GRC Professional Podcast

Grant Thornton Head of Risk and Compliance Jo-Anne Hayes talks about the importance of having privacy policies around the onboarding and use of digital, online tools, pilots and free trials.

Would your company pass the Fair and Reasonable Test? “People have started saying ‘well, we shouldn’t just be thinking about could-we, but we should be thinking about should-we. And I think if you bundle up fair and reasonable, if you bundle up privacy as a human right, if you bundle up potential rights to claim against companies, that should-we questions could be your north star and your guiding light until we have actual legislation to live by.” – Lyn Nicholson, General Counsel, Holding Redlich. The Australian government has agreed in principle to many recommendations made in the review of the Privacy Act—one of which is the fair and reasonable test, which will require regulated entities to make an impact assessment before collecting personal data for products or services. Holding Redlich General Counsel Lyn Nicholson talks about the potential impact of the fair and reasonable test because it might not be a bad idea to use it as a guiding principle even though it is not a requirement…. yet. Resources • Government response to the Privacy Act Review Report: https://www.ag.gov.au/rights-and-protections/publications/government-response-privacy-act-review-report#:~:text=In%20its%20response%20to%20the,to%20best%20protect%20this%20information • Dymocks confirms 1.2 million customers shared on the dark web in data breach: https://www.abc.net.au/news/2023-09-15/dymocks-confirms-1-million-customers-details-leaked/102863820 • Data Breach could cost Medibank $ 35 million in 2024: https://www.itnews.com.au/news/data-breach-could-cost-medibank-35-million-in-2024-599566 • Equifax fined $13.4 million following data breach: https://www.cshub.com/attacks/news/equifax-data-breach-fine

Are there cultural challenges in your organisation? How are you measuring them? Are your solutions proactive or reactive? Have you developed a psychologically safe workplace? Ombpoint Managing Director Lindall West stresses, the importance of proactively approaching people risk in organisations. Resources Respect@ Work: https://www.respectatwork.gov.au/ Anti-Discrimination and Human Rights Legislation Amendment (Respect at Work) Bill 2022: https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/bd/bd2223a/23bd027#:~:text=The%20purpose%20of%20the%20Anti,2020)%20(the%20Report). Ombpoint: https://ombpoint.com/organisations-are-auditing-their-culture-and-conduct-are-you/

CCL Consultants Principal & Australian Compliance Institute Course Facilitator Bronwyn Gallacher talks about the Treasury Laws Amendment (More Competition, Better Prices) Bill and the impact that the increased maximum penalties could have on Qantas and other matters after the royal assent of the amendment. Resources Treasury Laws Amendment (More Competition, Better Prices) Bill 2022: https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r6923 ACCC Takes court action alleging Quantas advertised flights it had already cancelled: https://www.accc.gov.au/media-release/accc-takes-court-action-alleging-qantas-advertised-flights-it-had-already-cancelled Record penalties of $438 million ordered against Phoenix Institute and CTI for acting unconscionably and misleading students: https://www.accc.gov.au/media-release/record-penalties-of-438m-ordered-against-phoenix-institute-and-cti-for-acting-unconscionably-and-misleading-students

GRC Solutions Head of Content Adrian Phoon talks about an upcoming webinar and future discussion groups to be conducted in conjunction with the Australian Compliance Institute. Register for The Compliance Webinar now!: https://thegrcinstitute.org/Events/eventdetail/2188 Have your say on future topics: https://www.surveymonkey.com/r/L9BFKG5 Event Description The Discussion Group will feature a range of guest speakers. The aim is to equip members with practical advice from subject matter experts and promote discussion and knowledge-sharing between peers. To launch the discussion group, we are offering a webinar event, that will be open to members and non-members. This webinar from 12-1pm on Monday 20 November. This is an opportunity for non-members to get an understanding of the topics we cover and how they might benefit from participating in discussion groups.

LexisNexis Head of Content Regulatory Compliance Kieran Seed, outgoing-Australian Compliance Institute CEO and Interim-Australian Compliance CEO discuss the state of financial crime-related risks and regulation through the lens of the Lexis Nexis Whitepaper, 2023-2024 AML-CFT Compliance Roadmap Leveraging ISO 37301. Download your copy of the 2023-2024 AML-CFT Compliance Roadmap Leveraging ISO 37301 now: https://www.lexisnexis.com.au/en/insights-and-analysis/research-and-whitepapers/2023/2023-2024-aml-cft-compliance-roadmap Resources CPS 230 Operational Risk Management: https://www.apra.gov.au/operational-risk-managementAPRA and ASIC commence joint administration of the new Financial Accountability Regime: https://www.apra.gov.au/news-and-publications/apra-and-asic-commence-joint-administration-of-new-financial-accountability ISO 37301: https://www.iso.org/standard/75080.html Related Financial Crime Podcasts AML & Financial Crime 2023 Wrap-Up: https://soundcloud.com/user-89551722-76965574/aml-financial-crimes-congress-wrap-up-1 AML & Financial Crime Congress 2022 & Sanctions: https://soundcloud.com/user-89551722-76965574/aml-financial-cirmes-congress-2022-sanctions Thinking about Board Education in AML Compliance: https://soundcloud.com/user-89551722-76965574/thinking-about-board-education-in-aml-compliance AML & Financial Crime Congress 2023 Presentation - Carolyn Hanson: https://soundcloud.com/user-89551722-76965574/aml-financial-crime-congress-2023-carolyn-hanson Other Related Podcasts Showing evidence in ISO37301: https://soundcloud.com/user-89551722-76965574/showing-evidence-in-iso-37301-draft The Ecosystem of FAR: https://soundcloud.com/user-89551722-76965574/the-ecosystem-of-the-far-draft-2

alteredstate Director Craig Chappell talks about productivity, efficiency and getting more time back for yourself. Don’t miss the Productivity + Workshop: Workload and Workflow Mastery! Register Now: https://thegrcinstitute.org/Events/eventdetail/2187 Event Details Productivity + Workshop: Workload and Workflow Mastery The Australian Compliance Institute is pleased to be able to provide access to this workshop by alteredstate for our members. With multiple competing priorities, juggling the compliance workload can be overwhelming and take up valuable time in itself. This workshop will help you manage the requests and demands on your time, freeing you up so you can achieve balance and clarity for your priorities. Balance is essential for your well-being, as the schedule for compliance deadlines only accelerates constantly. You need to be at your best to deliver your best. These workshops will take you through approaches to your workload and will be followed up by one-on-one coaching to ensure you are putting the lessons into practice. The structure of the sessions will be: • Workshop session one: 8 November – 10:30 am – 2:30 pm • Workshop session two: 15 November - 10:30 am – 2:30 pm 1:1 Coaching to start after 20 November. Register Now: https://thegrcinstitute.org/Events/eventdetail/2187

"Documentation of accountability is just the starting point; it is imperative that you can demonstrate that it is embedded in the BAU of your organisations. And remember, as businesses evolve, role changes and go into different areas of accountability--it's quite dynamic." Adder Rock Consulting Principal Richard Sheldon looks at the ecosystem around the Financial Accountability Regime. Resources CPS 511 Remuneration: https://www.apra.gov.au/sites/default/files/2021-08/Final%20Prudential%20Standard%20CPS%20511%20Remuneration%20-%20clean_0.pdf CPS 230 Operational Risk Management: https://www.apra.gov.au/sites/default/files/2022-07/Draft%20Prudential%20Standard%20CPS%20230%20Operational%20Risk%20Management.pdf CPS 234 Information Security: https://www.apra.gov.au/sites/default/files/cps_234_july_2019_for_public_release.pdf Financial Accountability Regime: https://www.apra.gov.au/financial-accountability-regime In Case You Missed It: Delegation of Compliance https://soundcloud.com/user-89551722-76965574/delegation-of-duty-in-compliance

The AML & Financial Crime Congress 2024: Connecting the Dots will be held on 15 May 2024. Until then, here is a session from this year's congress. At the AML & Financial Crime Congress 2023, Financial Crime Compliance Professional and Australian Compliance Institute member Carolyn Hanson discussed a practical approach to financial crime compliance in high-risk environments and jurisdictions. Enjoy! Register now for the AML & Financial Crime Congress 2024: Connecting the Dots - https://thegrcinstitute.org/Events/eventdetail/2185

Australian Compliance Institute Director Annette Donselaar closes GRC 2023 Conference in August, calling on risk and compliance professionals to step up.

Outgoing Australian Compliance Institute CEO Naomi Burley and Strategic and Engagement Consultant Carole Ferguson discuss the requirements of consolidating multiple member superannuation accounts under the SIS(ACT)through the lens of the Australian Securities and Investments Commission (ASIC)action against AustralianSuper. Resources ASIC sues AustralianSuper over multiple superannuation accounts: https://asic.gov.au/about-asic/news-centre/find-a-media-release/2023-releases/23-249mr-asic-sues-australiansuper-over-multiple-superannuation-accounts/ ASIC v AustralianSuper Concise Statement: https://download.asic.gov.au/media/tv1d2sli/23-249mr-concise-statement.pdf ASIC warns super trustees to boost efforts to consolidate duplicate member accounts : https://asic.gov.au/about-asic/news-centre/find-a-media-release/2023-releases/23-175mr-asic-warns-super-trustees-to-boost-efforts-to-consolidate-duplicate-member-accounts/

What are the limits of AI as a tool? What risks can AI pose to businesses? KartaSoft CEO James Worsfold and KartaSoft Business Analyst David Golding explore key AI benefits, risks and misconceptions. Resources Safe and Responsible AI - https://assets.kpmg.com/content/dam/kpmg/au/pdf/2023/safe-and-responsible-ai-in-australia-report.pdf NSW Artificial Intelligence Assurance Framework - https://www.digital.nsw.gov.au/policy/artificial-intelligence/nsw-artificial-intelligence-assurance-framework ISO/IEC 23894 - https://aistandardshub.org/ai-standards/information-technology-artificial-intelligence-risk-management/ A Parliamentary Inquiry Into Generative AI Closed in July - https://www.aph.gov.au/Parliamentary_Business/Committees/House/Employment_Education_and_Training/AIineducation Digital Platforms Regulators make Joint Submission on Safe and Responsible AI - https://www.oaic.gov.au/engage-with-us/submissions/dp-reg-joint-submission-safe-and-responsible-ai-in-australia-discussion-paper KartaSoft: https://www.linkedin.com/company/kartasoft/?originalSubdomain=au

Australian Compliance Institute CEO Naomi Burley talks about what to expect from the International Federation Compliance Associations Congress 2023. Register Now: https://thegrcinstitute.org/Events/eventdetail/2174 International Federation of Compliance Associations: https://www.ifca.co/

Adder Rock Consulting Richard Sheldon addresses delegation of duty in a continuously evolving regulatory ecosystem. Podcast Notes Financial Accountability Regime 2023: https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r6988 RBC: https://www.rbcroyalbank.com/personal.html CPS 511: https://www.apra.gov.au/remuneration-requirements-for-all-apra-regulated-entities CPS 230: https://www.apra.gov.au/sites/default/files/2023-07/Prudential%20Standard%20CPS%20230%20Operational%20Risk%20Management%20-%20clean.pdf From Fires to Firewalls: APRA Member Therese McCarthy Hockey: https://www.apra.gov.au/news-and-publications/apra-member-therese-mccarthy-hockey-grc2023 About Richard Sheldon is Risk, Governance & Compliance Specialist and a former Senior Executive of the world’s 10th largest Bank, Royal Bank of Canada. Richard has a 30-year track record of implementing AML, Compliance, Risk and Cultural programs to meet global regulations, optimising organisational structures, providing prudent advice and solutions to regulatory challenges. He has been instrumental in the development of risk, conduct & culture frameworks, reporting and governance structures to meet the increasing evidential obligations on financial institutions, including those relating to FAR, Whistleblowing, CPS 511 and CPS 230.

CCL Consultants Principal and and Australian Compliance Institute facilitator Bronwyn Gallacher talks about 10980NAT Graduate Certificate in Compliance & Risk Management - Weekly Delivery - Livestream Register Now: https://thegrcinstitute.org/Events/eventdetail/2183 Course Information This certificate has been designed exclusively for senior GRC professionals looking to further develop their skills for career progression to the most senior level. Throughout this principles-based course, participants will tackle scenario-based challenges and be encouraged to creatively apply the skills learned to relevant and topical issues. Those who successfully complete this course will have the skills to excel in leadership positions. If you have completed the 10964NAT CertIV in Compliance & Risk Management, you only require an additional 3 years experience before completing this Graduate Certificate. Mode of Delivery - This course will be delivered on a weekly basis. - 10 sessions in duration. There will be weekly tutorials each Monday night via live stream, from 6:30pm-8:30pm (latest finish 9:00pm). Register Now: https://thegrcinstitute.org/Events/eventdetail/2183 About the Facilitator Bronwyn Gallacher is a CCRP (Fellow) Founder, Managing Director and Principal Lawyer of CCL Consultants Pty Ltd (CCL). Bronwyn is also ALDI Stores Code Arbiter under the Australian Food and Grocery Code of Conduct, Competition and Consumer Act 2010.

Australian Compliance Institute CEO Naomi Burley talks about GRC 2023 Conference and the upcoming IFCA Congress. Podcast Notes 2023 IFCA Congress: https://thegrcinstitute.org/Events/eventdetail/2174 International Perspective on ESG: https://thegrcinstitute.org/Events/eventdetail/2173 CPS 230: https://www.apra.gov.au/sites/default/files/2023-07/Prudential%20Standard%20CPS%20230%20Operational%20Risk%20Management%20-%20clean.pdf FAR: https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r6988 Consultation Commences on AML/CTF Reforms: https://www.austrac.gov.au/consultation-commences-amlctf-reforms

Podcast Notes Australian Compliance Institute CEO Naomi Burley and Strategic Engagement Consultant Carole Ferguson address challenges related to non-disclosure agreements, conflicts of interest and reputational risk in the context of PWC and the Australian Tax Office. Further Resources Ziggy Switkowski AO to lead independent review of PwC Australia: https://www.pwc.com.au/media/2023/ziggy-switkowski-leads-pwc-independent-review.html ATO says millions in annual tax could have been lost due to PwC confidentiality breaches: https://www.abc.net.au/news/2023-02-16/australian-tax-office-million-scheme-pricewaterhousecoopers/101980548 Downfall and bankruptcy: https://www.britannica.com/event/Enron-scandal/Downfall-and-bankruptcy

Australian Compliance Institute CEO Naomi Burley talks about the GRC Conference: Step-Up. Register Now: https://thegrcinstitute.org/Events/eventdetail/2139

GRC Institute CEO Naomi Burley and Strategic Engagement Consultant Carole Ferguson discuss greenwashing and the implications of the Australian Securities and Investments Commission’s (ASIC) litigation against Mercer and Vanguard Investments. Mercer: First Court Proceeding in Greenwashing: https://asic.gov.au/about-asic/news-centre/find-a-media-release/2023-releases/23-043mr-asic-launches-first-court-proceedings-alleging-greenwashing/ Vanguard: ASIC commences Vanguard Investments: https://asic.gov.au/about-asic/news-centre/find-a-media-release/2023-releases/23-196mr-asic-commences-greenwashing-case-against-vanguard-investments-australia/ Info sheet 271: How to avoid greenwashing when offering or promoting sustainability-related products: https://asic.gov.au/regulatory-resources/financial-services/how-to-avoid-greenwashing-when-offering-or-promoting-sustainability-related-products/ Corporations Act 2001 Section 1013D: http://classic.austlii.edu.au/au/legis/cth/consol_act/ca2001172/s1013d.html Corporations ACT 2001 Section 1013DA: http://classic.austlii.edu.au/au/legis/cth/consol_act/ca2001172/s1013da.html Regulatory Guide 65 1013DA Disclosure Guidelines: https://asic.gov.au/regulatory-resources/find-a-document/regulatory-guides/rg-65-section-1013da-disclosure-guidelines/ Greenfluencers: https://www.forbes.com/sites/solitairetownsend/2022/12/09/greenfluencers-how-social-media-creators-are-becoming-sustainability-superheroes/

In this episode, GRC Institute ( soon to be the Australian Compliance Institute) CEO Naomi Burley discusses the reasons behind the upcoming name change, the new website, the Annual GRC Conference 2023 and the International Federation Compliance Associations (IFCA).