Compliance Policy
Classification number | LCG 1146 |
---|---|
Framework category | Legal, Compliance and Governance |
Approving authority | Board of Governors |
Policy owner | University Secretary and General Counsel |
Approval date | February 23, 2021 |
Review date | February 2024 |
Purpose
- The University is committed to complying with all applicable laws. The purpose of this Policy is to provide a compliance governance framework which allows the University to demonstrate such compliance. The Compliance governance framework will facilitate Compliance through the creation of clear roles and responsibilities and processes that supports the University, University Employees, and University Members to comply with Obligations.
Definitions
-
For the purposes of this Policy the following definitions apply:
“Compliance” means to ensure that the University is aware of and demonstrating adherence to its Obligations.
“Compliance Checklist” means a document that is completed on an annual basis to evaluate whether Obligations have been completed.
“Compliance Manual” means a comprehensive document compiling the Compliance Obligations of the University including Policies and Procedures (with reference to specific legislation, rules, and regulations) that address Compliance risks to which the University is exposed.
“Compliance Monitoring Plan” means a plan and timetable to monitor the institutional Compliance Checklist Process, Compliance risk assessments and CRMP’s.
“Compliance Register” means a comprehensive listing of key statutory and regulatory requirements of the University, along with an assigned Executive Compliance Lead.
“Compliance Risk Management Plan” (“CRMP”) means a document that should comprise of the following:
- The legal requirements that have to be complied with;
- The control measure that will ensure Compliance. This may include the development
- and implementation of a policy, procedure, or other control;
- The responsible person for implementing the control measure;
- The target date for implementing the control measure;
- The monitoring plan to ensure implementation of the control measure; and
- The frequency of monitoring.
“Executive Compliance Lead” means a member of SLT with delegated responsibility for addressing specific Compliance Obligations and certifying an annual Compliance Checklist in their areas of responsibility. The Provost and Vice-President, Academic along with the Executive Compliance Leads responsible for Finance, Human Resources, Research & Innovation, External Relations, Legal, and Governance may delegate part or all of his/her Compliance management duties to a University Employee who serves as a Functional Unit Lead, but s/he remains responsible for Compliance management of their respective area.
“Functional Unit Lead” means any faculty, department, administrative unit, research facility (e.g. ACE) or third-party contractor reporting to an Executive Compliance Lead.
“Obligation” means a requirement mandated under federal, provincial or municipal laws, regulations, University policy, procedure, directive or by-law.
“Risk Assessment” means a formalized, systematic ranking and prioritizing of identified risks, using a likelihood/consequence framework.
“Risk Review” means an annual risk identification and Risk Assessment process, conducted in accordance with the University’s Risk Management Policy and facilitated by the Risk Management Committee.
“Senior Leadership Team” (“SLT”) is comprised of the President, Provost and Vice-President, Academic, the heads of Finance, Human Resources, Research & Innovation, External Relations, Legal, and Governance. All of the members of SLT (with the exception of the President) are also known as Executive Compliance Leads.
“Supervisor” means a person who has charge or authority over the employment activities of a University Employee;
“University Member” means any individual who is:
- Employed by the University (“University Employee”);
- Registered as a student, in accordance with the academic regulations of the University;
- Holding an appointment with the University, including paid, unpaid and/or honorific appointments; and/or
- Otherwise subject to University policies by virtue of the requirements of a specific policy (e.g. Booking and Use of University Space) and/or the terms of an agreement or contract.
Scope and authority
-
This Policy applies to all University Members and extends to all activities of the University.
- The University Secretary and General Counsel, or successor thereof, is the Policy Owner and is responsible for overseeing the implementation, administration and interpretation of this Policy.
Policy
-
Ontario Tech University is committed to Compliance, integrity, ethical behaviour and good governance. The University is required to comply with numerous Obligations relating to its key activities and stakeholders, and to effectively integrate these Obligations into day-to-day operations. Compliance is fundamental to the University achieving its strategic, operational and business objectives. This policy establishes a framework to identify, manage, and define accountabilities and reporting on Obligations.
-
Responsibilities and Accountabilities
- University Secretary and General Counsel (“USGC”) is responsible to:
- Direct and oversee Compliance risk management through the development, implementation and monitoring of the University’s Compliance management framework.
- SLT is responsible to:
- Meet regularly and whenever required by the University Secretary and General Counsel, to discuss and give directions regarding Compliance risk management and strategies; and
- Decide whether any Compliance matters will be reported to the Board of Governors.
- Executive Compliance Lead is responsible to:
- Be aware of Obligations applicable to their area of responsibility;
- Ensure Compliance with applicable Obligations;
- Implement and monitor a Compliance risk management program that satisfies the specific Compliance Obligations for which they are accountable, including policy, procedures and training program(s);
- Annually certify the Compliance Checklist; and
- Ensure appropriate delegation of part or all of their Compliance risk management duties to Functional Unit Leads, while taking measures to ensure appropriate oversight by the Executive Compliance Lead.
- USGC Delegate is responsible to:
- Identify Compliance management requirements to the affected departments and following-up on the development and implementation of required policies, procedures and other controls;
- Report Compliance management deficiencies to SLT to ensure corrective actions are implemented;
- Compile and maintain the Compliance Manual;
- Compile and maintain the Compliance Register;
- Monitor legislative and regulatory changes and work with the Executive Compliance Lead to advise the affected departments of proposed changes to ensure adequate planning for upcoming changes;
- Perform independent Compliance monitoring (control effectiveness reviews);
- Evaluate Compliance breaches with a view to identify trends and/or areas of process improvement, recommendations and remedial actions, and;
- Support the Policy & Compliance Advisor in the review of Compliance policies and procedures.
- Policy & Compliance Advisor is responsible to:
- Coordinate legal reviews;
- Assist with the development of institutional policies;
- Consult with policy owners regarding Compliance risks and gaps;
- Conduct research and policy scans;
- Provide other recommendations; and
- To maintain the Policy Framework and Policy Library by ensuring all links to associated documents, such as procedures are functional.
All policies, procedures, guidelines and standards are posted on the Policy Library website administered by the Office of the University Secretary and General Counsel.
- Human Resources is responsible to:
- Establish a system to enable the ability to track the completion of Compliance training for those courses offered by Human Resources for University Employees; and
- In collaboration with applicable Supervisors, the Executive Compliance Lead responsible for Human Resources (or delegate) will follow up with any University Employees who have not completed Compliance training within the 6-month time frame required by the Ethical Conduct Policy.
- Supervisors are responsible to:
- Ensure that University Employees under their authority are aware of their Compliance Obligations relevant to their jobs; and
- Ensure that University Employees under their authority complete the requisite Compliance training within the six-month time frame required by the Ethical Conduct Policy.
- University Employees are responsible to:
- Comply with applicable laws, regulatory requirements and Compliance related policies and standard operating procedures at all times; and
- Report a Compliance breach or deficiency in Compliance management in accordance with section 11 of this policy and other related procedures without delay.
- University Secretary and General Counsel (“USGC”) is responsible to:
-
COMPLIANCE RISK MANAGEMENT
-
Compliance Manual
- The Compliance Manual is a document compiling the Compliance Obligations of the university and includes:
- Specific legislation, rules and regulations;
- Primary and secondary Obligations;
- Penalties;
- Limitation periods;
- Director/Officer liability; and
- Policies and procedures that address the Compliance risk
- The USGC Delegate has the responsibility for developing, implementing and monitoring the legislative landscape of the University;
- The Compliance Manual is supported by the Compliance Register and the Compliance Checklist.
- The Compliance Manual is a document compiling the Compliance Obligations of the university and includes:
-
Compliance Register
- The Compliance Register includes:
- A list of applicable legislation and regulations; and
- An assigned Executive Compliance Lead with primary responsibility for each set of Obligations.
- Executive Compliance Lead(s) have the responsibility for developing, implementing and monitoring a policy, program and training to satisfy each subset of Obligations assigned in the Compliance Register.
- The Compliance Register is supported by the Compliance Manual and the Compliance Checklist.
- The Compliance Register includes:
-
Compliance Checklist
- Executive Compliance Lead will work with the USGC Delegate to identify applicable laws and regulations that pose Compliance and reputational risk to the University. The Compliance Checklist will outline detailed Obligations of each functional area,
along with information related to risk mitigation efforts that have been implemented, including: policies, procedures and processes that address the Compliance risks associated with the identified Obligations. - Executive Compliance Lead will certify the results of the annual Compliance Checklist.
- The USGC Delegate will periodically review the Certified Compliance Checklist(s), to assess the sufficiency of the controls developed to address the Compliance risks of the University.
Additional Compliance management deficiencies may also be identified by:- Specific Compliance risk self assessments;
- Monitoring and/or analysis of incidents of Compliance process breakdown; and;
External audit findings.
- The Executive Compliance Leads with responsibility for Finance, and Human Resources are each responsible for Compliance management for their specific areas of oversight, with the assistance of external consultants and advisors. They will ensure that all compliance breaches and deficiencies are promptly reported to SLT to ensure that appropriate actions are undertaken to address the related compliance matter.
- Certified Compliance Checklists will be submitted to the USGC Delegate each year on a specified time table (“Compliance Monitoring Plan”). Results of the annual Compliance Checklists, will be reported to the Audit and Finance Committee of the Board as part of its Compliance oversight role.
- USGC Delegate will monitor legislative and regulatory changes over time and will update Compliance Checklists to comply with identified Obligations. Executive Compliance Leads and will also have the responsibility of monitoring applicable Compliance Obligations within their area of responsibility and communication of any relevant changes to the USGC Delegate.
- Executive Compliance Lead will work with the USGC Delegate to identify applicable laws and regulations that pose Compliance and reputational risk to the University. The Compliance Checklist will outline detailed Obligations of each functional area,
-
Risk Assessment
- The USGC Delegate will evaluate the impact of non-Compliance in consultation with General Counsel, and then will identify the level of risk associated with the noncompliant Obligations. All identified risks will be included in department risk registers, as part of the annual Risk Review
-
Compliance Risk Management Plan (“CRMP”)
- For each Compliance risk that has been identified as “High”; a Compliance risk management plan (“CRMP”) for each risk must be developed. Where the legal requirement generally affects a specific faculty, department, administrative unit, research facility (e.g. ACE) or third-party contractor, the Executive Compliance Lead of the affected area has the primary responsibility for developing the relevant CRMP. If the requirement affects more than one functional unit, then the General Counsel will decide which Executive Compliance Lead will be responsible for developing the CRMP in line with established procedures.
- For risks that are determined to be low and/or medium risk, the USGC Delegate will work with Executive Compliance Lead to monitor and address the gap or deficiency in Compliance Obligations.
-
Non-Compliance Reporting
- If any University Member identifies or has evidence of a violation of the Compliance Policy the University Member must make a Report to the General Counsel in accordance with the Safe Disclosure Policy and Procedure.
- No Reprisal: The University will not discharge, discipline, demote, suspend, threaten or in any manner discriminate against any University Member based on any good faith and lawful actions of such University Member to responsibly and carefully report Compliance issues using the channels provided by the University. Those who make disclosure are protected from reprisal.
-
Training & Education
- The Compliance Office will support the development and implementation of institutional Compliance training and education programs required in order to reinforce the importance of Compliance management. The type of training and education will be developed and conducted as appropriate.
Monitoring and review
- This Policy will be reviewed as necessary and at least every three years. The Audit and Finance Committee, or successor thereof, is responsible to monitor and review this Policy.
Relevant legislation
- All legislation applicable to university activities.
Related policies, procedures & documents
- All university policies applicable to Compliance Obligations