The obligation to report breaches to ASIC under your AFS Licence conditions, the forthcoming data breach notification rules and to at least be aware of and remediate breaches under other legislation requires credit unions to have compliance frameworks in place.
It is no excuse for directors or senior management to say they were not aware of breaches. How do you know that bad news is not being communicated to your board?
A compliance framework involves the reporting of breaches so that appropriate action can be taken. It needs to be understood by staff to work. How do you explain it simply so that the whole organisation is committed to compliance?
One way is to develop a visual summary that can be easily understood and explained.
This video (6 mins 40 secs) demonstrates a basic compliance framework that can be adapted and expanded for your credit union.