What’s the role of Management and Employees in managing compliance?

The gold standard for the success of a compliance management system is a clear allocation of responsibilities within the business. Having management and staff understand their responsibilities across the organisation will mean they better understand the organisation’s policies and operational procedures.


In large companies (such as the banks), the “Three Lines of Defence” model is used but this model can also be implemented in SMEs. The Three Lines are:


1. Business

Business includes senior management, employees and contractors and they are responsible for “complying”. That is, they need to “do” and “own” compliance as part of their embedded business strategy, structure and operations.


2. Compliance Team

This is often the designated Compliance Manager, but it could be the person in charge of operations in a smaller business. This person is responsible for the compliance program and can be anyone who has subject matter expertise who can ensure compliance is done properly.


3. Audit

This is the internal and external audit function or anyone who is an independent expert who checks on the effectiveness of controls in place to address compliance risks.

In our experience, SMEs will often find the concept of the business owning compliance a foreign concept.


Most staff and management expect the designated compliance manager to “own” compliance but by making it clear that the business owns it then they will take responsibility. That is, they will take responsibility for develop the policy, procedures, controls, conduct training and have oversight.


The compliance officer or manager would work with the business as a subject matter expert in the process, actively engaging in the design, development and problem solving, as well as alerting management to the standards that are required to be met (legislative and regulatory requirements should be subject to review and sign-off of legal officers and/or the compliance team).


The compliance team will also monitor implementation to ensure the risk have been addressed, and will work with the business to implement changes to the program as required. The audit team will review the effectiveness of the controls at regular intervals.


If you would like to implement an effective compliance management system, then ACY Advisory can help!

Contact info

We are open for new projects!

Online Enquiry

Any questions or business offers? We are looking forward to hear from you!

Call us

International: +61 2 9188 2999

Taiwan: 02 5594 4927

Australia: 1300 729 171

China : 950 4059 5638



Level 18, 799 Pacific Hwy
Chatswood NSW 2067

Business hours

  • Monday 9am-5pm
  • Tuesday 9am-5pm
  • Wednesday 9am-5pm
  • Thursday 9am-5pm
  • Friday 9am-5pm
  • Saturday Closed
  • Sunday Closed
ACY Advisory


ACY Advisory acknowledges and respects the Traditional Custodians of country throughout Australia. We respect their knowledge and recognise their continued connections to land, sea and community. We pay our respect to their Elders past, present and emerging.