Commitment 7.2:
We meet our legal and compliance obligations.

Compliance Indicators

Compliance with the Commitments will be assessed against the following Compliance Indicators. All of the applicable Compliance Indicators must be met by every ACFID Member to be considered compliant with the Code. Each of the Compliance Indicators has one or more compliance Verifiers. Verifiers are the description of evidence that is required to substantiate compliance with each Compliance Indicator. Guidance is also provided.

7.2.1 Members are registered and meet their reporting and legal obligations to the relevant authorities.

  • Current registration with the Australian Charities and Not-for-Profit Commission (ACNC). 
  • Up-to-date ACNC Annual Information Statement, and financial reporting as required. 
  • Compliance registers or other documented records of obligations and compliance with, Australian laws and regulations, including those that affect overseas activities. 
  • Periodic reports are provided to the organisation’s governing body on legal and compliance obligations. 

Guidance

ACNC registration and reporting requirements are clearly outlined on the ACNC website which can be found in the Resources Section below.

All signatory organisations, regardless of size, are subject to a complex range of requirements and legislation – such as corporations laws, rules of incorporation of associations, fundraising and charitable institutions, privacy, equal employment opportunity principles, occupational health and safety standards, human rights and anti-discrimination, intellectual property, child protection and copyright, as well as other external obligations – such as code compliance or certifications. Registers of documented records of compliance may be presented in various ways, but will need to show that the organisation has a comprehensive understanding of its compliance obligations and actions that are due to meet those obligations. It might be presented as a table of legal and regulatory obligations, deadlines for compliance, details of regulatory bodies, who within your organisation is responsible for ensuring obligations are met, and the process they will follow to ensure compliance. An example of a Compliance Register can be found in the Resources Section below.

7.2.2 Members have organisation-wide requirements for the protection of privacy.

A privacy policy that meets the requirements of privacy legislation and which is available on the organisation’s website. 

Guidance

A privacy policy should relate to the full range of a Member’s stakeholders – its supporters, workers, volunteers and the children and communities it works with. The Australian Privacy Principles and the Payment Card Industry Data Security Standard also apply to Members and should be addressed in a privacy policy. Members will find examples to the privacy policies of other ACFID Members in the Resources Section below. 

7.2.3 Members keep records for all their operations outside Australia

Records that include information necessary for the organisation to be able to prepare a summary of its activities and related expenditure outside Australia on a country-by-country basis. 

Guidance

This requirement reflects the ACNC’s External Conduct Standard 2, and Members should already have many of the practices and processes in place to enable them to meet this standard. Records can be kept in any format, but should have enough information to allow a summary of overseas activities and related expenditure to be prepared on a country-by-country basis if required. Members can find more information and guidance about External Conduct Standard 2 on the ACNC website.

A template of records to be kept can be downloaded in the Resources Section below.

Good Practice Indicators

The following Good Practice Indicators describe a higher standard of practice than that set out in the Compliance Indicators. While Members do not need to meet the Good Practice Indicators to be considered compliant with the Code, they will self-assess against these indicators once every three years. This provides a clear pathway for Members to strengthen and improve practice over time.

  • A senior staff member with the responsibility of maintaining a register of legal and compliance obligations is appointed. 

Good Practice Guidance

Here are some practical suggestions for your organisation to further deepen and improve practice over time.

In Australia

  • All charities must be registered with the Australian Charities and Not-for-profits Commission – the ACNC.
  • Your governing body and senior staff should be well informed of all the legal and regulatory obligations of your organisation in Australia and the countries you operate in. This information should be updated regularly to ensure it remains current.
  • Seek legal advice from a legal firm familiar with the legal and regulatory frameworks for not-for-profit organisations or, as a minimum, seek some guidance from your auditors
  • Establish a documented register of all of your legal and regulatory obligations, deadlines for compliance, details of regulatory bodies, who within your organisation is responsible for ensuring obligations are met, and the process they will follow to ensure compliance
  • Prepare a written Annual Report for your governing body that reports your compliance with the requirements in your register of obligations
  • Undertake an annual review of all obligations to ensure that compliance is being maintained and to identify any changes in requirements
  • Delegate responsibility (through the governing body and/or executive) to a senior staff member (or one of its own members) to do this, for example, to the Company Secretary, Finance Manager or Office Manager.
    • The delegated person should be accountable for providing this information to the governing body and ensuring the organisation remains compliant with its obligations.
    • Include this responsibility in their job description and through staff performance appraisals.
    • Your executive must ensure the delegated person has the necessary support throughout your organisation and its different operations to meet compliance obligations.
  • Larger and more complex signatory organisations will require more rigorous and comprehensive systems and processes to ensure compliance across a multiple number of staff, volunteers, activities and locations.
  • Where multiple staff are involved in compliance management, the following is recommended:
    • A written or electronic manual outlining all compliance requirements, the respective responsibilities of all operational areas of the organisation, the systems to ensure ongoing compliance and how up to date is the compliance information
    • A process for a regular (i.e. annual) internal audit of compliance obligations
    • Regular staff training to ensure they are fully aware of their individual and organisational responsibilities.
  • Where your organisation is involved in research, refer to the ACFID Guidelines and Principles for Ethical Research and Evaluation in Development.

In other countries

  • The governing body and senior staff should be well informed of all legal and regulatory obligations of your organisation in each of the countries you operate in. The information should be updated regularly to ensure it remains current.
  • Consult with your partners to understand all local legal and regulatory obligations which may impact operations and programming
  • Undertake due diligence on all partner organisations to ensure they operate in compliance with the legal requirements of that country
  • Seek legal advice from a legal firm familiar with the legal and regulatory frameworks for foreign and local NGOs or, as a minimum, seek some guidance from your auditors
  • Include in Partnership Agreements the obligation for partners to keep up to date with local legal and regulatory requirements, to share this information with your organisation and to maintain their compliance
  • Develop a documented register of all legal requirements in-country, updated annually and shared between the in-country partner and your Australian based organisation.
  • Support any training required for partners to strengthen their capacity to meet any required obligations (e.g. such as relating to employment or child protection)
  • These obligations may differ depending on whether your organisation has its own office and staff or is supporting the work of local partner organisations. In some countries, such as Ethiopia, there are complex and strictly applied regulations for foreign NGOs which have serious implications for partners if compliance is not met. Many countries, at the very least, require formal registration of foreign NGOs.
  • If you employ local staff in other countries, ensure all employee obligations are met, for example, taxation, health insurance and pension contributions and if there is a need to terminate the employment of a local staff member, local legal processes are followed.

ACFID Resources

Care for Africa privacy policy

This is an example of Care For Africa's privacy policy. The privacy policy outlines how Care For Africa collects, uses, and protects personal information provided by users visiting their website or engaging with their services. This is a suitable example for all organisations developing their privacy policy. This is relevant to the Code as a demonstration of a privacy policy that meets the requirements of privacy legislation and is available on CFA’s website.

CBM Australia privacy policy

This is an example of CBM Australia's privacy policy. The privacy policy outlines (in plain language) how personal information is sourced; what personal information is held; what does CBM do with personal information; how to access personal information one has provided to CBM; how privacy complaints are handled; and data security assurances. This is suitable for organisations as an example of different approaches to developing and strengthening a privacy policy. This is relevant to the ...

CLAN Procurement Policy & Authorisations and Delegation

This resource is CLAN's procurement policy and outlines CLAN's process for authorisations and delegations, and protocols for procuring goods and services. This is suitable for all organisations as an example of documenting organisational requirements for record-keeping as an approach to transparency, accountability, and efficiency. This is relevant to the Code as members are required to keep records for all their operations outside Australia.

Edmund Rice Project Design, Funding & Management Policy

This is an example of Edmund Rice Foundation Australia (ERFA)'s Project Design, Funding, and Management Policy. It outlines the policies and procedures governing the design, funding, and management of projects, including recording activities and related expenditure outside Australia on a country-by-country basis. It is suitable for all organisations as an example of an organisational-wide policy for keeping records for all their operations outside Australia. This is relevant to the Code in ...

Other Resources

Example Compliance Register Template

This resource is an example of a Legislative Compliance Register provided in the Template Commercial Capability Toolkit by the Indigenous Business Australia (IBA). It is suitable for all organisations, particularly emerging and small organisations looking for a practical tool for ensuring compliance with relevant Australian legislation and regulations. It is relevant to the Code because it provides a structured format for businesses to document, monitor, and meet their compliance obligations.

External conduct standard 2: annual review of overseas activities and record-keeping

This link provides information about External Conduct Standard 2 on the Australian Charities and Not-for-profits Commission (ACNC) website. This standard is one of the External Conduct Standards that registered charities operating outside Australia must comply with - ensuring that funds are used for legitimate charitable purposes, managing financial risks, and implementing appropriate controls to prevent fraud or misuse of funds. It is suitable for all of ACFID's members. This is relevant ...

Good Governance Principles and Guidance for Not-for-profit Organisations

This resource explains the key principles that are a useful starting point for NFP boards when considering what constitutes good governance practice. It is suitable for all organisations looking to strengthen their corporate governance and to support the professional development of their directors. This is relevant to the Code in supporting members to meet their legal obligations to the relevant authorities. 

Mobile Devices – Payment Card Industry Data Security Standard (PCI DSS)

This resource outlines template guidelines for implementing security measures in mobile payment systems. Topics covered may include encryption standards, secure authentication methods, data protection measures, and compliance with relevant industry standards such as the Payment Card Industry Data Security Standard (PCI DSS). This is relevant to all organisations take accept payments, donations, bequeaths or other financial transactions. This is relevant to the Code in ensuring that members ...

Payment Card Industry Data Security Standard (PCI DSS)

This resource is a template providing guidelines for securing payment transactions in compliance with relevant industry standards such as the Payment Card Industry Data Security Standard (PCI DSS). It is suitable for all organisations that conduct financial translations. This is relevant to the Code in developing security processes and mitigating risks associated with financial transactions.

Record keeping and decision making

This resource is an online guide on "Good Governance" developed by the Australian Fair Work Commission (FWC). It is suitable for all organisations with an overview of key record keeping principles and documenting decision-making. It is relevant to the Code by promoting transparency, accountability, and integrity in the management and operation of registered organisations. This guide is also available as an e-learning module and podcast series.

Reporting annually to ACNC

This webpage from the the Australian Charities and Not-for-profits Commission (ACNC) website outlines the specific obligations for charities regarding annual reporting and their deadlines. All listed reporting requirements must be fulfill by all ANGOs to maintain their charitable registration with the ACNC. This resource is suitable for all organisations. This is relevant to the Code in supporting members to engage in meeting their current registration with the Australian Charities and ...

Summary of Privacy laws in Australia

This resource provides a summary of privacy laws in Australia. It is suitable for all organisations in providing an overview on various aspects of privacy laws relevant to not-for-profit organisations in Australia. It is relevant to the Code in supporting compliance requirements under relevant legislation, such as the Privacy Act 1988, and the obligations regarding the collection, use, and disclosure of personal information.

The Prioritized Approach to Pursue PCI DSS Compliance

This document presents the Prioritized Approach for Payment Card Industry Data Security Standard (PCI DSS). It offers a structured method for organisations to prioritise and address security measures as outlined in the PCI DSS. This is suitable for all organisations with limited resources, and want to focus and required efforts on areas with the greatest impact on security. This is relevant to the Code in demonstrating organisation-wide requirements for the protection of privacy.

What books and records should my company keep?

This resource on the Australian Securities and Investments Commission (ASIC) website provides a summary of all the books and records that Australian companies should maintain. It is suitable for all organisations registered in Australia. This is relevant to the Code because it offers practical advice and templates for organisations to maintain accurate and up-to-date records in accordance with regulatory standards.

What is good governance?

This resource is an online guide on "Good Governance" developed by the Australian Fair Work Commission (FWC). It is suitable for all organisations with an overview of key governance principles and practices tailored specifically for registered organisations in Australia. This is relevant to the Code in highlighting the significance of compliance with specific legal obligations and reporting requirements. This guide is also available as an e-learning module and podcast series.
Loading...