ATO Fraud and Corruption Control Plan 2025

Foreword

I am pleased to introduce the ATO’s 2025 Fraud and Corruption Control Plan (the Plan), which outlines our approach to managing the risk and incidents of fraud and corruption across the Australian Taxation Office listed entity (ATO listed entity), including the Tax Practitioner’s Board (TPB) and Australian Charities and Not for profits Commission (ACNC).

As the Accountable Authority of the ATO listed entity I am responsible under section 10 of the Public Governance, Performance and Accountability (PGPA) Rule 2014, and supporting Commonwealth Fraud and Corruption Control Framework, to take all reasonable measures to prevent, detect and respond to fraud and corruption relating to the entity. This includes developing and implementing this enterprise level control plan to deal with fraud and corruption risks and incidents, and periodically reviewing and monitoring the Plan to address risks identified in our ongoing assessments.

We treat fraud and corruption seriously and have zero tolerance for such behaviour. The ATO is committed to minimising the occurrence of fraud and corruption impacting the ATO through active prevention strategies, early identification, effective risk management and responding to incidents. This Plan is intended to support all employees, contractors and stakeholders recognise current fraud and corruption risks and vulnerabilities, how they can integrate control strategies into decision-making activities and provide information on how to seek advice or report concerns.

With the threat of fraud and corruption becoming not only increasingly more complex, but also having potentially more significant consequences, it is critical we think deeply about potential exposures, implement strong prevention and detection mechanisms, and be responsive and resolute when fraud or corruption is identified. Implementing the Plan through action, leadership and governance not only underpins our integrity framework, but aligns with broader APS reform, and shows how our values and cultural traits support fairness, effective systems, and accountability.

I encourage you to familiarise yourself with the Plan and incorporate the requirements into your daily work practices by actively identifying risk and reporting incidents of suspected fraud and corruption, and work with us to maintain trust and confidence of the Australian community. It is the responsibility of each and every one of us, and I thank you in advance for your vigilance.

Commissioner of Taxation

Introduction

The Plan documents the strategic and operational approach to controlling fraud and corruption affecting the ATO listed entity. It ensures compliance with the requirements of section 10 of the Public Governance, Performance and Accountability (PGPA) Rule 2014 and Commonwealth Fraud and Corruption Control Framework.

To meet the ATO’s obligations, the Plan:

outlines the ATO’s fraud and corruption control framework
articulates the ATO’s approach to managing fraud and corruption risks
explains strategies the ATO uses to train and raise employee awareness.

While the TPB and ACNC are independent statutory authorities, under the Public Governance, Performance and Accountability Act 2013 (PGPA Act) the Commissioner of Taxation is the accountable authority for the ATO, ACNC and the TPB and has responsibility for taking all reasonable measures to prevent, detect and respond to fraud and corruption in those bodies.

Risk tolerance

The ATO has zero tolerance for any fraudulent or corrupt behaviour that may impact the ATO. In practice, zero tolerance means the ATO takes all reasonable measures to prevent, detect and respond to fraud and corruption risk.

The ATO acknowledges that, in its interactions with clients and service providers, and in the delivery of its services, it cannot avoid, detect or prevent all fraud and corruption risks.

The ATO will:

analyse and take associated steps to protect the tax, superannuation and registry systems and clients, by minimising the occurrence and impact of fraud, corruption, and other crimes
assess all alleged instances of fraud or corruption and further investigate as appropriate
pursue disciplinary, administrative, civil, or criminal actions as appropriate
seek to prosecute through the courts, where appropriate.

Fraud

The Commonwealth Fraud and Corruption Control Framework defines fraud as 'dishonestly obtaining (including attempting to obtain) a gain or benefit, or causing a loss or risk of loss, by deception or other means'.

A benefit includes information as well as financial benefits. For an activity to be fraudulent, it must be deliberate and lead to a direct or indirect benefit to an individual or group. It includes activities where benefits are received by persons or entities other than those committing the fraud. Fraud can be committed by parties internal or external to the ATO.

Internal fraud is committed by ATO employees or contractors and can include:

unauthorised (or attempted) access to taxation records without a business reason
falsely claiming benefits
falsifying time sheets
corporate credit card fraud
falsifying qualifications
use of ATO fleet vehicles for personal use
using government assets for personal benefit.

External fraud is committed by parties external to the ATO such as:

a legitimate taxpayer using their own identity to commit fraud
an authorised representative using their position and knowledge to misrepresent a taxpayer and commit fraud
a fraudster using the identity of a taxpayer who they do not know.

Examples of external fraud include (but are not limited to):

staying out of the system to knowingly and intentionally evade taxation obligations
deliberately exploiting any of the 4 pillars of compliance (registration, lodgment, correct reporting and payment) to generate a fraudulent benefit such as a refund or tax concession
stealing information
falsifying documents or false reporting.

Failing to prevent and detect fraud early leads to losses in information or revenue. This can result in reputational damage and undermine the community’s confidence in the integrity of the tax, superannuation, and registry systems, as well as potentially causing harm to specific Australians.

Corruption

The National Anti-Corruption Commission (NACC) Act 2022 describes 4 types of corrupt conduct. A person engages in corrupt conduct if they:

are a public official and they breach public trust
are a public official and they abuse their office as a public official
are a public official or former public official and they misuse information they have gained in their capacity as a public official
do something that adversely affects a public official’s honest or impartial exercise of powers or performance of official duties (any person can engage in this type of corrupt conduct, even if they are not a public official themselves).

A person also engages in corrupt conduct if they try or plan to do any of those things.

Examples of corruption that may be realised in the ATO include:

abuse of office (for example, provision of sensitive information to facilitate external fraud committed by others)
biased decision-making by employees
nepotism (particularly in relation to employment)
collusion for personal gain.

Key responsibilities

Everyone in the ATO has a responsibility to mitigate the risk of fraud and corruption. However, some positions and organisational bodies play a more important role.

Table 1: Governance and oversight responsibilities
Role	Responsibility
Commissioner of Taxation	Accountable authority responsible for taking all reasonable measures to prevent, detect and respond to fraud and corruption for the ATO, TPB and ACNC.
ATO Audit and Risk Committee	Provides independent advice and assurance to the Commissioner about the risk oversight and management of systems in place to implement the ATO’s Fraud and Corruption Control Plan.
Deputy Commissioners (ATO only)	Ensure the obligations of the Commonwealth Fraud and Corruption Control Framework are met, within their area of responsibility, including undertaking regular risk assessments, documenting controls, testing effectiveness of controls, managing vulnerabilities, and ensuring any required treatments are in place. Consider all fraud risks when a new measure, system or process is being designed. If the change introduces fraud risks, key controls must be documented and tested. Consider fraud risks when changes are made to existing systems and processes. If the change introduces or changes fraud risks, an assessment must be undertaken. Reconsider fraud risks when relevant new information or intelligence comes to hand.
Deputy Commissioner ATO Corporate	Enterprise risk owner for ‘Standards and Ethical Conduct’ in the ATO Corporate Plan and responsible for oversight and management of key strategies to address risks.

Table 2: Internal fraud and corruption
Role	Responsibility
Assistant Commissioner Fraud Prevention and Internal Investigations (FPII)	Business risk owner for internal fraud and corruption and insider threat. Leads an independent function supporting the Commissioner on internal fraud and corruption control. This role is also responsible for developing this Plan.
Fraud Prevention and Internal Investigations	Responsible for implementing measures and strategies to prevent, detect and respond to internal fraud and corruption. FPII are also responsible for the management and oversight of the ATO’s insider threat program, Public Interest Disclosure scheme and NACC obligations. This includes arrangements for the ACNC and TPB.

Table 3: External Fraud
Role	Responsibility
Deputy Commissioner Fraud and Criminal Behaviours	Enterprise risk owner for external fraud in the tax, superannuation, and registry systems. Has accountability and authority to declare and respond to external fraud events. Leads the external fraud strategy development and treatment plan management across the ATO. Leads the Fraud and Criminal Behaviours business line and has authority to declare emergency external fraud events and lead surge responses.
Fraud and Criminal Behaviours Business Line	Leads Australia’s efforts domestically and internationally to prevent, detect and respond to external fraud and financial crime in the tax, superannuation and registry systems. Coordinates and delivers civil and criminal treatment to bring effective consequences to the highest priority external fraud and financial crime. Collects and monitors data and information to detect external fraud and financial crime in close to real time. Manages new and serious outbreaks of external fraud and financial crime and rapidly contains these threats.
Senior Responsible Officers	Actively manage external fraud by conducting and reviewing risk assessments regularly for their program. This ensures appropriate external fraud risk tolerances, treatments and controls are in place and documented.
Integrity Steering Committee	Sets strategic, whole-of-ATO direction on external fraud risks and threats.
System Integrity Management Group	Takes a coordinated approach to external fraud risk management across the ATO. Champions embedding fraud control practices into the ATO.
Serious Financial Crime Taskforce Chief (ATO only)	Provides day-to-day oversight of the Serious Financial Crime Taskforce (SFCT) and is responsible to the SFCT CEO’s Board.

Table 4: Related entities
Role	Responsibility
ACNC Commissioner TPB CEO Secretary*	Manages external fraud risks for their organisations. Note: The TPB Chair, together with the TPB Secretary, are responsible for managing the TPB’s external fraud risk.

Table 5: Supporting functions
Role	Responsibility
Risk Committee	Responsible for positively influencing the ATO’s ability to manage key areas of risk associated with strategic objectives and ensuring risks are being managed effectively and consistently with the Enterprise Risk Management Framework (ERMF). Provides assurance to the ATO Executive (along with the Audit and Risk Committee) that risk is being effectively identified and appropriately managed, with a strong focus on setting clear accountabilities, tolerances, and monitoring to ensure it remains within acceptable levels.
Security Committee	Ensures protective security policies and business continuity management capabilities are managed effectively across the ATO.
ATO Strategy Committee	Ensures strategy coherence by making decisions or recommendations to the ATO Executive in relation to strategies and priorities with significant internal or external impacts within the context of the ATO’s strategic direction and the operating environment.
External Fraud Integrity Committee	Responsible for providing advice on maintaining an appropriate system of external fraud control so that the ATO meets its obligations under the PGPA Act and Commonwealth Fraud and Corruption Control Framework
External Fraud Risk Committee	Ensures external fraud risks are managed efficiently and effectively and in accordance with risk and fraud policy including the ATO Enterprise Risk Management Framework, PGPA Act and the Commonwealth Fraud and Corruption Control Framework
External Fraud Treatment Committee	Responsible for ensuring coherence across external fraud treatment strategies and associated investments.
Counter Fraud Program Steering Committee	Responsible for exercising governance responsibilities with respect to the ATO's resource allocation, investment, risk management and delivery of the Counter Fraud Program.

Other roles and responsibilities that reduce fraud and corruption risk, include:

ATO People who advise on ATO integrity strategy and approaches, and informs training, awareness, and communication strategies and support conduct and behaviour concerns across all employment types through actions under the APS Code of Conduct.
Senior Executives who provide strong leadership and foster a culture of integrity, awareness, and reporting.
Business line managers who ensure risk management principles are applied in the operation of their business line.
All ATO employees and contractors who have an ongoing responsibility to undertake mandatory training and identify and report suspected fraud and corruption.

Maintaining integrity

The Public Governance, Performance and Accountability Act 2013 (PGPA Act) contains the legal obligations of Commonwealth entities in relation to their governance, performance, accountability, and use and management of public resources.

Under the PGPA Act, the Commissioner has specific duties as the accountable authority to:

properly govern the ATO
establish an appropriate risk and control system
encourage officials to cooperate with others to achieve common objectives
consider the effects of imposing requirements on others
keep the respective minister and the finance minister informed.

To meet governance obligations under the PGPA Act and ensure conformance with other legislative requirements, including the proper administration of the tax and superannuation systems, the ATO has an overarching framework which is represented under 2 key areas:

governance structure
governance pillars.

Governance structure includes the following key committees:

Audit and Risk Committee
ATO Executive
other ATO Committees.

Governance pillars are grouped into 4 key pillars that form the basis of the Audit and Risk Committee mandatory assurance reporting:

financial reporting
performance reporting
risk oversight and management
internal control.

The ATO’s Integrity Framework outlines the mechanisms and policies that underpin a pro-integrity culture in the ATO. The framework is supported by governance and reporting arrangements that ensure the ATO is an integrity-based organisation.

We continue to embed a pro- integrity culture at the ATO, dealing with identified risks through action, leadership, and governance. This is achieved through:

using tools and methodologies to strengthen system integrity
developing comprehensive policies and procedures to support decision-making
ensuring individuals have the appropriate security clearance for their position
reporting and managing conflicts of interest declarations
reporting internal and external performance and activities
transparently participating in independent review and reporting arrangements
requiring employees and contractors to undertake fraud and corruption training.

Code of conduct

The APS values, employment principles and code of conduct shape the ATO’s culture and integrity. All employees must behave in a way that upholds and meets the standards of conduct in line with APS and ATO values and have a responsibility to report misconduct and not turn a blind eye to unacceptable behaviour.

If an employee is found to have breached the Code of Conduct, a sanction delegate may decide to impose a sanction under subsection 15 of the Public Service Act 1999.

The sanctions available range from a reprimand through to termination of employment.

Fraud and corruption risks

Internal

An annual review of the internal fraud and corruption environment provides an opportunity to be proactive in identifying areas of emerging risk. This is done by examining global trends, national issues, and trends in the Australian Public Service.

The 2023–24 process undertaken by Fraud Prevention and Internal Investigations confirmed 3 enduring internal fraud and corruption risks to the ATO:

misuse of tax-specific expertise
abuse of decision-making authority
unlawful access, use or disclosure of tax information.

A forward work program for internal fraud and corruption control is built around the overarching priority focus on insider threat, supported by these 3 enduring risk themes and allows the ATO to take a more strategic approach to identify and deal with possible risk.

In addition to enterprise and business risk assessments (for Standards and Ethical Conduct, internal fraud and corruption and insider threat) the ATO also undertake internal assessments that deal with more day-to-day operational issues as they arise and gauge the chance for opportunistic fraud and corruption to occur through:

undeclared or perceived conflicts of interest
corruption
exploitation of administration processes
access to systems or processes that affect the revenue
misuse of ATO facilities
misuse of ATO IT facilities
release of information (including unauthorised access to systems and data).

Key focus area – insider threat

Insiders are current or former employees or contractors who have legitimate or indirect access to ATO employees, information, techniques, activities, technology, assets or facilities.

An insider threat is when an insider intentionally or unintentionally uses their access to conduct activities that could cause harm or negatively affect the ATO. This could also be detrimental to Australia’s national security, undermine Australia’s sovereignty, revenue, and prosperity, or even pose a threat to life.

Insiders have varied and sometimes complex reasons for conducting harmful activity, either intentionally or unintentionally.

An example of intentional insider activity may include publicly disclosing classified or privileged ATO information with a third party—such as a business competitor, criminal organisation, or foreign power—in exchange for payment or other personal benefit.

Examples of unintentional insider activity may include:

clicking on suspicious email links that could result in network compromise
misplacing a workplace-issued security pass, electronic device, or sensitive document
being unknowingly exploited by a third-party, such as a foreign power, criminal organisation, competitor, friend, or associate
sharing privileged information at a social gathering or in a public place
mistakenly providing information to a colleague who doesn't have an appropriate security clearance or need to know.

The ATO use strategies to understand the risk landscape for potential insider threats. It implements measures to prevent, detect, and respond to the risk of internal fraud and corruption and insider threats.

External

External fraud comes from outside the ATO and relates to threats to revenue or information held by the Australian Government (including information relating to specific individuals) and is a shared risk. The ATO is one of the agencies responsible for managing this risk.

External fraud in the ATO encompasses the behaviours of:

dishonestly gaining control of taxpayer identities by other parties
dishonestly accessing information relating to taxpayers by other parties
dishonest access to ATO systems
dishonest non-compliance with registration obligations
dishonestly not meeting lodgment obligations
dishonestly not meeting reporting obligations
dishonestly not meeting payment obligations.

The ATO undertakes regular external fraud risk assessments to understand the risks the ATO may not be effective at controlling. The risk of a failure to take all reasonable measures to prevent, detect and respond to external fraud can result in out of tolerance revenue and information loss and harm to clients.

The ATO’s current external fraud risk assessment identifies, analyses, and evaluates several external fraud sub-risks. These risks include:

incentives or opportunities in the environment to commit external fraud
dishonest use of taxpayer identities
dishonest access to systems, exploiting the pillars of compliance (registration, non-lodgment, reporting and non-payment), and ineffective management of incentive programs
ineffective management of consequences of fraud behaviour.

The ATO Corporate plan 2024-25 lays out the strategic priorities and risks for the year ahead. It outlines key focus areas that are of strategic importance and are responsive to our environment. Several of these areas focus on or have a relationship with the management of, external fraud:

enhancing counter fraud measures by further protecting systems and clients from fraud in the Australian tax system along with aspects of the superannuation system and business registry systems, by strengthening our digital platforms
enhancing our cybersecurity by continuing to
- strengthen our systems to monitor, detect, and respond to cyberthreats
- protect the data we hold
- apply multiple layers of security to fortify our organisation
- uplift our processes and technology to defend and safeguard our systems.

The ACNC and TPB have both different and overlapping external fraud risks.

Risk management

Risk management is the responsibility of all employees as it ensures the ATO understands risks, achieves outcomes efficiently and effectively, and complies with various statutory obligations and public sector guidelines, such as the PGPA Act and the Commonwealth Risk Management Policy.

The ATO's Risk Management Chief Executive Instruction (CEI) and Risk Management Framework (RMF) were developed to provide a structured, enterprise-wide approach to managing risk, including risk methodology and management processes.

The framework is administered in line with the requirements of the Commonwealth Risk Management Policy and is aligned with the ISO 31000:2018 Risk Management standard. The framework also incorporates the ATO's governance approach consistent with the 3 lines of defence model being Business Lines, Risk and Assurance and Internal Audit.

The ATO's ERMF aims to provide a consistent, integrated, and effective approach to the management of risk and is embedded into day-to-day business practices. Understanding, adapting, and responding to changes in our operating environment is vital to delivering on our organisational objectives. Effective risk management utilises strategic insights to respond to emerging uncertainties and support informed decision making, which leads to enhanced performance.

The 3 core components of the RMF include:

Policy and governance – all employees must adhere to the Risk Management CEI, and risk governance mechanisms must be established to ensure risk management is embedded into the decision-making activities of the ATO listed entity.

Risk management process (including appetite and tolerance) – the risk management process is the organisation’s structured method to identify, analyse, evaluate, manage, and assure risks, with reference to risk appetite and tolerance settings.

Risk culture and capability – the RMF supports a culture where our people manage and communicate risk across all levels of the ATO listed entity, and they are encouraged to adopt positive risk behaviours.

The ATO, ACNC and TPB each maintain specific roles to manage risk. Some of these roles and functions are shared. However, due to operational independence, organisational size and differing risk management needs, some roles are specific to the ATO, ACNC and TPB.

The full listing of all the roles and responsibilities are available in the Risk Management CEI and ATO Control Owners can be found in the ATO Risk Register.

Fraud and corruption control framework

The ATO fraud and corruption control framework is consistent with all legislative requirements of the Australian Government. It consists of governance, risk management and policy. The ATO implements the fraud and corruption control framework using the prevention, detection and response model, which aligns to section 10 of the PGPA Rule:

Prevention – the first line of defence, includes proactive strategies designed to help reduce the risk of fraud and corruption occurring.
Detection – measures designed to uncover incidences of fraud and corruption when they occur.
Response – reporting, assessment, investigation, analysis, referral, prosecution, and recovery measures to address fraud and suspected fraud and corruption.

Prevention

Prevention strategies are the first line of defence against fraud and corruption. They include proactive measures designed to help reduce the risk of fraud and corruption.

Preventing fraud and corruption upfront minimises the need for the ATO to detect and respond. The ATO has a suite of tailored prevention strategies that aim to protect the system and clients against fraud and corruption.

Key elements of the ATO’s prevention activity include:

development and implementation of this Plan
engagement and education strategies to build strong awareness of what fraud and corruption is and what to do about it (referred to in the Chief Executive Instructions (CEIs), policies and procedures)
regular integrity reporting to increase ownership and visibility of risk
robust recruitment, integrity, and security vetting processes such as defined onboarding and screening procedures
a program of regular risk assessments and reviews, including development and maintenance of the 'Three Tier Tolerance' model
risk evaluation and differentiated treatment strategies that are shaped by the changing risk environment
detecting and treating vulnerabilities in business processes that pose potential fraud threats to the tax, superannuation, and registry systems
actively assessing control vulnerabilities in the system and identify treatments needed, mandatory online training for all employees and targeted face-to-face awareness sessions
a suite of targeted internal communications products, which includes the consequences of fraud and corruption, supported by self-help material
an external communications program that outlines the consequences of committing external fraud, including a section on the external website dedicated to the-fight-against-tax-crime.
implementing the Counter Fraud Program to invest in preventative measures to stop fraud before it occurs.

The ATO has continued to increase its focus on prevention measures to reduce the risk of external fraud and has brought stronger controls prior to any transactions being undertaken. These activities include:

stronger proof of identity processes
greater assurance over digital access
increased sophistication of models and early warning systems
detecting and treating vulnerabilities or any gaps in business processes that pose potential fraud threats
an online System Integrity Centre of Excellence to help employees consider system integrity and fraud impacts
delivering a rolling external risk assessment program that ensures risks are managed and treated.
mandatory training covering awareness of external fraud and employee and contractor responsibilities for reporting suspected fraud
contributing to the Australian Government’s digital identity system which provides a secure, verified identity and authorisation solution to enable access to government and other services online.

Detection

The ATO employs measures designed to uncover incidents of fraud and corruption when they occur but acknowledges that not all occurrences or incidents can be identified. However, all reasonable measures to detect fraudulent or corrupt behaviour is undertaken by the ATO.

Detection activities by the ATO involve:

system monitoring and scanning
collecting and monitoring a combination of internal and external data sources and information to detect fraud in close to real time
proactive detection analytics based on predetermined parameters
internal and external audits
dedicated reporting mechanisms to receive both internal and external fraud tip-offs confidentially
systematic reviews and analysis of fraud referrals to identify possible trends
annual disclosures about changes in circumstances and external interests for employees with relevant security clearances
data modelling and intelligence analysis to identify potential fraudulent and corrupt behaviour, including identity crime models to stop systemic attacks on the system
intelligence sharing with, and collaborating across, law enforcement and integrity agencies and international jurisdictions, and private and private sector alliances.

Response

The ATO uses measures including reporting, assessment, investigation, analysis, referral, and recovery to respond to suspected fraudulent or corrupt behaviour.

Response activities by the ATO include:

triage and assessment of all reports and allegations to decide an appropriate response (including whistleblowing)
pursuing disciplinary, administrative, civil, or criminal actions, as appropriate
pursuing the recovery of fraudulently or criminally obtained benefits, where appropriate
maintaining appropriate fraud insurance
undertaking investigations in accordance with the Australian Government Investigations Standards (AGIS)
joint investigations with the NACC, other law enforcement bodies and agencies and referral to the AFP in line with referral guidelines
appropriate reporting, including to external scrutineers
establishment of specialist roles to manage and deal with fraudulent or corrupt activities
rapid response groups, for dealing with existing fraud behaviours
declaring and responding to emergency external fraud events as they arise
making it easier for taxpayers whose identity has been compromised by helping them adopt stronger security and improving how we address fraudulent activity on their ATO account
taking firm action on areas of suspected fraud and ensure adequate consequences for intentional deceit or reckless behaviour
ATO participation in multi-agency international, national and state serious and organised crime forums and working parties to share intelligence and investigate, disrupt and prosecute serious financial crimes, such as
- Illicit Tobacco Taskforce
- Phoenix Taskforce
- Serious Financial Crime Taskforce
- Fraud Fusion Taskforce
- Joint Chiefs of International Tax Enforcement Alliance.

Related entities

Under Schedule 1 of the Public Governance, Performance and Accountability Rule 2014 the Commissioner of Taxation is the accountable authority for:

Australian Charities and Not-for-profits Commission (ACNC)
Tax Practitioners Board (TPB).

The ATO, ACNC and TPB share various services and processes, and comply with common policies and instructions, including the:

Chief Executive Instructions
Commonwealth Risk Management Policy
ATO Integrity Framework
fraud and corruption responsibilities outlined in this Plan.

Australian Charities and Not-For-Profits Commission (ACNC)

The ACNC has a range of processes in place to prevent, detect and respond to fraud.

ACNC employees comply with the Internal Fraud and Corruption and External Fraud CEI.

For example, ACNC employees:

must complete mandatory training
receive email communications from the ATO on a range of matters (including internal fraud and corruption)
can utilise the ATO’s Speak Up channel to report integrity concerns.

While ACNC employees don't have access to taxpayer information, they do have access to charity information.

Internal fraud or corruption in the ACNC can include:

accessing or disclosing non-public charity information without authorisation
using ACNC or ATO assets or information for personal benefit.

As the national regulator of charities, the ACNC manages external fraud relevant to the Commonwealth charity registration and regulatory system.

The ACNC works in partnership with other government regulators (such as the ATO) on issues that require a joint approach, recognising that external fraud in relation to charity status will in many cases be a precursor to external fraud on the broader tax system.

Tax Practitioners Board

The Tax Practitioners Board (TPB)'s role is to ensure tax practitioner services are provided to the public under appropriate standards of professional and ethical conduct.

ATO employees supporting the TPB ('TPB employees') comply with the ATO’s Internal Fraud and Corruption CEI and other relevant organisational processes.

Compliance assurance is achieved through:

internal detection programs
the ATO’s Speak Up channel, which allows TPB employees to report integrity concerns
accountabilities to report issues of concern to the ATO and TPB audit and risk committees.

Other ways to raise and address issues of concern are:

weekly executive meetings
monthly board meetings
quarterly performance reporting.

The TPB, supported by the CEO Secretary, works in partnership with the ATO’s external fraud areas to share intelligence and develop appropriate fraud reporting and management processes for those issues that need a joint approach, recognising that external fraud in relation to tax agents is likely to be a precursor to external fraud on the broader tax system.

The TPB, supported by the CEO Secretary, will continue to work with the ATO’s external and internal fraud areas as the complexity and advancement of techniques used by those seeking to commit fraud evolves.

The TPB leverages its strong relationship with Treasury to suggest legislative and policy framework changes based on its observations of Tax Practitioner behaviour in the system. Where appropriate, advice and recommendations are provided to mitigate the risk of fraud and corruption.

Attempted fraud that doesn't relate to the ATO, such as attempts to fraudulently register as a tax practitioner, are managed by the TPB and reported to relevant authorities, as required.

Reporting fraud and corruption

Employees must report incidents of suspected fraud or corruption. Reports remain confidential.

The ATO also provide anonymous tip-off forms and supports whistleblowing protections.

There are a range of mechanisms for reporting fraud or corruption. These are captured in the following table.

Mechanisms for reporting fraud or corruption
Type	Reporting channels
Internal Reports about internal fraud or corruption	Email: Speakup@ato.gov.au Phone: 1800 061 187 Online: Complete the Report internal fraud or corruption form Anonymous Fraud Alert Form on myATOOpens in a new window PublicInterestDisclosure@ato.gov.au Discuss it with your manager
External Reports from ATO employees and contractors about suspected external fraud	Online: completing the tip-off form. The form is also available in the contact us section of the ATO app Phone: 1800 060 062 Mail: posting to: Australian Taxation Office Tax Integrity Centre PO Box 188 ALBURY NSW 2640
Suspected external fraud matters	ATO employees and contractors who suspect external fraud are required under the External Fraud CEI to report the matter to Fraud and Criminal Behaviours in accordance with endorsed procedures. ATO employees and contractors must report any external fraud allegations in relation to the tax, superannuation and registry systems, made to them by members of the community or identified by them when out in the community, to FCB via the Tax Integrity Centre. Referral of suspected external fraud must be undertaken in Siebel Work Management.

Law enforcement agencies can report external fraud involving serious and organised crime groups to TaxCrimeIntelligence@ato.gov.au. The information will be triaged and sent to the relevant area.

Reports of misconduct of a registered charity, should be raised with the ACNCOpens in a new window and complaints about tax practitioners to the Tax Practitioners BoardOpens in a new window.

Public interest disclosure

The Public Interest Disclosure Act 2013 (PID Act) seeks to promote integrity and accountability in the APS by:

encouraging and facilitating the disclosure of information about alleged serious wrongdoing
protecting those who make such disclosures
ensuring that disclosures are properly actioned.

The ATO will act on disclosures as appropriate, support and protect disclosers and witnesses from reprisal action and continue to work closely with the Commonwealth Ombudsman to ensure all standards and responsibilities are met. As required by legislation, a person must be a current or former public official to report under the Public Interest Disclosure scheme.

To make a Public Interest Disclosure a person can:

email PublicInterestDisclosure@ato.gov.au
speak directly to an ATO Authorised Officer
disclose to their manager.

Where a disclosure is made in good faith but doesn't meet the criteria for investigation under the PID Act, the ATO will still treat the matter with appropriate seriousness, provide support and as soon as reasonably practicable take steps to refer the conduct disclosed for investigation under another law or power.

On 1 July 2023, stage one reforms to the PID Act commenced, aligned to the establishment of the National Anti-Corruption Commission (NACC). Changes included, but were not limited to, requirements to refer suspected systemic or serious corrupt conduct to the NACC, an expanded definition of reprisal, and the exclusion of personal work-related conduct unless it could constitute reprisal or is otherwise significant.

The ATO has updated guidance and supporting materials to reflect changes with PID reform and to the new standards set by the Commonwealth Ombudsman.

The Attorney-General’s Department has conducted public consultation on the second stage of public sector whistleblowing reforms and will use responses to inform future policy development. The ATO continues to monitor decisions from consultation processes and will transition procedures accordingly.

Tax whistleblower

There are arrangements in place to better protect individuals who make eligible disclosures about the tax affairs, including tax avoidance arrangements, of another entity. There are legislative conditions that need to be met to qualify for protection as a tax whistleblower. The provisions are set out under Part IVD of the Taxation Administration Act 1953.

The Tax whistleblower protection regime CEI sets out ATO employees responsibilities for managing disclosures of alleged tax misconduct, submitted by members of the community, under the Whistleblower Protection regime in part IVD of the Taxation Administration Act 1953.

Commencing 1 July 2024, the TPB can now receive protected tip-offs directly from the public. These laws extend whistleblower protections to individuals who ‘blow the whistle’ about a related entity to the TPB, where they believe the information may assist the TPB in performing its functions or duties under the Tax Agent Services Act 2009 (TASA).

Whistleblowers play a critical role in the early detection and regulation of tax practitioner misbehaviour. This is why the TPB encourage and welcome anyone to provide the TPB with information about malicious practices by tax practitioners, unregistered agents or scheme promoters that would be harmful to the public or undermine the Australian tax system.

Previously, there was no whistleblower protection for individuals if they disclosed information directly to the TPB. The latest reforms will now protect eligible whistleblowers when they disclose information about an entity to the TPB (or to the Commissioner of Taxation).

Under the tax whistleblower legislation, the ACNC is not an eligible recipient.

National Anti-Corruption Commission

The National Anti-Corruption CommissionOpens in a new window (NACC) is an independent Commonwealth agency that detects, investigates, and reports on serious or systemic corruption involving public officials. This includes ATO, ACNC and TPB employees, secondees, contractors, consultants, and suppliers.

The NACC operates under the National Anti-Corruption Commission Act 2022Opens in a new window which defines their jurisdiction and what corrupt conduct is.

The Assistant Commissioner Fraud Prevention and Internal Investigations has delegation from the Commissioner of Taxation (as the accountable authority) to refer serious or systemic corruption issues to the NACC for potential investigation.

Employees who suspect a corruption issue, should report in the first instance to the ATO’s Speak up channel and where appropriate it will be referred to the NACC.

Alternatively, employees may also choose to report serious or systemic corruption directly to the NACC as a voluntary referral. However, the NACC may choose not to investigate a corruption issue and, in those cases, may refer matters back to the ATO.

Governance reporting requirements

Regular performance and conformance reporting is an important part of effective governance and provides assurance over the appropriateness of the ATO’s control arrangements to prevent, detect and respond to fraud and corruption.

The ATO undertakes the following internal and external reporting.

ATO internal and external reporting
Audience	Requirement	Timeframe
Commissioner of Taxation	Oversight as the accountable authority under the Public Governance, Performance and Accountability Act 2013, National Anti-Corruption Commission Act 2022, and the Principal Officer under the Public Interest Disclosure Act 2013.	Monthly or as required
Deputy Commissioner ATO Corporate	Regular reports on current status of internal fraud and corruption risk-related activity and investigations, and as the enterprise risk owner for Standards and Ethical Conduct.	Monthly
Deputy Commissioner Fraud and Criminal Behaviours	Regular reports on current status of external fraud risk-related activity and investigations	Monthly
Audit and Risk Committee (ARC)	Oversight of the ATO, TPB and ACNC in accordance with section 45 of the Public Governance, Performance and Accountability Act 2013	Quarterly
Risk Committee	Ensures risks are being managed effectively across the ATO consistent with the Enterprise Risk Management Framework.	As required
ATO Strategy Committee	Ensure strategy coherence by making decisions or recommendations to the ATO Executive in relation to strategies and priorities with significant internal or external impacts within the context of the ATO’s strategic direction and the operating environment.	As required
Minister	Conformance with Public Governance, Performance and Accountability Act 2013 and Element 8 of the Fraud and Corruption Guidance.	Annually or as required
Australian Institute of Criminology (AIC)	In accordance with the Commonwealth Fraud and Corruption Control Policy all non-corporate commonwealth entities must collect information on fraud and complete an annual fraud census to the AIC	Annually
Commonwealth Ombudsman	Compliance with the Public Interest Disclosure Act 2013	Bi-annual or as required for operational matters

External scrutineers

External scrutiny promotes good governance practices, transparency, accountability, and fairness. The ATO’s external scrutineers provide independent assessments of ATO administration of the tax and superannuation systems and the Australian Business Register and assurance of ATO financial reporting:

The ATO’s external scrutineers are:

Australian National Audit Office (ANAO), which conducts financial statement audits and performance audits.
The Inspector-General of Taxation and Taxation Ombudsman (IGTO), who investigates tax complaints (except those related to freedom of information (FOI) matters) and particular actions by tax officials, and reviews systemic issues in tax administration and makes recommendations for improvement.
The Commonwealth Ombudsman, who responds to non-tax elements of cross agency complaints (for example, those which have a child support element), and Public Interest Disclosures and conducts their own investigations on systemic issues.
Office of the Australian Information Commissioner, which investigates privacy and FOI issues.
The Australian Public Sector Commission (APSC), which will be reviewing the ATO as part of its Capability Review program that will take a structured look at our organisational ability to meet future objectives and challenges.

Transparency with internal investigation activities

The ATO treats all parties involved in an investigation with respect and courtesy and makes sure all investigation activities are undertaken in accordance with relevant legislation, government policies and standards including:

National Anti-Corruption Commission (NACC)
Australian Government Investigations Standards (AGIS)
Commonwealth Director of Public Prosecutions (CDPP)
Commonwealth Ombudsman (for the Public Interest Disclosure Act 2013).