View Document

Compliance Policy

This document is not in force yet. It will take effect from 03/02/2025. To view current or historic versions, click the relevant link in the document's navigation bar.

Section 1 - Purpose

(1) This policy affirms RMIT’s commitment to compliance management and outlines the framework and objectives for managing compliance obligations. It promotes a positive compliance culture that fosters ethical conduct and supports good governance and operational excellence at RMIT.

(2) The process for identifying, monitoring and reporting on compliance management is detailed in the Compliance Procedure and Compliance Breach Management Procedure, both of which are to be read in conjunction with this policy.

Top of Page

Section 2 - Overview

(3) RMIT is subject to a wide range of compliance obligations, including compliance requirements under applicable laws, regulations, standards, codes of practice, and compliance commitments made by RMIT.

(4) Compliance management involves identifying, implementing, assessing and reviewing compliance with obligations. To effectively address the pace of change in an evolving regulatory environment, compliance management is continuous and timely. This approach supports decision-making and management practices, and integrates with the RMIT risk management framework.

(5) This policy outlines:

  1. the RMIT Group’s approach to compliance management to promote a compliance culture that enables RMIT to achieve its strategic, operational and commercial objectives, and
  2. the responsibilities of RMIT, its staff, researchers, affiliates, contractors and volunteers in managing compliance obligations. 
Top of Page

Section 3 - Scope

(6) Throughout this policy and its associated policy resources, RMIT means the RMIT Group. The RMIT Group is defined as RMIT University and its controlled entities (e.g. RMIT Vietnam, RMIT Europe, RMIT Online and RMIT UP).

(7) This policy applies to all staff, researchers, affiliates, contractors and volunteers of the RMIT Group. All members of the RMIT community are responsible for understanding and fulfilling compliance obligations.

Top of Page

Section 4 - Policy

Principles

(8) RMIT is committed to:

  1. complying with relevant legislation to operate safely and pragmatically, uphold its reputation, and avoid legal consequences
  2. ensuring effective oversight and accountability of legislative obligations through clearly defined ownership, roles and responsibilities
  3. adopting a risk-informed approach to compliance management
  4. conducting regular assessments to identify controls and gaps to ensure that RMIT fulfills its compliance obligations
  5. monitoring activities to ensure adherence to policies and compliance with regulatory and legislative requirements
  6. proactively responding to changes in legislation and ensuring timely compliance with new compliance obligations
  7. reporting regularly to the Vice-Chancellor's Executive Meeting (VCEM) and the Audit and Risk Management Committee (ARMC), and providing key information on compliance breaches, identified gaps, rectification strategies and compliance attestations
  8. proactively preventing, identifying, reporting, escalating and responding to compliance breaches
  9. providing staff with relevant compliance education training programs, ensuring ready access to breach reporting systems, and fostering a safe environment for raising compliance issues
  10. maintaining the Compliance Policy through continuous improvement and awareness of compliance obligations across all operating areas and locations to ensure alignment with best practices.

(9) RMIT’s Compliance Policy is informed by governance structures and instruments, including but not limited to:

  1. Royal Melbourne Institute of Technology Act 2010
  2. University statutes and regulations, such as RMIT Statute No.1
  3. Audit and general governance functions
  4. Code of Conduct
  5. Delegations of Authority Policy
  6. Risk Management Policy
  7. Corporate Social Responsibility Framework
  8. Anti-Corruption and Fraud Prevention Policy.

Responsibilities

(10) The Audit and Risk Management Committee assists the RMIT University Council in discharging its responsibilities to the RMIT Group by monitoring compliance with laws, regulations and the Code of Conduct.

(11) Members of the Vice-Chancellor's Executive:

  1. are designated as Accountable Officers, responsible for implementing the Compliance Policy within their areas of responsibility
  2. assign appropriate resources to manage compliance obligations, including appointing Legislative Owners with subject matter expertise, who have significant operational control and delegated authority
  3. provide information, advice and assurance about compliance management in their areas of accountability.

(12) The Executive Director, Governance, Legal and Strategic Operations is responsible for the Compliance Policy and its associated procedures and resources.

(13) The Central Compliance Team:

  1. develops and maintains the Compliance Policy, associated procedures and resources
  2. advises and supports Legislative Owners and Legislative Specialists to effectively implement controls for the management of compliance obligations
  3. provides oversight of compliance requirements with a centralised Legislative Obligations Register and provides access to tools and resources to help stakeholders understand and respond to changes in compliance requirements
  4. retains a record of identified or suspected compliance breaches and their outcomes in the RMIT Compliance Breach Register
  5. monitors and facilitates regular reporting to governance bodies and management committees, and external agencies where required.

(14) Legislative Owners and Legislative Specialists:

  1. promote a culture of compliance within their business area or function and manage implementation activities in accordance with the Compliance Policy
  2. actively monitor compliance risks and respond to identified and suspected compliance breaches in line with the Compliance Breach Management Procedure
  3. collaborate with the Central Compliance Team to maintain an effective and current Compliance Policy and cooperate with requests for information.

(15) All staff and researchers remain individually accountable for their actions as members of the RMIT Group community, bound by the Code of Conduct and relevant enterprise agreements. They have a responsibility to:

  1. ensure that they are aware of the compliance obligations applicable to their role and that their actions are consistent with RMIT policies
  2. undertake mandatory compliance training
  3. report and escalate compliance concerns and suspected breaches to their manager or supervisor in line with the Compliance Breach Management Procedure.

(16) Contractors and volunteers have a responsibility to:

  1. ensure that they are aware of the compliance obligations applicable to their role at RMIT and that their actions are consistent with RMIT policies
  2. undertake compliance training as requested and conduct themselves in accordance with the specific terms of engagement.

Assurance

(17) Regular reporting on material breaches, trends, systemic issues, and the level of compliance across the RMIT Group is provided to the RMIT University Council and Audit and Risk Management Committee. This provides reasonable assurance that:

  1. Ownership of compliance obligations is clearly defined and understood to enable effective oversight and management.
  2. Operations are grounded in an effective compliance management approach integrated with the Risk Management Framework, enabling RMIT to identify, assess, manage, monitor and report on compliance obligations.
  3. Compliance breaches are proactively identified and prompt corrective action is taken in line with the Compliance Breach Management Procedure, and potentially disciplinary action for members of the RMIT Group who breach compliance obligations.

(18) To ensure appropriate visibility, oversight and governance of compliance management, the Central Compliance Team coordinates biannual reporting to VCEM and ARMC, with input from Legislative Owners and Legislative Specialists. When in-depth discussions on specific legislation are required, Legislative Owners will lead these discussions at relevant governance meetings.

(19) The Education Regulation, Compliance and Assurance (ERCA) team:

  1. provides enterprise-wide advice on all education regulatory activities related to RMIT’s registration as an Australian University and Registered Training Organisation, acting as the principal contact with TEQSA, the Australian Higher Education Regulator and ASQA, the national regulator for vocational education.

(20) The Internal Audit team:

  1. undertakes internal audits with due consideration of compliance obligations that are relevant to the scope of the audits
  2. reports periodically to ARMC and at times to VCEM and other governance bodies (e.g. Academic Board), where required, on the results of internal audits performed.

Compliance

(21) The Central Compliance Team monitors compliance with this policy and reports on breaches to internal governance bodies, as required, in accordance with the Compliance Breach Management Procedure.

(22) Breaches of this policy by a staff member are managed in accordance with the Code of Conduct and the Compliance Breach Management Procedure as appropriate.

(23) Staff who knowingly or recklessly breach a compliance obligation may be subject to applicable legislative penalties or disciplinary action.

Review

(24) This policy is maintained by the Central Compliance Team and is reviewed every five years in accordance with the Policy Governance Policy.

(25) Periodic reviews will align with ISO 37301:2021 Intentional Standard for Compliance Management.

Top of Page

Section 5 - Procedures and Resources

(26) Compliance Procedure

(27) Compliance Breach Management Procedure

(28) Compliance Escalation Guide.

Top of Page

Section 6 - Definitions

(Note: Commonly defined terms are in the RMIT Policy Glossary. Any defined terms below are specific to this policy).
Accountable Officer
A member of the VCE or a specified legislative or regulatory delegate who is accountable for resourcing and nominating Legislative Owners and Legislative Specialists.
Breach
A failure to meet the clauses, principles, or requirements of regulatory, contractual and legislative obligations or RMIT policies and procedures. Significant or material breaches may be reportable to an external agency or regulator. See also: Material breach
Compliance
Meeting all requirements of laws, regulations, statutes, standards and policies.
Compliance attestation
A verification process undertaken by Accountable Officers (members of the Vice-Chancellor's Executive), where they attest to the effectiveness of internal controls and compliance or non-compliance with obligations that are relevant to their areas of operation throughout RMIT.
Compliance Breach Register
A record of breaches of RMIT’s compliance obligations, managed by the Central Compliance Team.
Compliance management
The coordinated institutional approach to identifying, assessing, managing, monitoring, and reporting compliance obligations, risks and performance across the RMIT Group.
Compliance obligation
Refers to any legal, regulatory, contractual or internal requirement that RMIT must adhere to. This includes obligations arising from legislation, regulations, standards, codes of practice, contracts, and internal policies and procedures that govern RMIT’s operations and activities and ensures that RMIT meets its responsibilities to staff, students, government bodies and the broader community.
Legislative Owner
Legislative Owners are senior officers responsible for compliance with specific obligations and provide leadership to ensure requirements are met. They are accountable for guiding the implementation of compliance processes, systems and controls within their area, as well as implementing compliance action plans. Additionally, they are responsible for nominating Legislative Specialists for the Central Compliance Team to liaise with.
Legislative Specialist
Subject-matter experts with operational knowledge of how specific legislation or Acts apply to RMIT. They support the Legislative Owner in implementing the Compliance Policy, provide advice about specific legislation, and are responsible for facilitating or undertaking assessments against obligations.
Material breach
A severe and significant breach, in terms of scale and/or regulatory requirements, or with implications for safety and security, and/or legal requirements. See also: Breach.