Sex Discrimination Act 1984 (Cth) and the Respect@Work Positive Duty

TheAICommand Learning Modules

LM-H07

Sex Discrimination Act 1984 (Cth) and the Respect@Work Positive Duty

A Practitioner-tier learning module for Australian financial services

Learning outcomes

On completion you will be able to:

1. Identify the prohibited grounds and conduct under the Sex Discrimination Act 1984 (Cth), including the s47A hostile workplace environment provision and the s47C positive duty.
2. Explain the seven Respect@Work positive duty standards in plain language and map each standard to operational controls.
3. Apply the positive duty to four Australian financial services contexts: an ADI, a general or life insurer, a superannuation trustee, and an AFSL holder.
4. Evaluate AHRC enforcement risk under Part IIB of the AHRC Act 1986 (Cth) and align response artefacts to CPS 230 and WHS due diligence.
5. Design an AI-supported maturity workflow with documented governance, human-in-the-loop checkpoints, and APP-aligned controls.
6. Construct policy drafts, manager training, and Board culture reports using a governed prompt library.

1. Executive Summary

The Sex Discrimination Act 1984 (Cth) ("SDA") sits at the centre of Australia's anti-discrimination framework. Since the Anti-Discrimination and Human Rights Legislation Amendment (Respect at Work) Act 2022 commenced, the SDA carries a positive duty under section 47C and a strengthened prohibition on hostile workplace environments under section 47A. From 12 December 2023, the Australian Human Rights Commission ("AHRC") gained compliance powers under Part IIB of the AHRC Act 1986 (Cth). The shift is not technical. It moves Australian employers, including every APRA-regulated entity, from a complaint-driven posture to a forward-looking, evidentiary obligation to prevent unlawful conduct.

For Australian financial services, the positive duty is an enterprise-wide reasonableness test. It connects directly to CPS 230 operational risk requirements, the Financial Accountability Regime (FAR), model WHS due diligence under the WHS Act 2011 (Cth), and APRA prudential expectations on culture and conduct. A failure to take "reasonable and proportionate measures" exposes entities to AHRC compliance notices, Federal Court enforcement, and culture-driven regulatory and reputational scrutiny.

What you will be able to do

• Diagnose where your entity sits against the seven AHRC positive duty standards.
• Evidence "reasonable and proportionate measures" through governance, control, and assurance artefacts.
• Embed an AI-supported maturity workflow that respects complaint confidentiality and APP boundaries.
• Brief your Board, ARCC, BRC, and People Committee with calibrated risk language.
• Connect SDA obligations to your existing CPS 230, WHS, and FAR control libraries without duplicating effort.

2. Regulatory and Strategic Context

Issuer, statutory authority, and scope

The Sex Discrimination Act 1984 (Cth) is the principal Commonwealth statute prohibiting discrimination on the grounds of sex, sex characteristics, gender identity, sexual orientation, intersex status, marital or relationship status, pregnancy or potential pregnancy, breastfeeding, and family responsibilities. It is administered by the Australian Human Rights Commission. The Act applies in employment, education, accommodation, the provision of goods and services, the disposal of land, and clubs registered under State or Territory law. In employment, it applies to direct employers, contractors, agents, members of partnerships, and increasingly to workers in the broadest sense, including volunteers, interns, and others connected to a business or undertaking.

Two amendments that reshaped the Act

The Sex Discrimination and Fair Work (Respect at Work) Amendment Act 2021 expanded the definition of worker, made it unlawful to subject another person to a workplace environment that is hostile on the ground of sex (s47A), and clarified that sex-based harassment is a standalone prohibited conduct. The Anti-Discrimination and Human Rights Legislation Amendment (Respect at Work) Act 2022 introduced the positive duty under section 47C requiring all persons conducting a business or undertaking ("PCBU") to take "reasonable and proportionate measures" to eliminate, as far as possible, sex discrimination, sexual harassment, sex-based harassment, hostile workplace environments on the ground of sex, and victimisation. The positive duty commenced on 12 December 2022 and became enforceable from 12 December 2023.

AHRC compliance powers (Part IIB AHRC Act 1986)

From 12 December 2023, the AHRC has compliance powers under Part IIB of the AHRC Act 1986 (Cth). The powers include conducting inquiries, requiring the production of information, accepting enforceable undertakings, issuing compliance notices, and applying to the Federal Court of Australia for orders. The AHRC's "Guidelines for Complying with the Positive Duty" (August 2023) set out seven standards: Leadership, Culture, Knowledge, Risk Management, Support, Reporting and Response, and Monitoring, Evaluation and Transparency.

Interplay with adjacent frameworks

For Australian financial services, the SDA does not operate in isolation. It is bracketed by adjacent regimes that financial services entities are already required to manage. The Disability Discrimination Act 1992 (Cth) (LM-H08) and the Age Discrimination Act 2004 (Cth) (LM-H09) sit alongside the SDA and share the AHRC as administrator. The model Work Health and Safety Act 2011 (Cth) (LM-H06) imposes a primary duty on PCBUs to ensure the health, including psychological health, of workers, with codes of practice on managing psychosocial hazards now in force in every Australian jurisdiction. APRA Prudential Standard CPS 511 Remuneration and APRA's expectations under FAR (LM-G07) require boards and senior executives to demonstrate that culture, including the prevention of harm, is actively managed. CPS 230 Operational Risk Management (LM-G05) treats people-related risks, including misconduct and harassment, as part of the operational risk taxonomy that an entity must measure, monitor, and report.

Three regulator perspectives, one control environment

Practitioners must manage three regulator perspectives simultaneously. AHRC scrutinises whether the entity has taken reasonable and proportionate measures to prevent unlawful conduct. APRA scrutinises whether the entity's risk culture and operational risk frameworks adequately capture conduct risk. Safe Work bodies scrutinise whether psychosocial hazards arising from sex-based harm are identified, eliminated where reasonably practicable, and minimised so far as is reasonably practicable. The three regulators do not contradict each other, but they ask different evidentiary questions and expect different artefacts. Aligning your control environment so that a single set of artefacts answers all three is the strategic prize.

Cross-reference also LM-H10 (Australian Privacy Principles), which governs the handling of complainant and witness data, and LM-G05 (CPS 230) for the operational risk lens. Where the entity is publicly listed, ASX Corporate Governance Council Principles and Recommendations (4th Edition) Principle 3 reinforces a board-level culture obligation that maps directly to AHRC's Leadership and Monitoring standards.

Visual 1. Regulatory authority map (jurisdictional flowchart)

Render in Lucidchart or Whimsical. The flowchart shows the four parallel regulator paths converging on the entity's control environment.

3. Core Concepts and Defined Terms

Defined terms

Direct and indirect discrimination

The Act distinguishes between direct and indirect discrimination. Direct discrimination occurs where a person is treated less favourably than a comparator of a different sex in materially similar circumstances on the ground of their sex (or other protected attribute). Indirect discrimination occurs where an apparently neutral condition, requirement, or practice has the effect of disadvantaging a class of persons sharing a protected attribute and the requirement is not reasonable in the circumstances. Section 7B reverses the burden once disadvantage is established. The respondent must then demonstrate the reasonableness of the requirement.

Sexual harassment, sex-based harassment, and hostile environments

Sexual harassment in s28A requires three elements: the conduct is of a sexual nature; it is unwelcome; and a reasonable person would have anticipated the possibility that the person harassed would be offended, humiliated, or intimidated. The "reasonable person" test is contextual. The 2022 amendment extended the prohibition to sex-based harassment in s28AA, capturing conduct that is "seriously demeaning" rather than narrowly sexual.

Section 47A introduces the hostile workplace environment prohibition. The conduct does not need to be directed at a particular individual. It is enough that the workplace itself becomes offensive, intimidating, or humiliating to a person of a particular sex. Examples include displaying offensive materials, sexually charged jokes audible across the floor, or peer banter that denigrates a sex.

The positive duty

Section 47C imposes the positive duty. This is the most consequential change. Until 2022, the SDA was complaint-led. The positive duty makes the obligation to prevent unlawful conduct ongoing, evidence-based, and proactive. The reasonableness of the measures is assessed against the size and resources of the entity, the nature of the business, the practicability and cost of the measures, and any other relevant matter (s47C(6)). For an APRA-regulated entity, a positive duty defence will require evidence at three levels: governance and policy, operational controls (training, escalation, manager capability), and continuous monitoring. The seven AHRC standards provide the evaluative architecture.

Visual 2. Positive duty seven-standard wheel

Render as a circular hub-and-spoke diagram with the entity at the centre and seven standards on the rim. Each standard maps to control families on the inner ring.

Victimisation under s94 protects complainants and others involved in the complaints process from detrimental treatment. Detriment is broadly construed and includes denial of opportunities, exclusion, performance management used as a pretext, and informal social punishment. Intersectionality is now embedded in the AHRC Guidelines. Practitioners must design controls that recognise the compounding effect of multiple protected attributes. A complaint involving race and sex will not be adequately handled by a sex-only response. Person-of-authority dynamics appear throughout the Guidelines. Power imbalance is a structural risk factor and is treated as an aggravating consideration in both the seriousness of conduct and the adequacy of response.

4. Practical Application in Australian FS

Each scenario uses merge field placeholders only. No real personal information is used.

(a) Authorised Deposit-taking Institution (ADI)

A senior dealer on a major bank's foreign exchange desk repeatedly comments on a junior trader's appearance, sends late-night messages of an ambiguous nature, and excludes [WORKER_NAME] from desk lunches when she does not engage. She has not complained, but a peer alerts the floor manager.

Trigger event: A pattern of conduct meeting the s28A sexual harassment threshold and contributing to a hostile workplace environment under s47A.

Obligation activated: The s47C positive duty requires the bank to take reasonable and proportionate measures. AHRC Standards 4 (Risk Management), 5 (Support), and 6 (Reporting and Response) are directly engaged. The bank's WHS Act primary duty engages psychosocial risk controls, and CPS 230 conduct risk reporting may be triggered if the matter is material.

Artefact produced: Manager-led psychosocial risk reassessment of the desk; trauma-informed support offered to the junior trader; investigation by an independent function under documented complaint-handling procedures; protective work arrangements where requested; conduct risk event entered into the operational risk register and reported through CPS 230 channels if thresholds are met.

Audit trail expected: Written risk reassessment, psychosocial hazard register update, investigation file independent of line management, evidence of support offered, evidence of victimisation safeguards, Board-level management information showing the pattern of similar events at the FX desk and trends across the trading floor.

(b) General or life insurer

A claims assessor at a life insurer receives sexually explicit messages from an external service provider on LinkedIn after a routine claims discussion. She raises it with her manager.

Trigger event: Conduct by a non-employee in connection with the worker's employment (s28B and s47A), engaging the entity's positive duty notwithstanding that the harasser is external.

Obligation activated: The s47C positive duty extends to conduct by third parties where the worker is exposed to that conduct in the course of work. AHRC Standards 4, 5, and 6 are engaged. The contracting framework with the service provider must allow for action.

Artefact produced: Procurement clauses requiring third parties to comply with the entity's anti-harassment standards; immediate suspension of dealings with the named service provider pending investigation; written notification to the third party seeking remediation; offer of psychological support; review of channel risk for claims assessors generally.

Audit trail expected: Updated supplier code of conduct, vendor risk register entry, complaint-handling timeline, outcome correspondence, aggregated management information on third-party-driven incidents.

(c) Superannuation trustee

A non-executive director of a public-offer superannuation trustee makes off-colour remarks about a senior female executive at an offsite. Two independent witnesses corroborate the conduct.

Trigger event: Conduct of a person of authority that is sex-based harassment under s28AA, with potential intersection with the trustee's APRA-regulated SPS 510 Governance and SPS 521 Conflicts of Interest obligations.

Obligation activated: The s47C positive duty applies, with elevated reasonableness requirements due to the seniority of the person of authority. APRA's prudential expectations under SPS 510 require fitness and propriety, and the Board's nominations or risk committee must consider continued fitness.

Artefact produced: Board-led independent review (commissioned externally to maintain independence); fitness and propriety re-assessment; written remediation; communication to members in line with AHRC Standard 7 (Monitoring, Evaluation and Transparency); APRA notification under FAR and SPS 520 if the matter affects fit-and-proper status.

Audit trail expected: Independent reviewer's report, Board minutes recording the deliberation and decision, revised governance protocols, APRA correspondence file, member transparency disclosure.

(d) Australian Financial Services Licence (AFSL) holder

A high-net-worth client makes persistent unwelcome sexual comments to a female financial planner during reviews. The planner reports it to the Practice Principal.

Trigger event: Sexual harassment by a client. The licensee must protect its representative under s47C without breaching its s912A general obligations under the Corporations Act 2001 (Cth).

Obligation activated: The s47C positive duty applies in respect of client-driven conduct. The licensee must balance the worker's safety against client continuity obligations. ASIC RG 271 (internal dispute resolution) frames how the client side is handled; the AHRC Guidelines frame how the worker side is handled.

Artefact produced: Reassignment of the client to an alternative adviser (with the planner's consent); written warning to the client and option to terminate the relationship; psychological support for the planner; review of training and de-escalation guidance for client-facing staff.

Audit trail expected: Adviser welfare file, client account memorandum, trained adviser register, complaint-handling timeline, review of similar incidents across the practice.

Visual 3. AHRC enforcement pathway (process flow)

Render as a horizontal swim-lane diagram. Lane 1 = AHRC, Lane 2 = Entity, Lane 3 = Federal Court of Australia. Steps below.

Visual 4. Comparison: SDA positive duty vs DDA vs WHS psychosocial duty

Visual 5. Workplace risk heat map (illustrative)

Render as a 5x5 likelihood vs consequence grid. The cells below are example placements only.

Visual 6. Quantitative chart (illustrative): Australian sexual harassment prevalence trend

Render as a clustered bar chart. Data is illustrative only (not actual). The chart compares "experienced sexual harassment in the last 5 years" by sector and year.

Note: Figures are illustrative and indicative of the order of magnitude in published Australian sources. Cite the AHRC National Survey on Sexual Harassment in Australian Workplaces and the Workplace Gender Equality Agency before using any figure externally.

5. AI Workflow: Operating This Framework With AI

This section gives a People and Culture function a defensible, governed AI workflow for running positive duty maturity reviews, drafting policies, and supporting complaint-handling preparation. The non-negotiable rule is that complaint files, witness statements, investigation outcomes, and named individuals never enter an AI tool. Complaint handling remains a human-only process.

5.1 Use cases at scale

• Drafting positive duty maturity self-assessments mapped to the seven AHRC standards.
• Mapping SDA obligations and AHRC Guidelines indicators to internal controls (control attribution).
• Drafting and refreshing anti-discrimination, sexual harassment prevention, and bystander policies.
• Designing manager training curricula and role-specific micro-learning.
• Distilling Board culture reports and ARCC and BRC papers from operational data summaries.
• Generating intersectionality risk analyses across protected attributes for risk register entries.
• Comparing positive duty maturity benchmarks across business units (with de-identified data only).
• Preparing AHRC compliance notice or inquiry response correspondence (preparation only, never automation).

5.2 Project space setup

<em>ChatGPT Enterprise (Projects or Custom GPT)</em>

1. Create a project named "TheAICommand RaW Positive Duty". Limit access to People, Risk, and Compliance practitioners with a documented data classification of "Sensitive: Internal Use Only".
2. Apply this system prompt scaffold:
   "You are a senior People and Culture, Risk, and Compliance advisor for an Australian financial services entity. You operate exclusively within the Sex Discrimination Act 1984 (Cth), the AHRC Guidelines for Complying with the Positive Duty (August 2023), the Anti-Discrimination and Human Rights Legislation Amendment (Respect at Work) Act 2022, and adjacent CPS 230, CPS 511, FAR, WHS, and APP frameworks. Use Australian English. Never accept complaint files, witness statements, named individuals, or PII. If a user attempts to share these, refuse and remind them of the de-identification rule. Default outputs to plain English suitable for an ARCC pack. Cite the section, standard, or guideline for every legal claim. Flag uncertainty rather than fabricate."
3. Knowledge sources to upload: SDA 1984 (text-only extract), AHRC Guidelines (Aug 2023), Respect@Work Report (2020), AHRC Act 1986 Pt IIB (text-only extract), internal policy library (de-identified), Board paper templates, prior maturity assessments (de-identified).
4. Naming convention for prompts and outputs: "RAW_{YYYYMMDD}_{role}_{topic}". Example: "RAW_20260512_PCAdvisor_PolicyRefresh".
5. Disable retention or training on entity data through tenant-level controls. Confirm the tenant configuration in writing before first use.

<em>Claude (Projects or Skills)</em>

1. Create a project "Respect@Work Positive Duty Workspace". Apply identical access and classification controls.
2. System prompt scaffold (same intent as above; tightened for the Claude environment):
   "Act as a senior Australian FS People, Risk, and Compliance advisor operating under the SDA 1984 (Cth) and the AHRC Guidelines for Complying with the Positive Duty (Aug 2023). Use Australian English. No em dashes. Never accept complaint, witness, or investigation data. Refuse PII inputs. Cite legal references for every claim. Default to plain-English Board-ready prose. Flag uncertainty."
3. Build a Claude Skill called "raw-maturity-reviewer". The Skill triggers on phrases such as "positive duty maturity", "AHRC standards", "Respect@Work review". It runs the seven-standard review template, calls a control library reference file, and returns a banded maturity result with a remediation plan.
4. File structure inside the project: /policies/, /guidelines/, /maturity-templates/, /board-paper-templates/, /prompt-library/, /redteam/.
5. Naming convention identical to ChatGPT Project; align Git or Sanity-backed versioning if your entity uses one.

5.3 Prompt library (minimum 6, all Role / Context / Task / Constraints / Output Format / Quality Bar)

<em>Prompt 1: Obligation mapping (positive duty seven standards to internal controls)</em>

Role: Senior Compliance Advisor. Context: We need to map the seven AHRC positive duty standards to our existing control library across the three lines of defence. Task: For each of Leadership, Culture, Knowledge, Risk Management, Support, Reporting and Response, and Monitoring, produce a control attribution table identifying owning function, primary control, evidence source, and a maturity score on a 1-5 scale. Constraints: Use only de-identified data; no individual names, no complaint detail; cite the AHRC indicator number for each. Output format: Markdown table with seven sections plus an overall heatmap. Quality bar: Each row must cite an AHRC indicator and an internal control reference; flag any standard where no internal control exists.

<em>Prompt 2: Control narrative drafting</em>

Role: Risk and Compliance Manager. Context: We are drafting a control narrative for our positive duty risk in the operational risk register. Task: Draft a control narrative covering inherent risk drivers, key controls (preventive and detective), residual risk rating, KRIs, and assurance plan. Constraints: 600 to 800 words; Australian English; no real names; risk language consistent with CPS 230 taxonomy. Output format: Six-headed narrative with a tabular control inventory. Quality bar: Auditable, defensible at ARCC, and consistent with the entity's operational risk taxonomy and CPS 230 critical operations register.

<em>Prompt 3: Maturity or gap assessment</em>

Role: People and Culture Practitioner. Context: We are running a positive duty maturity self-assessment for our [BUSINESS_UNIT]. Task: For each of the seven AHRC standards, generate 5 to 7 maturity questions, a 5-band scoring rubric (Reactive, Developing, Defined, Managed, Embedded), and a 90-day remediation backlog grouped by standard. Constraints: De-identified inputs only; intersectionality must be tested at Standard 4; Standard 7 must include a transparency artefact. Output format: Self-assessment workbook with one tab per standard plus a master scorecard. Quality bar: Aligned to the AHRC Guidelines indicators (August 2023); ready to circulate to People Committee.

<em>Prompt 4: Board paper or executive summary creation</em>

Role: Senior People and Culture Lead. Context: The Board ARCC has requested a culture and conduct paper covering positive duty status. Task: Produce a 1,200 word ARCC paper with a one-page executive summary, a maturity heatmap, three priority risks, two enterprise initiatives, and a 12-month roadmap. Constraints: Australian English; no individual identifiers; no live complaint references; calibrated risk language using inherent and residual ratings; align with FAR accountability statements where relevant. Output format: ARCC paper template with executive summary at top. Quality bar: Survives a critical read by the Chair of ARCC and an APRA external review; cites the relevant AHRC standard for every recommendation.

<em>Prompt 5: Regulator response or notification drafting</em>

Role: Head of Workplace Relations. Context: We have received an AHRC information request under Part IIB. Task: Draft an outline response identifying the relevant evidence categories, a privilege log structure, and a stakeholder engagement plan. Constraints: Preparation only; final response is human-drafted and lawyer-reviewed; no individual identifiers; no investigation outputs; align timing with statutory deadlines. Output format: Response outline, privilege log scaffold, stakeholder plan. Quality bar: Lawyerly, conservative, and ready for Legal review; no legal advice presented as final.

<em>Prompt 6: Manager training guide</em>

Role: Learning and Development Lead. Context: We are refreshing manager training on disclosures and positive duty obligations. Task: Produce a 30-minute training guide with five learning outcomes, a scenario library of six de-identified scenarios with model responses, three knowledge checks, and a two-page facilitator script. Constraints: Trauma-informed; no real cases; APP-aligned (no PII in scenarios); Australian English; no em dashes. Output format: Facilitator pack plus a participant workbook. Quality bar: Tested by a People BP and a Workplace Relations specialist; aligned to AHRC Standard 3 Knowledge.

<em>Prompt 7 (bonus): Policy redraft</em>

Role: Compliance Advisor. Context: We are redrafting our anti-sexual-harassment and anti-discrimination policy to meet AHRC Guidelines. Task: Produce a redraft with version control table, plain-English glossary, scope (worker definition aligned to the SDA), key obligations, reporting channels, victimisation safeguards, support resources, and a transparency commitment. Constraints: Australian English; gender-inclusive language; aligned to APP 1 transparency; no real names. Output format: Policy redraft with redline against the previous version (described, not a tracked-changes file). Quality bar: Approvable by the People Committee; AHRC indicator-aligned.

5.4 Governance, audit, privacy, and risk appetite controls

• De-identification: Strip names, employee IDs, claim or matter numbers, dates of birth, and any field combination that could re-identify a person before any prompt is submitted.
• Human-in-the-loop checkpoints (mandatory four): scoping (before any prompt), draft review (after first AI output), finalisation (after edits and citations checked), and distribution (before the document leaves the team).
• Prohibited inputs: complaint files, witness statements, investigation outcomes, named individuals, pseudonymised data that can be re-identified, market-sensitive disclosures, sanctions-listed parties, claimant or beneficiary data, and any data outside the data classification authorised for the project.
• Retention and logging: prompt logs retained for the period required by APRA record-keeping (a minimum of 7 years) with a per-prompt audit log capturing user, role, task, model, and timestamp.
• Model selection: prefer enterprise-tenanted models with no training on entity data; on-premises only for high-sensitivity drafts; never use the consumer free tier; document the model version in every output.
• CPS 230 critical operations: if AI is used in any process supporting reporting on critical operations, register the AI service in the critical operations service mapping with a tolerance for disruption and a substitute control.
• APP alignment: APP 1 (open and transparent management), APP 5 (notification of collection), APP 6 (use and disclosure), APP 11 (security of personal information). The AI workspace must not become a covert second copy of HR or complaint data.

5.5 Quality assurance loop (5-step rubric)

1. Source check. Does every legal claim cite a section, standard, indicator, or guideline number?
2. Scope check. Does the output stay within the user's scope and avoid drifting into legal advice or complaint handling?
3. Risk check. Does the output identify residual risks, dependencies, and assumptions explicitly?
4. Australian voice check. Australian English, no em dashes, plain-English Board-ready prose?
5. Sign-off check. Is there a human approver named with a date, and is the model version logged?

5.6 Scaling pattern across a team

• Templates: Maintain a master prompt library version-controlled in your project space. Treat prompts as configuration items.
• Version control: Apply Git-style versioning or Sanity-backed content control to policy drafts and Board papers. Record diffs in a changelog.
• Change logs: Every model upgrade or prompt change produces a changelog entry, signed off by the Head of Function.
• Model evaluation cadence: Quarterly evaluation of model behaviour against a fixed evaluation set of de-identified prompts; track drift, refusals, and citation accuracy.
• KRI suggestions: Time-to-respond on disclosures (Standard 6); proportion of training completed by people leaders (Standard 3); independent investigation rate (Standard 6); psychosocial hazard re-identification rate (Standard 4); Board reporting frequency (Standard 1); transparency disclosures published (Standard 7); AI usage volume by prompt category (governance KRI).

6. Common Pitfalls and Watch-outs

1. Treating the positive duty as a policy refresh. Corrective action: Stand up a positive duty programme with a senior owner, a quarterly cadence, and a Board-visible roadmap. The duty is operational, not documentary.
2. Excluding contractors and volunteers from the worker definition. Corrective action: Update your worker definition in policy, training, and the operational risk register to match SDA s4 as expanded; brief procurement on contractor obligations.
3. Letting line managers handle complaints without independent oversight. Corrective action: Build a triage and independent investigation framework; ensure investigators are independent of the line of management of the respondent; document conflicts.
4. Failing to apply intersectionality. Corrective action: Embed intersectional triggers in your risk register and complaint triage; train investigators in compounded harm; review historical matters where intersectionality may have been missed.
5. Over-relying on mandatory training without behavioural reinforcement. Corrective action: Pair training with manager observation, scenario practice, peer-led conversations, and culture pulse measurement; track behavioural KPIs not just completion.
6. Conflating WHS psychosocial duty with the SDA positive duty. Corrective action: Map both duties to a single control set but maintain distinct evidence threads; the WHS reasonable practicability test and the SDA reasonable and proportionate test are not identical.
7. Capturing only "complaints" in management information. Corrective action: Capture disclosures, observations, near-misses, and pulse data; treat under-reporting as a risk indicator; calibrate Standard 7 transparency disclosures accordingly.
8. Using AI tools on complaint files or witness statements. Corrective action: Hard-stop policy that complaint, witness, and investigation data never enters AI tools; train all users; audit prompt logs quarterly; reinforce APP 11 security obligations.

7. Decision Frameworks and Tools

Decision tree: Is this conduct in scope of the SDA and the positive duty?

Maturity ladder (5 levels)

Self-check questionnaire (7 items)

1. Can you produce, on a single page, the seven-standard maturity scorecard and its evidence?
2. Have you identified your top three positive duty risks and assigned RACI ownership?
3. Is your worker definition in policy and training aligned to the expanded SDA s4 worker definition?
4. Are complaints, disclosures, observations, and pulse data captured and reviewed quarterly at Board level?
5. Does your independent investigation framework exclude line management of the respondent?
6. Are AI tools used in your positive duty workflow registered, audited, and de-identified?
7. Have you tested intersectional risk in the last 12 months and adjusted controls accordingly?

8. Further Reading and Authoritative Sources

• Sex Discrimination Act 1984 (Cth) (compilation in force).
• Australian Human Rights Commission Act 1986 (Cth), Part IIB.
• Anti-Discrimination and Human Rights Legislation Amendment (Respect at Work) Act 2022 (Cth).
• Sex Discrimination and Fair Work (Respect at Work) Amendment Act 2021 (Cth).
• Australian Human Rights Commission, Guidelines for Complying with the Positive Duty under the Sex Discrimination Act 1984 (Cth) (August 2023).
• Australian Human Rights Commission, Respect@Work: National Inquiry into Sexual Harassment in Australian Workplaces Report (2020) (the Jenkins Report).
• Australian Human Rights Commission, Time for Respect: 5th National Survey on Sexual Harassment in Australian Workplaces (2022).
• Workplace Gender Equality Agency, Annual Gender Equality Scorecard.
• APRA Prudential Standard CPS 230 Operational Risk Management; Prudential Standard CPS 511 Remuneration; Prudential Practice Guide CPG 511.
• APRA Information Paper, Risk Culture (October 2016) and subsequent thematic reviews.
• Safe Work Australia, Model Code of Practice: Managing Psychosocial Hazards at Work (2022).
• ASIC Regulatory Guide RG 271 Internal Dispute Resolution; ASIC Regulatory Guide RG 78 Breach Reporting.
• ASX Corporate Governance Council, Principles and Recommendations (4th Edition).
• Office of the Australian Information Commissioner, Australian Privacy Principles Guidelines (Chapters 1, 5, 6, 11).
• Federal Court of Australia and ART decisions on the SDA and positive duty (precedent file maintained by Workplace Relations).