Show download pdf controls
  • ATO Fraud and Corruption Control Plan 2020-21

    The Australian Taxation Office (ATO) is committed to ensuring the integrity of Australia’s tax and superannuation system. Preventing, detecting and responding to fraud and corruption is a critical part of meeting that commitment.

    Fraud and corruption are potential threats which may affect Commonwealth entities. The ATO treats fraud and corruption seriously and has zero tolerance for such behaviour.

    This Fraud and Corruption Control Plan (The Plan) outlines the ATO’s approach to managing fraud and corruption risks and complies with the requirements of Section 10 of the Public Governance, Performance and Accountability Rule 2013 and Commonwealth Fraud Control Framework 2017. It documents at a high level the strategies in place the ATO uses to prevent, detect and respond to internal and external fraud and corruption and is reviewed annually to ensure we are responsive to the changing risk landscape and address areas of concern.

    All ATO staff and contractors play a critical role in the ATO’s fraud control arrangements. All cases of suspected fraud and corruption must be reported. The Plan details the channels that internal and external fraud or corruption can be reported and where to seek additional information.

    The Plan is intended to be a tool to support ATO staff in the prevention, detection and response to fraud and corruption. By all playing our part we can ensure the highest levels of integrity are maintained in Australia’s tax and superannuation system.

    Commissioner of Taxation

    On this page:


    The Plan documents the strategic and operational approach to controlling fraud and corruption affecting the ATO. The Plan provides an overview of how fraud and corruption risks will be managed and ensures compliance with the requirements of Section10 of the Public Governance, Performance and Accountability Rule 2014 and Commonwealth Fraud Control Framework 2017.

    To meet our obligations, The Plan:

    • outlines the ATO’s fraud and corruption control framework
    • articulates the ATO’s approach to managing fraud and corruption risks
    • identifies the ongoing relationships with other agencies and the roles they play
    • provides information on strategies the ATO uses to train and raise employee awareness
    • communicates that reducing the risk of fraud and corruption within the ATO is everyone’s responsibility.

    Risk tolerance

    The ATO acknowledges that in its interactions with clients and service providers, and in the delivery of its services, all fraud and corruption risks cannot be avoided or prevented. The ATO has zero tolerance to any fraudulent or corrupt behaviour that may in anyway impact upon the ATO.

    ‘Zero tolerance’ means that we take all reasonable measures to prevent, detect and deal with fraud and corruption risk relating to the ATO and will:

    • assess all alleged instances of fraud or corruption, and further investigate as necessary
    • pursue disciplinary, administrative, civil or criminal actions as appropriate
    • seek to prosecute through the courts, where appropriate
    • seek the recovery of debts owed to the ATO, where appropriate.

    What is fraud

    The Commonwealth Fraud Control Framework 2017 defines fraud as 'dishonestly obtaining a benefit or causing a loss by deception or other means'. For an activity to be fraud, it must be deliberate and lead to a direct or indirect benefit to an individual or group. Fraud can be committed by parties internal or external to the ATO and this Plan addresses both internal and external fraud and corruption risk affecting the ATO.

    Internal fraud is committed by employees or contractors, and can include:

    • falsely claiming employee benefits
    • accessing and disclosing taxpayer information without authorisation
    • falsifying qualifications
    • improperly reducing a debt or other liability
    • releasing funds without proper authority
    • using ATO assets for personal benefit.

    External fraud is committed by taxpayers and other third parties through intentional dishonest acts, and can include:

    • failing to declare all income
    • providing a false payment summary
    • claiming a deduction to which you are not entitled
    • lodging a false business activity statement
    • identity crime enabled fraud
    • failing to remit PAYGW and/or superannuation guarantee.

    What is corruption

    The ATO defines corruption as 'the dishonest or biased exercise of Commonwealth public official functions'.

    Examples of corruption that may be realised in the ATO include:

    • abuse of office (e.g. provision of sensitive information to facilitate external fraud committed by others)
    • biased tax-related decision making by ATO officials
    • nepotism (particularly in relation to employment)
    • collusion for personal gain.

    Key responsibilities for fraud and corruption control

    The management of fraud and corruption in the ATO is everyone’s responsibility however particular positions and organisational bodies play an important role:

    • Commissioner of Taxation – is the accountable authority responsible for taking all reasonable measures to prevent, detect and deal with fraud relating to the ATO.
    • Audit and Risk Committee – oversees the development and implementation of this Plan and provides independent assurance to the Commissioner of Taxation on the appropriateness of the systems of fraud and corruption risk and control in the ATO.
    • Enterprise Risk Management Committee – considers emerging risks, which may include fraud and corruption, in the context of the ATO’s strategic objectives.
    • Assistant Commissioner, Fraud Prevention and Internal Investigations – is the risk owner for internal fraud and corruption and leads an independent function supporting the Commissioner of Taxation with respect to internal fraud and corruption control. This role is also responsible for the development of this Plan.
    • Fraud Prevention and Internal Investigations Branch – responsible for the implementation of measures to prevent, detect and respond to internal fraud and corruption.
    • Deputy Commissioner Integrated Compliance – is the risk owner for external fraud, cyber enabled identity crime, illegal Phoenix activity, offshore tax evasion and aggressive tax planning, and manages the tax evasion and crime response across government and internationally for the ATO.
    • Integrated Compliance – responds to serious tax evasion and financial crime and provides the ATO’s investigative and prosecutorial capability.
    • Serious Financial Crime CEOs Forum – sets the strategic direction to leverage the capabilities and powers of Commonwealth law enforcement and regulatory agencies to target those serious crimes that present the highest risk to Australia’s tax and superannuation systems.
    • Serious Financial Crime Chief – provides oversight and gives the CEOs assurance on serious financial tax crime risk and control.
    • Serious Financial Crime Senior Officers Group – provides senior oversight to the Taskforce Chief of the Serious Financial Crime work program and reviews the Taskforce’s performance guiding the deployment of agency resources in pursuit of the Taskforce activities
    • Serious Financial Crime Operational Strategy Group – implements the Serious Financial Crime work program.
    • Crime and Account Integrity Steering Committee – sets the strategic direction on tax crime and account integrity risks and threats, including the prioritisation of tax crime risk treatment across the ATO.
    • Account Integrity and Business Management Forum – provides advice on account integrity and refund fraud issues with an emphasis on emerging risk and mitigation strategies.
    • Client Identity and Refund Fraud Forum – identifies, prioritises and drives initiatives to support refund integrity and management of identity crime.

    As well as the above, the following also have key responsibilities for reducing fraud and corruption risk:

    • Senior Executives – provide strong leadership and foster and support a culture of integrity, awareness and reporting.
    • Business line managers – ensure risk management is applied in the operation of their respective business line.
    • All ATO employees and contractors – all staff have an ongoing responsibility to identify and report fraud and corruption risks.

    Maintaining integrity in fraud and corruption control

    An organisational culture that promotes awareness of fraud and corruption risks and supports those who report suspected fraud and corruption is key to maintaining integrity in the ATO. The ATO acknowledges that a lack of integrity in these areas jeopardises the internal and external confidence in the ATO.

    The ATO maintains integrity in these areas through measures such as:

    • having documented policies and procedures to support decision making
    • ensuring individuals have the appropriate security clearance for their position
    • effective reporting and management of conflicts of interest declarations
    • internal and external performance and activity reporting
    • transparent participation in independent review and reporting arrangements
    • having an independent integrity advisor.

    Code of conduct

    The APS values, employment principles and code of conduct shape the ATO’s culture and integrity. All employees must behave in a way that upholds and meets the standards of conduct in line with the APS and ATO’s values.

    If an employee is found to have breached the code of conduct a delegate may decide to take misconduct action under the Public Service Act 1999 and a sanction may be applied, ranging from a reprimand to termination of employment.

    Fraud and corruption risks

    Regular assessments of fraud risk are critical to preventing fraud from occurring. As outlined in the Public Governance Performance and Accountability Act 2013 (PGPA Act), the ATO conducts regular risk assessments and reviews to ensure we maintain appropriate systems of fraud risk management.

    Insider threat

    The trusted insider threat can be present and a large risk factor in both internal and external fraud and corruption. A trusted insider can intentionally or unknowingly facilitate parties conducting malicious acts against the ATO.

    The ATO utilises a range of internal (Organisational Behavioural Assessment and fraud risk assessments) and external (law enforcement and intelligence reports) products to understand the insider threat risk landscape. The ATO implements risk treatment measures in response to those insider threat risks identified and where opportunities exist to further minimise the likelihood of this risk occurring.


    The internal fraud risk approach is shaped by a comprehensive analysis of external environmental drivers (including the wider APS environment) and their impact on the future direction of the ATO as outlined in our 2024 aspirations and strategic objectives. The FPII Annual Assurance Process provides the opportunity to be more predictive in identifying areas of emerging risk. This is achieved by examining global trends, national issues and trends within the Australian Public Service. The process identified four key areas of enduring internal fraud risk to the organisation:

    • employee profiling
    • data expansion and integration
    • trust in institutions
    • mobile workforces.

    These are the areas of greatest risk in the foreseeable future and our work program is built on activities designed to mitigate internal fraud from occurring under these headings.

    The COVID-19 pandemic has impacted the risk environment, flagging a need to better understand the extent to which working from home arrangements increase the risk of internal fraud and corruption for the organisation. This will be also be a focus going forward.

    Our approach also has scope to conduct internal risk assessments which deal with more day to day operational issues as they arise. All of our internal risk assessments, whether more strategically focussed or addressing operational issues, inherently look to assess the opportunities for opportunistic fraud to occur through:

    • undeclared or perceived conflicts of interest
    • corruption
    • exploitation of administration processes
    • access to systems or processes which affect the revenue
    • misuse of ATO facilities
    • misuse of IT facilities
    • release of information (including unauthorised access to systems and data).


    External fraud as it relates to threats to revenue is a shared risk. The ATO is one of the Commonwealth agencies responsible for managing this risk.

    The risks can range from small scale fraud perpetrated by an individual who deliberately over claims a small expense they did not incur through to networked offshore organised groups who attempt multi-million dollar frauds.

    Because of the broad behaviour and activity within the threat (evasion and fraud), the ATO manages the external fraud risk as tax crime.

    The ATO targets several areas where tax crime is prevalent:

    • cash and the hidden economy
    • cyber enabled identity crime and tax-related scams
    • offshore tax evasion
    • trusts
    • phoenix companies
    • refund fraud
    • serious financial and organised crime and
    • those who enable external fraud.

    We do this through a range of intelligence driven preventative and direct response activity, and in collaboration with regulatory and law enforcement agencies where required. The ATO also participates in various multi-agency international, national and state serious and organised crime forums and working parties. Taskforces such as the Illicit Tobacco Taskforce, Phoenix Taskforce, Serious Financial Crime Taskforce and the Joint Chiefs of International Tax Enforcement Alliance (J5) share intelligence and investigate, disrupt and prosecute serious financial crimes.

    An enterprise tax crime strategy is in place which is supported by a number of independent risk review activities managed through an ongoing program. The outcome from these activities and behavioural insights, will inform future fraud and corruption risk management strategies.

    As the external fraud risk is a shared risk within the ATO, Integrated Compliance carries out a conformance and assurance process on a quarterly basis with key risk stakeholders on behalf of the ATO.

    Fraud and corruption control framework

    The ATO fraud and corruption control framework is consistent with Commonwealth legislative requirements and comprises of governance, risk management and policy. The ATO implements the fraud and corruption control framework using the prevention, detection and response model:

    • Prevention – the first line of defence and includes proactive strategies designed to help reduce the risk of fraud and corruption occurring.
    • Detection – measures designed to uncover incidences of fraud and corruption when they occur.
    • Response – measures including assessment, investigation, analysis, referral, prosecution and recovery.

    Fraud and corruption prevention

    Prevention strategies are the first line of defence and include proactive measures designed to help reduce the risk of fraud and corruption occurring. The ATO has a suite of tailored prevention strategies that aim to strengthen the integrity culture in the ATO.

    Key elements of the ATO’s fraud and corruption prevention activity include:

    • development and implementation of the Plan
    • engagement and education strategies to build strong awareness of what fraud is and what to do about it (which is articulated in CEI’s and policy)
    • regular integrity reporting to increase ownership and visibility of risk
    • robust recruitment and vetting processes such as defined onboarding and screening procedures
    • a program of regular risk assessments and reviews for both internal and external fraud and corruption
    • risk evaluation and differentiated treatment strategies that are shaped by the changing risk environment
    • mandatory online training and targeted face-to-face awareness sessions
    • sound fraud and corruption risk management
    • a suite of targeted internal communications products which includes the consequences of internal fraud. These communications are supported by self-help material
    • an external communications program that demonstrates the consequences of committing tax crime, including an external intranet site dedicated to ‘the-fight-against-tax-crime’

    Fraud and corruption detection

    The ATO employs measures designed to uncover incidences of fraud and corruption when they occur.

    Our approach is driven by our assessment of risk. We acknowledge that all occurrences of fraud and corruption may not be treated however the ATO will take all reasonable steps to detect fraudulent or corrupt behaviour.

    Our fraud and corruption detection activity is based on:

    • system monitoring and scanning
    • proactive detection analytics based on predetermined parameters
    • internal and external audits
    • dedicated reporting mechanisms to receive both internal and external fraud tip-offs confidentially
    • systematic review and analysis of fraud referrals to identify possible trends
    • a strong culture of reporting, and awareness of how to report including support for whistle-blowers (The Public Interest Disclosure and Tax Whistle-blower schemes)
    • annual disclosures about changes in circumstances and external interests
    • data modelling and intelligence analysis to identify potential fraudulent and corrupt behaviour, including identity crime models to stop systemic attacks on the system
    • intelligence sharing with, and collaborating across, law enforcement and integrity agencies and international jurisdictions
    • data modelling which is used to identify trends, patterns and irregularities.

    Fraud and corruption response

    The ATO uses measures including assessment, investigation, analysis, referral and recovery to respond to potentially fraudulent or corrupt behaviour.

    Our response activity includes:

    • assessment of all reports and allegations to determine an appropriate response
    • pursuing disciplinary, administrative, civil or criminal actions as appropriate
    • pursuing the recovery of fraudulently or criminally obtained benefits where appropriate
    • maintaining appropriate fraud insurance
    • undertaking investigations in accordance with Australian Government Investigations Standards
    • joint investigations with other law enforcement bodies and agencies and referral to the AFP where necessary
    • appropriate reporting, including to external scrutineers
    • establishment of specialist roles to manage and respond to fraudulent or corrupt activities.

    Reporting fraud and corruption

    Receiving reports

    All ATO employees have an obligation to report incidents of suspected fraud or corruption. All reports remain confidential, but we also provide anonymous tip off forms and support whistleblowing schemes to offer further protections. There are a range of mechanisms for doing so:

    Internal fraud

    Reports about internal fraud can be made by:

    • email – phone – 1800 061 187
    • online – Anonymous Fraud Alert Form on myATO
    • discuss it with your manager.

    External fraud

    Reports about external fraud or tax crime can be made to the Tax Integrity Centre by:

    • online – completing the tip-off form. The form is also available in the contact us section of the ATO app
    • phone – 1800 060 062
    • mail – posting to Tax Integrity Centre, Locked Bag 6050, DANDENONG VIC 3175.

    ATO staff can report external fraud or tax crime by following the Referring suspected fraud or tax crime to Integrated Compliance guidelines.

    Law enforcement agencies can report tax crime involving serious and organised crime groups to

    Referrals and information exchange also occur on a case-by-case basis to bodies including:

    • Australian Federal Police
    • Australian Securities and Investment Commission
    • Australian Criminal Intelligence Commission
    • Australian Commission for Law Enforcement Integrity
    • Australian Transaction Reports and Analysis Centre
    • Commonwealth Director of Public Prosecution.

    Public interest disclosure

    The Public Interest Disclosure Act 2013 seeks to promote integrity and accountability by encouraging the disclosure of information about alleged serious wrongdoing, protecting those who make such disclosures, and ensuring that disclosures are properly actioned. The ATO will act on disclosures as appropriate and protect disclosers from any reprisals for making a disclosure. As required by legislation, a person must be a current or former public official to report under the Public Interest Disclosure scheme.

    To make a Public Interest Disclosure a person can:

    Tax Whistle-blower

    From 1 July 2019, there are new arrangements to better protect individuals who make eligible disclosures about the tax affairs, including tax avoidance arrangements, of another entity. There are conditions that need to be met in order to qualify for protection as a tax whistle-blower. The new provisions are set out under Part IVD of the Taxation Administration Act 1953.

    Performance reporting

    Regular reporting is an important part of effective governance and assurance. To ensure the ATO’s fraud control arrangements are appropriate and systems remain in place to prevent, detect, respond and monitor fraud and corruption risk, the following internal and external reporting occurs:

    Reporting to



    Commissioner of Taxation

    Oversight as the Principal Officer in accordance with the Public Interest Disclosure Act 2013 and Public Governance, Performance and Accountability Act 2013

    Monthly or as required

    Deputy Commissioner ATO Corporate

    Regular reports to the risk owner on current status of risk related activity and investigations


    Audit and Risk Committee (ARC)

    Oversight in accordance with section 45 of the Public Governance, Performance and Accountability Act 2013


    Enterprise Risk Management Committee (ERMC)

    To contribute to the improvement of the ATO’s ability to manage risk associated with achieving the strategic objectives as defined in the ERMC Charter



    Conformance with Public Governance, Performance and Accountability Act 2013 and Part 11 of Commonwealth Fraud Control Guidance

    Annually or as required

    Australian Institute of Criminology (AIC)

    In accordance with the Commonwealth Fraud Control Policy all non-corporate Commonwealth entities are required to collect information on fraud and complete an annual fraud questionnaire to the AIC


    Commonwealth Ombudsman

    Compliance with the Public Interest Disclosure Act 2013

    Annually or as required

    Supporting ACNC and TPB

    In accordance with Schedule 1 of the Public Governance, Performance and Accountability Rule 2014 the Commissioner of Taxation is the Accountable Authority for:

    • Australian Charities and Not-for-profits Commission (ACNC)
    • Tax Practitioners Board (TPB)

    The TPB and ACNC are independent statutory authorities, however the Commissioner is the accountable authority for the ATO, ACNC and the TPB. As the accountable authority, the Commissioner must ensure that the financial activities undertaken by the ACNC and the TPB comply with the PGPA Act. The Commissioner of Taxation therefore has ultimate responsibility for taking all reasonable steps to prevent, detect and deal with fraud and corruption in those bodies.

    To support that responsibility, the ATO provides governance and operational support to both the TPB and ACNC.

      Last modified: 15 Apr 2021QC 61546