GRC Solutions to launch New Zealand Health & Safety at Work course

GRC Solutions to launch New Zealand Work Health & Safety course. A set of regulations supporting the new Health and Safety at Work Act 2015 (HSWA), which takes effect on 4 April 2016, have now been released. The new law will follow the model set by Australia’s harmonised WHS laws.

The first phase of the NZ regulations cover the following areas:

  • General Risk and Workplace Management
  • Worker Engagement, Participation and Representation
  • Asbestos
  • Adventure Activities
  • Major Hazard Facilities
  • Mining Operations and Quarrying Operations
  • Petroleum Exploration and Extraction
  • Rates of Levy Funding

GRC Solutions will launch a new New Zealand Work Health & Safety course to replace our existing Health and Safety in Employment course. The course will reflect the incoming legislation and regulations to ensure those affected understand what the new law requires of them.

Please note additional regulations will be released as they become finalised. We are keeping a close eye on these legal developments and will keep you updated.


A positive risk-based approach to compliance programs

Workers in an office listening to a man speak, the workers are smiling and enjoying themselves

We are often asked whether compliance programs are mandatory. This question is hard to answer without understanding the context in which the question is asked. All organisations must have a program in place to ensure they and their staff are aware of, and complying with the law, so the real question is: “what sort of compliance program do I need?”

Different organisations and industries I see tend to focus on different issues, leaving other areas without focus. Construction companies may have a good handle on safety, health and environment issues but lack a program covering competition law, anti-corruption, or supplier compliance. Not-for-profit organisations may have good policies and training around diversity and equality, but not much on privacy and data security. A professional services company may have a good anti-bullying and harassment program, but lack an anti-money laundering program.

There is guidance in the form of the new International Standard ISO 19600 which replaces the Australian Standard AS 3806 (despite drawing heavily on it). Other guidance is available from several local and international sources including industry codes of practice, US sentencing guidelines and the UK adequate procedures guidelines.

This may seem overwhelming. However, the key to deciding what sort of a compliance program you need is to take a risk-based approach which is relevant to the environment in which your organisation operates. By starting with a risk assessment, you can adequately gauge what the appropriate program is for your organisation. Factors such as the size of your organisation, the industry and jurisdictions you operate in will influence the design of your program. A construction company with 500 staff will have a very different compliance program to a retail bank with a global footprint.

Creating proper policies and procedures that are continuously revisited and updated is an essential step, as is emphasising the importance of training and education. Employees need to have a clear understanding of how serious compliance matters are and who is held accountable.

It is essential to take a measured approach. Overloading staff with policies and training that is not relevant to their role will have a detrimental effect. Look at the risks each job role faces and design a program that ensures they have the relevant training they require and ensure that they have ongoing access to resources.

Remember that this isn’t vocational training that staff may voluntarily choose to do to attain a promotion. Compliance training should be mandated from the very top of the organisation. It should be monitored, measured and analysed for systemic issues.

Speed to competence is vital. Design your training curricula to ensure that staff can fit in what they need, when they need it. Think about their other training and day-to-day role requirements. Doing a bit of work upfront designing a risk-based curricula based on job roles will save you from a lot of pushback down the track. It will also save the organisation hundreds if not thousands on mandatory training hours.

Ensure that there is support for the program throughout the organisation. In many cases, it is the CEO, the risk committee or even the board itself that should be driving the program. However it is middle management that will end up having to ensure its take up, so it is essential to ensure organisation wide buy-in.

Compliance culture is probably the most important component of a program. There are many definitions of culture, but in this context the one I like is as follows: “culture is what fills the gaps left between training, policy and procedure and helps to guide appropriate decision making.” It is essential that the culture of the organisation doesn’t undermine your compliance program.

In a recent presentation, Neville Tiffen, previously the Global Head of Compliance at Rio Tinto, mentioned that his former company had chosen to call its compliance program the “Integrity and Compliance Program”. As Neville explained, this was because all would agree that they want to do business with integrity. It’s a positive message that resonated with Rio Tinto.

Creating that positive message is a key cultural component that will link the policies, procedures, training and tone from the top and help ensure that your program is adopted successfully. Ongoing regular reviews will ensure that your program remains effective and efficient, but a simple positive message about working with integrity will permeate the culture of the organisation for a long time to come.

Hungry Jack’s breaches work health and safety laws


Hungry Jack’s has been fined AUD$90,000 after failing to call an ambulance to treat one of its employees who fell in an open vat of cooking oil while at work. Magistrate Michael Ardlie, in his judgement, stated “as an employer it was responsible for the employee’s safety and it should have arranged for proper medical treatment.”

The incident occurred in June 2012 when the injured employee, Dylan Robeson, was working the graveyard shift when asked to filter cooking oil from the deep fryers. After filtering two fryers, Robeson slipped and fell into the open top of the mobile unit, which was filled with hot oil. The temperature of the oil at the time ranged between 135C and 149C, leaving Robeson with third degree burns to 10 per cent of his body.

Hungry Jack’s pleaded guilty to one count of violating occupational health and safety laws. The company admitted that an external machine was required to filter the oil because the filtering component of the deep fryer was broken. Also, even though the external machine had a lid, it had to be kept off in order to be used, exposing the employee to a greater risk of harm.

Although the staff at the time helped Robeson by running cold water over his injuries, the restaurant manager failed to call an ambulance. Eventually Robeson called his father on his mobile, who then came to the store to take his son to the hospital. The magistrate expressed that “the first and immediate call ought to have been to an ambulance … Hungry Jack’s cannot discharge its duty of care to the father of the employee.”

As a result of the incident, Hungry Jack’s has committed to spending nearly AUD$5.3 million to replace all current fryers across Australia with self-filtering ones.

As a part of Australian work health and safety laws, employers owe a primary duty of care to provide and maintain a safe work environment. Also, employers have a duty to prepare, maintain and implement an emergency plan for each workplace. This plan must outline procedures to be followed in the event of an emergency. This includes medical treatment and various means of notifying emergency services.

Contact GRC Solutions today for more information about out work health and safety online compliance training courses.

Source: The Advertiser

Whitepaper: An ABC guide to legal compliance

ABC guide to compliance

A legal compliance programme is a set of structures and procedures designed to ensure that an organisation complies with its legal obligations. No single model will suit all organisations, however some key elements should be addressed in all compliance programs.

The following commentary provides an overview of legal compliance and its implementation by way of policy. Our New Zealand partner, MyLawGuide has identified the key elements as typical of best practice when implementing a legal compliance program to deal with an organisation’s legal responsibilities.

The template inside can be used as a starting point to begin planning or updating your company-wide compliance program.

Please complete this form to download the whitepaper
*Please note, to save the whitepaper onto your computer, simply right click on the pdf and select “Save as”.

Singapore bribery scandal involving US Navy

bribery and corruption

US Navy commander Jose Luis Sanchez pleaded guilty to federal bribery charges last week. The charge related to gifts and services he received from Glenn Defence Marine Asia (GDMA), a Singapore-based contractor who supplied services to the Navy.
Sanchez is the fifth defendant to plead guilty to charges concerning bribes of sex workers, cash, luxury hotel rooms, plane tickets and concert tickets in exchange for service contract tip offs to GDMA CEO Glenn Francis.

Sanchez also allegedly revealed sensitive information on ship movements and recommended refuel and resupply calls at ports operated by GDMA. Seven defendants have been charged by the US Department of Justice (DOJ), including members of the Naval Criminal Investigative Service (NCIS) and other senior Navy Officers. The bribery scheme began in September 2009, the DOJ alleges. Sanchez was first arrested in 2013. At the time, the Washington Post said “the unfolding investigation is shaping up as the biggest fraud case in years for the Navy.”

Over the past 25 years the GDMA has reportedly earned over USD$200 million from US Navy contracts. The DOJ alleges $20 million of these earnings were obtained through bribery. “Commander Sanchez sold out his command and country for cash bribes, luxury hotel rooms and the services of prostitutes,” said Leslie Caldwell, chief of the DOJ’s criminal division. “After today’s guilty plea,” Caldwell said, “instead of free stays at the Shangri-La hotel, Sanchez is facing many nights in federal prison.”

This case demonstrates the need for all companies to ensure they can effectively monitor and address corruption within their own organisation. Does your companies have mechanisms in place to deal with corporate misconduct? Speak to GRC Solutions today about our Anti-Bribery and Corruption courses.


Source: FCPA Blog


Training relevancy is more important than ever

Written by Dean Rogers, Business Development Manager

judge hammer

Often I have discussions with my clients about making compliance training relevant to their staff. These talks generally revolve around branding, the particular scenarios used and whether this or that case study applies to their industry. Essentially, the focus is on the look and feel of the material.

The presentation is important and emphasis on that area should not be minimised, particularly as compliance training is not the highlight of an employee’s work week. The more a staff member can identify with the training, the more likely the message will stick.

Companies operating in Australia (particularly those based overseas) must pay more attention than ever to course content. A recent judgement was made in the Federal Court of Australia which focused on the legal content found in compliance courses. For those of you who are not familiar with the case (Richardson vs Oracle), it involved the sexual harassment of a female employee by her male colleague.

The defence argued that Oracle had taken all reasonable steps to prevent sexual harassment. Among other things it noted that the employee involved (Mr Tucker) had recently taken part in the company’s online sexual harassment training.

The judgement viewed online delivery as an acceptable method of compliance training for Oracle’s staff. However, criticism was made of the course content. As noted in the judgment, “This training was a global package which applied to Oracle employees worldwide. It was apparently designed in the USA and was said to be based on “global standards” of how to interact in a workplace.”

The international course content was not acceptable with the judgment further stating, “Amongst the criticisms available of the contents of the global online training package which Mr Tucker undertook in October 2007 are the fact that it made no reference to the legislative foundation in Australia for the prohibition on sexual harassment stated by Oracle; made no clear statement that such conduct was unlawful; and made no statement that an employer might also be vicariously liable.”

Australia has a large number of multinational corporations with sizable staff numbers in Australia. I know from first hand discussions with local staff that there is often significant pressure to implement a “one size fits all” program from their international parent. As noted by the Oracle case, this approach can backfire and leave an organisation exposed when an incident occurs.

Conference mishmash

Last week we ended our 2014 Conference season with Learning@Work and GRC 2014.

The Learning@Work conference brought together thought leaders from across Australia to share the latest challenges affecting the workplace learning environment.

Everything from social learning and company culture to new learning technology trends and gamification was covered with ample networking opportunities thrown in between. Both Dean Rogers our Business Development Manager in Melbourne and Sam Gibbins, General Manager of Asia were flown over to Sydney to greet friendly faces at our exhibition booth.

photo 2Governance, risk and compliance
The GRC Institute Conference kicked off with a lively start at the Welcome Reception on Wednesday night. Julian Fenwick, Managing Director, Sam Gibbins, General Manager Asia and Tricia Clarke, Business Development Manager from Perth were there enjoying a drink with delegates, exhibitors and old friends.

Day one involved an extremely well run crisis management simulation exercise. Delegates were given different roles during a bribery and corruption incident occurring in a fictional mining company. As part of the crisis management team, groups were challenged to find the right strategy to mitigate risks as the crisis unfolded. Effective monitoring of social media and PR were central to the discussion. KPMG’s Geof Mortlock and Dominika Zerbe placed strong emphasis on companies avoiding their board’s Chairman becoming the public face of their company during a crisis situation.
governance, risk and compliancecompliance training

Delegates had a fantastic time at the remaining conference workshops and seminars with great leaders sharing their thoughts on governance, risk and compliance challenges being faced.
The conference ended with a Halloween themed Gala dinner including awards, dancing and karaoke.

We were delighted to see that one of our Salt Compliance clients, Toyota Finance Australia, were successful in taking out the award for Compliance Team of the Year over all Winners

compliance trainingcompliance trainingHalloween photo

We were thrilled with the positive response we received at both conferences from delegates showing genuine interest in our products and services, particularly our newest product the GRC Legal Obligations Register – GRC LOR. It was also a great opportunity to catch up with many of our existing clients that were attending the conference.

We look forward to following-up with all of our fellow delegates to see what governance, risk and compliance avenues we can support them with leading into 2015.

Asia Update

Sam Gibbins, General Manager Asia has spent the last few weeks travelling to meetings across Asia accompanied by Julian Fenwick our Managing Director who was visiting from Australia.

Together they also exhibited at the International Conference on Financial Crime and Terrorism Financing 2014, held in Malaysia.

The event was positive with a crowd of 490 delegates visiting the conference in Kuala Lumpur. The pool of delegates consisted of Senior Executives from large organisations across Asia.

This important yearly event is one that brings Senior Management and the Board of Directors at various organisations together to discuss corporate governance, risk and compliance and to consider the effectiveness of their current methodologies, technologies and systems on minimising financial crime, terrorism financing and the like.

As a corporate Anti-Money Laundering expert, Sam was also asked to Chair a discussion on Anti-Money Laundering & Crypto Currencies (Bitcoin). You can read our article on this topic here.

We were also able to do some quick demonstrations of our Salt Compliance training technology and content for Asia.

Seeing as this conference was in Malaysia, we understand that many of you were unable to attend. We would like to extend our invitation for an obligation free Salt Compliance demonstration to you.

Simply contact us to set-up a time that is most convenient for you.

panel discussionSam does demojulian at standphoto 3conference room

Competition and Consumer Protection: Red Bull may not give you wings after all

Coffee cup  

Red Bull is alleviating the effects of false advertising by agreeing to pay over $15 million.

Red Bull’s marketing tactics and advertising campaigns falsely claim to give consumers superpowers.

Competition and Consumer Protection laws are in place to ensure products on the market are being sold fairly and that consumers are not being misled.

In this case, the accuser believes that Red Bull’s slogan “Red Bull gives you wings” was misleading because they were not able to fly after a few sips.

The accuser who has been regularly consuming Red Bull energy drinks since 2002 has realised that the enhanced performance which the energy drink claims to give consumers is non-existent and hasn’t helped him become a better athlete in any shape or form. In fact their consistent marketing campaigns throughout print, TV and internet channels misrepresent the energy drink that has no greater benefits than drinking a cup of coffee.

The court agreed that Red Bull’s strong focus on being a superior source of ‘energy’ was inaccurate and unfairly deceiving consumers. The court found Red Bull guilty of deceptive and fraudulent practices.

So what are the consequences of breaching the Competition and Consumer Protection laws?
In the US, if the settlement is approved, all consumers who bought at least one can of Red Bull in the past 10 years will be reimbursed with either $10 or two free Red Bull products – bringing Red Bull down to $6.5 million in just a matter of days.

Does your organisation abide by competition and consumer protection laws when advertising its products and services?
What do you think of this case?


Whitepaper: The importance of actions/activities/tasks in risk management

GRCHUB - the importance of actions, acitivites and task in rm

Liam O’Brien recently joined our team at GRC Solutions as a Senior Risk and Compliance Consultant. This whitepaper shares his insights on the importance of actions, activities and tasks which ultimately act as controls in a risk management program.

Liam has worked for large and diverse organisations in senior management roles for over a decade. His governance, risk and compliance expertise comes from successfully executing:

    • risk management frameworks
    • compliance programs
    • governance reviews
    • bribery and corruption assessments
    • audit programming


This paper outlines just two of many essential controls that must be implemented to avoid a risk becoming reality. It examines in detail how these controls can be introduced or reviewed and embraced by an organisation.

The journey towards ensuring organisational effectiveness requires action and perhaps the best way to deploy your efforts is within a sound risk management framework. It should identify where any individual organisation will get the best return for each dollar spent, ensuring strategy becomes reality and that risks don’t.

Please complete this form to download the whitepaper
*Please note, to save the whitepaper onto your computer, simply right click on the pdf and select “Save as”.

How to get back on track after crisis strikes

reputation damage recovery

Your organisation’s name has landed on the front page of newspapers, it’s being thrown around loosely by newsreaders, the press is demanding interviews with your top management, and your reputation is coming crashing down by the second.

An employer’s most valuable asset is of course their employees, but just as important is their reputation. Any hits to an organisation’s reputation can be devastatingly costly. Ironically, the cause of reputational damage is usually non-complying employees.

When ineffective compliance training and lax policy and risk management solutions are left to filter through, a crisis awaits at the final tipping point. Poor risk, governance and unethical procedures leave your organisation open to reputational damage.

So how can you successfully rebuild a tarnished reputation?

Earlier on in the year, Corporate Risk and Insurance interviewed David Van, founder and managing director of a reputational risk management consultancy. He recommends the following two solutions to put your organisation back on its feet.

1. Ensure that risks of any other possible damaging problems are eliminated. This means carrying out an audit of any other existing reputational risks.

“Once something’s happened any other issue, no matter how small, will be highlighted and will only compound on the damage already done. Something that might have been of no interest to media or other stakeholders previously can have a compounding effect. Because that company is already in the media you’ll see often following a crisis any other coverage will have a tagline (relating to the first crisis). It tends to follow them and any other news gets tagged with that. This makes it difficult to get positive messages out.”

2. Have closure on the crisis – whether that is by a legal case or inquiry.

“The best way to do that (if it’s not subject to an external inquiry) is for the company itself to commission an independent inquiry and then publish the results of that,” Van said.

“If there’s ligation afoot then you must let it run its course, but if there’s not it’s a very good step for companies to demonstrate transparency (transparency is a key driver of reputation). It is very beneficial to go through the exercise of investigating how it happened, clarifying what the error was and demonstrating that it’s not going to happen again.”

Van also recommends exploring the possibility of participating in a seminar explaining to other companies how they can avoid going through a similar crisis.

“A lot of companies baulk at this because they don’t want to talk about what’s happened but people know that bad things can happen and the loss of reputation mostly derives not from what happened but why it happened and what you did about it,” he said.

“As you went through it, people will want to know that you learnt from that lesson, being genuine and showing how something happened and saying to other companies here’s what happened to us, here’s how you can avoid the same thing, is a really good step to do that. If you show genuine remorse and genuine efforts as to how and why it won’t happen again your reputation will come out the other side stronger than it was before,” he said.

After taking these steps Van advises it’s a matter of doing your normal promotions, PR and advertising but with sensitivity to what’s happened.

GRC Solutions recommendation
The most significant preventative action an organisation can take to avoid a crisis and reputational damage, is to implement an effective compliance training program, and a streamlined policy management solution that will keep your employees on top of your workplace culture, rules, regulations and acceptable behaviour.

Systems like these also mean that if a crisis were to strike that you have auditable trails of policy and procedures and evidence of staff being trained on topics such as anti-money laundering, workplace behaviour and insider trading. It’s the proof in the pudding that preventative measures were taken to avoid such a dilemma at all costs.

Whitepaper: Five key elements of effective compliance training


5 key elements effective compliance training title page

Julian Fenwick, Managing Director of Governance, Risk & Compliance Solutions has written this whitepaper to share his insights on the demand for organisational compliance training that comes with tightening legislation across the Asia-Pacific.

Throughout this paper he outlines the five key elements of effective compliance training, particularly from an online compliance training perspective.

Julian has played an instrumental role in the development of the online compliance training industry in Australia.



Whilst organisations continue to face the exorbitant consequences for non-compliance across a number of Asia-Pacific jurisdictions, compliance training styles continue to evolve.

Julian encourages organisations to ensure their compliance training programs in any style, are developed to face new risks, improve learning outcomes and most importantly enhance your organisational culture.

Please complete the form to download the whitepaper

France’s largest bank faces penalty of $8.9 billion

France’s largest bank, BNP Paribas, will pay $8.9 billion in penalties for transferring over $190 billion in transactions on behalf of clients that are under U.S. sanctions. The clients included Sudan, Iran and Cuba.

anti-money laundering

The transactions occurred between 2002 and 2012. The French bank failed to comply with the laws despite receiving several internal warnings from the US government from as early as 2005. While no employees were criminally charged, New York’s Department of Financial Services required BNP to terminate 13 employees.

In addition to its fine, BNP is suspended from clearing dollar transactions from its New York branch and other US affiliates where the misconduct occurred. The suspension applies for a year, starting from 2015.

By pleading guilty, the bank has entered an undertaking which reflects a broader US Justice Department strategy. Further revelations of money laundering or sanctions violations by other major banks are expected to follow.

BNP is listed as one of the top five banks in the world.

Mitigating risk

Compliance training of employees plays a crucial role in mitigating the risk of breaching anti-money laundering and counter-terrorism financing laws.

In the words of Benjamin Lawsky from New York’s DFS, “It is important to remember that banks do not commit misconduct – bankers do.”


Source: The FCPA Blog