the day-to-day implementation of this policy and acts as a primary point of contact for advice on fulfilling its provisions.

5.3 Implementation and governance roles:

Managers and supervisors are responsible for discussing compliance responsibilities with their staff and for embedding these responsibilities in annual work plans.

Staff are responsible for managing any compliance responsibilities allocated to them under the framework in line with their university duties and obligations.

6. Definitions

The following definitions apply for this policy, the framework and all associated procedures. Definitions in the singular include the plural meaning of the word.

Compliance means the act of following a prescribed course of action, meeting identified standards or observing official requirements (including legislation).

Compliance risk means the risk of exposure to legal or financial penalties or other material losses (including reputational damage) due to a failure to prevent, detect or reduce the undesired or unacceptable effects of non-compliance with external laws, regulations and other externally imposed requirements.

Management system means the interrelated business processes and operational structures, supported by strategy, policies and procedures, that allow UTS to achieve its object and functions.

Non-compliance means a failure to conform to prescribed courses of action or any other official requirements, either deliberately or unintentionally.

Serious wrongdoing is defined in the Whistleblowing and Public Interest Disclosures Policy.

Approval information

Policy contact	Head, Compliance and Assurance
Approval authority	Council
Review date	2028
File number	UR21/1225
Superseded documents	None

Version history

Version	Approved by	Approval date	Effective date	Sections modified
1.0	Council (COU/21-5/113)	20/10/2021	19/01/2022	New policy.
1.0	Vice-Chancellor	10/12/2021	19/01/2022	Changes to policy ownership to reflect Fit for 2027 restructure.
1.1	Director, Governance Support Unit (Delegation 3.14.1)	14/04/2023	14/04/2023	Changes to reflect new unit title of Office of General Counsel, the new ownership of the framework by the General Counsel and Executive Director, Risk and Compliance.
1.2	Deputy Director, Corporate Governance (Delegation 3.14.2)	29/06/2023	07/07/2023	Minor change to reflect the new title of Health, Safety and Wellbeing Policy.
1.3	Director, Governance Support Unit (Delegation 3.14.1)	08/09/2023	30/09/2023	Changes resulting from the development of the Whistleblowing and Public Interest Disclosures Policy.
2.0	Council (COU/23-6/126)	29/11/2023	19/03/2024	Changes following a full review and alignment with updated ISO.