Trojan CorporateTrojan Corporate

By Narelle Davidson

Staying on top of regulatory change?

I spend a lot of time talking to managers about compliance.  A common pain is understanding legislative obligations, staying on top of and managing regulatory change.  In an industry that has a broad range of legislative obligations, this is no surprise.  Understanding compliance obligations can be a big task to get started on.  Once a start has been made it is easy to get bogged down with the complexities.  While many people have an idea of what is required to meet legislative obligations, sometimes the devil is in the detail.  The detail can be what brings everything to a grinding halt. It is important to establish risk appetite.  What is the amount and type of risk the business is prepared to accept to achieve its objectives?

A compliance risk register is a “must have” for any business

Do you have a compliance risk register?

We need to understand our legislative obligations in order to manage regulatory change.  Developing a compliance risk register is a start.  The risk register should map out the compliance obligations and document how these are being managed.  It should identify gaps and where there is potential exposure to the business.  The register will need to include any controls that are in place to manage the compliance risk.  Where a control does not exist it will need to be developed and of course implemented.  The register needs to be monitored and reviewed.

10 tips to stay on top of regulatory change

These are my top 10 tips to manage legislative obligations and stay on top of regulatory change:

  1. Create a compliance risk register.
  2. Identify current compliance risks for your business.
  3. Include current controls that are in place to manage the risk. Controls can be things like documented policy, training, review and reporting procedures.
  4. Rate the risk.
  5. Identify any gaps and any new controls that may need to be implemented. What new policies and procedures may need to be developed? Training may need to be reviewed.  What incidents have occurred in the past that may help manage the obligation now? What changes are required?
  6. Communicate changes and how the change will be implemented.
  7. What reporting (internal and to the regulator) is linked to the legislative obligations?
  8. Consider how compliance will be demonstrated.
  9. Consider how a compliance breach will be handled.
  10. Monitor changes to legislation and make updates to the register.

Once a regulatory change is known you must consider what is required to be done.  A lot of effort can be put into working out how to get around regulatory change when the effort is best put into working out what needs to be done.

How do you manage legislative obligations and regulatory change?

By Narelle Davidson

What is your compliance risk appetite?

How much risk is your venue prepared to adopt?  This is a great question to ask when assessing risk appetite.

It is important to take the time and understand your greatest risks and there is no time like now.  The Allianz Risk Barometer Report 2017 includes some interesting content on business risk. Page 18 of the Risk Barometer Report 2017 lists the top 10 most important business risks in the Asia-Pacific region as:

  1. Business interruption and supply chain 56%
  2. Market developments 55%
  3. Natural catastrophes 36%
  4. Macroeconomic developments 35%
  5. Cyber incident 32%
  6. Loss of reputation or brand value 26%
  7. Changes in legislation and regulation 25%
  8. Fire, explosion 20%
  9. Talent shortage, ageing workforce 14%
  10. Political risks 12%

Interesting that legislation change or regulation continues to remain in the top 10 risks; globally it sits at number 5 – 25%.  Let’s have a look what is happening locally.

WHS Risk

Fire and explosion risks rate highly, both globally and nationally, it is also a business interruption risk that has the potential for high-cost (life and financial).  There were 26 matters referred to Queensland Fire & Emergency Service as outcomes of investigation and inspections conducted on licensed premises in 2015-16.  The penalties associated with non-compliance and category 1, 2 and 3 WHS offences are considerable.

How long is it since you visited your Fire & Emergency Management Plan? 

Have you considered other emergencies like violent and aggressive patrons, or an “active shooter”,  floods and severe weather?

Liquor & Gaming risk

The recently released OLGR Annual Statistical Report 2015-2016 shows us that there was an increase in compliance inspections over three years across the state of Queensland by 20%, along with an increase of compliance investigations by 45%.   From a total of 13376 inspections and investigations conducted, 5239 of these resulted in no breach detected (approximately 39%).

Risk is also about opportunity.  Welcome news for some that the proposed 1 am lock-outs (from 1 July 2017) in venues located in Safe Night Precincts will no longer proceed.

Food Safety risk

The Gold Coast City Council has launched a “star rating” program, similar to that as implemented by the Brisbane City Council.  The program will see food businesses on the GC issued with “star ratings”.  Star ratings are issued based on an assessment of the food safety management practices in place.  The rating system is set to be in place by November 2017.

How many stars would your food premise score?

Food allergies are becoming increasingly common.  Food businesses are encouraged to have procedures or management plans in place to deal with food allergy intolerance (FAI).

Does your food safety program include FAI procedures?

AML/CTF risk

AUSTRAC have recently created a series of fact sheets aimed to dispel some myths about money laundering.  Those fact sheets may have been emailed to the AML/CTF Compliance Officer. Have them check their email box and take a look at this recent case study involving gambling services.  Consider using them as training tools with the team.

The 2016 AUSTRAC reporting period ended on 31 December 2016 and the annual compliance report is due to be lodged by 31 March 2017.

Have you lodged your 2016 annual compliance report?

What’s next?

All of the above have potential to cause reputational loss and impact on brand value.

Governance, risk and compliance are serious stuff.  This is a good reminder to consider governance, compliance and risk along with the systems that are in place to manage them. Compliance doesn’t need to be hard work; however, it does require a consistent and realistic approach.

Does your venue have a compliance and risk policy?  Are compliance and risk being managed by informed decision making?

Compliance is a function aimed to help business, not hinder. Having a compliance manager who understands the big picture is a great start.  Implementing a compliance and risk management system can add value to your business and help you manage compliance and risk appetite.

How hungry are you?

By Narelle Davidson

Are you using technology to manage compliance?

Mistake #6 Technology is not being used to manage the compliance system

Can we use technology to manage compliance?

Technology is now accessible to almost anyone, anywhere at any time.   If technology is not being used at your club to manage and drive the compliance systems, then the system is likely clunky and cumbersome.  The system will operate until it, or someone within it fails.

Is your compliance management system becoming a massive case of paper warfare? Have manuals become doorstops and dust collectors? Are you spending precious time chasing people up to sign off on policy?

Aging platforms with compliance functionality may not provide for flexible solutions and can require investment in time to set up and manage.  The system should be sleek, simple and fun to use and above all provide a solution; for this it will need to be flexible in design and future development.

We should not become slaves to technology.  Rather it should allow us the freedom and flexibility to become slaves to our customers.

Solution: consider using technology

Take a look at contemporary compliance management systems with platforms that are “modular, easy to change, agile, flexible, user friendly, very simple to use and manage and suitable for multiple devices that can be used anytime, anywhere”. Bill Owens.

If you want to find out more about cloud solutions check this out.


By Narelle Davidson

The value of compliance reports at your fingertips

#5  Does your compliance management system provide current reports at your fingertips?

Does the system:

  • Allow reports to be produced by gathering the information it has collected?
  • Report on compliance issues met or at risk?
  • Provide reports that demonstrate the effectiveness of the compliance program?.
  • Report on survey results, self-assessment checklists, incident reports or the status of corrective actions?
    The business and regulatory landscape is becoming more complex, and management and boards are pressuring CCOs to deliver better information to help them identify and manage a growing list of organizational risks. Many CCOs are understandably challenged to meet the new demands placed on them. pg. 2. State of Compliance 2014 Survey.  What it means to be a “chief” compliance officer: Today’s challenges, tomorrow’s opportunities

Relevant reporting will provide factual evidence for managers, Boards and regulators.

Look at what reports are available from the compliance management system and question; do these provide meaningful, accurate and timely data on the status of compliance in the business? Could these be improved? If the answer is yes, then will the system allow for this to occur?

The system needs to be carefully considered, it will need to be relevant to the business needs and capable of guiding the compliance program towards, the Clubs values, business strategy and objectives. It will need to be relevant to the Clubs identified risks and promote continual improvement.

Solution – reports that are relevant:

The solution is to get more from your system without it costing you more and taking more time than it should. Systems, be it manual or automated can range from simple to complex; whatever the system keep it relevant. It should be able to support the business without complicating it. Select a system for the business that reports what it finds and finds that which is relevant to the business.

Create relevant reporting:

Evolving compliance reporting can help drive relevance with the board, senior leaders and business partners.  pg. 22. State of Compliance 2014 Survey.  What it means to be a “chief” compliance officer: Today’s challenges, tomorrow’s opportunities

By Narelle Davidson

How to demonstrate compliance

Mistake #3 – The compliance management system doesn’t demonstrate compliance

How to demonstrate compliance response ability?

The compliance management system must allow the business to respond to what needs to be done.  An unresponsive system, leaves room for error and important items to be overlooked.

There is a risk of compliance obligations slipping through the cracks and falling to the bottom of the pile. Paper based models are antiquated and ineffective.  Paperwork bogs business down making for an ineffective system.

The compliance management system should allow the business to respond to events and tasks due.  Compliance should be demonstrated by corrective actions taken within reasonably efficient time frames.   Does your compliance management system demonstrate compliance? Does it:

  • Send automated alerts and workflows?
  • Provide task status updates?
  • Send reminders for incomplete tasks?

Compliance management systems collect information.  This information should be easily extracted into reports for the team, management, or Board.

Being able to respond to a question of status regarding an incident, policy review or even a customer complaint will demonstrate compliance.  A responsive system provides:

  • Informed decision making.
  • Improved performance management of team members.
  • An assessment of business strategy.


To alleviate compliance burden, consider how technology is being used within other areas of the business. Can it be extended to the compliance management system? The answer is yes!! Talk to the IT department and get some tech savvy advice on what options are available and will best fit with existing systems.  Simplifying compliance will allow for greater time to be spent profitably.

By Narelle Davidson

Seven mistakes club managers make with their compliance management systems

Mistake #2 – The compliance management system doesn’t protect the club

As a club manager you need a compliance management system that  offers protection for both yourself and the club.

You want your team to focus on member and guest satisfaction; not being reactive to out of hand compliance issues.  Imagine the value of compliance documentation, records and reports in one central location.   Even more value in being able to check the status of compliance tasks and know that the compliance management system is protecting the club.

The compliance management system should protect the business.  It should demonstrate an audit trail. It should be a repository of records and include a schedule of calendar events that serve as timely reminders of tasks due, done, or delegated.

Does the existing system at your club allow compliance tasks to be ignored, or to remain incomplete? Are there compliance tasks that are outstanding, or outdated policies and procedures that need reviewing, incidents that are unresolved? If the system doesn’t record the status of the task or corrective actions; can you demonstrate and evidence it?

The compliance management system must be active and functional. Every member of the team should know what is required of them by the management system and understand the consequences of non-action.


Calendar and email reminders should trigger an action to get things done. This might include; delegating certain tasks, attending a workshop or training session, submitting a report to a regulator.   Meeting compliance.

Implement a system that allows for tasks to:

  1. Be done.
  2. Be delegated.
  3. Be deferred (but not forgotten).
  4. Followed up and reported on.

By Narelle Davidson

Seven mistakes club managers make with their compliance management systems

Mistake #1 – The compliance management system doesn’t prepare the business to meet compliance obligations

A good compliance management system should prepare the business to meet its compliance obligations. The compliance management system should provide an accessible knowledge base for team members and customised information that will help them to perform their role and attain the necessary standards to ensure compliance.

In order to manage strategic and regulatory compliance obligations as efficiently as possible, a centralised system is best.


Implementing a centralised, organised repository for policies, procedures and practices including training, incidents, reports, review and continual improvement will ensure that every team member has access, to important compliance information they need to get them prepared.

By Narelle Davidson

Compliance training – box ticking or behaviour change?

Should compliance training be a box ticking exercise, or can it support a healthy compliance culture, by engaging employees and changing behaviour?

Compliance training is primarily to educate employees on the regulatory requirements of their job.  Compliance training also includes training in venue policy and procedure. Much compliance training is aimed to tick a box and prove to the regulator that the training has been provided and completed.

There is no denying compliance training is a difficult sell to employers and employees. The costs can be expensive, content is often dry, specific and low on creativity.

Should compliance training be both – box ticking and behaviour changing?

Yes, compliance training needs to tick the box, but it can achieve so much more when it is aligned to strategic business objectives.  This is difficult when training (like Responsible Service of Alcohol and Responsible Service of Gaming) is mandatory and must be delivered by an approved registered training organisation or trainer; however, choosing a training company that aligns to your business values is one way to encourage behaviour change.

Training such as; privacy, anti-bullying, harassment and discrimination, AML/CTF, and tobacco is another opportunity to promote your venues policy, values, attitudes and beliefs and work towards behaviour change.

The training program of the compliance framework is an important element to creating a healthy compliance culture and encouraging behaviour change. Take the time to consider these points:

  1. Training must add value. Keep the participants engaged. It is important to create current content that is relevant to the learner. People don’t want to sit through a training session and not learn anything. It is important to back up training with in-house or refresher courses or procedure training. Understand who the participants are and ensure that the language and content meets their needs. Use case studies, scenarios and practical exercises that reinforce the learning.
  2. Consider the frequency of delivery – too much is overload, too little is risky.  Allocate a budget, resources and time.   Take the opportunity to plan the program rather than provide ad hoc training that adds little to no value.
  3. If using external providers choose one who has a solid reputation for delivering compliance training that is fun, engaging, current, professional, practical and informed. Well researched content combined with solid practical experience can differentiate boring compliance training and trainers. Same said for internally delivered training.
  4. Consider how technology can make compliance training easier. Visuals are great. Technology can be utilised for delivery, training registers, reminders and, or record keeping.
  5. Above all the training program must be endorsed from the top down. Team leaders must not only participate in compliance training but understand it.       Training must be reinforced away from the training room and for this to be achieved management must understand how to implement and integrate what they have learnt into the business. Managers must lead by example and be capable to influence behaviour change.

“Education is not the learning of facts, but the training of the mind to think.”  Albert Einstein.

If you have got a little bit of time and want to read more, this article discusses compliance training in more detail

By Narelle Davidson

The value of monitoring and measuring compliance

Having all compliance boxes ticked is one thing.  Knowing that it can be demonstrated and is adding value is another.


Monitoring and measuring compliance is critical to understanding areas for exposure and weakness.  The importance of making regular assessments on the organisations commitment to compliance is invaluable.

While it is important to assess compliance with regulatory obligations, it is equally important to check that the team is on track with the strategic values that have been determined and set down from the top.

Monitoring and measuring compliance is simply self-examination. Self-examination allows us to take a “bird’s eye view” of how we look and put some perspective on what is required to put the wheels back on track, or give ourselves a reward for getting it right.

The monitoring and measuring component of the compliance program will provide a clear picture of where the Club may be exposed.  More importantly it allows for the issue to be addressed before a compliance failure occurs.  It will bring to the forefront, where improvement may be required.

It’s important to remember that once the monitoring and measuring has occurred, the relevant team members are provided a report that details the findings of the review. The report becomes a valuable tool to prioritise, allocate resources and create a plan to address the non-conformities. Compliance is not about one person, it’s about the collective group working to meet the objectives and strategies of the Club. So it makes sense that the monitoring and measuring program should be aiming to prepare the Club for the future.

Compliance shouldn’t be a box ticking exercise. The value of monitoring and measuring compliance is the reassurance that “yes we got it right” or the wake up call to say “we need to apply some focus here”.

By Narelle Davidson

Raising compliance from the bottom of the pile

It is generally quite obvious when a venue has a good grasp on their compliance obligations from the moment you park in the carpark, walk in the front door and are greeted by the team. Strong values create strong standards.  One of the most memorable experiences I have is walking into a venue and smelling rancid deep fryer fat, pushing past empty kegs to make my way to the office area in which chaos can only explain first impressions. My gut told me if it smelt and looked bad it was probably going to be bad. Needless to say compliance was definitely on the bottom of the pile.

In over 9, or so years of reviewing compliance for hospitality venues, I’ve seen instances of complete disregard for company policy and procedure, I’ve listened to many raise cause for the circumvention of compliance and wondered what would happen if the same energy was spent in putting to a plan for complying.  I have also been witness to watching compliance rise from the bottom of to do piles and sit comfortably within club culture. How is it done?

Here are my top 10 suggestions to get you back on track to creating compliance value, attitude, belief and custom.

  1. Set the tone from the top. Communicate the mission, values, and vision for your club.
  2. Dedicate resources – time, financial, people. Assign responsibility – it’s a team effort.
  3. Screen employees. Don’t let one bad egg spoil the basket.
  4. Accountability is great, but make sure it’s achievable. Don’t ask people to do things that can’t be achieved. Break it down into digestible and realistic chunks.
  5. Take time to understand compliance obligations and risks. Undertake a risk assessment or independent review. A fresh set of eyes will identify things that have become invisible on a day to day basis.
  6. Follow up – set reminders for important dates and time frames.
  7. Engage the team to see compliance as an asset not an interruption. Encourage team members to speak up when something is not as it should be. Bottom up approach is critical.
  8. Train team members in company policy and procedure. Try to think of ways that this can be done that are a little out of the box.
  9. Test compliance. Reward the team for compliance met.
  10. Report to the board on the status of compliance within the business.

Achieving compliance culture is not only possible, it is essential to adding business value.

1 2
Staying on top of regulatory change?
What is your compliance risk appetite?