Show download pdf controls
  • ATO Fraud and Corruption Control Plan 2021–22

    The Australian Taxation Office (ATO) is committed to ensuring the integrity of Australia’s tax and superannuation systems. Preventing, detecting and responding to fraud and corruption is a critical part of meeting that commitment. We treat fraud and corruption seriously and have zero tolerance for such behaviour.

    The ATO Fraud and Corruption Control Plan (The Plan) outlines our approach to managing fraud and corruption risks and complies with the requirements of Section 10 of the Public Governance, Performance and Accountability Rule 2014External Link and Commonwealth Fraud Control Framework 2017External Link.

    The Plan is intended to be a tool to support our staff in the prevention, detection and response to fraud and corruption. The Plan details the channels that internal and external fraud or corruption can be reported and where to seek additional information. All cases of suspected fraud and corruption must be reported.

    As of 1 January 2021, the ATO came under the jurisdiction of the Australian Commission for Law Enforcement IntegrityExternal Link (ACLEI) regarding the investigation of corruption issues with employees in law-enforcement related functions. This additional layer of investigation capability and support has strengthened our ability to prevent and respond to fraud and corruption.

    All ATO staff and contractors play a critical role in our fraud control arrangements. By all playing our part we can ensure the highest levels of integrity are maintained in Australia’s tax and superannuation systems.

    Commissioner of Taxation

    On this page


    The ATO Fraud and Corruption Control Plan (The Plan) documents the strategic and operational approach to controlling fraud and corruption affecting the ATO. It provides an overview of how fraud and corruption risks will be managed and ensures compliance with the requirements of Section 10 of the Public Governance, Performance and Accountability Rule 2014 and Commonwealth Fraud Control Framework 2017.

    To meet our obligations, The Plan:

    • outlines our fraud and corruption control framework
    • articulates our approach to managing fraud and corruption risks
    • provides information on strategies we use to train and raise employee awareness.

    Risk tolerance

    The ATO acknowledges that in its interactions with clients and service providers, and in the delivery of its services, all fraud and corruption risks cannot be avoided or prevented. We have zero tolerance to any fraudulent or corrupt behaviour that may impact us in any way.

    ‘Zero tolerance’ means that we take all reasonable measures to prevent, detect and deal with fraud and corruption risk relating to the ATO and will:

    • assess all alleged instances of fraud or corruption, and further investigate as necessary
    • pursue disciplinary, administrative, civil or criminal actions as appropriate
    • seek to prosecute through the courts, where appropriate
    • seek the recovery of debts owed to the ATO, where appropriate.

    What is fraud

    The Commonwealth Fraud Control Framework 2017 defines fraud as 'dishonestly obtaining a benefit or causing a loss by deception or other means'. For an activity to be fraud, it must be deliberate and lead to a direct or indirect benefit to an individual or group. Fraud can be committed by parties internal or external to the ATO and The Plan addresses both internal and external fraud and corruption risks affecting us.

    Internal fraud is committed by employees or contractors, and can include:

    • falsely claiming employee benefits
    • accessing and disclosing taxpayer information without authorisation
    • falsifying qualifications
    • improperly reducing a debt or other liability
    • releasing funds without proper authority
    • using ATO assets for personal benefit.

    External fraud is committed by taxpayers and other third parties through intentional dishonest acts, and can include:

    • failing to declare all income
    • providing false pay as you go (PAYG) withholding details
    • claiming a deduction to which you are not entitled
    • lodging a false business activity statement
    • identity crime enabled fraud
    • failing to remit PAYG (withholding) or superannuation guarantee (or both).

    What is corruption

    The Law Enforcement Integrity Commissioner Act 2006 (the LEIC Act) defines corruption as either:

    • conduct that involves, or that is engaged in for the purpose of, the staff member abusing his or her office as a staff member of the agency
    • conduct that perverts, or that is engaged in for the purpose of perverting, the course of justice
    • conduct that, having regard to the duties and powers of the staff member as a staff member of the agency, involves, or is engaged in for the purpose of, corruption of any other kind.

    Examples of corruption that may be realised in the ATO include:

    • abuse of office (for example, provision of sensitive information to facilitate external fraud committed by others)
    • biased tax-related decision making by ATO officials
    • nepotism (particularly in relation to employment)
    • collusion for personal gain.

    Key responsibilities for fraud and corruption control

    Everyone in the ATO has a responsibility to mitigate the risk of fraud and corruption, however the following particular positions and organisational bodies play an important role:



    Commissioner of Taxation

    the accountable authority responsible for taking all reasonable measures to prevent, detect and deal with fraud relating to the ATO

    ATO Audit and Risk Committee

    oversees the development and implementation of this Plan and provides independent assurance to the Commissioner of Taxation on the appropriateness of the systems of fraud and corruption risk and control in the ATO

    ATO Enterprise Risk Management Committee

    considers emerging risks, which may include fraud and corruption, in the context of the ATO’s strategic objectives

    Assistant Commissioner, Fraud Prevention and Internal Investigations

    the risk owner for internal fraud and corruption and leads an independent function supporting the Commissioner of Taxation with respect to internal fraud and corruption control. This role is also responsible for the development of this Plan

    Fraud Prevention and Internal Investigations Branch

    responsible for the implementation of measures to prevent, detect and respond to internal fraud and corruption

    Deputy Commissioner Integrated Compliance

    is the risk owner for external fraud, cyber enabled identity crime, serious and organised crime, illegal Phoenix activity and offshore tax evasion risks. Manages the serious financial crime response across government and internationally for the ATO

    Integrated Compliance

    responds to system integrity, serious tax evasion and financial crime and provides the ATO’s investigative and prosecutorial capability

    Serious Financial Crime CEOs Forum

    sets the strategic direction to leverage the capabilities and powers of Commonwealth law enforcement and regulatory agencies to target those serious crimes that present the highest risk to Australia’s tax and superannuation systems

    Serious Financial Crime Chief

    provides oversight and gives the CEOs assurance on serious financial tax crime risk and control

    Serious Financial Crime Senior Officers Group

    provides senior oversight to the Taskforce Chief of the Serious Financial Crime work program and reviews the Taskforce’s performance guiding the deployment of agency resources in pursuit of the Taskforce activities

    Serious Financial Crime Operational Strategy Group

    implements the Serious Financial Crime work program

    Integrity System Committee

    sets the strategic direction on external fraud integrity risks and threats, including the prioritisation of external fraud risk treatment across the ATO

    System integrity management group

    Provides advice on system integrity with an emphasis on emerging risk and prevention control strategies

    Client Identity and Refund Fraud Forum

    identifies, prioritises and drives initiatives to support refund integrity and management of identity crime

    As well as the above, the following staff also have key responsibilities for reducing fraud and corruption risks:

    • Senior executives – provide strong leadership and foster a culture of integrity, awareness and reporting.
    • Business line managers – ensure risk management principles are applied in the operation of their respective business line.
    • All ATO employees and contractors – all staff have an ongoing responsibility to identify and report fraud and corruption risks.

    Maintaining integrity in fraud and corruption control

    An organisational culture that promotes awareness of fraud and corruption risks and supports those who report suspected fraud and corruption is key to maintaining integrity in the ATO.

    The ATO maintains integrity through measures such as:

    • having documented policies and procedures to support decision making
    • ensuring individuals have the appropriate security clearance for their position
    • effective reporting and management of conflicts of interest declarations
    • internal and external performance and activity reporting
    • transparent participation in independent review and reporting arrangements
    • having an independent integrity advisor.

    Code of conduct

    The Australian Public Service (APS) values, employment principles and code of conduct shape the ATO’s culture and integrity. All employees must behave in a way that upholds and meets the standards of conduct in line with the APS and ATO’s values.

    If an employee is found to have breached the code of conduct a delegate may decide to take misconduct action under the Public Service Act 1999 and a sanction may be applied, ranging from a reprimand to termination of employment.

    Fraud and corruption risks

    Insider threat

    A 'trusted insider' can intentionally or unknowingly facilitate malicious acts against the ATO.

    We utilise a range of internal and external products to understand the risk landscape. We implement risk treatment measures in response to insider threat risks identified and where opportunities exist to further minimise the likelihood of risks occurring.


    The ATO Fraud Prevention and Internal Investigation's (FPII) Annual review of the ATO’s internal fraud and corruption environment 2021–22 provides an opportunity to be more proactive in identifying areas of emerging risk. This is achieved by examining global trends, national issues and trends within the Australian Public Service. The process identified 3 key areas of enduring internal fraud risk to the organisation:

    • data expansion and integration
    • flexible working arrangements
    • employee profiling and the risk of insider threat.

    Our work program is built around these risk themes that we believe have the most impact on our internal fraud and corruption landscape. It allows us to take a more strategic approach to how we identify and deal with possible risk.

    Our approach also includes conducting internal assessments which deal with more day-to-day operational issues as they arise. All of our internal assessments look to assess the chance for opportunistic fraud to occur through any of the following:

    • undeclared or perceived conflicts of interest
    • corruption
    • exploitation of administration processes
    • access to systems or processes which affect the revenue
    • misuse of ATO facilities
    • misuse of IT facilities
    • release of information (including unauthorised access to systems and data).


    External fraud as it relates to threats to revenue is a shared risk. The ATO is one of the Commonwealth agencies responsible for managing this risk.

    The risks can range from small scale fraud perpetrated by an individual who deliberately over claims a small expense they did not incur through to networked offshore organised groups who attempt multi-million-dollar frauds.

    Because of the broad behaviour and activity within the threat (evasion and fraud), the ATO manages the external fraud risk as tax crime.

    We target several areas where external fraud is prevalent, including:

    • cyber enabled identity crime and tax-related scams
    • serious financial and organised crime
    • offshore tax evasion
    • trusts
    • phoenix companies
    • cash and the hidden economy
    • refund fraud
    • those who enable external fraud.

    We do this through a range of intelligence driven preventative and direct response activity, and in collaboration with regulatory and law enforcement agencies where required. The ATO also participates in various multi-agency international, national and state serious and organised crime forums and working parties. Taskforces such as the Illicit Tobacco Taskforce, Phoenix Taskforce, Serious Financial Crime Taskforce and the Joint Chiefs of International Tax Enforcement Alliance (J5) share intelligence and investigate, disrupt and prosecute serious financial crimes.

    An enterprise tax crime strategy is in place which is supported by a number of independent risk review activities managed through an ongoing program. The outcome from these activities and behavioural insights will inform future fraud and corruption risk management strategies.

    As the external fraud risk is a shared risk within the ATO, Integrated Compliance carries out a conformance and assurance process on a quarterly basis with key risk stakeholders on behalf of the ATO.

    Fraud and corruption control framework

    The ATO fraud and corruption control framework is consistent with Commonwealth legislative requirements and comprises governance, risk management and policy. We implement the fraud and corruption control framework using the prevention, detection and response model:

    • Prevention – the first line of defence and includes proactive strategies designed to help reduce the risk of fraud and corruption occurring.
    • Detection – measures designed to uncover incidences of fraud and corruption when they occur.
    • Response – measures including assessment, investigation, analysis, referral, prosecution and recovery.

    Fraud and corruption prevention

    Prevention strategies are the first line of defence and include proactive measures designed to help reduce the risk of fraud and corruption occurring. We have a suite of tailored prevention strategies that aim to strengthen the integrity culture in the ATO.

    Key elements of our fraud and corruption prevention activity include:

    • development and implementation of The Plan
    • engagement and education strategies to build strong awareness of what fraud is and what to do about it (which is articulated in CEI’s and policy)
    • regular integrity reporting to increase ownership and visibility of risk
    • robust recruitment and vetting processes such as defined onboarding and screening procedures
    • a program of regular risk assessments and reviews for both internal and external fraud and corruption
    • risk evaluation and differentiated treatment strategies that are shaped by the changing risk environment
    • mandatory online training and targeted face-to-face awareness sessions
    • a suite of targeted internal communications products which includes the consequences of internal fraud. These communications are supported by self-help material
    • an external communications program that demonstrates the consequences of committing tax crime, including an external intranet site dedicated to ‘the-fight-against-tax-crime’.

    Fraud and corruption detection

    The ATO employs measures designed to uncover incidences of fraud and corruption when they occur.

    Our approach is driven by our assessment of risk. We acknowledge that all occurrences of fraud and corruption may not be treated however we will take all reasonable steps to detect fraudulent or corrupt behaviour.

    Our fraud and corruption detection activity is based on:

    • system monitoring and scanning
    • proactive detection analytics based on predetermined parameters
    • internal and external audits
    • dedicated reporting mechanisms to receive both internal and external fraud tip-offs confidentially
    • systematic review and analysis of fraud referrals to identify possible trends
    • annual disclosures about changes in circumstances and external interests
    • data modelling and intelligence analysis to identify potential fraudulent and corrupt behaviour, including identity crime models to stop systemic attacks on the system
    • intelligence sharing with, and collaborating across, law enforcement and integrity agencies and international jurisdictions.

    Fraud and corruption response

    The ATO uses measures including assessment, investigation, analysis, referral and recovery to respond to potentially fraudulent or corrupt behaviour.

    Our response activity includes:

    • assessment of all reports and allegations to determine an appropriate response
    • pursuing disciplinary, administrative, civil or criminal actions as appropriate
    • pursuing the recovery of fraudulently or criminally obtained benefits where appropriate
    • maintaining appropriate fraud insurance
    • undertaking investigations in accordance with Australian Government Investigations Standards (AGIS)
    • joint investigations with other law enforcement bodies and agencies and referral to the Australian Federal Police (AFP) where necessary
    • appropriate reporting, including to external scrutineers
    • establishment of specialist roles to manage and respond to fraudulent or corrupt activities.

    Reporting fraud and corruption

    Receiving reports

    All ATO employees have an obligation to report incidents of suspected fraud or corruption. All reports remain confidential, but we also provide anonymous tip-off forms and support whistleblowing schemes to offer further protections. We have a range of mechanisms for reporting:

    • Internal fraud – ATO staff can report suspected internal fraud or corruption by
      • email to
      • phone to 1800 061 187
      • completing the Anonymous fraud alert form on myATO
      • discussing it with your manager.
    • External fraud – the community can report external fraud or tax crime to the Tax Integrity Centre by
      • completing the ATO tip-off form available on our website or in the Contact us section of the ATO app
      • phone to 1800 060 062
      • mail by posting to
        Tax Integrity Centre
        Locked Bag 6050
        DANDENONG VIC 3175.

    ATO staff making reports about external fraud or tax crime should use the Referral guidelines on myATO.

    Law enforcement agencies can report tax crime involving serious and organised crime groups to link opens in a new window

    Public interest disclosure

    The Public Interest Disclosure Act 2013 seeks to promote integrity and accountability by encouraging the disclosure of information about alleged serious wrongdoing, protecting those who make such disclosures, and ensuring that disclosures are properly actioned. The ATO will act on disclosures as appropriate and protect disclosers from any reprisals for making a disclosure. As required by legislation, a person must be a current or former public official to report under the Public Interest Disclosure scheme.

    To make a Public Interest Disclosure a person can:

    Tax Whistle-blower

    From 1 July 2019, there are new arrangements to better protect individuals who make eligible disclosures about the tax affairs, including tax avoidance arrangements, of another entity. There are conditions that need to be met in order to qualify for protection as a tax whistle-blower. The new provisions are set out under Part IVD of the Taxation Administration Act 1953.

    Performance reporting

    Regular reporting is an important part of effective governance and assurance. To ensure the ATO’s fraud control arrangements are appropriate and systems remain in place to prevent, detect, respond and monitor fraud and corruption risk, we conduct the following internal and external reporting:

    Reporting to



    Commissioner of Taxation

    Oversight as the Principal Officer in accordance with the Public Interest Disclosure Act 2013 and Public Governance, Performance and Accountability Act 2013

    Monthly or as required

    Deputy Commissioner ATO Corporate

    Regular internal fraud and corruption reports to the risk owner on current status of risk related activity and investigations


    Deputy Commissioner Integrated Compliance

    Regular reports to the risk owner on current status of external fraud risk related activity and investigations


    Audit and Risk Committee (ARC)

    Oversight in accordance with section 45 of the Public Governance, Performance and Accountability Act 2013


    Enterprise Risk Management Committee (ERMC)

    To contribute to the improvement of the ATO’s ability to manage risk associated with achieving the strategic objectives as defined in the ERMC Charter



    Conformance with Public Governance, Performance and Accountability Act 2013 and Part 11 of Commonwealth Fraud Control Guidance

    Annually or as required

    Australian Institute of Criminology (AIC)

    In accordance with the Commonwealth Fraud Control Policy all non-corporate Commonwealth entities are required to collect information on fraud and complete an annual fraud questionnaire to the AIC


    Commonwealth Ombudsman

    Compliance with the Public Interest Disclosure Act 2013

    Annually or as required

    Supporting ACNC and TPB

    In accordance with Schedule 1 of the Public Governance, Performance and Accountability Rule 2014 the Commissioner of Taxation is the accountable authority for both the:

    • Australian Charities and Not-for-profits Commission (ACNC)
    • Tax Practitioners Board (TPB).

    The TPB and ACNC are independent statutory authorities, however the Commissioner of Taxation is the accountable authority for the ATO, ACNC and the TPB. As the accountable authority, the Commissioner must ensure that the financial activities undertaken by the ACNC and the TPB comply with the PGPA Act. The Commissioner therefore has ultimate responsibility for taking all reasonable steps to prevent, detect and deal with fraud and corruption in those bodies.

    To support that responsibility, we provide governance and operational support to both the TPB and ACNC.

      Last modified: 15 Feb 2022QC 61546