Interpret compliance requirements

Submitted by coleen.yan@edd… on Tue, 05/21/2024 - 17:55
Often when you access legislation, there is a certain amount of vagueness or confusion involved. So, while it is good to be able to locate and read the required changes, it is just as important to be able to interpret what they mean accurately.

Questioning Technique

As you analyse a new act, legislation or statutory requirement, the following questions may assist in ensuring that you have correctly interpreted the requirements:

  • What are the current requirements? – Hopefully, you are aware of what you currently have to do.
  • What are the new requirements? - Have these changed? What are the exact points of difference?
  • Who does this affect?
  • What are the current processes? - How do you currently meet statutory requirements?
  • What needs to be changed? - What processes need to be changed? Specifics here!
  • What needs to be done? - What are the exact changes that need to be made?
  • When does this have to be done? - One very important aspect of any change to statutory requirements is knowing when the required changes must be implemented.
  • What are the penalties for non-compliance?
Sub Topics
a group of professionals having a discussion in a conference room

Look at the first real-life example regarding PI insurance for BAS agents.

On 1 January 2021, the TPB updated TPB(EP)3/2010 to:

  • Provide additional information about the minimum requirements relating to the amount of cover and recommended additional features of fidelity cover and run-off cover
  • include the TASA changes for PI insurance requirements at registration renewal.34
Explanatory Paper TPB 01/2010
Code of Professional Conduct
This is a Tax Practitioners Board (TPB) Explanatory Paper (TPB(EP)). It is intended for information only. It explains the TPB’s interpretation of the Code of Professional Conduct (Code) contained in Division 30 of the Tax Agent Services Act 2009 (TASA), translating the provisions into practical principles that the profession can apply. This TPB (EP) is designed to assist registered tax practitioners, the relevant institutions, professional associations, potential registrants and the wider community in understanding the factors that provide the basis for the TPB’s approach to applying the TASA. The principles, explanations and examples in this paper do not constitute legal advice or create additional legal obligations beyond those contained in the TASA.
Document history
The TPB released this TPB (EP) in the form of an information sheet as an exposure draft on 7 April 2010. The TPB invited comments and submissions about the information contained in it. The closing date for submissions was 6 June 2010. The TPB considered the submissions made and published the TPB(EP). On 13 July 2017, the TPB updated this TPB(EP) to incorporate a reference to tax (financial) advisers and to update currency and clarity. On 18 October 2021, the TPB updated this TPB(EP) to include an additional factor that may be considered in determining if a tax practitioner has complied with taxation laws in their personal affairs. On 1 April 2022, the TPB updated this TPB(EP) to remove references to tax (financial) advisers and replace references from the repealed Tax Agent Services Regulations 2009 to Tax Agent Services Regulations 2022. Issued: 16 December 2010 Last modified: 1 April 2022

Professional Indemnity (PI) insurance

Professional Indemnity (PI) insurance protects a professional from financial loss, injury, or damage arising from a mistake or failure by the professional to exercise the required level of skill. Also, a professional may be liable for a mistake even though there was no negligence, which may disrupt general business or cause income loss. Therefore, if professionals hold themselves out as having a special skill that others can rely upon, they should consider Professional Indemnity Insurance as crucial.

Professional Indemnity Insurance, other than just being logical, is required for many professional associations as well as BAS agents who are in the business of providing bookkeeping services. A professional bookkeeper is assisted in establishing their credibility by proving that they are insured.

PI insurance is not just about you protecting your client but also yourself in the case of error.

There are three reasons why practising bookkeepers should hold PI insurance:

  1. To cover against financial (civil law) claims made against a company’s work. These would usually be made by a client and could be directed at any party involved in a project for which the company might be responsible. (Examples of claims could be for input error, consumer loss, etc.)
  2. Under the Tax Services Act 2009, all bookkeepers registered BAS agents are required to hold current PI insurance.
  3. Some clients, especially many government bodies, insist on this cover before signing contracts. This is to provide recourse in the event of the above.35

Statutory time frames

The statutory requirement for BAS agents is to have a PI insurance policy that meets the needs of the BAS agent and the TPB requirements. Whenever a change to an act of legislation is being investigated, any time frames for action must be identified and managed. Failure to update compliance requirements by the required time limit can seriously affect the agent and their workplace. In this example, the required level of cover needs to be adjusted in line with business turnover. A BAS agent needs to notify the TPB of their PI insurance details when they first register within 14 days of receiving notification of their registration or when renewing. When applying for renewal, the BAS agent must demonstrate they have PI insurance that meets the TPB requirements. 

Questioning technique example

The BAS Agent PI Insurance - Interpreting Compliance Requirements document36 is an example of how to interpret legislative changes in PI Insurance requirements for BAS agents by using the questioning technique.

a group of professionals discussing policies and procedure documents

Policies and procedures

Policies and procedures are living documents that should grow and adapt to a company. While the core policy elements may stay the same, the details should change with the industry and the organisation. Policy reviews and revisions are crucial to an effective policy and procedure management plan.37

Why is it important to review policies and procedures?

Outdated policies can leave your organisation at risk. Old policies may fail to comply with new laws and regulations. They may not address new systems or technology, which can result in inconsistent practices.38 Reviewing policies and procedures keeps your organisation updated with regulations, technology, and industry best practices. Policy review ensures that your policies are consistent and effective. Reviewing policies and procedures is especially important for high-risk or highly regulated industries such as healthcare, public safety, banking, etc. But organisations in every industry should regularly review and revise their company policies.39

When to Review Policies and Procedures

With all the pressing daily tasks in the workplace, it’s easy for a policy review to fall through the cracks. Administrators may know that reviewing policies and procedures is important, but other tasks take precedence. However, policy review is best when it's done regularly and proactively. Company leaders shouldn’t wait for an incident to occur before they review and update company policies.

Regular policy and procedure review

The best way to tackle policy and procedure review proactively is to build it into the corporate calendar. Generally, every policy should be reviewed every one to three years. However, most experts recommend reviewing policies annually. Policy review doesn’t have to be as daunting a task as it sounds. A good policy management software will let you set up workflows to collaborate with your policy review committee, gather feedback, and track approvals.

Organisational changes

Reviewing relevant policies is a good idea when your organization goes through large-scale changes. Policies should align with the company’s mission, vision, and values. So if you have a change in strategic direction or a reorganization, it’s important to review policies to ensure they align with the changes. These kinds of changes won't affect every policy. For example, a new structure probably won’t impact a vacation policy. However, it may change other day-to-day policies and processes.

Changes to laws or regulations

Corporate laws and regulations change constantly. Compliance teams must be aware of the changes and know which policies they impact. If there is a big regulatory change, you may need to gather your policy review committee for a special meeting instead of waiting until the regularly scheduled review time.

Adopting the changes to your policies as soon as possible helps you adjust your workplace to the new regulations. If you build them into your policies early on, you’ll have a smooth transition into compliance when the new laws go into effect.

An incident or policy violation

As mentioned, you shouldn’t wait until an incident occurs to review your company policies. However, an incident or policy violation can indicate the need for a change. After an incident, it’s a good idea to debrief to ensure the policy has the intended effect. Examine the details of the incident to see if employees carried out the procedures properly. And look to see if there were any gaps in training or employee understanding of the policy.

This will help you determine whether you need to revise the policy.

Not every policy violation should result in sweeping policy changes. Sometimes, it’s an isolated incident, calling for additional training or remediation for the employees involved. However, in some cases, especially if there are many incidents in the same area, the issue may be that the policy is outdated, confusing, or requires increased training.

a person focused on reading about policies
Identifying Policies and Procedures that need to be updated

Policy review doesn’t always result in policy revision. Sometimes, you may need to make big changes to address new regulations or gaps in policy. Other times, you may just make a few small tweaks.

And sometimes, the policy works as-is, with no revisions.

You’re not going to change or rewrite your policy manual every year. So, how do you know which policies need to be updated?

Is the policy being implemented as intended?

It shouldn’t take an incident or high-profile issue to analyse whether employees comply with a policy and procedure.

If they are not, you need to determine why. Is the policy outdated?

Are the procedures difficult to follow? Have you introduced a new technology or process that the policy doesn’t address? Is it a training issue?

Gather feedback from line-level employees to help determine how you can improve the policy.

Does the policy have the desired effect?

Sometimes, employees follow the policy and procedure, but it does not have the desired impact. Every policy should have a clear goal or objective. Over time, this will help you measure whether the policy is effective.

For example, perhaps a policy was implemented to improve employee safety. If employees are following the policy but accidents are still occurring at the same rate, it’s time to examine how you can change the policy to be more effective.

A diagram depicting the difference between polices and procedures
Are the policies and procedures current and relevant?

Ensure your policies and procedures align with how your current systems and structures work. If policies and procedures refer back to old structures or technology, employees are likelier to ignore them or think they don’t matter.

For example, perhaps your company has adopted flexible work arrangements, but your attendance and tardiness policy still revolves around old standard hours. You must update that to reflect the current system and clarify the new expectations.38

Keeping up with change: An ongoing process

As change is constant, you should have a process for continuous improvement of your controls and compliance efforts. Having a defined and documented improvement process will show good 'due diligence' to your auditors.

Here are some steps and suggestions on keeping up with changes and ensuring your compliance efforts don't get lost in the daily change shuffle.

I. Monitor new or potential legislation and regulatory pronouncements

New legislation and regulatory rules are always in the works for information security, privacy and other related business controls. Some are refinements and new interpretations of existing laws. As a security or compliance professional, it is incumbent on you to keep up with the latest legislative and regulatory actions and to interpret the new rulings regarding how they may affect your company. Here are some tips for keeping up with regulations:

  1. Identify and subscribe to services that monitor and alert you to new and upcoming regulatory rulings for your industry.
  2. Inventory current and upcoming (potential) regulations.
  3. Include local, state, federal, and international governing bodies in your research.
  4. Identify upcoming or potential new laws and determine the potential impact and risk to your organization.
  5. Keep business management, Compliance Officer and Legal Counsel updated on new legislation.
II. Define requirements to meet new compliance requirements

For new legislation or regulatory requirements, you must analyse and determine the steps to bring your organization into compliance. Here are a few steps to follow:

  1. Perform a risk assessment and gap analysis if not already done
  2. Get business management involvement
  3. Identify business and IT processes affected
  4. Define business requirements
  5. Create/update policies that support new or changed compliance needs
  6. Define technical and system requirements
  7. Implement changes
III. Integrate with change control processes

Use your change control process to help ensure controls and compliance are maintained over time. Modify your change management practices to include a check and verification for controls and compliance requirements. Any changes to applications and systems should include a review and update to the control processes before being allowed into production. Control processes, like other system functions, should be tested. The Information Security Officer or appropriate IT compliance manager should sign off on all changes to ensure controls were properly addressed and updated and meet regulatory requirements. Also, for tax-related applications, changes should be scheduled and timed so as not to cause issues during a quarter or year-end audit controls testing. If new controls are implemented too close to the end of a year, auditors may not be able to test the effectiveness of the control, creating issues in their audit findings.

IV. Integrate with the project management process

Modify your project management methodology to include meeting regulatory requirements as a deliverable success factor for each project. This will help ensure all new systems and applications meet regulatory requirements. When defining business and technical requirements for a new system, including identifying and defining the regulatory and controls requirements. These should be considered upfront and integrated into the system requirements and functions. The controls should be tested along with the other functional and system testing. The final approval to move a system into production should include reviewing and approving the control processes. If you can, get your Internal Auditor to review the controls design for new systems during design and before implementation. If there are issues, you can resolve them at less cost than having to redo something after the system goes into production and creates an out-of-compliance issue.

The following document explains the process for writing policies and procedures.
A diagram depicting the regulations under compliance

Compliance describes the ability to act according to an order, set of rules or request. In the context of financial services, business compliance operates at two levels.

  1. Compliance with the external rules that are imposed upon an organisation as a whole
  2. Compliance with internal systems of control that are imposed to achieve compliance with the externally imposed rules.

The most effective way to assist in ensuring compliance is to create and maintain policies and procedures that encourage the desired practice.

Writing instructions and procedures

Procedures should be designed to communicate the information a reader needs. In your procedure, you may also like to describe why they should do this or specific times when they should use this procedure. Within the procedure should be areas on what to do if things go wrong and where to go for help.

Some questions to consider when writing a procedure to ensure it has the correct amount of detail:

  • Do users have enough information to complete the action?
  • Is there enough information to guide users in using good professional judgment?
  • Is the level of detail appropriate for the subject?
  • Is the level of detail appropriate for readers?
  • How comfortable are readers with the subject?
a group of colleagues gathering information from the documents on the table
Gather Information

Before writing, you must gather detailed information on the process or policy you want to make into a procedure.

When gathering information, you should talk with content experts as well as others who hold key information, such as:

  • Long-time staff members
  • Stakeholders
  • Legal professionals
  • Industry professionals
  • People who will use the procedure

When gathering information from experts, ensure that you take notes. Once you have gathered the information you need, you will need to analyse it to understand the content you have gathered.

The next step will be to trim the information you have and organise the information into what the user needs to know when using the procedure.

Start Writing

The main purpose of your first draft is to include the information you need and to get it all on paper. You can edit and organise the information into a usable format from there. Some helpful steps to follow when writing a procedure are as follows:

  • Write actions out in the order, from the first step to the last
  • Be specific enough to communicate clearly, but do not go overboard on words
  • Make your procedures as if you were instructing the person next to you how to do them. Make the procedure step-by-step
  • Use lists and bullets
  • Do not assume knowledge when writing instructions
  • Use terms that all staff can understand, avoid jargon
  • Write at an appropriate reading level

Design Elements

In many cases, instructions, especially for complex tasks, cannot explain a procedure. You may find that a flow chart, Q&A or script may be necessary. An example of each of these can be found below:

an example of a flowchart

Flowchart – This shows a process as a diagram. Using symbols and arrows to indicate flow and action, you can outline a process and make it easy to follow.

Playscript – a play script, when talking about writing a procedure, will list the staff within the procedure and the responsibilities each will hold. If multiple people are involved in the procedure, a script could help.

Person responsible Action
Writer Gather information.
Write procedure.
Show the draft to stakeholders.
Stakeholders Review draft.
Submit corrections and comments.
Writer Create a final draft.
Department manager Approve the final version.

Question and answer – FAQs on the procedure and answers to them are often a good way to ensure understanding when writing a procedure. It also helps address "what if" issues.40

Effective Procedures

Well-written procedures can help your organisation to improve its quality of work. It can help your organisation reduce the number of errors and omissions and ensure that new and old staff can perform complex tasks quickly and effectively.

To ensure that you are as effective as possible, make sure that they are necessary and that they are written in an easily understood way – using simple and clear instructions to communicate as effectively as possible.

Example: Mel’s Makeup Policy and Procedure Manual Request Purchases Extract

Procedures:

Request for purchase

All purchases for business items must be requested through a purchase order.

Authorised suppliers must supply all items over the value of $50.00 - refer to the New Suppliers Policy where the supplier is not an existing supplier.

Three quotations must be provided for items over the value of $500.00.

A purchase request must address the following criteria:

  • purchasing that promotes environmental sustainability
  • value for money
  • preference to Australian/locally produced

Guidance: consider including not-for-profit, social enterprises and Aboriginal enterprises in your purchasing policy as they can provide value for money and increase social good.

All purchase orders must be authorised within the following guidelines:

Items purchased Persons authorised Second authorisation
Retail stock Financial manager of Mel's Makeup Pty Ltd Financial manager of Mel's Makeup Pty Ltd
Example: Mel’s Makeup Policy and Procedure Manual- Accounts Receivable Procedure extract

Accounts receivable procedure

Purpose

This procedure aims to set out the processes for managing Mel's Makeup Pty Ltd receivable debtors. Ensure all monies owed to Mel's Makeup are collected promptly and follow legislative requirements to maintain cashflows and minimise bad debts.

Procedures

Accurate records are to be maintained on all accounts receivable. The records to be maintained for each customer must include the complete name, address, contact details and Australian Business Number (ABN) when necessary.

An invoice will be provided to the customer at the time of sale. The sale is to be entered into an accounts receivable ledger for the customer, and the total sales for the day are entered into a control ledger. The accounts receivable ledger will be maintained for each account, showing all the charges and payments. The control ledger is to equal the receivable ledgers for all customers. A monthly reconciliation is to be completed between the receivable records for the customers and the control ledger to ensure accuracy.

Statements must be sent at least monthly to all customers with an outstanding balance due. The statement should indicate the total balance due and identify a payment due date. If full payment is not received, the procedures outlined in the Customer Credit Limit Policy are to be followed.

Report accounts receivables

Monthly - The accounts department must generate an Accounts Receivable Aging Report at the end of the month. A copy of the Accounts Receivable Aging Report is to be submitted to the Managing Director within five working days of the end of the month.

External Stakeholders and Networks

Professional networking is a major tool for keeping up to date with changes to industry regulations. Professional networks can assist if a Financial Services Industry professional encounters tasks outside their defined role and responsibilities or beyond their skill set.

The network of professionals that members of the Financial Services Industry can build relationships with may include, but is not limited to:

Network Type Can assist with
Fellow bookkeepers Processes, industry updates, software assistance
Colleagues / Staff Company policies, procedures, and information
Accountants Legislation and tax information
Lawyers Laws and Legislation
Registered tax agents Legislation and tax information
Auditors Adherence to company policies, legislation, and tax information
Banks, building societies, credit unions Banking and financial tools
Suppliers Software upgrades and advances
Mentors Processes, industry updates, software assistance, ethical behaviours, professional development
Software consultants Software upgrades and advances
Information technology (IT) team Software upgrades and advances
Australian Taxation Office (ATO) Legislation and tax information
Professional associations Processes, industry updates, software assistance, ethical behaviours, professional development
Business or financial advisor Processes, industry updates, software assistance, ethical behaviours, professional development
Debt collection agencies Adherence to company policies, legislation and tax information adherence
a professional catching deadline in a coffee shop

What are statutory reporting requirements?

Statutory reporting is a core regulatory requirement, often with significant attention from investors, auditors and management. Therefore, the accuracy and timely completion of reporting are imperative.41

Deadlines

To comply with all requirements and statutory deadlines, you must create a timetable. This timetable should list the times at which certain events and deadlines occur. A timetable should hold the deadlines of requirements such as:

  • Financial reporting – all entities must lodge a financial statement and report within three months of the end of the financial year as described by the Corporations Act
  • Income tax lodgment – the lodgment program each year focuses on providing details of when documents need to be lodged with the tax office
  • ATO and GST compliance – three returns and lodgments are required when complying with the ATO. These are as follows:
    • BAS – will be reported on a monthly, quarterly or yearly basis depending on the organisational preferences
    • IAS – will be reported on a monthly, quarterly or yearly basis depending on the organisational preferences
    • PAYG – generally paid quarterly. In some cases, it may be two times per year or even annually
  • Annual statements – every company listed with ASIC will have an annual review and must lodge a statement annually
  • Managed investment schemes – must lodge a financial statement and report within three months of the end of the financial year.

You should ensure that you create a timetable of when each of your compliance requirements is due. This will help ensure that your organisation remains compliant and will help your organisation avoid any fines or punishments involved in non-compliance.

Real-life example- ASIC

Each year, ASIC will send your company an annual statement shortly after the annual review date (which, in most cases, is the date you registered the company).

Your annual statement will contain:

  • a statement of your company's current details,
  • an invoice for your company's annual review fee, and
  • your company's corporate key

Example of Statement

To keep your company registered, you must complete the following steps.42

ASIC Company’s annual statement

It is time to test your understanding of the module using the Burleigh Financial Services Case Study below.

Burleigh Financial Services Case Study

Burleigh Financial Services is an accountant company. The company is just about to launch a new arm of the business, which is financial planning services. 

You are the new Accounts Officer for Burleigh Financial Services. Part of your role is to ensure that all compliance standards are met within the organisation. This includes identifying all of the regulatory obligations that apply to the organisation, as well as monitoring any changes. 

As a new employee, the General Manager has asked you to prepare a report to assist in understanding the compliance requirements for your role. 

The CEO has also advised that he would like you to investigate new qualification requirements for financial planners and the impact this will have on the new services. 
Furthermore, he would like to know the restrictions on advertising and promoting financial services, if any. 

Part A

Using the attached Legislation Report Template, develop a report to discuss with the General Manager at a meeting.

Your report should include a review of:

  • Sources of information that can be used to identify information about compliance requirements relevant to the company. You should identify at least three sources of information,
  • Legislation and regulations that impact on advertising and promoting the business.
  • Implications of the legislation and regulations you have identified for advertising and promoting the business.
  • Compliance requirements that relate to your role as an Account Officer
  • Analysis of the impact of the new qualification requirements for financial planners.

Part B

The General Manager has asked you to update the Human Resources Policies and Procedures to ensure compliance with the requirements for financial planners.

Review the existing Human Resources Policy and Procedures and update

Once you have completed Part A & B, check your answers using the sample answer below.

Learning Checkpoint Answers
Module Linking
Main Topic Image
a young person taking notes and interpreting information from a laptop
Is Study Guide?
Off
Is Assessment Consultation?
Off