Policy

(Board Approved)

Legal and Regulatory Compliance Policy

Document Number – GOV-POL-20

1.0 Policy Statement

Stanwell is committed to and conducts its business activities lawfully and in a manner that
is consistent with its compliance obligations.

The Legal and Regulatory Compliance Policy (Compliance Policy) establishes the
overarching principles and commitment to action for Stanwell with respect to achieving
compliance by:

• identifying a clear compliance framework within which Stanwell operates;

• promoting a consistent, rigorous and comprehensive approach to compliance
throughout Stanwell;
• developing and maintaining practices that facilitate and monitor compliance within
Stanwell;
• seeking to ensure standards of good corporate governance, ethics and community
expectations; and
• engendering a culture of compliance where every person within Stanwell accepts
personal responsibility for compliance and acts ethically and with integrity.

2.0 Scope
This policy applies to Stanwell’s directors and employees, and to all contractors working
for or at Stanwell (our people).

Stanwell’s legal and regulatory compliance obligations include:

• Legal obligations, including:

o legislative;
o contractual;
o permits, licences and other forms of authorisation;
o common law;
o equitable obligations; and
o relevant industry codes and compulsory standards;

• External obligations, including:

o regulatory policies and codes; and
o shareholding Minister and other Queensland or Commonwealth government
requirements; and

• Stanwell policies, procedures and guidelines.

WRITTEN BY: .................................. ENDORSED/CHECKED BY: .............................. APPROVED BY: .................................... DATE: ........
NAME: Maria Maraj NAME: ELT NAME: Board
Doc No: GOV-POL-20 Revision No: 3 Revision Date: 18.12.2012 Page: 1 of 8
THIS DOCUMENT IS UNCONTROLLED IN HARD COPY FORMAT
 Detailed operational procedures support Stanwell’s legal and regulatory compliance
obligations.

3.0 Policy Overview

This Compliance Policy is aligned with Stanwell’s strategic objectives as articulated within
Stanwell’s Strategic Plan, Statement of Corporate Intent and Corporate Plan and Code of
Conduct.

Stanwell’s Compliance Policy is based on the best practice standards and principles
outlined within Australian Standard 3806-2006: Compliance programs.

Stanwell recognises that there are four elements for an effective compliance program:
• Commitment – Stanwell’s commitment to, and the establishment of, a compliance
program;
• Implementation – Stanwell’s implementation of a compliance program, including
ongoing education and maintenance;
• Monitoring and Measuring – reporting and supervision of the compliance program;
and
• Continual Improvement – regular review and continual improvement of the
compliance program.

These elements are supported by twelve compliance principles. To comply with these
principles, Stanwell:
• encourages and supports an effective Board and Senior Management organisational
structure which endorses an ethical and positive compliance culture within Stanwell;
• maintains an appropriate compliance program which identifies, manages, reports,
reviews, monitors and measures compliance obligations and compliance
performance;
• ensures clear accountability for and ownership of the compliance program, obligations
and any compliance issues within Stanwell;
• regularly reports to the CEO, Board and the Audit and Risk Management Committee
(ARMC) (as required);
• reviews its procedures to ensure compliance obligations are integrated in day-to-day
operations of Stanwell;
• provides necessary resources to enable our people to understand their own personal
accountability in respect of compliance and to be able to effectively carry out their
responsibilities;
• conducts appropriate pre-employment screening of potential employees and
contractors;
• takes very seriously any failure by an individual to comply with Stanwell’s compliance
obligations. A number of consequences may flow from an individuals actions,
including, in serious matters, termination of employment or contract;
• incorporates compliance management into business plans and risk management
processes;

Doc No: GOV-POL-20 Rev: 3 Rev Date: 18.12.2012 Page 2 of 8

THIS DOCUMENT IS UNCONTROLLED IN HARD COPY FORMAT
 • provides education and training as part of the implementation of the compliance
program, detailing individual responsibilities, reporting and communication methods;
and
• regularly reviews and implements improvements to the compliance program.

4.0 Compliance Program

The Stanwell compliance program includes:
• a consistent and effective process for identification, assessment, management,
reporting, review and monitoring of compliance obligations and issues;
• a centralised register of compliance obligations actively managed by the Executive
General Managers;
• a calendar of Stanwell’s external corporate lodgements;
• periodic compliance certifications;
• a mechanism to aid with identification, documentation, investigation, actioning and
reporting on compliance issues;
• where appropriate, integration with the Corporate Risk Evaluation matrix;
• a Corporate wide training program, including induction training; and
• cyclical reviews of content and the program to continuously identify improvement
opportunities.

Compliance Reporting

The compliance program enables regular efficient and effective reporting to Executive
Management, the ARMC and the Board regarding Stanwell’s compliance obligations.

The reporting includes information on compliance with Stanwell’s obligations, compliance

issues, compliance breaches and near-misses. Reports on compliance breaches outline
the breach and the corrective actions planned or undertaken to ensure that the possibility
of re-occurring or systemic breaches are reduced.

Full details of all Stanwell compliance issues (including breaches) are retained in a
central register managed by Corporate Compliance.

Where reasonable and appropriate, this reporting may be electronically enabled to

promote efficiency.

Compliance Education and Training

The compliance program promotes awareness of compliance through facilitation of

training and education of our people regarding Stanwell’s compliance program and
compliance obligations. Where appropriate, training may be tailored by or for individual
business units and individuals.

Where reasonable and appropriate, this training may be electronically enabled to promote
efficiency.

Continuous Improvement

Doc No: GOV-POL-20 Rev: 3 Rev Date: 18.12.2012 Page 3 of 8

THIS DOCUMENT IS UNCONTROLLED IN HARD COPY FORMAT
 Stanwell’s compliance program and compliance performance is regularly monitored,
measured and reported.

Stanwell’s compliance program is periodically reviewed by the General Manager -

Corporate Services, in consultation with the members of the Executive Leadership Team
(ELT) to ensure that the program remains efficient and effective and is appropriate to
Stanwell’s need. Managers may make recommendations for improvement. The results
of these reviews will be reported to the ARMC (if appropriate). This will provide the
Board with a level of comfort that the Legal Compliance Framework is effective and will
highlight areas within the process that can be improved.

These reviews shall be carried out in addition to internal audits.

As part of continuous improvement, this policy may be amended by Management for

approval by the Board.

5.0 Responsibilities and Authorities

In accordance with Stanwell’s Code of Conduct, it is the responsibility of all Stanwell
Directors and employees and all contractors working for or at Stanwell sites to comply
with the law, Stanwell’s contractual commitments and Stanwell’s policies and procedures.

The Board

The Stanwell Board retains the ultimate responsibility for legal and regulatory compliance
and is charged with overseeing, reviewing and ensuring the effectiveness of Stanwell’s
compliance systems.

The Board is responsible for determining the appropriate level of compliance that the
Board is willing to accept in the conduct of Stanwell’s business activities.

The Board is accountable to its shareholding Ministers for Stanwell’s compliance with its
obligations. The Board is advised regularly on compliance related issues including any
compliance breaches.

The Audit and Risk Management Committee

The Board has established the ARMC to, amongst other things:

• Review and oversee systems of risk management, internal control and legal
compliance;

• Review the effectiveness of Stanwell’s Legal Compliance System for identifying,

monitoring and managing compliance with relevant laws, regulations and associated
government policies;

• Review and if necessary make recommendations to the Board on breaches of key

compliance requirements; and

• Review and if necessary make recommendations to the Board on the outcomes of

investigations into ‘Reportable Conduct’ and Stanwell’s compliance with its regulatory
obligations in respect of these.

Doc No: GOV-POL-20 Rev: 3 Rev Date: 18.12.2012 Page 4 of 8

THIS DOCUMENT IS UNCONTROLLED IN HARD COPY FORMAT
 The ARMC operates and reports within the terms of the ARMC Charter endorsed by the
Board.

The Chief Executive Officer

The Chief Executive Officer (CEO) is accountable to the Board for ensuring
implementation and management of Stanwell’s compliance program. Specifically, this
includes ensuring a compliance culture is promoted within Stanwell and our people
adhere to this Compliance Policy.

Chief Financial Officer

The Chief Financial Officer (CFO) is responsible for the oversight of Stanwell’s
compliance system implementation and operation.

The CFO is accountable to the CEO for overseeing the compliance program to ensure:
• the ongoing effectiveness, integrity and relevance of the compliance program to
Stanwell’s operations;
• the compliance program accords with the requirements of Stanwell’s Board; and
• to the extent relevant, the compliance program complies with principles of good
corporate governance and achieves applicable standards.
It is the responsibility of the CFO (with the support of Legal, Internal Audit and Corporate
Compliance) to ensure that non-compliance issues are adequately investigated and all
issues are reported to appropriate parties in a timely manner.

General Manager - Corporate Services

The General Manager - Corporate Services is accountable to the CFO for the
implementation, review and management of Stanwell’s compliance program, including
associated reporting to the Executive Leadership Team and the Board.

The General Manager - Corporate Services is also accountable for:

• ensuring that awareness of compliance is promoted within Stanwell;
• ensuring that Stanwell has appropriate systems to identify, record and communicate
its compliance obligations;
• ensuring that compliance obligations contained within the Stanwell Compliance
Obligations Register are accurate and current;
• the active management of those compliance obligations agreed by the Board,
including ensuring that appropriate controls are implemented;
• delivering (with the assistance of the Compliance and Regulatory Specialist) training
and presentations to our people in relation to compliance issues; and
• providing effective advice to our people on compliance matters, including how to best
comply with Stanwell’s compliance systems.

For the avoidance of doubt, it is not the responsibility of the General Manager - Corporate
Services to ensure compliance by Directors, employees, individual business units or
contractors.

Doc No: GOV-POL-20 Rev: 3 Rev Date: 18.12.2012 Page 5 of 8

THIS DOCUMENT IS UNCONTROLLED IN HARD COPY FORMAT
 Executive General Managers

Each Executive General Manager (or other person(s) as identified by the CEO from time
to time) is accountable to the CEO for compliance obligations (both within their business
units and across the Corporation) for which they are responsible. This includes:
• active management of those compliance obligations for which they are responsible;
• on-going identification, assessment, management, reporting, review and monitoring of
compliance issues;
• ensuring adherence to this Compliance Policy; and
• periodic certification to the ARMC regarding compliance.

Managers and Supervisors

Managers and Supervisors are responsible for ensuring effective implementation and
maintenance of this Compliance Policy and that all our people adhere to the associated
systems and guidelines.

Managers are responsible for the regular reporting of the status of controls, compliance
breaches and their improvement to Executive Management.

Group Manager Internal Audit

The role of the Group Manager Internal Audit is to review the adopted compliance
programs against set criteria to confirm the effectiveness of the compliance controls and
systems and to identify any need for improvement or change in the controls or systems.

Our people

Our people have a responsibility to ensure that their activities on behalf of Stanwell
comply with all applicable legal and external obligations and Stanwell procedures.

Our people are required to:

• familiarise themselves with Stanwell’s Compliance Policy and other policies
concerning compliance with specific areas of legislation that affect their workplace
activities;
• ensure that they adhere to relevant legislation and their compliance obligations;
• incorporate compliance management practices into their business units;
• perform their duties in an ethical, lawful and safe manner;
• report and escalate all compliance concerns, issues and breaches as required by the
compliance program; and
• undertake training in accordance with the compliance program; and
• implement the practices learned in training provided by Stanwell.

6.0 Review and Consultation (Prior to Approval)

Doc No: GOV-POL-20 Rev: 3 Rev Date: 18.12.2012 Page 6 of 8

THIS DOCUMENT IS UNCONTROLLED IN HARD COPY FORMAT
 This document is required to be reviewed by the General Manager – Corporate Services,
with the assistance of the Compliance and Regulatory Specialist, as a minimum, every
three (3) years.

7.0 Communication Plan (After Approval)

This Compliance Policy will be communicated to key stakeholders using education and
training as detailed above and via GenNet.

8.0 Definitions
ARMC Audit and Risk Management Committee
CEO Chief Executive Officer
CFO Chief Financial Officer
Code Mandatory industry codes and voluntary industry codes with
which Stanwell has chosen to comply.
Code of Conduct Stanwell’s Board-approved Code of Conduct.
Corporation and/or Stanwell Corporation Limited and its subsidiaries.
Stanwell
Compliance Ensuring that the requirements of laws, regulations, bylaws,
Codes and organisational standards are met.
Compliance issues Acts, omissions or events relating to Stanwell’s compliance
obligations that, upon further investigation, may or may not be
identified as a compliance breach.
Compliance breaches Acts or omissions by Stanwell resulting in the breach by
Stanwell to meet its compliance obligations.
Compliance obligations The compliance obligations contained in the Stanwell
Compliance Obligations Register.
Compliance Framework Compliance framework includes this compliance policy,
compliance procedures and the compliance obligations
register.
Executive Leadership Chief Executive Officer and the Executive General Managers
Team
Legal Compliance Effective control of legal risks in order to ensure that the law is
complied with.
Our People Refers to Stanwell directors, employees and all contractors
working for or at Stanwell, in your capacity as a director,
employee or contractor of Stanwell.
Organisational Any code of ethics, codes of conduct, good practices and
Standards charters that Stanwell may deem appropriate standards for day
to day operations.

9.0 References (Including Information Services)

Australian Standard 2806-2006: Compliance Programs
GOV-POL-30 Code of Conduct – The Way We Work at Stanwell
GOV-STD-11 Risk Evaluation Matrix
RMP 10005 – Legal and Regulatory Compliance Risk Management Plan
GOV-POL-29 Whistleblower Protection Policy
GOV-PROC-36 Protected Disclosure Procedure

Doc No: GOV-POL-20 Rev: 3 Rev Date: 18.12.2012 Page 7 of 8

THIS DOCUMENT IS UNCONTROLLED IN HARD COPY FORMAT
10.0 Revision History
Rev. Rev. Date Revision Description Author Approved By
No.
0 17.10.07 New compliance policy. Previously Risk and D Farrelly Board
Compliance Management Policy GOV-POL-04
was in place.
1 24.03.2010 Review on completion of Compliance System A Osborne Board
Upgrade Project
2 12.04.2012 Policy rewritten to address the requirements of M.Maraj Board
the integrated Stanwell Corporation
3 27.11.2012 Position titles updated following Organisational M. Maraj General
Review. Change not required to go to the Board Manager –
Corporate
Services

Doc No: GOV-POL-20 Rev: 3 Rev Date: 18.12.2012 Page 8 of 8

THIS DOCUMENT IS UNCONTROLLED IN HARD COPY FORMAT