ato logo

ATO Fraud and Corruption Control Plan 2023

The ATO Fraud and Corruption Control Plan outlines our approach to managing fraud and corruption risks.

Last updated 6 March 2023

The Plan outlines our approach to managing fraud and corruption risks.

Commissioner's foreword

The Australian Taxation Office (ATO) is committed to ensuring the integrity of Australia’s tax, superannuation and registry systems. Preventing, detecting and responding to fraud and corruption is a critical part of meeting that commitment. We treat fraud and corruption seriously and have zero tolerance for such behaviour.

This Fraud and Corruption Control Plan (the Plan) outlines the ATO's approach to managing fraud and corruption risks. It complies with the requirements of section 10 of the Public Governance, Performance and Accountability (PGPA) Rule 2014External Link and Commonwealth Fraud Control Framework 2017External Link.

The Plan is intended to be a tool to support ATO (including Australian Business Registry Services), Tax Practitioners Board (TPB) and Australian Charities and Not-For-Profit Commission (ACNC)) staff in the prevention, detection and response to fraud and corruption, including when working within the Trusted Digital Identity Framework. The Plan details the channels to report internal and external fraud or corruption and where to seek more information. Staff must report all cases of suspected fraud and corruption.

Note: For the purposes of the Plan, reference to the ATO includes the TPB and ACNC, unless explicitly stated otherwise.

The ATO currently falls under the jurisdiction of the Australian Commission for Law Enforcement IntegrityExternal Link (ACLEI) regarding the investigation of corruption issues with employees in law-enforcement related functions. The establishment of the government’s National Anti-Corruption Commission (NACC) expected in 2023, will move the ATO under NACC jurisdiction and provide additional independent investigation, assessment and support for the most serious matters across all ATO staff.

All ATO staff and contractors play a critical role in the ATO’s fraud control arrangements. By playing our part we ensure we maintain the highest levels of integrity in Australia’s tax, super and registry systems.

Commissioner of Taxation

Introduction

The Plan documents the strategic and operational approach to controlling fraud and corruption affecting the ATO. It ensures compliance with the requirements of section 10 of the PGPA Rule and Commonwealth Fraud Control Framework 2017.

To meet our obligations, the Plan:

  • outlines the ATO’s fraud and corruption control framework
  • articulates the ATO’s approach to managing fraud and corruption risks
  • explains strategies the ATO uses to train and raise employee awareness.

Risk tolerance

The ATO acknowledges that, in its interactions with clients and service providers, and in the delivery of its services, we cannot avoid or prevent all fraud and corruption risks. The ATO has zero tolerance to any fraudulent or corrupt behaviour that may in any way impact the ATO.

‘Zero tolerance’ means that we take all reasonable measures to prevent, detect and deal with fraud and corruption risk to the ATO.

We will:

  • analyse and take associated steps to improve the tax, super and registry systems, to minimise the occurrence and impact of fraud and other crimes
  • assess all alleged instances of fraud or corruption and further investigate as needed
  • pursue disciplinary, administrative, civil or criminal actions as appropriate
  • seek to prosecute through the courts, where appropriate
  • seek the recovery of funds obtained, where appropriate.

What is fraud

The Commonwealth Fraud Control Framework 2017 defines fraud as 'dishonestly obtaining a benefit or causing a loss by deception or other means'. For an activity to be fraudulent, it must be deliberate and lead to a direct or indirect benefit to an individual or group. Fraud can be committed by parties internal or external to the ATO and this Plan addresses both.

Internal fraud is committed by employees or contractors, and can include:

  • falsely claiming employee benefits
  • accessing and disclosing taxpayer information without authorisation
  • falsifying qualifications
  • improperly reducing a debt or other liability
  • releasing funds without proper authority
  • using ATO assets for personal benefit.

External fraud is committed by taxpayers and other third parties, and can include:

  • information theft
  • claiming tax refunds and money laundering using false or stolen identities
  • claiming GST credits for goods or services that GST was not paid on
  • claiming deductions for expenses not incurred or legally deductible
  • omitting income dishonestly or with intentional disregard of the law
  • deliberately avoiding debts by carrying out illegal phoenix activities and promoting tax avoidance schemes
  • falsely claiming a benefit.

Failing to prevent and detect fraud early leads to revenue and information losses. These can lead to reputational damage, undermining the community’s confidence in the integrity of the tax, super and registry systems.

What is corruption

The Law Enforcement Integrity Commissioner (LEIC) Act 2006 defines corruption as conduct that:

  • involves, or is engaged in for the purpose of the staff member abusing their office as a staff member of the agency
  • perverts, or that is engaged in for the purpose of perverting, the course of justice
  • having regard to the duties and powers of the staff member as a staff member of the agency, involves, or is engaged in for the purpose of corruption of any other kind.

Examples of corruption that may occur in the ATO include:

  • abuse of office (for example, provision of sensitive information to facilitate external fraud committed by others)
  • biased tax-related decision-making by ATO officials
  • nepotism (particularly in relation to employment)
  • collusion for personal gain.

Key responsibilities for fraud and corruption control

Everyone in the ATO has a responsibility to mitigate the risk of fraud and corruption. However, particular positions and organisational bodies play an important role.

Role

Responsibility

Commissioner of Taxation

Accountable Authority responsible for taking all reasonable measures to prevent, detect and deal with fraud for the ATO, TPB and ACNC.

ATO Audit and Risk Committee

Provides independent advice and assurance to the Commissioner about the risk oversight and management of systems in place to implement the ATO’s Fraud and Corruption Control Plan.

ATO Enterprise Risk Management Committee

Considers emerging risks, which may include fraud and corruption, in the context of the ATO’s strategic objectives.

Assistant Commissioner, Fraud Prevention and Internal Investigations (FPII)

Risk owner for internal fraud and corruption. Leads an independent function supporting the Commissioner on internal fraud and corruption control. This role is also responsible for developing this plan.

Fraud Prevention and Internal Investigations Branch

Responsible for implementing measures to prevent, detect and respond to internal fraud and corruption.

Deputy Commissioner Integrated Compliance

Risk owner for external fraud, identity crime enabled fraud, serious and organised crime, illegal Phoenix activity and offshore tax evasion risks.

Manages the serious financial crime response across government and internationally for the ATO.

Integrated Compliance

Responds to serious tax evasion and financial crime and provides the ATO’s investigative and prosecutorial capability.

Conducts the System Integrity Program to ensure senior responsible officers have appropriate external fraud risk tolerances, treatments and controls in place for their programs.

Deputy Commissioners

Manages external fraud risk in their business line. Provides assurance on the management of external fraud risk within their business line to the External Fraud Risk Owner via the external fraud conformance process.

ACNC Commissioner TPB CEO Secretary

Manages external fraud risk for their organisation.

Serious Financial Crime Taskforce CEOs Committee

Sets the strategic direction in line with the SFCT MoU to leverage the capabilities and powers of commonwealth law enforcement and regulatory agencies to target those serious crimes that present the highest risk to Australia’s tax and super systems.

Serious Financial Crime Taskforce Chief

Provides day-to-day oversight of the SFCT and is responsible to the SFCT CEOs committee.

Serious Financial Crime Taskforce Operational Strategy Task Group

Provides oversight of SFCT intelligence and operational activity.

Senior Responsible Officers

Actively manage external fraud by conducting and reviewing risk assessments regularly for their program. This ensures appropriate external fraud risk tolerances, treatments and controls are in place and documented.

Integrity Steering Committee

Sets strategic, whole of ATO direction on external fraud risks and threats.

System Integrity Management Group

Takes a coordinated approach to fraud risk management across the organisation. Champions embedding fraud control practices.

Client Identity and Refund Fraud Forum

Identifies, prioritises and drives initiatives to support refund integrity and management of identity crime.

Other roles and responsibilities that reduce fraud and corruption risk, include:

  • Senior Executives – provide strong leadership and foster a culture of integrity, awareness and reporting.
  • Business line managers – ensure risk management principles are applied in the operation of their business line.
  • All ATO employees and contractors – have an ongoing responsibility to identify and report fraud and corruption risks and suspected fraud.

Maintaining integrity in fraud and corruption control

The ATO promotes prevention of fraud and corruption risks and supports those who report suspected fraud and corruption.

We achieve this through:

  • tools and methodologies to strengthen system integrity
  • comprehensive policies and procedures to support decision-making
  • ensuring individuals have the appropriate security clearance for their position
  • reporting and management of conflicts of interest declarations
  • internal and external performance and activity reporting
  • transparent participation in independent review and reporting arrangements.

Code of conduct

The APS values, employment principles and code of conduct shape the ATO’s culture and integrity. All employees must behave in a way that upholds and meets the standards of conduct in line with APS and ATO values.

If an employee is found to have breached the code of conduct a delegate may decide to take misconduct action under the Public Service Act 1999. A sanction may be applied, ranging from a reprimand to termination of employment.

Fraud and corruption risks

Internal

A ‘trusted insider’ can intentionally or unknowingly facilitate malicious acts against the ATO. The ATO uses a range of internal and external products to understand the risk landscape for potential insider threats. In response, we implement measures to minimise the likelihood of this risk occurring.

FPII’s annual review of the ATO’s internal fraud and corruption environment provides an opportunity to be proactive in identifying areas of emerging risk. This is done by examining global trends, national issues and trends in the Australian Public Service. The 2022–23 process identified 3 key areas of priority internal fraud risk to the organisation:

  • corruption and insider threat
  • working arrangements in a hybrid work environment
  • spending of public monies.

Our work program is built around these risk themes that we believe have the most impact on our internal fraud and corruption landscape. It allows us to take a more strategic approach to how we identify and deal with possible risk.

Our approach also includes conducting internal assessments which deal with more day-to-day operational issues as they arise. Our internal assessments assess the chance for opportunistic fraud to occur through:

  • undeclared or perceived conflicts of interest
  • corruption
  • exploitation of administration processes
  • access to systems or processes which affect the revenue
  • misuse of ATO facilities
  • misuse of ATO IT facilities
  • release of information (including unauthorised access to systems and data).

External

External fraud as it relates to threats to revenue and information is a shared risk. The ATO is one of the commonwealth agencies responsible for managing this risk.

External fraud encompasses the behaviours of:

  • tax evasion (deliberate actions to evade tax obligations)
  • tax crime (intentionally or dishonestly obtaining cash or benefits through deception).

This behaviour is outside the law.

Fraudulent behaviour can occur when:

  • individuals or groups from outside the tax, super or registry systems pretend to be legitimate participants in the system
  • legitimate participants intentionally stay out of the system to evade their obligations
  • legitimate participants in the tax, super or registry systems deliberately exploit the 4 pillars of compliance (registration, lodgment, correct reporting and payment)
  • trusted advisers use their position and knowledge to exploit their own accounts or those of legitimate participants.

Failing to prevent and detect fraud early leads to revenue and information losses.

The ATO targets several priority behavioural risks where external fraud is prevalent:

  • identity crime enabled fraud
  • refund fraud
  • serious and organised crime in the tax and super systems
  • offshore tax evasion
  • illegal phoenix
  • black economy.

Integrated Compliance, through the System Integrity Program, ensures Senior Responsible Officers:

  • identify vulnerabilities in the system
  • have appropriate external fraud risk tolerances, treatments and controls in place for their programs.

For more information, see external fraud risks that relate to TPB and ACNC.

Fraud and corruption control framework

The ATO fraud and corruption control framework is consistent with commonwealth legislative requirements. It consists of governance, risk management and policy. The ATO implements the fraud and corruption control framework using the prevention, detection and response model.

  • Prevention – the first line of defence, includes proactive strategies designed to help reduce the risk of fraud and corruption occurring.
  • Detection – measures designed to uncover incidences of fraud and corruption when they occur.
  • Response – measures including assessment, investigation, analysis, referral, prosecution and recovery.

Fraud and corruption prevention

Prevention strategies are the first line of defence. They include proactive measures designed to help reduce the risk of fraud and corruption.

Preventing fraud upfront minimises the need for the ATO to detect and respond to fraud. The ATO has a suite of tailored prevention strategies that aim to strengthen the integrity culture in the ATO.

Key elements of the ATO’s fraud and corruption prevention activity include:

  • development and implementation of The Plan
  • engagement and education strategies to build strong awareness of what fraud is and what to do about it (referred to in our Chief Executive Instructions (CEIs), policies and procedures)
  • regular integrity reporting to increase ownership and visibility of risk
  • robust recruitment and vetting processes such as defined onboarding and screening procedures
  • a program of regular risk assessments and reviews for both internal and external fraud and corruption
  • risk evaluation and differentiated treatment strategies that are shaped by the changing risk environment
  • detecting and treating vulnerabilities in business processes that pose potential fraud or serious evasion threats to the tax, super and registry systems
  • mandatory online training for ATO staff and targeted face-to-face awareness sessions
  • an online System Integrity Centre of Excellence to help staff consider system integrity and fraud impacts
  • a suite of targeted internal communications products which includes the consequences of fraud, supported by self-help material
  • an external communications program that outlines the consequences of committing external fraud, including an external intranet site dedicated to ‘the-fight-against-tax-crime’.

The ATO also contributes to the Australian Government’s Digital Identity System. The system provides Australians and businesses with a single, secure way to access government and other services online.

Fraud and corruption detection

The ATO employs measures designed to uncover incidents of fraud and corruption when they occur. We acknowledge that not all occurrences of fraud and corruption can be identified. However, the ATO takes all reasonable steps to detect fraudulent or corrupt behaviour.

Our fraud and corruption detection activity, involves:

  • system monitoring and scanning
  • proactive detection analytics based on predetermined parameters
  • internal and external audits
  • dedicated reporting mechanisms to receive both internal and external fraud tip-offs confidentially
  • systematic review and analysis of fraud referrals to identify possible trends
  • annual disclosures about changes in circumstances and external interests
  • data modelling and intelligence analysis to identify potential fraudulent and corrupt behaviour, including identity crime models to stop systemic attacks on the system
  • intelligence sharing with, and collaborating across, law enforcement and integrity agencies and international jurisdictions.

Fraud and corruption response

The ATO uses measures including assessment, investigation, analysis, referral and recovery to respond to potentially fraudulent or corrupt behaviour.

Our response activity includes:

  • assessment of all reports and allegations to decide an appropriate response
  • pursuing disciplinary, administrative, civil or criminal actions as appropriate
  • pursuing the recovery of fraudulently or criminally obtained benefits where appropriate
  • maintaining appropriate fraud insurance
  • undertaking investigations under Australian Government Investigations Standards
  • joint investigations with other law enforcement bodies and agencies and referral to the AFP in line with referral guidelines
  • appropriate reporting, including to external scrutineers
  • establishment of specialist roles to manage and respond to fraudulent or corrupt activities
  • Integrity Incident Response Framework
  • ATO participation in multi-agency international, national and state serious and organised crime forums and working parties to share intelligence and investigate, disrupt and prosecute serious financial crimes (Illicit Tobacco Taskforce, Phoenix Taskforce, Serious Financial Crime Taskforce, Fraud Fusion Taskforce and the Joint Chiefs of International Tax Enforcement Alliance [J5]).

Australian Business Registry Services (ABRS)

Under the Commonwealth Registers Act 2020 the Commissioner was appointed as Registrar of the Australian Business Registry Services (ABRS).

ABRS was established as an external brand, managed by the ATO. This satisfies legal and integrity obligations. ABRS has distinct separation of registry services from the ATO’s tax and super services.

Connectivity between tax data and the business registry data (shared services) are governed by applicable laws and insulation principles.

ABRS staff are ATO employees working within the ABRS business line. They must comply with obligations relevant to all ATO staff.

Related entities

Under Schedule 1 of the Public Governance, Performance and Accountability Rule 2014 the Commissioner is the accountable authority for:

  • Australian Charities and Not-for-profits Commission (ACNC)
  • Tax Practitioners Board (TPB)

The TPB and ACNC are independent statutory authorities. However, the Commissioner is the accountable authority for the ATO, ACNC and the TPB. As the accountable authority, the Commissioner must ensure that the financial activities undertaken by the ACNC and the TPB comply with the PGPA Act. The Commissioner has ultimate responsibility for taking all reasonable steps to prevent, detect and deal with fraud and corruption in those bodies.

It is the ATO's responsibility to provide governance and operational support to both the TPB and ACNC.

Tax Practitioners Board (TPB)

The TPB's role is to ensure that tax practitioner services are provided to the public under appropriate standards of professional and ethical conduct.

TPB staff comply with the ATO’s Internal Fraud CEI and other relevant organisational processes. Compliance assurance is achieved through:

  • internal detection programs
  • the ATO’s 'SpeakUp' channel which allows TPB staff to report integrity concerns
  • accountabilities to report issues of concern to the ATO and TPB Audit and Risk Committees.

Other ways to raise and address issues of concern are:

  • weekly executive meetings
  • monthly board meetings
  • quarterly performance reporting.

The TPB works in partnership with the ATO’s external fraud areas to develop appropriate fraud reporting and management processes for those issues which need a joint approach. The TPB will continue to work with the ATO’s external and internal fraud areas as the complexity and advancement of techniques used by those seeking to commit fraud evolves.

The TPB leverages its strong relationship with Treasury to suggest legislative and policy framework changes based on its observations of Tax Practitioner behaviour in the system. Where appropriate, advice and recommendations are provided to mitigate the risk of fraud and corruption.

Attempted fraud that does not relate to the ATO, such as attempts to fraudulently register as a tax practitioner, are managed by the TPB and reported to relevant authorities, as required. The policy is being developed to support this, including the involvement and responsibilities of ATO fraud control mechanisms.

Australian Charities and Not-For-Profit Commission (ACNC)

While ACNC staff do not have access to taxpayer information, staff do have access to charity information. Internal fraud in the ACNC can include:

  • accessing or disclosing non-public charity information without authorisation
  • using ACNC or ATO assets for personal benefit.

ACNC staff comply with the ATO’s Internal Fraud CEI – for example, ACNC staff must complete mandatory training. ACNC staff receive email communications from the ATO on a range of matters, including internal fraud.

The ACNC has different external fraud risks, including:

  • fraudulent charities that should not be registered with the ACNC
  • fraud in otherwise legitimate charities
  • fraud committed by registered charities against third parties.

Registered charities can access tax concessions from the ATO, which may constitute a tax crime if they are not entitled to those concessions.

The ACNC customises and applies the ATO’s fraud and corruption control framework based on size, circumstances, and the community regulated.

Element of framework

Activities

Prevention
  • using ATO systems, processes and educational products to educate and prevent internal fraud
  • publishing guidance and online eLearning programs to help charities protect themselves from fraudExternal Link
  • development of specific fraud resources and promoting Charity Fraud Awareness week
 

Detection
  • using system processes for ACNC systems (for example, audit history and change logs)
  • imbedding risk assessments for applications (to register as a charity) and our compliance processes
  • using data analytics to identify risks, trends and outliers
  • participating in several inter-agency forums that discuss fraud, which helps us work with government to share intelligence
  • allowing any member of the public to anonymously share concerns
 

Response
  • engaging in compliance action (which can include revocation of charity status or penalties)
  • referring to appropriate authorities or avenues (including 'SpeakUp' and the Tax Integrity Centre)
 

Reporting fraud and corruption

Receiving reports

ATO employees must report incidents of suspected fraud or corruption. Reports remain confidential. We also provide anonymous tip-off forms and support whistleblowing schemes to offer further protections.

There are a range of mechanisms for reporting fraud:

  • Internal fraud – To report internal fraud:
    • Email: speakup@ato.gov.au
    • Phone: 1800 061 187
    • Online: Anonymous Fraud Alert Form on myATO
    • Discuss it with your manager.
     
  • External fraud – Reports from the community about external fraud or tax crime must be made to the Tax Integrity Centre by:
    • Online: completing the tip-off form. The form is also available in the 'Contact us' section of the ATO app
    • Phone: 1800 060 062
    • Mail: posting to
      Tax Integrity Centre
      Locked Bag 6050
      DANDENONG  VIC  3175.
     
  • Suspected External Fraud matters ATO employees who suspect external fraud are required under the External Fraud CEI to report the matter to Integrated Compliance:
    • Referral of suspected external fraud must be undertaken in Siebel Work Management.
    • For more information, see Referring suspected external fraud to Integrated Compliance on myATO.
     

Law enforcement agencies can report tax crime involving serious and organised crime groups to TaxCrimeIntelligence@ato.gov.au

If you are worried about the conduct of a registered charity, report your concern to the ACNC using the online formExternal Link.

Public Interest Disclosure

The Public Interest Disclosure Act 2013 seeks to promote integrity and accountability by:

  • encouraging the disclosure of information about alleged serious wrongdoing
  • protecting those who make such disclosures
  • ensuring that disclosures are properly actioned.

The ATO will act on disclosures as appropriate and protect disclosers from any reprisals for making a disclosure. As required by legislation, a person must be a current or former public official to report under the Public Interest Disclosure scheme.

To make a Public Interest Disclosure a person can:

Tax whistleblower

There are arrangements in place to better protect individuals who make eligible disclosures about the tax affairs, including tax avoidance arrangements, of another entity. There are legislative conditions that need to be met to qualify for protection as a tax whistleblower. The provisions are set out under Part IVD of the Taxation Administration Act 1953.

Note: the TPB and ACNC are not eligible recipients under the tax whistleblower legislation.

Performance reporting

Regular reporting is an important part of effective governance and assurance. To ensure the ATO’s fraud control arrangements are appropriate and systems remain in place to prevent, detect, respond and monitor fraud and corruption risk, the following internal and external reporting occurs.

Reporting to

Requirement

Timeframe

Commissioner of Taxation

Oversight as the Principal Officer in accordance with the Public Interest Disclosure Act 2013 and Public Governance, Performance and Accountability Act 2013

Monthly or as required

Deputy Commissioner ATO Corporate

Regular internal fraud and corruption reports to the risk owner on current status of risk related activity and investigations

Monthly

Deputy Commissioner Integrated Compliance

Regular reports on current status of external fraud risk related activity and investigations

Monthly

Audit and Risk Committee (ARC)

Oversight of the ATO, TPB and ACNC in accordance with section 45 of the Public Governance, Performance and Accountability Act 2013

Quarterly

Enterprise Risk Management Committee (ERMC)

To contribute to the improvement of the ATO’s ability to manage risk associated with achieving the strategic objectives as defined in the ERMC Charter

Quarterly

Minister

Conformance with Public Governance, Performance and Accountability Act 2013 and Part 11 of Commonwealth Fraud Control Guidance

Annually or as required

Australian Institute of Criminology (AIC)

In accordance with the Commonwealth Fraud Control Policy all non-corporate commonwealth entities must collect information on fraud and complete an annual fraud questionnaire to the AIC

Annually

Commonwealth Ombudsman

Compliance with the Public Interest Disclosure Act 2013

Annually or as required

QC61546