Meeting theme
The theme of the meeting was Tax administration: cybersecurity and identity fraud.
Key highlights
- Treasury provided an update on a number of topics of interest.
- Members discussed their experiences from recent consultations involving Treasury. Members will provide written feedback to Treasury for consideration.
- The ATO shared its observations on the following:
- past and current cybersecurity and fraud trends, activities and behaviours
- actions that professional organisations, their members and taxpayers can take to prevent cybercrime incidents
- the role professional organisations have to educate their members on the importance of cybersecurity awareness and implementing best practice.
- Members encouraged the ATO to provide clear guidance to agents relating to the collection and retention of client data.
Opening comments
Kirsten Fish, Second Commissioner, Law Design and Practice Group, ATO; Peter Godber, The Tax Institute
National Tax Liaison Group (NTLG) Co-chair Kirsten Fish and external Co-chair Peter Godber welcomed members.
It was noted that Tax barrister Mia Clarebrough will replace Angela Lee as Law Council of Australia representative. Mia’s first NTLG meeting will be 22 June 2023.
Treasury
Laura Berger-Thomson, First Assistant Secretary, Personal and Indirect Tax and Charities Division, Revenue, Small Business and Housing Group, Treasury
Treasury provided an update on developments since the last NTLG meeting, this included that the first report of the interim Economic Inclusion Advisory Committee, 2023–24 Report to the Australian Government (PDF, 1.47MB)This link will download a file was released on 18 April 2023. The report contains 37 recommendations being considered by the government to address disadvantaged communities and boost economic participation.
Treasury also provided an update on the following items:
- the Review of the Reserve Bank of AustraliaExternal Link – released on 31 March 2023
- consultation on changes to the reduction in superannuation concessionsExternal Link
- Treasury's release of the Tax Expenditures and Insights Statement (PDF, 3MB)This link will download a file on 28 February 2023
- the Tax Treaties program.
Members noted the importance of consultations and having sufficient time to provide quality input.
Members noted the passage of Treasury Laws Amendment (2022 Measures No. 4) Bill 2022External Link which includes provision for a 30% refundable tax offset in relation to the development of digital games in Australia would provide certainty to the industry.
Members invited Treasury to provide its reflections on the 2023 Budget at the June NTLG meeting. Members are particularly interested to understand how useful pre-budget submissions have been to the Budget process.
Cybersecurity
John Ford, Deputy Commissioner, Integrated Compliance, ATO; Alex Adams, Deputy Commissioner, Service Operations, Enterprise Solutions and Strategy, ATO; Elissa Walker, Deputy Commissioner, Digital Delivery, Enterprise Solutions and Strategy, ATO; Michelle de Niese, Corporate Tax Association; Justin Byrne, Law Council of Australia
The ATO shared insights on cybersecurity trends, behaviours and threat activities in the external environment. An overview of the ATO’s mitigation strategies was provided, with the ATO acknowledging that it cannot offer or provide additional protection against cybercrime to individual taxpayers or other external organisations.
The ATO emphasised the importance of all organisations having robust, multi-layered cybersecurity strategies.
The ATO noted that the number of attempted cyber hacks is increasing. The ATO defends against a significant number of these types of cyber events each month. In situations where a cybercrime incident occurs, these should be reported to the Australian Cyber Security CentreExternal Link.
NTLG members discussed key risks and issues in the cybersecurity landscape. It was agreed that organisations need a strong focus on keeping their members educated on the latest advances and threats due to the continually evolving cybersecurity landscape. Members discussed their roles in educating and raising awareness of best practice within their member organisations.
Members shared their observations of management of cybersecurity and protection of data within their organisations, including the balance of risk and cost. Members raised concerns about the lack of incentive for smaller firms or organisations to continually review and adopt best practice to reduce the risk of cybercrime.
The ATO emphasised that due to the dynamic cybersecurity landscape, professional organisations should ensure their members expect change and are ready to adapt as needed.
Identity fraud
John Ford, Deputy Commissioner, Integrated Compliance, ATO; Elissa Walker, Deputy Commissioner, Digital Delivery, Enterprise Solutions and Strategy, ATO; Hoa Wood, Deputy Commissioner, Individuals and Intermediaries, ATO; Michelle de Niese, Corporate Tax Association; Justin Byrne, Law Council of Australia
The ATO and NTLG members discussed the key risks, issues and prevalence of identity fraud in the current environment. The ATO shared insights on fraud activities and trends in the external environment.
The ATO and members discussed:
- types of fraud activities
- scale and adaptability of identity fraud incidents
- compromised accounts and victim remediation
- client-agent linking.
The ATO highlighted the key activities it undertakes to protect the ATO system and data and identified that ATO activity and requirements of participants in the tax and super systems will change and evolve to anticipate and prevent future threats in what is a dynamic environment.
Members noted the practical difficulties faced where a taxpayer’s ATO account has been compromised. The ATO acknowledged that where an account has been compromised, it is locked down as soon as practicable. This can make it difficult for taxpayers to comply with their future reporting obligations. The ATO is considering how it can improve and streamline the victim remediation process and encouraged members to provide further reflections as to practical steps which could be taken.
The ATO further emphasised the importance of keeping data safe at a personal level. This responsibility lies with each individual taxpayer and tax agent, who should be taking time to remain aware of the changing ways in which identity theft can be committed, and the most appropriate actions to take to combat this.
Members highlighted the importance of education and ongoing awareness of these broader identity fraud threats. Members also discussed the potential role that professional bodies could play in highlighting these risks, and mitigation activity agents could take. This included remaining vigilant to changes in the environment and maintaining good hygiene and practices within organisations.
Members further noted the difficulty for smaller entities to invest time and resources in strategies to combat this type of fraud, but noted it is a high priority for all members to keep information and assets safe.
Legal issues in the fraud landscape: disputes and recovery
Alex Affleck, Deputy Chief Tax Counsel, Office of the Chief Tax Counsel, ATO; Ivica Bolonja, Acting Assistant Commissioner, Office of the Chief Tax Counsel, ATO
The ATO discussed some of the legal issues associated with assessments, review rights and recovery in the context of particular fraud scenarios.
Members appreciated the difficulty involved in some of these scenarios.
Post-meeting update –The ATO anticipates detailed guidance to be issued publicly in the form of the revised Law Administration Practice Statement PS LA 2008/11 Suspected fraud by a third party or tax practitioner. This is expected to be issued in the coming months.
Reflections
The ATO acknowledged the cost and time involved in engaging appropriate cybersecurity protection/strategies. For a business or organisation, this investment needs to be undertaken based on a risk assessment of the business.
The role of professional organisations as educators was highlighted, and the following considered:
- whether best practice measures should be developed by organisations for their members
- whether there is benefit for organisations to understand what level of cybersecurity their members have implemented.
Members questioned the need to establish a specific conduit through which cyber or data breaches can be reported to the ATO. Members welcomed relevant, timely updates from the ATO with regards to any changes as new cyber risks emerge. It was acknowledged that tax agents will need to be flexible to keep up to date with this dynamic landscape.
Members noted the importance of the ATO working closely with the Tax Practitioner’s Board (TPB) to ensure a consistent approach. The TPB have published resources for tax agents, including:
- Protect your practice from cyber-attacksExternal Link
- Prevention is better than cure – assess your cyber risk!External Link
- Be cyber awareExternal Link.
Members encouraged the ATO to provide further guidance to tax agents on the length of time that data should be retained to fulfil government requirements, and any data specifications.
Action item update
NTLG 2302/1 – Revision of the integrity declaration
The ATO and members have worked together to re-draft the integrity declaration template. NTLG members were invited to provide further feedback on the draft.
NTLG 2302/2 – NTLG membership nomination process
Members provided the ATO with a document outlining the process undertaken by an external organisation for NTLG member nomination.
Other business and meeting close
ATO Taskforce funding
The ATO advised that there will be several upcoming leadership changes to the Client Engagement Group.
Post-meeting update – members were notified by email on 11 May 2023 of the upcoming changes to the CEG structure.
Consultation
Members provided observations regarding some of the recent tax policy consultation processes undertaken by Treasury.
Action item |
NTLG 2304/1 |
Due date |
22 June 2023 |
Responsibility |
Julie Abdalla, The Tax Institute |
Description |
Members to provide written feedback to Treasury on their observation of Treasury's recent tax policy consultation processes. |
Attendees
Organisation |
Member |
---|---|
ATO |
Kirsten Fish (Co-chair), Law Design and Practice |
ATO |
Emily Webster, Office of the Chief Tax Counsel |
ATO |
Jeremy Hirschhorn, Client Engagement |
ATO |
Jodi Williams Director (Secretariat), Enterprise Strategy and Design |
Chartered Accountants Australia and New Zealand |
David Watkins |
Corporate Tax Association |
Michelle de Niese |
CPA Australia |
Alexis Kokkinos |
CPA Australia |
Elinor Kasapidis |
Institute of Public Accountants |
Tony Greco |
Law Council of Australia |
Justin Byrne |
The Tax Institute |
Peter Godber (Co-chair) |
The Tax Institute Professional Bodies Coordinator |
Julie Abdalla |
Treasury |
Laura Berger-Thomson |
Apologies
Organisation |
Member |
---|---|
Chartered Accountants Australia and New Zealand |
Michael Croker |
Law Council of Australia |
Angela Lee |
The Tax Institute |
Jerome Tse |
Treasury |
Diane Brown |