How we use the data

About this data

The data collected under this program will enable us to undertake a range of activities to support correct reporting of income.

The data will be used to:

• compare to our records and other data holdings, as part of the methodologies by which we select taxpayers for compliance activities
• provide insights through models and analysis that support our regulatory approach, to reduce the impact of financial crime
• design ways to make it easier for our clients to interact with the system and get their affairs right.

We don't use AUSTRAC data to initiate automated action or compliance activities.

AUSTRAC data identifies discrepancies that may require closer examination. For example, AUSTRAC data showing regular large amounts of currency being transferred if a taxpayer reports negligible income.

Our previous related programs

AUSTRAC data is a regularly used source of financial intelligence that supports our administration and enforcement of tax and super laws.

In the last five financial years, 2016–17 to 2020–21, the ATO has used AUSTRAC data to raise liabilities of over $637 million from 12,881 cases.

Data providers

We are the matching agency and, in most cases the sole user of the data obtained during this data-matching program.

Data will be obtained from AUSTRAC.

Our formal information gathering powers

Where appropriate to ensure statutory requirements are met, the data may be obtained under our formal information gathering powers contained in section 353-10 of Schedule 1 to the Taxation Administration Act 1953.

This is a coercive power that obligates the data providers to provide the information requested.

We will use the data for tax and super compliance purposes.

AUSTRAC disclosure

The disclosure of this AUSTRAC data is certified under section 125 of the AML/CTF Act

Privacy Act

Data will only be used within the limits prescribed by Australian Privacy Principle 6 (APP6) contained in Schedule 1 of the Privacy Act, in particular:

• APP6.2(b) – the use of the information is required or authorised by an Australian law
• APP6.2(e) – the ATO reasonably believes that the use of the information is reasonably necessary for our enforcement-related activities.

Keeping data safe

The data-matching program will be conducted on our secure systems that comply with the requirements of:

• the Australian Government Information Security ManualExternal Link produced by the Australian Cyber Security Centre, which governs the security of government information and communication technology (ICT) systems
• the Australian Government Protective Security Policy FrameworkExternal Link, which provides guidance on security governance, personnel security, physical security and information security.

All ATO computer systems are strictly controlled according to Australian Government security standards for government ICT systems, with features including:

• system access controls and security groupings
• login identification codes and password protection
• full audit trails of data files and system accesses.

We use the AUSTRAC web service information exchange application programming interface (API) to obtain the data from AUSTRAC.

Data elements collected

AUSTRAC will make available to the ATO, only the most current transaction report information. The data elements reported below relate to the following report types:

• international funds transfer instructions
• threshold reports (excluding gambling)
• threshold reports (including gambling)
• solicitor transactions reports
• suspicious matters
• cross-border movement of monetary instruments (including physical cash and bearer negotiable instruments).

The below data elements made available to the ATO will depend on what is captured in the reporting process.

Customer Identifiers

• Payee and beneficiary customer identifiers
• Payer and ordering customer identifiers
• Currency owner
• Other parties (organisations represented by agents, unidentified parties, beneficial owner, cheque payer/payee, office holder, account signatory)

Institution details

• Payee and beneficiary institution details
• Payer and ordering institution details
• Other institutions
• Business structure

Reporting entity details

• Report submission dates
• Report method
• Report status
• Report type code
• Other

Activity type

• Primary or related transactions
• Supplementary information

Identifiers

• Australian business number
• Australian company number
• Australian Credit Licence number
• Australian Financial Services Licence
• Australian Registered Body Number
• Names (legal, main, alternative, former, trading, branch, other)
• Addresses (residential, postal, business/residential, country of citizenship, country of incorporation, business, billing, registered office, temporary, unknown, work)
• Phone numbers (international, telephone, mobile, fax)
• Electronic addresses (website, social media)
• Date of birth and country of birth
• Account details (account type, BSB, account number, account title, institution name, branch and country)
• Licence information (drivers, passport, photo ID, membership ID, social security or benefits, student, security, other)
• AUSTRAC remittance details
• Foreign tax number
• Bank identification code

Account type

• Betting
• Bullion
• Cheque savings
• Credit, custodial
• e-currency
• Foreign currency
• First home saver
• Lease/hire purchase
• Loan or mortgage
• Investment
• Insurance policy
• Remittance
• Pension or annuity
• Retirement savings
• Trading
• Stored value card
• Cash management
• Other

Transaction details

• Type
• Dates
• Direction
• Total amount
• Cash amount
• Currency code
• Country code
• Instrument detail
• Designated service (service that supports the transaction)

Instrument details

• Instrument type
• Instrument amount
• Currency code
• Digital currency amount
• Digital currency code
• Digital currency backing asset type
• Digital currency description
• Digital currency amount
• Other

Cross-border movement

• Arrive or depart
• Port name, city,country
• Carry, send/receive physical cash or bearer negotiable instrument(s)
• Flight number or ship name
• Flags (signature provided, verified ID, currency verified, voluntary declaration or caveat to be printed)
• Officer badge number
• Verification date
• Infringement notice number

Offence type

• Money laundering
• Financing of terrorism
• Offence against commonwealth, state or territory
• Proceeds of crime
• Tax evasion
• Person or agent is not who they claim to be

Party type

• Individual
• Non-individual

Number of records

Approximately nine million individuals are expected to be affected by this data collection each financial year.

Data quality

We anticipate that the data quality will continue to be of a high standard. AUSTRAC data is of a high quality and regularly relied on for administration of the tax system.

The data is sourced from providers' systems and may not be available in a format that can be readily processed by our systems.

We apply extra levels of scrutiny and analytics to verify the quality of the data. This includes but is not limited to:

• meeting with data providers to understand their data holdings, including their data use, data currency, formats, compatibility and natural systems
• sampling data to ensure it is fit for purpose before fully engaging providers on task
• verification practices at receipt of data to check against confirming documentation; we then use algorithms and other analytical methods to refine the data.

Data is transformed into a standardised format and validated to ensure that it contains the required data elements prior to loading to our computer systems.

We conduct program evaluations to measure effectiveness before determining whether to continue to collect future years of the data or to discontinue the program.

To assure data is fit for consumption and maintains integrity throughout the data-matching program, it is assessed against the 11 elements of the ATO data-quality framework:

1. accuracy – the degree to which the data correctly represents the actual value
2. completeness – if all expected data in a data set is present
3. consistency – whether data values in a data set are consistent with values elsewhere within the data set or in another data set
4. currency – how recent the time period is that the data set covers
5. precision – the level of detail of a data element
6. privacy – access control and usage monitoring
7. reasonableness – reasonable data is within the bounds of common sense or specific operational context
8. referential integrity – when all intended references within a data set or with other data sets, are valid
9. timeliness – how quickly the data is available for use from the time of collection
10. uniqueness – if duplicated files or records are in the data set
11. validity – data values are presented in the correct format and fall within a predefined set of values.

Data retention

The AUSTRAC data collected for this program is for the period 17 June 2021 to 30 June 2027.

AUSTRAC data is collected daily and is made available for use in the ATO's enterprise data environment.

We will keep each financial year of data for five years unless necessary for another lawful purpose. The retention period for each financial year of data collected will commence when we receive the final instalment of verified data files from AUSTRAC, or from the relevant financial year the data is made available whichever is the later.

We destroy data that has met its legal retention period and is no longer required. This is in accordance with the Archives Act 1983 and the records authorities issued by the National Archives of Australia, both general and ATO-specific.

The data is required to be kept for five years to protect public revenue as:

• it enables us to undertake verification activities retrospectively
• the data enhances our ability to identify taxpayers who may not be complying with their tax and super obligations, which is integral to the protecting the integrity of the tax and super systems
• supports our general compliance approach of reviewing an assessment within the applicable claiming period, which also aligns with the requirements for taxpayers to keep their records.
• destruction of the data would inhibit our ability to identify taxpayers who may be subject to administrative action and therefore result in loss of public revenue.

While increased data-retention periods may increase the risk to privacy, we have a range of safeguards to appropriately manage and minimise this. ATO systems and controls are designed to ensure the privacy and security of the data we manage.

See also

• Our lawful role
• How we undertake data matching
• Why we undertake data matching