VCLM strategies for managing Australian regulatory change

In common with many other countries, Australia has regulations that cover various aspects of contracts and contracting. For any business, maximising its compliance with such regulations is a key activity for the people involved in Vendor and Contract Lifecycle Management (VCLM) activities.

Managing regulatory compliance involves a wide and varied range of tasks and processes, including:

• Determining exactly what regulations need to be complied with
• Understanding which parts of those regulations apply to the business
• Assessing what needs to be done to achieve compliance
• Setting things up to maximise the levels of compliance achievable.

Regulatory regimes are subject to change over time to keep them relevant and current in a turbulent operating environment.

It’s every business’s responsibility to establish and maintain awareness of its applicable regulatory compliance obligations and how they might change, and make any necessary adjustments to how it achieves compliance.

This article identifies some Australian regulations of interest, and discusses some strategies that can be useful in managing regulatory change related to contracts and contracting practices, as follows:

• Australian regulations related to contracts and contracting practices
• Strategy 1: Track common business characteristics
• Strategy 2: Develop contracting standards for dealing with regulatory change
• Strategy 3: Establish a regulations knowledge base
• Strategy 4: Update clause templates to reflect approaches to changed regulations
• Strategy 5: Map regulatory obligations to associated contracts
• Strategy 6: Analyse the impact of regulatory change on contracts
• Strategy 7: Collaborate with contract stakeholders about regulatory change
• Strategy 8: Establish dialogue with relevant regulators
• Strategy 9: Ensure adequacy of insurance coverage.

Australian Regulations Related to Contracts and Contracting Practices

In the recent past, Australia introduced its Modern Slavery Act. While it contains no direct obligation to do so, one element of complying with the act involves the preparation of contractual approaches for assessing and dealing with the occurrence of slavery in a business’s supply chain.

The outcomes and effectiveness of this approach would be reported to the regulators.

Looking to the future, several regulations that might potentially be amended over time, with various consequences for an applicable business’s contracts and contracting practices, could include:

• Competition and Consumer Law: clarifications are proposed on what constitutes an unfair term in a contract. This might indirectly affect obligations by setting stricter boundaries for acceptable terms. Potential changes could impact businesses' obligations to provide clear and fair terms in their contracts.
• Treasury Laws Amendment (Consumer Protection and Other Measures) Act 2022: While implemented in November 2023, this act is still new and its full impact on contracts is unfolding. Businesses still need to adjust their contracts to comply with its strictures on unfair terms, which might affect their obligations.
• Fair Work Act: There have been ongoing discussions about revising this act to further regulate casual employment and introduce additional employee protections. This could influence obligations within employment contracts.
• Privacy Act: Reforms to this act are on the table, potentially leading to stricter data privacy regulations and affecting data-related obligations in contracts.
• Consumer Data Right (CDR) Expansion: The CDR currently allows consumers to share their data with trusted third parties for financial products and services. This could be expanded to other sectors, such as energy and telecommunications, impacting data sharing obligations in relevant contracts. Businesses might need to update contractual terms regarding data sharing and customer consent.
• APRA CPS 230: APRA CPS 230 is a set of standards and guidelines issued by the Australian Prudential Regulation Authority (APRA) focused on operational risk management for financial institutions. It aims to ensure that these institutions have robust frameworks in place to identify, manage, and mitigate operational risks, including those related to information technology and cybersecurity.

Strategy 1: Track Common Business Characteristics

The applicability of a regulation or any of its requirements to your business can often depend on some of the business’s well-understood characteristics or aspects, such as:

• The industries and business sectors it and any subsidiaries operate in
• Its annual turnover
• How many employees it has
• The nature of products or services it uses or produces
• The types of activities it performs and where those activities take place
• How many customers it has and where they are based
• The nature of any sensitive data it may collect, handle, share or sell.

A study of potentially applicable regulations will reveal any such business characteristics that are relevant.

Details of all such characteristics should be documented in one readily accessible place as they are discovered, for later reference if the applicability of relevant regulations changes.

Regularly review the current settings of these business characteristics and update the documentation as necessary. Changes to any characteristics could make certain regulations or some of their compliance obligations now or no longer applicable.

Strategy 2: Develop Contracting Standards for Dealing with Regulatory Change

Establish standard contract clauses dealing with the occurrence of regulatory change that might occur during a contract’s operational life, that allow:

• Each party to the contract to audit and inspect the other’s level of compliance with regulatory requirements.
• Amendments to the contract over its term to deal with changes to applicable regulations or the introduction of new regulatory requirements, without requiring complete renegotiation of other clauses.
• Termination of the contract should any change or new regulations result in one or more parties being unable or unwilling to maintain regulatory compliance.

Every contract between a business and a vendor that is new or being renewed should include such clauses. At least all important contracts that don’t yet contain such clauses should be targeted for discussion with the other parties to agree on amendments to include the clauses.

Strategy 3: Establish a Regulations Knowledge Base

Create and maintain in-house, or obtain from a third-party provider, a regulations knowledge base that:

• Identifies which regulations from applicable legal jurisdictions the business must or might need to comply with, and reveals the business characteristics determining the applicability of those regulations.
• Provides access to the text of such regulations in the business’s preferred operating language.
• Exposes which requirements within each regulation the business must or might need to comply with, plus the triggers determining the need for any such compliance.
• Describes how each applicable compliance obligation will be dealt with operationally.
• Specifies how and how often the level of compliance must be measured and reported.

Strategy 4: Update Clause Templates to Reflect Approaches to Changed Regulations

Where a clause template library is being used, update any relevant templates to reflect changes needed for regulatory compliance in applicable legal jurisdictions, through consultation with:

• Any internal Legal team and/or external legal advisers
• Any internal Compliance team and/or external compliance advisers
• Key contract stakeholders.

Where clause templates are not being used, consider doing so.

Strategy 5: Map Regulatory Obligations to Associated Contracts

Map every contract to the regulatory obligations that apply to it. This enhances the visibility of:

• All obligations that apply to each active contract, providing insight into the regulatory compliance load associated with each contract and the potential risk from any non-compliance
• All contracts which need to comply with each obligation, highlighting the span of work needed to address any changes relating to the applicability or nature of any particular obligation.

Strategy 6: Analyse Impact of Regulatory Change on Contracts

Conduct a thorough assessment of the implications of compliance with new and changed regulations in terms of:

• The impact on standards established for contract terms, particularly where different regulations that apply at the same time can conflict
• The effects on standard contracting processes, where variability within a process might have to be accommodated
• The risks and costs associated with achieving compliance
• The actual and potential consequences of non-compliance
• The relevance of current business policy regarding contracts and contracting.

Ensure that all implications arising from regulatory changes related to contracts and contracting practices are discovered and documented, assessed for likelihood of occurrence and probable impact, and steps for their mitigation designed and documented.

Strategy 7: Collaborate with Contract Stakeholders about Regulatory Change

Encourage collaboration with key contract stakeholders, including the other parties to the affected contracts, to:

• Promote awareness across contract users about the implications of any regulatory changes for their contracts of interest
• Obtain feedback about any amendments proposed for their contracts of interest to deal with regulatory change and the effectiveness of those amendments when operational.

Strategy 8: Establish Dialogue with Relevant Regulators

Engage in dialogue with relevant regulatory bodies as necessary to help clarify compliance requirements in updated regulations and obtain guidance on meeting those requirements.

Sign up to receive any advisory notices issued about changes to regulations of interest or the introduction of potentially applicable new regulations, including prospective enactment dates.

Strategy 9: Ensure Adequacy of Insurance Coverage

Ensure appropriate visibility of insurance related to contracts is available to the necessary people. Review existing insurance policies to ensure:

• Coverage is adequate to mitigate any financial risk associated with non-compliance with changed regulations
• Existing policies adequately address potential liabilities.

Wrap-Up

Australian businesses must stay informed about ongoing reviews of regulations that impact them, and any potential future amendments that could impact their contractual obligations or contracting practices.

Even when such regulations do not apply to the business right now, it’s worth giving some thought to how to implement some of the strategies mentioned above. You never know when a regulation that doesn’t currently apply to the business might start getting some attention from the regulators.

Insights about what might happen in the regulatory space in Australia can be gleaned by watching what’s happening in other major legal jurisdictions.

If you would like more information about how Gatekeeper can help deal with change in regulations related to contracts and contracting practices, contact us today.