ato logo
Search Suggestion:

ATO Fraud and Corruption Control Plan 2024

The ATO Fraud and Corruption Control Plan outlines our approach to managing fraud and corruption risks.

Last updated 13 February 2024


The Australian Taxation Office (ATO) is committed to ensuring the integrity of Australia’s tax, superannuation and registry systems. Protecting the system and clients against fraud and corruption is a critical part of meeting this commitment. We do this by preventing, detecting and responding to fraud and corruption. We treat fraud and corruption seriously and have zero tolerance for such behaviour.

This Fraud and Corruption Control Plan (the Plan) outlines the ATO's approach to managing fraud and corruption risks. It complies with the requirements of section 10 of the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) and Commonwealth Fraud Control Framework 2017. A review of the Plan will occur in July 2024 when changes to the Commonwealth Fraud Control Framework is anticipated to take effect, and to incorporate other amendments as part of the suite of reforms to improve the standards of APS integrity.

The Plan is intended to be a tool to support ATO (including Australian Business Registry Services), Australian Charities and Not-for-profits Commission (ACNC) and Tax Practitioners Board (TPB) staff in the prevention, detection and response to fraud and corruption, including where relevant, when working within the Trusted Digital Identity Framework. The Plan details the channels to report internal and external fraud or corruption and where to seek more information or advice. Staff must report all cases of suspected fraud and corruption.

Note: For the purposes of the Plan, reference to the ATO includes the TPB and ACNC, unless explicitly stated otherwise.

The Plan also supports the ATO to meet obligations under the National Anti-Corruption Commission Act 2022. The National Anti-Corruption Commission (NACC) began operation on 1 July 2023 and is an independent Commonwealth agency that detects, investigates and reports on serious or systemic corrupt conduct in the Australian Government public sector, and contributes to corruption prevention across the APS. All ATO, ACNC and TPB staff are under the jurisdiction of the NACC, and the ATO is required to refer all allegations of serious or systemic corrupt conduct to them.

All ATO staff and contractors play a critical role in the ATO’s fraud control arrangements. By playing our part we ensure we maintain the highest levels of integrity in Australia’s tax, superannuation and registry systems.

Commissioner of Taxation


The Plan documents the strategic and operational approach to controlling fraud and corruption affecting the ATO. It ensures compliance with the requirements of section 10 of the PGPA Rule and Commonwealth Fraud Control Framework.

To meet the ATO’s obligations, the Plan:

  • outlines the ATO’s fraud and corruption control framework
  • articulates the ATO’s approach to managing fraud and corruption risks
  • explains strategies the ATO uses to train and raise staff awareness.

While the TPB and ACNC are independent statutory authorities, under the Public Governance, Performance and Accountability Act 2013 (PGPA Act) the Commissioner is the accountable authority for the ATO, ACNC and the TPB and has responsibility for taking all reasonable measures to prevent, detect and respond to fraud and corruption in those bodies.

Risk tolerance

The ATO acknowledges that, in its interactions with clients and service providers, and in the delivery of its services, it cannot avoid or prevent all fraud and corruption risks. The ATO has zero tolerance to any fraudulent or corrupt behaviour that may impact the ATO.

Zero tolerance means the ATO takes all reasonable measures to prevent, detect and respond to fraud and corruption risk.

The ATO will:

  • analyse and take associated steps to protect the tax, superannuation and registry systems and clients, by minimising the occurrence and impact of fraud, corruption and other crimes
  • assess all alleged instances of fraud or corruption and further investigate as appropriate
  • pursue disciplinary, administrative, civil or criminal actions as appropriate
  • seek to prosecute through the courts, where appropriate
  • seek the recovery of funds obtained, where appropriate.


The Commonwealth Fraud Control Framework defines fraud as 'dishonestly obtaining a benefit or causing a loss by deception or other means'. A benefit includes information. For an activity to be fraudulent, it must be deliberate and lead to a direct or indirect benefit to an individual or group. Fraud can be committed by parties internal or external to the ATO and this plan addresses both.

Internal fraud is committed by staff or contractors and can include:

  • falsely claiming employee benefits
  • accessing and disclosing sensitive information (for example, taxpayer, charity information) without authorisation
  • falsifying qualifications
  • improperly reducing a debt or other liability
  • releasing funds without proper authority
  • using government assets for personal benefit.

External fraud is committed by taxpayers and other third parties with or without the assistance of enablers such as dishonest tax agents, BAS agents or unregistered preparers. External fraud can include:

  • claiming tax concessions and refunds using false or stolen identities
  • information theft through dishonestly accessing ATO systems
  • deliberating making false ABN registrations
  • dishonestly not meeting lodgment obligations
  • claiming GST credits for goods or services that GST was not paid on
  • deliberately avoiding debts by carrying out illegal phoenix activities
  • dishonestly claiming in relation to programs such as the research and development tax incentive.

Failing to prevent and detect fraud early leads to losses in information or revenue. This can result in reputational damage and undermine the community’s confidence in the integrity of the tax, superannuation and registry systems.


The National Anti-Corruption Commission Act 2022 describes 4 types of corrupt conduct. A person engages in corrupt conduct if they:

  • are a public official and they breach public trust
  • are a public official and they abuse their office as a public official
  • are a public official or former public official and they misuse information they have gained in their capacity as a public official
  • do something that adversely affects a public official’s honest or impartial exercise of powers or performance of official duties. Any person can engage in this type of corrupt conduct, even if they are not a public official themselves.

A person also engages in corrupt conduct if they try or plan to do any of those things.

Examples of corruption that may be realised in the ATO include:

  • abuse of office (for example, provision of sensitive information to facilitate external fraud committed by others)
  • biased decision-making by ATO officials
  • nepotism (particularly in relation to employment)
  • collusion for personal gain.

Key responsibilities

Everyone in the ATO has a responsibility to mitigate the risk of fraud and corruption. However, some positions and organisational bodies play a more important role.

Key roles and responsibilities



Commissioner of Taxation

Accountable authority responsible for taking all reasonable measures to prevent, detect and respond to fraud and corruption for the ATO, TPB and ACNC.

ATO Audit and Risk Committee

Provides independent advice and assurance to the Commissioner about the risk oversight and management of systems in place to implement the ATO’s Fraud and Corruption Control Plan.

Assistant Commissioner, Fraud Prevention and Internal Investigations (FPII)

Risk owner for internal fraud and corruption.

Leads an independent function supporting the Commissioner on internal fraud and corruption control.

This role is also responsible for developing this plan.

FPII Branch

Responsible for implementing measures to prevent, detect and respond to internal fraud and corruption.

Deputy Commissioner, Fraud and Criminal Behaviours

Risk owner for external fraud in the tax, superannuation and registry systems. Has accountability and authority to declare and respond to emergency external fraud events.

Manages the serious financial crime response across government and internationally for the ATO.

Fraud and Criminal Behaviours Business Line

Responds to external fraud and financial crime and is the ATO’s investigative and prosecutorial capability.

Ensures senior responsible officers have appropriate external fraud risk tolerances, treatments, and controls in place for their programs.

Manages the System Integrity Program which focuses on embedding whole-of-ATO fraud prevention strategies.

Manages the Intelligence and Assessment Centre, which coordinates and undertakes external fraud detection and triages.

Deputy Commissioners (ATO only)

Manages external fraud risk in their business line.

Provides assurance on the management of external fraud risk within their business line to the external fraud risk owner via the external fraud conformance process.

Senior responsible officers

Actively manage external fraud by conducting and reviewing risk assessments regularly for their program. This ensures appropriate external fraud risk tolerances, treatments and controls are in place and documented.

Integrity Steering Committee

Sets strategic, whole-of-ATO direction on external fraud risks and threats.

System Integrity Management Group

Takes a coordinated approach to fraud risk management across the ATO.

Champions embedding fraud control practices into the ATO.

Serious Financial Crime Taskforce Chief (ATO only)

Provides day-to-day oversight of the SFCT and is responsible to the SFCT CEOs Board.

ACNC Commissioner

TPB CEO Secretary

Manages external fraud risks for their organisations.

ATO Risk Committee

The Risk Committee is responsible for positively influencing the ATO’s ability to manage key areas of risk associated with achieving its strategic objectives. The Risk Committee ensures risks are being managed effectively across the organisation consistent with the Enterprise Risk Management Framework (ERMF). In conjunction with the Audit and Risk Committee, assurance is provided to the ATO Executive that risk is being effectively identified and appropriately managed throughout the organisation, with a strong focus on setting clear accountabilities and tolerances, and monitoring performance to ensure it remains within acceptable levels.

Security Committee

Ensures protective security policies and business continuity management capabilities are managed effectively across the ATO.

ATO Strategy Committee

Ensure strategy coherence by making decisions or recommendations to the ATO Executive in relation to strategies and priorities with significant internal or external impacts within the context of the ATO’s strategic direction and the operating environment.


Other roles and responsibilities that reduce fraud and corruption risk, include:

Senior Executives – provide strong leadership and foster a culture of integrity, awareness and reporting.

Business line managers – ensure risk management principles are applied in the operation of their business line.

All ATO staff and contractors – have an ongoing responsibility to identify and report fraud and corruption risks and suspected fraud.

Maintaining integrity

The Public Governance, Performance and Accountability Act 2013 (PGPA Act) contains the legal obligations of Commonwealth entities in relation to their governance, performance, accountability, and use and management of public resources.

Under the PGPA Act, the Commissioner has specific duties as the accountable authority to:

  • properly govern the ATO
  • establish an appropriate risk and control system
  • encourage officials to cooperate with others to achieve common objectives
  • consider the effects of imposing requirements on others
  • keep the respective minister and the finance minister informed.

Meeting governance obligations under the PGPA Act contributes to the ATO’s conformance with other legislative requirements, including the proper administration of the tax and superannuation systems.

The ATO Corporate Governance Framework is represented under 2 key areas: the ATO’s governance structure; and the governance pillars.

ATO governance structure and governance committees including:

  • Audit and Risk Committee
  • ATO Executive
  • other ATO Committees.

Governance pillars are grouped into 4 key pillars which form the basis of the Audit and Risk Committee mandatory assurance reporting:

  • financial reporting
  • performance reporting
  • risk oversight and management
  • internal control.

The ATO’s Integrity Framework describes the mechanisms and arrangements that ensure the ATO is an integrity-based organisation. The integrity framework is supported by governance and reporting arrangements that underpin a high standard of integrity culture within the ATO.

All ATO staff have a responsibility to report misconduct and not turn a blind eye to unacceptable behaviour.

The ATO promotes the prevention of fraud and corruption and supports those who report suspected fraud and corruption. It achieves this through:

  • using tools and methodologies to strengthen system integrity
  • developing comprehensive policies and procedures to support decision-making
  • ensuring individuals have the appropriate security clearance for their position
  • reporting and managing conflicts of interest declarations
  • reporting internal and external performance and activities
  • transparently participating in independent review and reporting arrangements
  • requiring staff to undertake training in relation to fraud and corruption.

The ATO corporate plan 2023-24 outlines the ATO commitment to on delivering priorities, driving tax performance and strengthening the integrity of the tax, superannuation and registry systems.

There are 8 strategic objectives, grouped into 5 perspectives in the Corporate Plan.

Of the 5 perspectives, W1 – Workforce focuses on the ATO being a high performing workforce with a focus on integrity, the right culture, capability and tools to deliver the best client and staff experience. This includes ensuring that ATO staff act with integrity at all times.

Core Priority 3.2: Workforce integrity: Identify, prevent and respond to integrity threats in the workplace, through the ATO’s integrity framework.

Tax Practitioners Board corporate plan

The Tax Practitioners Board (TPB) Corporate Plan 2023-24External Link outlines the key activities and performance measures the TPB will apply as they continue to deliver on the ATO’s purpose: supporting public trust and confidence in the integrity of the tax profession and the tax system. The TPB focus is in two areas: support for tax practitioners; and ensuring the integrity of the tax system. They will continue to take strong and targeted action against misconduct, including by the highest risk and unregistered tax practitioners, to protect consumers from harm and to maintain trust and integrity in the tax system.

ACNC corporate plan

The Australian Charities and Not-for-profits (ACNC) Corporate Plan 2023-24External Link outlines the ACNC purposes, activities and vision, and details how the ACNC will measure their performance. It encapsulates the ACNC commitment to the public and charities: to ensuring public confidence, to helping charities stay on track, to collating and sharing charity data, and to delivering on government initiatives that relate to charities.

Code of conduct

The APS values, employment principles and code of conduct shape the ATO’s culture and integrity. All staff must behave in a way that upholds and meets the standards of conduct in line with APS and ATO values.

If a staff member is found to have breached the Code of Conduct, a sanction delegate may decide to impose a sanction under subsection 15 of the Public Service Act 1999. The sanctions available range from a reprimand through to termination of employment.

Fraud and corruption risks


Trusted insiders are current and former staff or contractors who have legitimate or indirect access to ATO staff, information, techniques, activities, technology, assets or facilities.

A trusted insider may conduct activities that could harm the ATO, be detrimental to Australia’s national security, undermine Australia’s sovereignty, revenue and prosperity, or even pose a threat to life.

A trusted insider can have varied and often complex reasons for conducting harmful activity and may conduct them intentionally or unintentionally.

An example of intentional insider activity can include publicly disclosing classified or privileged ATO information as an act of revenge with a third party—such as a business competitor, criminal organisation or foreign power—in exchange for payment or other personal benefit.

Examples of unintentional insider activity can include:

  • absent-mindedly clicking on email links that lead to malicious network compromise by a third party
  • misplacing a workplace-issued security pass, electronic device or sensitive document
  • being unknowingly exploited by a third-party, such as a foreign power, criminal organisation, competitor, friend or associate
  • carelessly oversharing privileged information at a social gathering or in a public place
  • mistakenly providing information to a colleague who doesn't have an appropriate security clearance or valid need to know.

The ATO uses a range of internal and external products to understand the risk landscape for potential insider threats. In response, it implements measures to minimise the likelihood of this risk occurring.

Emerging risks

Fraud Prevention and Internal Investigation’s annual review of the ATO’s internal fraud and corruption environment provides an opportunity to be proactive in identifying areas of emerging risk. This is done by examining global trends, national issues and trends in the Australian Public Service. The 2022–23 process identified 3 enduring internal fraud risks to the ATO:

  • misuse of tax-specific expertise
  • abuse of decision-making authority
  • unlawful access, use or disclosure of tax information.

The ATO’s forward work program is built around these risk themes and allows the ATO to take a more strategic approach to identify and deal with possible risk.

The ATO also conducts internal assessments which deal with more day-to-day operational issues as they arise. Internal assessments gauge the chance for opportunistic fraud to occur through:

  • undeclared or perceived conflicts of interest
  • corruption
  • exploitation of administration processes
  • access to systems or processes which affect the revenue
  • misuse of ATO facilities
  • misuse of ATO IT facilities
  • release of information (including unauthorised access to systems and data).


External fraud comes from outside the ATO and relates to threats to revenue or information on the Australian Government and is a shared risk. The ATO is one of the agencies responsible for managing this risk.

External fraud in the ATO encompasses the behaviours of:

  • third parties dishonestly gaining control of ATO client identities
  • dishonest access to ATO systems
  • dishonest non-compliance with registration obligations
  • dishonestly not meeting lodgement obligations
  • dishonestly not meeting reporting obligations
  • dishonestly not meeting payment obligations
  • external fraud in ATO administered programs.

The ATO undertakes an assessment to understand the risks the ATO may not be effective at controlling. The impact of external fraud across the system because of a failure to take all responsible measures to prevent, detect and respond, resulting in out of tolerance revenue and information loss and harm to clients. The ATO’s current risk assessment identifies, analyses and evaluates a number of risks. These risks include incentives or opportunities in the environment to commit external fraud, dishonest use of client identities and dishonest access to systems, exploiting the pillars of compliance (registration, non-lodgment, reporting and non-payment), ineffective management of incentive programs as well as ineffective management of consequences of fraud behaviour.

The ACNC and TPB have different external fraud risks.

Risk management

Risk management is the responsibility of all staff as it ensures the ATO understands risks, achieves outcomes efficiently and effectively, and complies with various statutory obligations and public sector guidelines, such as the Public Governance, Performance and Accountability Act 2013 and the Commonwealth Risk Management Policy.

The ATO's Risk management Chief Executive Instruction (CEI) and Enterprise Risk Management Framework (ERMF) were developed to provide a structured, enterprise-wide approach to managing risk, including risk methodology and management processes. The framework is administered in line with the requirements of the Commonwealth Risk Management Policy and is aligned with the ISO 31000:2018 Risk Management standard. The framework also incorporates the ATO's governance approach consistent with the 3 lines of defence model being Business Lines, Risk and Assurance and Internal Audit.

The ATO's ERMF aims to provide a consistent, integrated and effective approach to the management of risk and is embedded into day-to-day business practices. The approach is designed to support the ATO to achieve the strategic objectives and facilitate continuous innovation and improvement.

The 4 components of the ERMF include:

  • Culture – supporting staff to understand and implement the ATO’s approach to risk
  • Governance – structures, guidance and capability
  • Data and technology – shared knowledge, intelligence and insights
  • Informed decisions – evidence-based analysis to consider risk and identify opportunities

Control framework

The ATO fraud and corruption control framework is consistent with all legislative requirements of the Australian Government. It consists of governance, risk management and policy. The ATO implements the fraud and corruption control framework using the prevention, detection and response model.

Prevention – the first line of defence, includes proactive strategies designed to help reduce the risk of fraud and corruption occurring.

Detection – measures designed to uncover incidences of fraud and corruption when they occur.

Response –assessment, investigation, analysis, referral, prosecution and recovery measure.


Prevention strategies are the first line of defence against fraud and corruption. They include proactive measures designed to help reduce the risk of fraud and corruption.

Preventing fraud upfront minimises the need for the ATO to detect and respond to fraud. The ATO has a suite of tailored prevention strategies that aim to protect the system and clients against fraud.

Key elements of the ATO’s fraud and corruption prevention activity include:

  • development and implementation of this Plan
  • engagement and education strategies to build strong awareness of what fraud and corruption is and what to do about it (referred to in the Chief Executive Instructions (CEIs), policies and procedures)
  • regular integrity reporting to increase ownership and visibility of risk
  • robust recruitment and vetting processes such as defined onboarding and screening procedures
  • a program of regular risk assessments and reviews for both internal and external fraud and corruption
  • risk evaluation and differentiated treatment strategies that are shaped by the changing risk environment
  • detecting and treating vulnerabilities in business processes that pose potential fraud threats to the tax, superannuation, charity and registry systems
  • mandatory online training for all ATO staff and targeted face-to-face awareness sessions
  • a suite of targeted internal communications products which includes the consequences of fraud and corruption, supported by self-help material
  • an external communications program that outlines the consequences of committing external fraud, including a section on the external website dedicated to the-fight-against-tax-crime.

In addition, the ATO has increased its focus on prevention measures to reduce the risk of external fraud. This focus has brought stronger controls prior to any transactions being undertaken.

These activities include:

  • stronger proof of identity processes
  • greater assurance over digital access
  • increased sophistication of models and early warning systems
  • detecting and treating vulnerabilities or any gaps in business processes that pose potential fraud threats
  • an online System Integrity Centre of Excellence to help staff consider system integrity and fraud impacts
  • delivering a rolling external risk assessment program that ensures risks are managed and treated.

The ATO also contributes to the Australian Government’s digital identity system. The system provides Australians and businesses a secure, verified identity and authorisation solution to enable access to government and other services online.


The ATO employs measures designed to uncover incidents of fraud and corruption when they occur. The ATO acknowledges that not all occurrences or incidents can be identified. However, the ATO takes all reasonable measures to detect fraudulent or corrupt behaviour.

The ATO’s detection activities involve:

  • system monitoring and scanning
  • proactive detection analytics based on predetermined parameters
  • internal and external audits
  • dedicated reporting mechanisms to receive both internal and external fraud tip-offs confidentially
  • systematic reviews and analysis of fraud referrals to identify possible trends
  • annual disclosures about changes in circumstances and external interests for staff with relevant security clearances
  • data modelling and intelligence analysis to identify potential fraudulent and corrupt behaviour, including identity crime models to stop systemic attacks on the system
  • intelligence sharing with, and collaborating across, law enforcement and integrity agencies and international jurisdictions.


The ATO uses measures including assessment, investigation, analysis, referral and recovery to respond to suspected fraudulent or corrupt behaviour.

The ATO’s response activities include:

  • assessment of all reports and allegations to decide an appropriate response
  • pursuing disciplinary, administrative, civil or criminal actions, as appropriate
  • pursuing the recovery of fraudulently or criminally obtained benefits, where appropriate
  • maintaining appropriate fraud insurance
  • undertaking investigations in accordance with the Australian Government investigations standards
  • joint investigations with the NACC, other law enforcement bodies and agencies and referral to the AFP in line with referral guidelines
  • appropriate reporting, including to external scrutineers
  • establishment of specialist roles to manage and deal with fraudulent or corrupt activities
  • rapid response groups, for dealing with existing fraud behaviours

ATO participation in multi-agency international, national and state serious and organised crime forums and working parties to share intelligence and investigate, disrupt and prosecute serious financial crimes (Illicit Tobacco Taskforce, Phoenix Taskforce, Serious Financial Crime Taskforce, Fraud Fusion Taskforce and the Joint Chiefs of International Tax Enforcement Alliance).

Australian Business Registry Services

Under the Commonwealth Registers Act 2020 the Commissioner was appointed as Registrar of the Australian Business Registry Services (ABRS).

ABRS was established as an external brand, managed by the ATO. This satisfies legal and integrity obligations. ABRS has distinct separation of registry services from the ATO’s tax and superannuation services.

Connectivity between tax data and the business registry data (shared services) are governed by applicable laws and insulation principles.

ABRS staff are ATO staff working within the ABRS business line. They must comply with obligations relevant to all ATO staff.

Related entities

Under Schedule 1 of the Public Governance, Performance and Accountability Rule 2014 the Commissioner of Taxation is the accountable authority for:

  • Australian Charities and Not-for-profits Commission (ACNC)
  • Tax Practitioners Board (TPB).

It is the ATO's responsibility to provide governance and operational support to both the TPB and ACNC.

Tax Practitioners Board

The Tax Practitioners Board (TPB)'s role is to ensure tax practitioner services are provided to the public under appropriate standards of professional and ethical conduct.

TPB staff comply with the ATO’s Internal Fraud and Corruption CEI and other relevant organisational processes. Compliance assurance is achieved through:

  • internal detection programs
  • the ATO’s Speak Up channel which allows TPB staff to report integrity concerns
  • accountabilities to report issues of concern to the ATO and TPB audit and risk committees.

Other ways to raise and address issues of concern are:

  • weekly executive meetings
  • monthly board meetings
  • quarterly performance reporting.

The TPB works in partnership with the ATO’s external fraud areas to develop appropriate fraud reporting and management processes for those issues that need a joint approach. The TPB will continue to work with the ATO’s external and internal fraud areas as the complexity and advancement of techniques used by those seeking to commit fraud evolves.

The TPB leverages its strong relationship with Treasury to suggest legislative and policy framework changes based on its observations of Tax Practitioner behaviour in the system. Where appropriate, advice and recommendations are provided to mitigate the risk of fraud and corruption.

Attempted fraud that does not relate to the ATO, such as attempts to fraudulently register as a tax practitioner, are managed by the TPB and reported to relevant authorities, as required.

Australian Charities and Not-For-Profit Commission

While Australian Charities and Not-For-Profit Commission (ACNC) staff do not have access to taxpayer information, they do have access to charity information. Internal fraud or corruption in the ACNC can include:

  • accessing or disclosing non-public charity information without authorisation
  • using ACNC or ATO assets or information for personal benefit.

ACNC staff comply with the ATO’s Internal Fraud and Corruption CEI – for example, must complete mandatory training. ACNC staff also receive email communications from the ATO on a range of matters, including internal fraud and corruption.

The ACNC has different external fraud risks, including:

  • fraudulent charities that should not be registered with the ACNC
  • fraud in otherwise legitimate charities
  • fraud committed by registered charities against third parties.

Registered charities can access tax concessions from the ATO, which may constitute external fraud if they are not entitled to those concessions.

The ACNC tailors the ATO’s fraud and corruption control framework based on its size, circumstances, and the community regulated.

ATO's fraud and corruption framework and activities

Element of framework



Using ATO systems, processes and educational products to educate and prevent internal fraud.

Publishing guidance and online eLearning programs to help charities protect themselves from fraudExternal Link.

Development of specific fraud resources and promoting Charity Fraud Awareness week.


Using system processes for ACNC systems (for example, audit history and change logs).

Imbedding risk assessments for applications (to register as a charity) and the ACNC’s compliance processes.

Using data analytics to identify risks, trends and outliers.

Participating in several inter-agency forums that discuss fraud, which helps us work with government to share intelligence.

Allowing any member of the public to anonymously share concerns.


Engaging in compliance action (which can include revocation of charity status or penalties).

Referring to appropriate authorities or avenues (including Speak Up and the Tax Integrity Centre).

Reporting fraud and corruption

ATO staff must report incidents of suspected fraud or corruption. Reports remain confidential. The ATO also provide anonymous tip-off forms and support whistleblowing schemes to offer further protections and support.

Range of mechanisms for reporting fraud

Type of fraud

Reporting channels

Internal fraud or corruption
Reports about internal fraud or corruption


Phone: 1800 061 187

Online: Complete the Report internal fraud or corruption form

Anonymous Fraud Alert Form on myATO

Discuss it with your manager

External fraud
Reports from the community about external fraud or tax crime

Online: completing the tip-off form. The form is also available in the contact us section of the ATO app

Phone: 1800 060 062


Tax Integrity Centre
Locked Bag 6050

Suspected external fraud matters

ATO staff who suspect external fraud are required under the External Fraud CEI to report the matter to Fraud and Criminal Behaviours.

Referral of suspected external fraud must be undertaken in Siebel Work Management.


Law enforcement agencies can report external fraud involving serious and organised crime groups to

Reports of misconduct of a registered charity, should be raised with the ACNCExternal Link and complaints about tax practitioners to the Tax Practitioners BoardExternal Link.

Public Interest Disclosure

The Public Interest Disclosure Act 2013 seeks to promote integrity and accountability by:

  • encouraging the disclosure of information about alleged serious wrongdoing
  • protecting those who make such disclosures
  • ensuring that disclosures are properly actioned.

The ATO will act on disclosures as appropriate, and will support and protect disclosers and witnesses from reprisal action. As required by legislation, a person must be a current or former public official to report under the Public Interest Disclosure scheme. Personal work-related conduct is not disclosable conduct unless it could constitute reprisal or is otherwise significant.

To make a Public Interest Disclosure a person can:

On 1 July 2023 stage one reforms to the PID Act commenced, aligned to the establishment of the National Anti-Corruption Commission (NACC). Changes include, but are not limited to, requirements to refer suspected systemic or serious corrupt conduct to the NACC, an expanded definition of reprisal, and the exclusion of personal work-related conduct unless it could constitute reprisal or is otherwise significant. The ATO has updated processes and procedures to ensure the ATO meets mandatory reporting obligations and new responsibilities. The ATO will act on disclosures as appropriate and will support and protect disclosers and witnesses from reprisal action, and continue to work closely with the Commonwealth Ombudsman to ensure all standards and responsibilities are met.

The Attorney-General’s Department, as part of the stage 2 reforms, intend to release a discussion paper on more comprehensive reform by the end of 2023 with the development and introduction of legislation expected in 2024.

Tax whistleblower

There are arrangements in place to better protect individuals who make eligible disclosures about the tax affairs, including tax avoidance arrangements, of another entity. There are legislative conditions that need to be met to qualify for protection as a tax whistleblower. The provisions are set out under Part IVD of the Taxation Administration Act 1953.

The Tax whistleblower protection regime CEI sets out ATO staff responsibilities for managing disclosures of alleged tax misconduct, submitted by members of the community, under the Whistleblower Protection regime in part IVD of the Taxation Administration Act 1953.

Under the tax whistleblower legislation, the TPB and ACNC are not eligible recipients.

National Anti-Corruption Commission

Fraud Prevention and Internal Investigations (FPII) help the Commissioner refer certain issues to the National Anti-Corruption CommissionExternal Link (NAAC) for potential investigations. Where appropriate, FPII will refer matters to the NACC via the Commissioner as the accountable authority as a mandatory referral.

Staff who suspect a corruption issue, can contact FPII for advice in the first instance.

Staff may also choose to report serious or systemic corruption to the NACC as a voluntary referral. However, the NACC may choose not to investigate a corruption issue and, in those cases, may refer matters back to the ATO.

Reporting requirements

Regular reporting is an important part of effective governance and provides assurance over the appropriateness of the ATO’s control arrangements to prevent, detect and respond to fraud and corruption.

Internal and external reporting requirements and timeframes

Reporting to



Commissioner of Taxation

Oversight as the principal officer in accordance with the Public Interest Disclosure Act 2013 and Public Governance, Performance and Accountability Act 2013

Monthly or as required

Deputy Commissioner ATO Corporate

Regular internal fraud and corruption reports to the risk owner on the current status of risk-related activity and investigations


Deputy Commissioner Fraud and Criminal Behaviours

Regular reports on current status of external fraud risk-related activity and investigations


Audit and Risk Committee (ARC)

Oversight of the ATO, TPB and ACNC in accordance with section 45 of the Public Governance, Performance and Accountability Act 2013


ATO Risk Committee

Ensures risks are being managed effectively across the ATO consistent with the Enterprise Risk Management Framework.

As required

ATO Strategy Committee

Ensure strategy coherence by making decisions or recommendations to the ATO Executive in relation to strategies and priorities with significant internal or external impacts within the context of the ATO’s strategic direction and the operating environment.

As required


Conformance with Public Governance, Performance and Accountability Act 2013 and Part 11 of Commonwealth Fraud Control Guidance

Annually or as required

Australian Institute of Criminology (AIC)

In accordance with the Commonwealth Fraud Control Policy all non-corporate commonwealth entities must collect information on fraud and complete an annual fraud census to the AIC


Commonwealth Ombudsman

Compliance with the Public Interest Disclosure Act 2013

Annually or as required

Transparency in investigation activities

Fraud Prevention and Internal Investigations (FPII) treats all parties involved in an investigation with respect and courtesy and makes sure all investigation activities are undertaken in accordance with relevant legislation, government policies and standards including:

  • National Anti-Corruption Commission (NACC)
  • Australian Government Investigations Standards (AGIS)
  • Commonwealth Director of Public Prosecutions (CDPP)
  • Commonwealth Ombudsman and the Public Interest Disclosure Act 2013

External scrutineers

External scrutiny promotes good governance practices, transparency, accountability and fairness.

The ATO’s external scrutineers are:

  • Australian National Audit Office (ANAO), who conduct financial statement audits and performance audits.
  • The Inspector-General of Taxation and Taxation Ombudsman (IGTO), who investigates tax complaints (except those related to freedom of information (FOI) matters) and particular actions by tax official. The IGTO reviews systemic issues in tax administration and makes recommendations for improvement.
  • The Commonwealth Ombudsman, who responds to non-tax elements of cross agency complaints (for example, those who have a child support element), and Public Interest Disclosures. It also conducts its own investigations on systemic issues.
  • Office of the Australian Information Commissioner, who investigates privacy and FOI issues.
  • The ATO’s external scrutineers provide independent assessments of ATO administration of the tax and superannuation systems, the Australian Business Register and assurance of ATO financial reporting.