Commitment 7.2:
We meet our legal and compliance obligations.

Compliance Indicators

Compliance with the Commitments will be assessed against the following Compliance Indicators. All of the applicable Compliance Indicators must be met by every ACFID Member to be considered compliant with the Code. Each of the Compliance Indicators has one or more compliance Verifiers. Verifiers are the description of evidence that is required to substantiate compliance with each Compliance Indicator. Guidance is also provided.

7.2.1 Members are registered and meet their reporting and legal obligations to the relevant authorities.

  • Current registration with the Australian Charities and Not-for-Profit Commission (ACNC). 
  • Up-to-date ACNC Annual Information Statement, and financial reporting as required. 
  • Compliance registers or other documented records of obligations and compliance with, Australian laws and regulations, including those that affect overseas activities. 
  • Periodic reports are provided to the organisation’s governing body on legal and compliance obligations. 

Guidance

ACNC registration and reporting requirements are clearly outlined on the ACNC website which can be found in the Resources Section below.

All signatory organisations, regardless of size, are subject to a complex range of requirements and legislation – such as corporations laws, rules of incorporation of associations, fundraising and charitable institutions, privacy, equal employment opportunity principles, occupational health and safety standards, human rights and anti-discrimination, intellectual property, child protection and copyright, as well as other external obligations – such as code compliance or certifications. Registers of documented records of compliance may be presented in various ways, but will need to show that the organisation has a comprehensive understanding of its compliance obligations and actions that are due to meet those obligations. It might be presented as a table of legal and regulatory obligations, deadlines for compliance, details of regulatory bodies, who within your organisation is responsible for ensuring obligations are met, and the process they will follow to ensure compliance. An example of a Compliance Register can be found in the Resources Section below.

7.2.2 Members have organisation-wide requirements for the protection of privacy.

A privacy policy that meets the requirements of privacy legislation and which is available on the organisation’s website. 

Guidance

A privacy policy should relate to the full range of a Member’s stakeholders – its supporters, workers, volunteers and the children and communities it works with. The Australian Privacy Principles and the Payment Card Industry Data Security Standard also apply to Members and should be addressed in a privacy policy. Members will find examples to the privacy policies of other ACFID Members in the Resources Section below. 

7.2.3 Members keep records for all their operations outside Australia

Records that include information necessary for the organisation to be able to prepare a summary of its activities and related expenditure outside Australia on a country-by-country basis. 

Guidance

This requirement reflects the ACNC’s External Conduct Standard 2, and Members should already have many of the practices and processes in place to enable them to meet this standard. Records can be kept in any format, but should have enough information to allow a summary of overseas activities and related expenditure to be prepared on a country-by-country basis if required. Members can find more information and guidance about External Conduct Standard 2 on the ACNC website.

A template of records to be kept can be downloaded in the Resources Section below.

Good Practice Indicators

The following Good Practice Indicators describe a higher standard of practice than that set out in the Compliance Indicators. While Members do not need to meet the Good Practice Indicators to be considered compliant with the Code, they will self-assess against these indicators once every three years. This provides a clear pathway for Members to strengthen and improve practice over time.

  • A senior staff member with the responsibility of maintaining a register of legal and compliance obligations is appointed. 

Good Practice Guidance

Here are some practical suggestions for your organisation to further deepen and improve practice over time.

In Australia

  • All charities must be registered with the Australian Charities and Not-for-profits Commission – the ACNC.
  • Your governing body and senior staff should be well informed of all the legal and regulatory obligations of your organisation in Australia and the countries you operate in. This information should be updated regularly to ensure it remains current.
  • Seek legal advice from a legal firm familiar with the legal and regulatory frameworks for not-for-profit organisations or, as a minimum, seek some guidance from your auditors
  • Establish a documented register of all of your legal and regulatory obligations, deadlines for compliance, details of regulatory bodies, who within your organisation is responsible for ensuring obligations are met, and the process they will follow to ensure compliance
  • Prepare a written Annual Report for your governing body that reports your compliance with the requirements in your register of obligations
  • Undertake an annual review of all obligations to ensure that compliance is being maintained and to identify any changes in requirements
  • Delegate responsibility (through the governing body and/or executive) to a senior staff member (or one of its own members) to do this, for example, to the Company Secretary, Finance Manager or Office Manager.
    • The delegated person should be accountable for providing this information to the governing body and ensuring the organisation remains compliant with its obligations.
    • Include this responsibility in their job description and through staff performance appraisals.
    • Your executive must ensure the delegated person has the necessary support throughout your organisation and its different operations to meet compliance obligations.
  • Larger and more complex signatory organisations will require more rigorous and comprehensive systems and processes to ensure compliance across a multiple number of staff, volunteers, activities and locations.
  • Where multiple staff are involved in compliance management, the following is recommended:
    • A written or electronic manual outlining all compliance requirements, the respective responsibilities of all operational areas of the organisation, the systems to ensure ongoing compliance and how up to date is the compliance information
    • A process for a regular (i.e. annual) internal audit of compliance obligations
    • Regular staff training to ensure they are fully aware of their individual and organisational responsibilities.
  • Where your organisation is involved in research, refer to the ACFID Guidelines and Principles for Ethical Research and Evaluation in Development.

In other countries

  • The governing body and senior staff should be well informed of all legal and regulatory obligations of your organisation in each of the countries you operate in. The information should be updated regularly to ensure it remains current.
  • Consult with your partners to understand all local legal and regulatory obligations which may impact operations and programming
  • Undertake due diligence on all partner organisations to ensure they operate in compliance with the legal requirements of that country
  • Seek legal advice from a legal firm familiar with the legal and regulatory frameworks for foreign and local NGOs or, as a minimum, seek some guidance from your auditors
  • Include in Partnership Agreements the obligation for partners to keep up to date with local legal and regulatory requirements, to share this information with your organisation and to maintain their compliance
  • Develop a documented register of all legal requirements in-country, updated annually and shared between the in-country partner and your Australian based organisation.
  • Support any training required for partners to strengthen their capacity to meet any required obligations (e.g. such as relating to employment or child protection)
  • These obligations may differ depending on whether your organisation has its own office and staff or is supporting the work of local partner organisations. In some countries, such as Ethiopia, there are complex and strictly applied regulations for foreign NGOs which have serious implications for partners if compliance is not met. Many countries, at the very least, require formal registration of foreign NGOs.
  • If you employ local staff in other countries, ensure all employee obligations are met, for example, taxation, health insurance and pension contributions and if there is a need to terminate the employment of a local staff member, local legal processes are followed.

ACFID Resources

Care for Africa privacy policy

This is an example of Care For Africa's privacy policy. The privacy policy outlines how Care For Africa collects, ...

CBM Australia privacy policy

This is an example of CBM Australia's privacy policy. The privacy policy outlines (in plain language) how personal ...

CLAN Procurement Policy & Authorisations and Delegation

This resource is CLAN's procurement policy and outlines CLAN's process for authorisations and delegations, and ...

Edmund Rice Project Design, Funding & Management Policy

This is an example of Edmund Rice Foundation Australia (ERFA)'s Project Design, Funding, and Management Policy. It ...

Other Resources

Example Compliance Register Template

This resource is an example of a Legislative Compliance Register provided in the Template Commercial Capability ...

External conduct standard 2: annual review of overseas activities and record-keeping

This link provides information about External Conduct Standard 2 on the Australian Charities and Not-for-profits ...

Good Governance Principles and Guidance for Not-for-profit Organisations

This resource explains the key principles that are a useful starting point for NFP boards when considering what ...

Mobile Devices – Payment Card Industry Data Security Standard (PCI DSS)

This resource outlines template guidelines for implementing security measures in mobile payment systems. Topics ...

Payment Card Industry Data Security Standard (PCI DSS)

This resource is a template providing guidelines for securing payment transactions in compliance with relevant ...

Record keeping and decision making

This resource is an online guide on "Good Governance" developed by the Australian Fair Work Commission (FWC). It ...

Reporting annually to ACNC

This webpage from the the Australian Charities and Not-for-profits Commission (ACNC) website outlines the specific ...

Summary of Privacy laws in Australia

This resource provides a summary of privacy laws in Australia. It is suitable for all organisations in providing ...

The Prioritized Approach to Pursue PCI DSS Compliance

This document presents the Prioritized Approach for Payment Card Industry Data Security Standard (PCI DSS). It ...

What books and records should my company keep?

This resource on the Australian Securities and Investments Commission (ASIC) website provides a summary of all the ...

What is good governance?

This resource is an online guide on "Good Governance" developed by the Australian Fair Work Commission (FWC). It ...
Loading...