House of Representatives

Explanatory Memorandum

(Circulated by authority of the Minister for Employment, Skills, Small and Family Business, Senator the Hon Michaelia Cash)

PAYMENT TIMES REPORTING BILL 2020

NOTES ON CLAUSES

Part 1 - Preliminary

Section 1: Short title

1. Section 1 is a formal provision specifying the short title of the Act as the Payment Times Reporting Act 2020.

Section 2: Commencement

2. The table in this section sets out the dates for when the provisions of the Act will commence.

3. The whole of the Act will commence on 1 January 2021 if the Act receives Royal Assent before 1 January 2021. If the Act receives Royal Assent on or after 1 January 2021, the whole Act will commence on the first 1 January or 1 July to occur after the day the Act receives Royal Assent.

Section 3: Objects of this Act

4. Section 3 sets out the objectives of the Act. The first objective is to provide for the reporting on payment terms and practices by large businesses, certain government entities and volunteering entities about their small business suppliers. The second objective is to create greater transparency around these payment terms and practices by making them publicly available. The purpose of providing this transparency is so that small businesses will be able to make more informed decisions about their potential customers. Greater transparency on payment practices and performance will also create incentives for reporting entities to improve their payment terms and practices.

Section 4: Simplified outline of this Act

5. Section 4 provides a simplified outline of the Act to help readers understand the substantive provisions. This simplified outline should not be taken as complete and readers should rely on the substantive provisions in the Act.

Section 5: Definitions

6. Section 5 defines key terms found within the Act. Certain key terms of this Act are outlined below.

7. "carrying on an enterprise" - The meaning of this phrase is intended to be similar to the phrase as it is used in other legislation (such as the Business Names Registration Act 2011). It is intended to be broader than the meaning of the phrase "carrying on a business".

8. "controlling corporation" - The reference to "controlling corporation" in section 5 is drawn from concepts in the Corporations Act 2001. A controlling corporation is intended to be a business that is not a subsidiary to another corporation; however, a controlling corporation can have subsidiaries.

9. "entity" - The definition of an "entity" in section 5 is based on the concept in section 960.100 of the Income Tax Assessment Act 1997, where an entity is said to include the following kinds of legal persons: an individual; a body corporate; a body politic; a partnership; any other unincorporated association of body of persons; a trust; a superannuation fund; and an approved deposit fund.

10. "foreign entity" - The reference to "foreign entity" in section 5 is intended to cover entities based overseas that are not otherwise constitutional corporations; that is, businesses geographically external to Australia and that carry on an enterprise in Australia, within the scope of the external affairs power in the Constitution.

11. "income year" - An "income year" for an entity has the same meaning as section 4.10 of the Income Tax Assessment Act 1997 and is based on the financial year used for tax purposes. For example, if an entity has a standard financial year for tax purposes, this will be the same income year used to determine when a Payment Times Report is due; if they have a non-standard financial year for tax purposes they will use this non-standard financial year to determine when a Payment Times Report is due. However, it is not intended that the proviso in section 4.10(2)(a) regarding previous income years will be relevant for the purposes of the Payment Times Reporting Act. As such, "income year" refers to an entity's most recent financial year, not the previous financial year.

12. "issuing officer" - An "issuing officer", for the purpose of warrants under the RPA, can either be a magistrate or Federal Court Judge. Both are included as issuing officers, because there is the possibility that a warrant would need to be issued against a Government Business Enterprise (GBE). In such circumstances a Federal Court judge may be a more authoritative person to issue such a warrant. However, the appropriate issuing officer for any warrant will be considered on a case-by-case basis.

13. "member" -The definition of "member" draws upon concepts in the Corporations Act 2001. In that Act, a "member" of a corporate group is one where the controlling corporation controls the composition of the member's board or is in a position to cast, or control the casting of, more than one-half of the maximum number of votes that might be cast at a general meeting of the member's shareholders.

14. "protected information" - This refers to any information obtained under, or in accordance, with this Act. This would include, for example, information given under section 14 in a Payment Times Report. It is also intended to include any other information the Regulator obtains when administering the Act, such as when making a determination under section 7 (ceasing to be a reporting entity) or section 13 (application for further time to give a report).

15. "small business" - The definition of a "small business" means an entity prescribed by the Rules.

16. "small business invoice" - This is intended to be based on the definition of "invoice" in the Income Tax Assessment Act 1997 and the A New Tax System (Goods and Services Tax) Act 1999.

17. "small business supplier" - A "small business supplier" means a small business that supplies goods or services to the reporting entity.

18. "total income" - The definition of "total income" draws upon section 3C of the Taxation Administration Act 1953. It is intended that total income for the purpose of this Act will be calculated in the same way as total income under the Taxation Administration Act 1953. Like in that Act, "total income" for the purposes of this Act is based on accounting concepts, and refers to gross income.

Section 6: Meaning of constitutionally covered entity

19. Section 6 describes a constitutionally covered entity. These are the broad categories of entities that may be required to report their payment times and practices to the Regulator, if they meet the definition of reporting entity in section 7.

20. These include a constitutional corporation, a foreign entity, and a corporate Commonwealth entity, or a Commonwealth company, within the meaning of the Public Governance, Performance and Accountability Act 2013.

21. This definition is intended to cover all entities apart from those that lie outside the constitutional power of the Commonwealth to regulate.

Section 7: Meaning of reporting entity

22. Section 7 sets out the criteria for determining whether a constitutionally covered entity is a reporting entity, and is therefore required to provide a Payment Times Report to the Regulator under Division 2 of Part 2.

23. Entities that are registered under the Australian Charities and Not-for-profits Commission Act 2012 are explicitly excluded from becoming a reporting entity. The reason for this approach is the Act focuses on the payment terms and practices of entities which have a commercial purpose.

Becoming a reporting entity

24. Subsections 7(1) and (2) describe the criteria that a constitutionally-covered entity must meet in order to be required to report.

25. An entity meets these criteria if it carries on an enterprise in Australia, and for its most recent income year:

a.

the entity had a total income of more than $100 million, or

b.

if the entity is a controlling corporation - the combined total income for all members of the controlling corporation's group was more than $100 million; or

c.

if the entity is a member of the group of a controlling corporation to which paragraph b applies-the total income for the entity was at least $10 million.

26. These conditions are intended to capture all members of a corporate group who have a total income of at least $10 million where the combined total income of the group is more than $100 million.

27. Example: Corporation X is a controlling corporation. Its total income was $80 million. It has three members: Member A's total income was $50 million, Member B's total income is $40 million, and Member C's total income was $5 million. The total of the group's income was $175 million. Corporation X, Members A, B and C all carry on an enterprise within Australia. Each of Corporation X, Members A and B is a reporting entity, because the combined total income of their group is $175 million and each entity has total income above $10 million. They will all have to submit their own separate Payment Times Report. Member C has total income of less than $10 million and is therefore not a reporting entity and does not need to submit a Payment Times Report.

28. The more than $100 million income threshold reflects the size of business that must be captured by the Act if it is to achieve its policy intent of improving payment times from large to small businesses. Large businesses captured by the $100 million income threshold have the capacity to meaningfully comply with the reporting requirements and have the market influence to effect change in their supply chains.

29. Removing smaller entities who operate within larger groups but have a total income of less than $10 million is designed to reduce the regulatory burden on reporting entities. There are a large number of small entities which are members of groups and many do not actively trade externally. The less than $10 million threshold is consistent with the Australian Taxation Office definition of a small business.

30. Under subsection 7(1)(b) a constitutionally covered entity who does not meet the criteria for a reporting entity in subsection 7(2) may volunteer to provide Payment Times Reports by writing to the Regulator prior to the beginning of an income year. A reporting entity who elects under subsection 7(1)(b) to report is referred to as a "volunteering entity".

Ceasing to be a reporting entity

31. Subsection 7(3) states that a reporting entity continues to be a reporting entity unless the Regulator has determined in writing that it is no longer a reporting entity.

32. An entity may cease to be a reporting entity if it does not meet the relevant thresholds set out in subsection 7(2) for two consecutive income years. The requirement that income must fall below the threshold for both of the two most recent income years (as opposed to only the most recent income year) is intended to provide certainty and alleviate the administrative burden that would arise from entities regularly entering and exiting the Scheme should their income fluctuate around either the $100 million or $10 million thresholds.

33. A determination by the Regulator that the entity must continue to report can be reconsidered through an internal review process and then by application to the Administrative Appeals Tribunal under Division 3 of Part 6.

34. Entities that are part of a corporate group but have total income individually of less than $10 million for two income years will not be required to seek a determination from the Regulator to cease reporting. This is designed to reduce the regulatory burden of large numbers of small entities seeking decisions from the Regulator on their reporting status.

Application for a determination

35. Subsection 7(5) states that a reporting entity must apply in writing to the Regulator for a determination to cease being a reporting entity. Under subsection 7(6), the Minister has the ability to prescribe rules regarding what information and documents must accompany an application to cease to be a reporting entity.

36. Subsection 7(7) describes the circumstances under which the Regulator must determine that a reporting entity is no longer a reporting entity. The Regulator must be satisfied that the total income for the reporting entity has fallen below $100 million for both of the two most recent income years, or, if the entity is part of a group, that the combined total income for all members of the group has fallen below $100 million for both of the two most recent income years. The "two most recent income years" is intended to refer to the two most recent income years immediately before the entity applies for the determination.

37. Example: On 4 April 2026, Entity Trixi applies to the Regulator for a determination that it has ceased to be a reporting entity. Entity Trixi reports in financial years (1 July to 30 June). It should provide evidence that its total income has been less than $100 million for the income years 1 July 2023 to 30 June 2024 and 1 July 2024 to 30 June 2025. These are the two most recent income years from the date it applied for its determination. The entity's application should include sufficient evidence to substantiate their application. For example, the application may include documents from an independent and suitably qualified auditor certifying their total income for the past two income years.

38. This section also allows volunteering entities under paragraph 7(1)(b) to 'opt out' of reporting. As with entities for whom reporting is required, the application must be in writing and include information and documents prescribed by the Rules. The reason for having these entities write to the Regulator to 'opt out' is so that the Regulator is aware that they have left the Scheme and this can be reflected in the public-facing register and any internal systems in place for tracking reports.

When the determination has effect

39. Subsection 7(8) outlines when a determination from the Regulator that an entity is no longer a reporting entity will take effect. The reporting obligations of an entity which has successfully applied to the Regulator for a determination that it no longer qualifies as a reporting entity, shall cease immediately before the start of the income year in which the Regulator makes the determination. This means the entity would not need to report for the income year in which the Regulator made the determination.

40. Example: Entity Archie has been a reporting entity for several years. Its income years have been regular financial years (1 July to 30 June). It experiences a downturn in income over a few years and, on 1 September 2023, it applies to the Regulator for a determination that it has ceased to be a reporting entity. The Regulator makes a determination that Entity Archie has ceased to be a reporting entity on 1 January 2024. The determination is made in the middle of the 1 July 2023 to 30 June 2024 income year. Under subsection 7(8), the determination takes effect immediately before the start of that income year: specifically, it takes effect on 30 June 2023. Entity Archie does not need to report for the income year of 1 July 2023 to 30 June 2024.

Notice of decision

41. Subsection 7(9) requires the Regulator to respond in writing to an application for a determination that the entity has ceased being a reporting entity under subsection 7(3). The expected timeframes for determinations will be elaborated upon in guidance material from the Regulator.

42. If the Regulator is satisfied that an entity is no longer required to report, written notice will be provided to that entity advising that the entity has ceased to be a reporting entity.

43. If the Regulator is satisfied that an entity is still a reporting entity, it is intended that the entity will receive a written notice from the Regulator advising that they must continue to report with attendant penalties for late reporting, failure to report and incomplete reporting unless they can provide evidence otherwise.

Section 8: Meaning of reporting period

44. Section 8 defines the meaning of "reporting period" for reporting entities.

45. Reporting entities will be required to provide a Payment Times Report for each six months of the income year. Reporting periods will be based on the income year for the reporting entity (the same as the financial year they use for tax purposes). The first report will include information as to the first six months of the income year and the second report will include information for the remainder of that income year.

46. Reporting entities must lodge a Payment Times Report within 3 months of the end of each six month reporting period, as specified in section 13.

Section 9: Act binds the Crown

47. Section 9 provides that the Act will bind the Crown in each of its capacities. The intention is that the Crown in each of its capacities is bound by the requirement to provide a Payment Times Report, if they meet the definition of a "constitutionally-covered entity" in section 6 and a "reporting entity" in section 7. However, this section makes it clear that the Crown is not liable to be prosecuted for an offence, liable to pay a pecuniary penalty, or be given an infringement notice. This provision is not intended to cover those entities which do not enjoy the "shield of the Crown"; that is, it is the intention that the Act is intended to bind entities that do not enjoy the "shield of the Crown".

Section 10: Extension to external territories

48. Section 10 makes it clear that the Act extends to all external Territories of Australia. For example, reporting entities will need to consider payments times and terms related to any operations and supply chains existing in any of the external Territories. This also means an entity based in any of Australia's external Territories must comply with the reporting requirements if it fits the definition of a "reporting entity" in section 7.

Part 2 - Reporting payment times

Division 1 - Introduction

Section 11: Simplified outline of this Part

49. Section 11 provides a simplified outline of this Part to help readers understand the substantive provisions. This simplified outline should not be taken as complete and readers should rely on the substantive provisions in the Act.

Division 2 - Reporting Payment Times

Section 12: Reporting entities must report payment times

50. Section 12 specifies that reporting entities are required to provide a Payment Times Report for the relevant reporting period.

Section 13: When report must be given

51. Section 13 outlines the timeframe for reporting and provides for extensions to be granted by the Regulator.

52. Generally, reports must be given to the Regulator within 3 months after the end of a reporting period. A reporting entity may make a written application to the Regulator requesting an extension of time to provide its report. The written application must explain the circumstances explaining why further time is required, including evidence of those circumstances, and any other information that is prescribed in the Rules.

53. The Regulator's power to grant extensions under subsection 13(4) is intended to be discretionary. The Regulator may provide further time to a reporting entity if the Regulator has considered the written application and any matters prescribed in the Rules, and the Regulator is satisfied that the extenuating circumstances were exceptional or they were outside the control of the reporting entity. This is intended to limit the circumstances in which an entity can be granted an extension.

54. If the Regulator allows the reporting entity further time, this will be confirmed in writing, along with the amount of additional time granted to submit the Payment Times Report.

55. In providing additional time, subsection 13(5) provides that the Regulator must not specify more time than the Regulator considers appropriate having regard to the severity of the circumstances and the strength of the evidence included in the application.

56. The ability of the Regulator to allow further time to a reporting entity will alleviate the regulatory burden of reporting, by ensuring that reporting entities are not subject to compliance action where extenuating circumstances have reasonably prevented them from reporting on time. The intention is that further time will only be granted having regard to the nature and severity of the circumstances that prevented the reporting entity from submitting a report on time.

57. A decision by the Regulator not to grant further time to a reporting entity is reviewable. See the discussion on section 51.

Section 14: Reporting requirements

58. Subsection 14(1) describes the content required to be included in a Payment Times Report. The report is required to include details such as the relevant reporting period, as well as specific information about payment terms and practices to small business suppliers.

59. Information required to be included in a report include details of the shortest and longest standard payment periods offered by the reporting entity, as well any changes to these standard periods during the reporting period. The report should also state the proportion of small business invoices paid by the entity between certain ranges of time, including invoices paid in less than 21 days, between 21 and 30 days, between 31 and 60 days and more than 60 days after the invoice was issued.

60. The report must include details of the principal governing body, and whether the entity is a member of a controlling group. Information about the entity's principal governing body and corporate structure will assist the Regulator in identifying and monitoring entities as part of its administration of the Payment Times Reports Register.

61. The report must also include a declaration by the responsible member that the report has been provided to the principal governing body. Visibility of reports at this level of seniority recognises the importance of ensuring that reporting accurately on payments time and practices is given sufficient regard in the organisation, but balances this by reducing the regulatory burden associated with full approval by the entire principal governing body.

62. The report must detail any notifiable events that have occurred since the last Payment Times Report and also include any other information or documents that are prescribed in the Rules. This rule-making power is intended to allow for flexibility to respond to changing business and industry practices, so that, for example, the Rules can take into account changes to accounting practices and terminology. It is intended that any Rules made under this provision are consistent with Australia's obligations with respect to privacy under Article 17 of the ICCPR.

63. Subsection 14(2) provides that the Rules may prescribe how certain contents of the report, such as the proportion of small business invoices paid within a certain period, is calculated. This is intended to allow the Rules to, for example, prescribe an approach for working out how to calculate the contents of reports, including when the payment period for a small business invoice begins and when it concludes.

64. Subsection 14(3) provides that information or documents prescribed by the Rules may relate to the entity's payment terms or practices, including supply chain finance arrangements to small business suppliers. "Supply chain financing arrangements" is not expressly defined in the Act, with its meaning to be provided in the Rules. Supply chain financing is intended to be synonymous with other terms used to describe this practice such as reverse factoring. Defining supply chain financing in the Rules is appropriate given the range and complexity of supply chain financing products, and the need for the Rules to provide flexibility for new and emerging products as they arise. Reporting on these types of arrangements will provide greater transparency to small businesses about larger entities that use these financing arrangements. This in turn will allow small businesses to make more informed and considered decisions about their large business customers.

65. Subsection 14(4) provides details of certain notifiable events that must be included in the report. These events include changes to an entity's applicable accounting period, or where the entity has a different business name. Other notifiable events may also be prescribed in the Rules.

66. Subsection 14(5) outlines the approval requirements for a Payment Times Report. The report must be signed by a responsible member of the entity or a responsible member of the controlling corporation.

Section 15: Civil penalty provision for failure to report

67. Section 15 makes the failure to provide a Payment Times Report a civil penalty provision.

68. This section will not apply to volunteering entities who elect to report under the Scheme under section 6.

69. The maximum penalty is 60 penalty units for an individual, and a maximum of 300 penalty units for a body corporate (calculated by reference to subsection 82(5) of the RPA). These are the maximum penalties that a court could impose if civil penalty proceedings were brought before it. The Regulator also has the power to impose infringement notices for breach of this provision (see discussion on section 34).

70. As continuing contravention penalties (section 93 of the RPA), they will be applied for each day of non-compliance from the end of the three month lodgement period of the report.

71. These penalties will ensure that entities covered by the Scheme provide compliant reports to the Regulator in a timely manner. This is important to the success and integrity of the Scheme as it will allow small businesses to make more informed decisions about their potential customers and will create pressure for cultural change to improve payment times.

72. Further information on the approach to compliance and enforcement under this Act is outlined in Part 4.

Section 16: Reporting entities must not give false or misleading reports

73. Section 16 makes the submission of false or misleading Payment Times Reports to the Regulator by a reporting entity a civil penalty provision. While these penalties do not apply to a volunteering entity, subsection 16(3) provides that a volunteering entity must not provide a Regulator a false or misleading report.

74. The maximum penalty in subsection 16(1) is 350 penalty units for an individual.

75. The maximum penalty in subsection 16(2) is 0.6 per cent of the total income for the income year in which the contravention occurred for a body corporate.

76. This is a modification to subsection 82(5) of the RPA. The reason for this modification is to provide a sliding scale of penalty amounts to ensure that penalties retain a deterrent effect for the very large entities which are covered by this Act. The penalty should be large enough to have a deterrent effect on businesses and not simply be viewed as a "cost of doing business". There are a number of precedents in other Commonwealth legislation that apply multiple of gain penalties to certain contraventions of these Acts, including in relation to certain cartel and corporate and financial sector misconduct (see for example, subsection 1317G(4) of the Corporations Act 2001, and subsection 12GBCA(2) of the Australian Securities and Investments Commission Act 2001).

77. These are the maximum penalties that a court could impose if civil penalty proceedings were brought before a court. The Regulator also has the power to impose infringement notices for breach of this provision (see discussion in Part 4).

78. It is important that small business can be assured that data on large entity's payment practices is accurate to allow them to make informed business decisions, as the Scheme's purpose is to make this information transparent. The integrity of the data provided is central to the Scheme working as intended.

79. Further information on the approach to compliance and enforcement under this Act is outlined in Part 4.

Division 3 - Access to Payment Times Reports

Section 17: Payment Times Reports Register

80. Section 17 establishes the Payment Times Reports Register.

81. The Regulator is responsible for maintaining the Payment Times Reports Register (in addition to the functions conferred under section 25 of the Act). The Payment Times Reports Register will be a publicly accessible and free of charge website, where information from Payment Times Reports submitted by reporting entities will be published.

82. Making information from these reports publicly available and without charge, will enable small business suppliers to view and assess the payment times and practices of potential large business customers in one place. Improved transparency will assist small businesses to make more informed decisions when engaging with these large businesses. Publishing the payment performance of large businesses may also lead to improved performance in payment times and practices.

Section 18: Registration of Payment times Reports

83. Section 18 requires the Regulator to register Payment Times Reports that are submitted to the Regulator pursuant to Division 2 of Part 2 of the Act.

Section 19: Registration of revised Payment Times Reports

84. Section 19 allows a reporting entity to request the Regulator to register and publish a revised Payment Times Report.

85. The updated version of the Payment Times Report must show the date of revision and describe any changes made, as well as meet the minimum requirements for Payment Times Reports set out in Division 2 of Part 2.

86. Allowing a reporting entity to register a revised Payment Times Report will allow them to correct any false or misleading statements or other errors made in its preparation.

87. The Regulator must register the revised Payment Times Report if circumstances prescribed by the Rules exist in relation to the request to register the revised Payment Times Report, and the revised report complies with the reporting requirements set out in section 14 of the Act. The intention is that the Rules made under subsection 3(b) will prescribe the circumstances in which a revised report can be registered.

88. The ability of a reporting entity to submit revised reports will ensure that the Register is accurate and up to date, with any changes to the Register made transparent.

89. It is not intended that publication of a revised report will limit the ability of the Regulator to, for example, publish information about non-compliance (under section 22) or engage any other compliance and enforcement powers under Divisions 3 and 4 of Part 4.

Section 20: Decision not to publish certain information

90. Section 20 provides the Regulator with the discretion to not publish certain information contained in a Payment Times Report where the Regulator considers the publication of this material is not in the public interest.

91. In making this decision, the Regulator must consider whether the information is personal information, commercial-in-confidence or any other information as prescribed by the Rules.

92. For information to be considered commercial-in-confidence, subsection 20(3) provides that the Regulator must be satisfied that the publication of the information would cause competitive detriment, is not already in the public domain, is not required to be disclosed under Australian law, or is not readily discoverable.

93. This recognises that while the purpose of the Payment Times Reports Register is to enhance transparency about payment times and practices, there are circumstances where the publication of certain kinds of information provided in a Payment Times Report would not be in the public interest. The intention of this provision is to limit disclosure of information that is not central to the Scheme, but is provided in the report - for example, the personal details of contact officers of a reporting entity, or commercial-in-confidence information that is not related to the content requirements in section 14 but is inadvertently provided in the report due to a technological error.

94. Given the objective of the Scheme, whilst its publication may cause competitive detriment, poor payment time performance or information about payment terms, are not considered commercial-in-confidence.

Section 21: Decision not to publish Payment Times Reports for volunteering entities that fail to comply with Act

95. Section 21 applies in circumstances where the Regulator is reasonably satisfied that a volunteering entity fails to comply with the Act.

96. Where a volunteering entity is non-compliant with its obligations under the Act, the Regulator has the power to decide not to publish a Payment Times Report from the entity until the Regulator is satisfied that the entity has undertaken remedial action.

97. The rationale for this provision is to provide an incentive for volunteering entities to comply with the obligations under the Act, understanding that there are good reasons why civil penalties should not apply to those who have volunteered. Ensuring volunteering entities comply with the obligations under the Act is necessary to ensure the integrity of the data on the register and the successful administration of the Scheme by the Regulator.

Section 22: Publication of information about failure to comply with Act

98. Section 22 allows the Regulator to publish the identity of non-compliant reporting entities, including details on the failure to comply with their obligations under the Act. These details may be published on the Payment Times Reports Register, or in another way that the Regulator considers appropriate (or both). Due to the definition of 'reporting entity', this section allows publication of non-compliance by both entities who report on a mandatory basis and volunteering entities.

99. Before the identity of an entity and details of non-compliance are published, the Regulator must give notice of its intention to publish to the entity and invite a written response from the entity be provided within 28 days. The Regulator must have regard to any response provided by the entity. This is intended to provide procedural fairness to the relevant entity and allow it an opportunity to respond before the Regulator makes a decision to publish. The threshold of being 'reasonably satisfied' is intended to be interpreted in line with previous court decisions on this threshold in similar regulatory contexts. In order to be 'reasonably satisfied,' the Regulator will need to have reasonable, objective grounds upon which to base their satisfaction that a reporting entity has not complied with the Act.

100. It is intended that the Regulator will use this power to 'name and shame' entities who egregiously disregard their obligations under the Act, rather than to publish the details of non-compliance which has resulted from an inadvertent mistake or error. This is intended to deter wilful non-compliance with the Act.

101. The Regulator's power under this section is intended to promote the proper functioning and encourage compliance with the Scheme, in line with the Regulator's role. The Regulator coming to the view that an entity has not complied with the Act is a necessary step it needs to take before it makes a decision about whether to publish that non-compliance information. In being reasonably satisfied that an entity has not complied with the Act, it is not intended that the Regulator will be conclusively determining the rights and liabilities of a reporting entity.

102. The Regulator must not publish information if the non-compliance occurred before the enforcement day. See the discussion at section 37.

103. A decision by the Regulator to publish the identity or details of non-compliance by an entity is a reviewable decision. See the discussion at section 51.

Part 3 - Payment Times Reporting Regulator

Division 1 - Introduction

Section 23: Simplified outline of this Part

104. Section 23 provides a simplified outline of this Part to help readers understand the substantive provisions. This simplified outline should not be taken as complete and readers should rely on the substantive provisions in the Act.

Division 2 - Payment Times Reporting Regulator

Section 24: Payment Times Reporting Regulator

105. Section 24 establishes the position of the Payment Times Reporting Regulator.

106. The Payment Times Reporting Regulator is a designated position in the Department of Industry, Science, Energy and Resources and is appointed by the Secretary of the Department. The Regulator is required to be a Senior Executive Service (SES) employee in the Department. Given the role of the Regulator is to administer the Scheme and monitor and enforce compliance with the Act, it is appropriate that these functions are exercised by a senior officer in the Department.

107. Subsection 24(4) confirms that a written designation of the position of Payment Times Reporting Regulator by the Secretary made under subsection 24(1) is not a legislative instrument and is merely declaratory of the law. The instrument is not a legislative instrument within the meaning of subsection 8(1) of the Legislation Act 2003. An instrument of appointment under subsection 24(1) is classed as an instrument of appointment, engagement or employment, which is explicitly excluded from legislative instrument status by table item 8 in section 6 of the Legislation (Exemptions and Other Matters) Regulation 2015.

Section 25: Functions of the Regulator

108. Section 25 establishes the functions of the Regulator. The Regulator must administer the Act, including by monitoring and enforcing compliance, as well as any other functions prescribed by the Rules or conferred on it by any other law of the Commonwealth.

109. The Regulator must also provide advice to the Minister on the activities undertaken to administer the Act, including its monitoring and compliance functions, and other functions. The intention of advising the Minister is to ensure that the Scheme is operating as intended and the Minister is informed of any significant issues arising from the operation of the Scheme.

110. Section 25 also empowers the Regulator to do those things that are incidental or conducive to the Regulator's performance in undertaking its functions. This may include, for example, functions related to the maintenance of the Payment Times Reports Register, and educational material and guidance.

Section 26: Powers of the Regulator

111. Section 26 empowers the Regulator to do only those things necessary or convenient for, or related to, their functions under section 25.

112. The intention is to allow flexibility for ancillary powers that are needed for the Regulator to perform its functions under section 25, but which were not foreseen at the time of drafting, or to provide for powers that are necessary for the Regulator to practically carry out its functions under section 25 (for example, the ability to maintain and administer the online Payment Times Reports Register including registering Payment Times Reports).

Section 26: Powers of the Regulator

113. Section 26 provides the Regulator with the power to do all things necessary or convenient to exercise its functions.

Section 27: Delegation by the Regulator

114. Section 27 allows for the delegation of any or all of the Regulator's powers and functions under the Act (except for those specified in subsection 27(2)). It is appropriate for the Regulator to be able to delegate certain powers and functions to ensure the Scheme can be administered effectively and efficiently, as it would not be practical for the Regulator to personally administer the entire Scheme.

115. Subsection 27(1) provides for the Regulator to formally delegate the powers and functions under the Act. The approach taken to delegations is based on the degree of discretion involved in the decision, the nature of the decision and the potential impact on the reporting entity, and the anticipated volume of decisions.

116. The following powers may be delegated to the level of Senior Executive Service (SES), or acting SES employee in the Department:

a.

decisions to determine whether an entity has ceased to be a reporting entity under subsection 7(3);

b.

decisions not to allow further time to give a payment times report under subsection 13(4);

c.

decisions to publish the identity or details of non-compliance of a reporting entity under subsection 22(1); and

d.

directing that an audit be undertaken under subsection 30(2).

117. It is appropriate that these powers are limited to the SES level due to the significant nature of the decisions that underpin the operation of the Scheme, the degree of discretion involved and the consequential impact on the reporting entity. For example, in deciding whether to exercise its compliance functions to publish the identity or details of non-compliance of a reporting entity, the Regulator would likely need to consider a range of factors in coming to this decision.

118. To ensure that the operational aspects of the Scheme are administered effectively, certain powers may be delegated to the level of Executive Level 2 (EL2), or acting EL2 employee in the Department:

a.

maintenance of the Payment Times Reports Register under section 17;

b.

registration of Payment Times Reports on the Payment Times Reports Register under section 18; and

c.

the power to do anything incidental or conducive to the performance of any of the other functions in section 25.

119. These decisions are potentially high volume but of low significance and complexity, and so it is appropriate to delegate these powers to the EL2 level. This will ensure Departmental employees are able to manage the day-to-day administration of the Scheme, including receiving, processing and registering new and revised Payment Times Reports and ensuring that the Payment Times Reports Register is maintained and functioning.

120. Subsection 27(2) prevents the Regulator from delegating the functions described in section 35 (appointment of authorised officers) or section 36 (appointment of infringement officers). This means that the Regulator must personally appoint all authorised officers and all infringement officers.

121. Subsection 27(4) makes it clear that, where an SES employee is carrying out delegated powers or functions under the Act, the employee must comply with any directions the Regulator makes.

Part 4 - Compliance and Enforcement

Division 1 - Introduction

Section 28: Simplified outline of this Part

122. Section 28 provides a simplified outline of this Part to help readers understand the substantive provisions. This simplified outline should not be taken as complete and readers should rely on the substantive provisions in the Act.

Division 2 - Obligations of reporting entities

Section 29: Record-keeping requirements

123. Section 29 requires reporting entities to keep records of information used to prepare Payment Times Reports for at least seven years after the end of the relevant reporting period.

124. A maximum penalty of 200 penalty units applies to an individual for a failure to keep records for a period of seven years under subsection 29(1). This penalty does not apply to volunteering entities who elect to report under the Scheme under section 6.

125. For a body corporate, the maximum penalty is 0.2 per cent of the total income for the income year in which the contravention occurred for a body corporate. This is a modification to subsection 82(5) of the RPA. The reason for this modification is to provide a sliding scale of penalty amounts to ensure that penalties retain a deterrent effect for the very large entities which are covered by this Act. The penalty should be large enough to have a deterrent effect on businesses and not simply be viewed as a "cost of doing business". There are a number of precedents in other Commonwealth legislation that apply multiple of gain penalties to certain contraventions.

126. These are the maximum penalties that a court could impose if civil penalty proceedings were brought before a court. The Regulator also has the power to impose infringement notices for breach of this provision as discussed in relation to section 34 of the Act.

127. The rationale for this penalty is that it is important that payment data is retained by reporting entities for a sufficient period of time, to provide the Regulator with historical information about payment times. Without this information it would not be possible to ensure that the information provided is accurate, which may compromise the integrity of the Scheme.

128. The requirements to keep records for this duration is consistent with record-keeping requirements in other Commonwealth legislation, for example, the obligation for a company to keep financial records as required by section 286 of the Corporations Act 2001.

129. These penalties have been designed to encourage large reporting entities to meet their record-keeping requirements under the Scheme and to ensure that the Regulator can undertake compliance or enforcement activity, where appropriate. It is intended that penalties would only be imposed in cases of wilful non-compliance, and not where a failure to keep records results from a genuine mistake or an event beyond the reporting entity's control (such as a natural disaster).

Section 30: Compliance audits

130. If the Regulator reasonably suspects that a reporting entity has contravened a provision of the Act, the Regulator may give notice under section 30 for the appointment of an auditor. The requirement to have a "reasonable suspicion" is an important safeguard to ensure that the Regulator has reasonable grounds for requiring the appointment of an auditor. The threshold of having a reasonable suspicion is intended to be interpreted in line with previous court decisions on this threshold in similar regulatory contexts. In order to have a reasonable suspicion, the Regulator will need to have reasonable, objective grounds upon which to base its suspicion that a reporting entity has contravened the Act.

131. The ability to compel an audit will work in concert with the Regulator's monitoring and investigation powers (see discussion at Division 4). The audit will identify if there is an issue with non-compliance, and depending on the outcomes, further investigation will be required to be undertaken. After investigation, decisions may be made to enforce any non-compliance, for example by imposing infringement notices or court proceedings.

132. Subsection 30(2) provides that the Regulator must notify the entity in writing that the entity must appoint an auditor. The auditor may be a person nominated by the entity and approved by the Regulator. In cases where the Regulator does not approve the nominated person, the Regulator may appoint, in writing, a different person as an auditor. This is intended to provide the Regulator with the ability to ensure that an auditor has the appropriate level of expertise, experience and independence from the entity.

133. The Regulator can require the entity to arrange an auditor to undertake an audit of the entity's compliance with the Act or aspects of the Act, and to provide the Regulator a written report outlining the results of the audit within a specified time period.

134. To provide certainty to reporting entities, subsection 30(3) provides that the Regulator must specify in writing the required qualifications and independence of the auditor, the scope of the audit, and the form and content that must be included in the audit report. It is also anticipated that this written notice will provide information on administrative aspects of the audit, such as who to send the audit to and the timeframe in which the audit report must be given to the Regulator.

135. An entity is required to comply with the notice under subsection 30(4). Subsection 30(5) provides that the entity must provide the auditor, and persons assisting the auditor, with all reasonable facilities and assistance necessary in exercising its functions.

136. Subsection 30(6) provides that the entity is required to pay the reasonable fees and expenses of the auditor for preparing the audit report. It is expected that the amount the entity will pay for the audit will be negotiated between the entity and auditor, and it will be based on the value of the audit services.

137. It is intended that before an audit is required, the Regulator will engage with the entity regarding their non-compliance, through methods such as education and voluntary information requests. If these approaches are not successful, the Regulator may request the reporting entity to undertake an audit where there is a reasonable suspicion about the accuracy of the information provided by that entity.

138. It is not unreasonable for a reporting entity to bear the costs of an auditor. There are a number of precedents in other Commonwealth legislation where this is the case, such as section 262 of the Fair Work (Registered Organisations) Act 2009.

139. Failure to comply with a notice to appoint an auditor under subsection 30(4) attracts a maximum penalty of 60 penalty units for an individual and 200 penalty units for a body corporate. This reflects the serious nature of a direction to conduct an audit by the Regulator. While volunteering entities still have an obligation to comply with an audit notice, these financial penalties do not apply to them.

140. The obligation under subsection 30(4) is intended to include compliance with any time period specified in the notice in which the audit report is to be provided. Failure to comply with the time period for an audit report contained in a notice is intended to be a continuing contravention under section 93 of the RPA, so that each day a final audit report is late will constitute a separate contravention. This ensures that entities subject to audit provide the report in a timely manner.

141. Failure to provide an auditor with all reasonable facilities and assistance necessary under subsection 30(5) attracts a maximum penalty of 200 penalty units for an individual. For a body corporate, the maximum penalty is 0.2 per cent of the total income for the income year in which the contravention occurred. This is a modification to subsection 82(5) of the RPA to provide a sliding scale of penalty amounts to ensure that penalties retain a deterrent effect on businesses. As stated in the discussion for Part 2, there are a number of precedents in other Commonwealth legislation that apply multiple of gain penalties to certain contraventions of these Acts. While volunteering entities still have an obligation to provide reasonable facilities and assistance to an auditor, these financial penalties do not apply to them.

142. These are the maximum penalties that a court could impose if civil penalty proceedings were brought before a court. These penalties do not apply to volunteering entities who elect to report under the Scheme under section 6. The Regulator also has the power to impose infringement notices for breach of these provisions.

Division 3 - Regulatory powers

Section 31: Monitoring powers

143. The RPA provides for a standard suite of provisions in relation to monitoring, investigation and enforcement powers and are an accepted baseline of powers for an effective Commonwealth regulatory regime. This is in line with the broader Commonwealth policy to adopt the powers in the RPA for all new Commonwealth Acts which require regulatory powers. The intention in adopting the RPA powers in this Act is to contribute to a coherent, consistent body of law across Commonwealth regulators. It helps make it easier for stakeholders who are subject to these powers to understand and comply with the law and to know their rights and responsibilities.

144. Section 31 triggers Part 2 of the RPA (Monitoring) in relation to provisions of this Act and offences against the Crimes Act 1914 or the Criminal Code that relate to this Act.

145. These imported powers include: the power to enter premises, with either the occupier's consent or under a monitoring warrant (section 18 of the RPA), to inspect documents, make copies, operate electronic equipment, and secure evidence once on the premises (sections 18 to 23 of the RPA), and to ask questions and seek the production of documents once on the premises (section 24 of the RPA).

146. In order to effectively administer the Act, the Regulator requires these monitoring powers to verify that reporting entities are complying with the Act.

147. Subsection 31(2) provides that information given in compliance with the Act is subject to monitoring under Part 2 of the RPA. It is intended, for example, that the Regulator would use its monitoring powers to ensure that reporting entities provide correct and relevant information in a Payment Times Report.

148. Monitoring powers are used so that the Regulator in administering and enforcing the Act, can 'check' compliance with the Act. These powers can be used, for example, to examine documents upon which Payment Times Reports are based.

149. Under the RPA, monitoring powers may be used to determine whether a provision has been, or is being complied with, and/or to determine whether information subject to monitoring under the Act is correct. Monitoring powers can only be exercised with the consent of an occupier of a relevant premises, or with a monitoring warrant issued by an issuing officer (who is either a Magistrate or a Federal Court judge) (see sections 18 and 19 of the RPA).

150. Note 2 to subsection 31(1) provides that the monitoring powers do not commence before the enforcement day (18 months after the commencement of the Act at subsection 37(5)).

151. Subsection 31(3) provides for a number of aspects for the purposes of Part 2 of the RPA, including specifying who the authorised applicant and authorised person is, the issuing officer, the relevant chief executive and the relevant court.

152. Subsection 31(4) has been included so that a person can assist an authorised person in performing the monitoring powers, functions or duties outlined in subsections 31(1) or (2). Under paragraph 23(1)(a) of the RPA, a person exercising monitoring powers may only be assisted by another person if it is necessary and reasonable to do so. For example, it may be necessary and reasonable for a person to assist the authorised officer when making copies of documents and securing evidence on a premises.

153. Subsection 31(5) clarifies that Part 2 of the RPA, as it applies under the provisions mentioned in subsection 31(1) and the information in subsection 31(2), applies to every external Territory.

Section 32: Investigation powers

154. Part 3 of the RPA provides powers to investigate (that is, gather material in relation to) contraventions of offence provisions and civil penalty provisions.

155. Section 32 triggers Part 3 of the RPA (Investigation) in relation to civil penalty provisions in this Act and offences against the Crimes Act 1914 or the Criminal Code that relate to this Act.

156. These powers include the power to enter into premises by consent or under an investigation warrant, and the search and seizure of evidential material (see section 49 of the RPA) An investigation warrant is applied for by an authorised applicant, and issued by an issuing officer (who is either a Magistrate or a Federal Court judge).

157. The Regulator will require these investigation powers to enable the entry of premises and exercise of investigation powers where the Regulator suspects on reasonable grounds that there may be evidential material on the premises related to the contravention of a civil penalty or offence provision under this Act. This is an important part of the Regulator's core functions under the Act: to monitor compliance and ensure the integrity of the Scheme.

158. Note 2 to subsection 32(1) provides that the monitoring powers do not commence before the enforcement day (18 months after the commencement of the Act at subsection 37(6)).

159. Subsection 32(2) provides for a number of aspects for the purposes of Part 3 of the RPA, including specifying who the authorised applicant and authorised person is, the issuing officer, the relevant chief executive and the relevant court.

160. Subsection 32(3) has been included so that a person can assist an authorised person in performing the investigation powers, functions or duties outlined in subsection 32(1) or (2). Under section 53 of the RPA, a person exercising investigative powers may only be assisted by another person if it is necessary and reasonable to do so. For example, given the volume of information and data a reporting entity relies on in preparing a Payment Times Report, it may be reasonable and necessary for a person to assist the authorised offer when examining and seizing evidential material on the premises.

161. Subsection 32(4) clarifies that Part 3 of the RPA, as it applies under the provisions mentioned in subsection 32(1), extends to every external Territory.

Section 33: Civil penalty provisions

162. Section 33 provides that each civil penalty provision in this Act is enforceable under Part 4 of the RPA. This provision triggers Part 4 of the RPA, which allows court proceedings to be commenced, seeking an order for a person to pay a monetary penalty for the contravention of the provision.

163. The provisions subject to a civil penalty in this Act are: failure to provide a report (section 15); providing false and misleading reports (section 16); record-keeping requirements (section 29) and failure to comply with requirements regarding compliance audits (section 30).

164. The Regulator requires the ability to bring civil penalty proceedings against reporting entities (who are not volunteering entities) to ensure compliance with the provisions of the Act. The success and integrity of the Scheme depends on entities providing accurate reports to the Regulator in a timely manner. This will allow small businesses to make more informed decisions about their potential customers and will create pressure for cultural change to improve payment times. The ability to bring civil penalty proceedings reflects the serious nature of the obligations under the Act, which requires enforcement by the Courts in appropriate cases.

165. Subsections 33(2) and (3) set out that the authorised applicant and relevant court are those defined in section 5.

166. Subsection 33(4) provides that Part 4 of the RPA does not make the Crown in the right of the Commonwealth liable to a pecuniary penalty for breach of a civil penalty provision of this Act. It is intended that any entity that enjoys "the shield of the Crown" will not be liable for a pecuniary penalty for contravention of the Act. It is intended that any entities that do not enjoy the "shield of the Crown" will be liable to pay a pecuniary penalty (such as, for example, a corporate Commonwealth entity).

167. Section 95 of the RPA provides a defence to a contravention of a civil penalty provision where a person has made a mistake about the facts involved. Specifically, it states that a person who makes a mistake of fact is not liable for a civil penalty if they considered whether the facts existed and they were under a mistaken but reasonable belief about those facts.

168. Subsection 33(5) is intended to clarify the operation of section 95 of the RPA to apply to body corporates. It draws upon similar text from section 12.5 of the Criminal Code, which provides a mistake of fact defence specifically for body corporates.

169. Subsection 33(6) provides further detail on what a failure of due diligence may be substantially attributed to for the purposes of subsection 33(5), but it is not intended to be exhaustive or prescriptive. This provision is also based on section 12.5 of the Criminal Code.

170. Subsection 33(7) clarifies that Part 4 of the RPA, as it applies to civil penalty provisions in this Act applies, to every external Territory.

Section 34: Infringement notices

171. Subsection 34(1) triggers Part 5 of the RPA, to allow the imposition of infringement notices in relation to the civil penalty provisions in this Act. An infringement notice is a written notice to pay a monetary penalty which is imposed on a person by a regulator, on the basis of an alleged contravention of a law.

172. Each civil penalty provision in this Act does not apply to conduct engaged in before the enforcement day. See the discussion at section 37.

173. Subsection 34(1) creates an ability for an infringement officer-the Regulator or someone appointed under subsection 36(1)-to impose infringement notices when they believe on reasonable grounds that a person has contravened a provision (subsection 103(1) of the RPA).

174. Under section 103 of the RPA, infringement notices must be given within 12 months after the day the alleged contravention happens, and a single infringement notice must relate only to a single provision. However, a single notice can be given for multiple contraventions if the Act requires a thing to be done by a particular time and the person fails to do that on more than one day. This means that it would be possible for an infringement officer to, for example, issue one infringement notice per day for every day a Payment Times Report is not submitted.

175. For example, a body corporate could be issued nine infringement notices for being nine days late in submitting a Payment Times Report. The amount of each infringement notice would be capped at either 60 penalty units per infringement notice or one-fifth of the maximum penalty units a court could impose, whichever amount is lower (s 104(2) of the RPA). The alternative option for the Regulator would be to issue one infringement notice covering all nine contraventions - the amount of this infringement notice would be calculated in accordance with s 103(3) of the RPA.

176. The reason why Part 4 of the RPA has been triggered is to provide for a standardised approach to regulatory powers across the Commonwealth. Infringement notices provide a cost effective and less administratively complex mechanism for the Regulator to enforce obligations under the Act, and they are particularly suitable for some contraventions where the nature and seriousness of the contravention may not justify initiating court proceedings.

177. Subsection 34(2) provides that the Regulator, or a person appointed under subsection 36(1), are infringement officers. An infringement officer has the power, if they reasonably believe that a provision of this Act has been contravened, to issue an infringement notice under section 103 of the RPA.

178. Subsection 34(3) provides that the Regulator acts as the chief executive for the provisions mentioned in subsection 34(1) for the purposes of Part 5 of the RPA.

179. Subsection 34(4) clarifies that Part 5 of the RPA, as it applies to the provisions mentioned in subsection 34(1) of this Act, applies to every external Territory.

Section 35: Appointment of authorised officers

180. Subsection 35(1) provides the Regulator the power to appoint APS employees at the Executive Level 1 (EL1) or higher as authorised officers for the purposes of the Act.

181. A person appointed as an authorised officer under subsection 35(1) has powers under Parts 2 to 5 of the RPA. The reason this is limited to the EL1 level is because authorised officers exercise a wide range of powers, some of which are high volume and low complexity and which would be impractical to be exercised by someone at a higher designation. For example, investigative powers including searching premises, taking photos, inspecting and making copies of documents, examining or measuring evidential material.

182. While some of these powers are more significant in nature (such as applying to a court for a warrant), other frameworks will limit the exercise of these powers to higher designations within the Department (such as the Public Governance, Performance and Accountability Act 2013, and the Legal Services Directions 2017).

183. An authorised officer, for the purposes of this Act, can exercise the powers of an 'authorised person' or an 'authorised applicant' under the RPA. The Regulator must not appoint someone as an authorised officer unless the Regulator is satisfied that the person has the necessary knowledge or experience needed to perform the role. This is intended to limit the scope of people who can exercise these powers to those who are qualified to do so. The authorised officers must comply with any directions given by the Regulator under subsection 35(3).

184. Subsection 35(4) is included to clarify that a written direction made under this section is not a legislative instrument within the meaning of subsection 8(1) of the Legislation Act 2003.

Section 36: Appointment of infringement officers

185. Subsection 36(1) allows the Regulator to appoint an APS employee at the level of Executive Level 2 (EL2) or higher as infringement officers for the purposes of this Act.

186. A person appointed as an infringement officer under subsection 36(1) has powers under Part 5 of the RPA (see the discussion at section 34). If an infringement officer reasonably believes that a provision of the Act has been contravened, they may issue an infringement notice under section 103 of the RPA. Their name and contact details are required to be included on the infringement notice (paragraph 104(1)(d) of the RPA).

187. The reason this is limited to EL2 or higher is because infringement notices involve a high degree of discretion and are a significant form of enforcement action, involving the imposition of a penalty on reasonable grounds without Court involvement. In addition, someone must not be appointed an infringement officer unless the Regulator is satisfied they have the necessary knowledge or experience needed to perform the role. This is intended to limit the scope of people who can exercise these powers to those who have the necessary skills and experience to do so. The infringement officers must comply with any directions given by the Regulator (subsection 36(3)).

188. Subsection 36(4) is included to assist readers, and an instrument made under this provision is not a legislative instrument within the meaning of subclause 8(1) of the Legislation Act 2003.

Division 4 - Delayed compliance and enforcement powers

Section 37: Delayed compliance and enforcement powers

189. Section 37 provides that there will be an 18-month period where compliance and enforcement powers will not apply to the obligations in the Act.

190. This is intended to allow time for reporting entities to become familiar with the Scheme without the threat of compliance and enforcement action while they are transitioning to the new arrangements.

191. The enforcement day is the day that the compliance and enforcement provisions will start to apply, and that day is 18 months after the commencement of the Act (subsection 37(2)).

192. Subsections 37(1) and (3) to (6) provide for the powers that do not apply before the enforcement day. These include the application of civil penalty provisions, publishing information regarding non-compliance, audit powers, monitoring and investigation powers.

Part 5 - Protected information

Division 1 - Introduction

Section 38: Simplified outline of this Part

193. Section 38 provides a simplified outline of this Part to help readers understand the substantive provisions. This simplified outline should not be taken as complete and readers should rely on the substantive provisions in the Act.

194. Note 1 provides that Division 2 constitutes an authorisation for the purposes of the Privacy Act 1988 and other laws (including the common law). It will also protect the entrusted person who uses or discloses the information from committing an offence under section 45 of the Act.

195. Note 2 refers the reader to the definition of use in section 5 of the Act, which provides that the term use, in relation to information, includes making a record of the information.

Division 2 - Authorised use or disclosure

Section 39: Performing functions or exercising powers under this Act

196. Section 39 provides that an entrusted person who obtains protected information may use or disclose that information in performing functions or duties or exercising powers under the Act. The intention of this provision is to make it clear that protected information is only allowed to be disclosed or used for the purposes of this Act.

197. As defined in section 5, entrusted person means the Secretary, the Regulator, an APS employee in the Department, or any other person employed in or engaged by the Department. This definition establishes a cohort of persons to which Part 5 applies.

198. Protected information as defined in section 5 for the purposes of this Division refers to any information obtained under, or in accordance, with this Act. This would include, for example, information given under section 13 in a Payment Times Report. It may also include any information the Regulator obtains when making a determination under section 6 (ceasing to be a reporting entity) or section 13 (application for further time to give a report).

199. For example, this section will enable the Regulator who receives protected information in response to a reporting requirement under section 14 of the Act, to use that information for the purpose of administering the Act (for example, for publication on the Payment Times Report Register).

Section 40: Policy development

200. Section 40 provides an entrusted person may use or disclose protected information to another entrusted person for the purposes of policy development. The intention is to allow the sharing of information for the purposes of developing related policies within the Department. Importantly, information may only be shared to another entrusted person and an entrusted person who is provided with information for this purpose will commit an offence under section 46 of the Act if they engage in unauthorised use or disclosure of the information.

Section 41: Proceedings etc.

201. Section 41 provides that an entrusted person may disclose protected information to a court, tribunal or coronial inquiry, or when required to do so by an order of a court, tribunal or coroner, for the purposes of proceedings before that court, or tribunal or for the purposes of a coronial inquiry. This is intended to make it clear that protected information can be disclosed if a court or other proceeding requires it.

Section 42: Enforcement related activity

202. Section 42 provides a specific ground for an entrusted person to use or disclose protected information for the purposes of enforcement related activities, where the person reasonably believes that the use or disclosure is necessary for, or directly related to, enforcement related activities being conducted by, or on behalf of, that enforcement body. This is intended to make it clear that protected information received as part of, for example, administering this Act, may be disclosed to an enforcement body.

203. For example, a person who receives protected information may disclose the information to an enforcement agency if the person reasonably believes that it is reasonably necessary to do so for an investigation. The requirement for the person to have "reasonable belief" is an appropriate threshold test to ensure that information is protected while at the same time accessible for enforcement related activities. A reasonable belief will require both a subjective and an objective element.

204. Subsection 42(2) provides that an enforcement body that receives protected information may use or disclose the protected information for the purposes of conducting one or more enforcement related activities.

Section 43: Information required by another Australian law

205. Section 43 provides that an entrusted person who obtains protected information may use or disclose the protected information when required to do so under an Australian law other than the Act. This is intended to make it clear that protected information received as part of, for example, the administration of this Act, may be disclosed if another Australian law requires that disclosure.

Section 44: Person to whom information relates-disclosure and consent

206. Section 44 enables an entrusted person who obtains protected information to disclose protected information to the person to whom the information relates. This provision is intended to remove any doubt that such a disclosure is authorised and is not prevented by the disclosure regime that is set out in the Act.

207. Subsection 44(2) enables the first person who obtained the protected information to use or disclose the information if the person to whom the information relates expressly consents to the first person using or disclosing the information.

Section 45: Person who provided information

208. Section 45 will enable an entrusted person to disclose protected information to the person who provided the information. This provision is intended to remove any doubt that such a disclosure is authorised and is not prevented by the disclosure regime that is set out in the Act.

Division 3 - Unauthorised use or disclosure

Section 46: Unauthorised use or disclosure

Fault-based offence

209. Section 46 provides for a criminal offence where an entrusted person who has obtained protected information in the course of, or for the purposes of, performing functions or duties or exercising powers under the Act, uses or discloses that information in an unauthorised way.

210. The maximum penalty for contravening subsection 46(1) will be imprisonment for two years or a maximum penalty of 120 penalty units (or both). The level of the penalty is consistent with other similar Commonwealth offences. The penalty is intended to provide an effective deterrent to conduct that may result in the disclosure of protected information in circumstances that are not reasonable, necessary or proportionate. The penalty reflects the serious consequences for unauthorised use or disclosure of protected information.

Exception for use or disclosure in good faith

211. Subsection 46(2) creates a defence to the offence in subsection 46(1), if the use or disclosure of protected information was done in good faith and in purported compliance with a provision in Part 5 of the Act or with the Rules. This is consistent with other Commonwealth protected information schemes.

212. A note to subsection 46(2) refers the reader to subsection 13.3(3) of the Criminal Code, providing that the defendant will bear the evidential burden in relation to this defence. The defendant bearing the evidential burden to make out their own defence is consistent with criminal law generally.

Part 6 - Miscellaneous

Division 1 - Introduction

Section 47: Simplified outline of this Part

213. Section 47 provides a simplified outline of the Act to help readers understand the substantive provisions. This simplified outline should not be taken as complete and readers should rely on the substantive provisions in the Act.

Division 2 - Treatment of certain kinds of entities

Section 48: Treatment of partnerships

214. Section 48 clarifies how the Act applies to partnerships and how they are treated. This provision is necessary because a partnership is structured differently to a body corporate and it does not have its own separate legal personality.

215. Subsection 48(2) provides that any obligation that would otherwise fall on the entity is instead imposed on each partner and that obligations may also be carried out by any partner.

216. Subsection 48(3) outlines that civil penalty provisions of the Act are contravened by each partner who did, knew about, or aided, the act or omission.

217. Subsection 48(4) provides for the purposes of the Act, a change in the individual partners within the partnership does not affect the ongoing responsibility of the membership of the partnership.

Section 49: Treatment of unincorporated associations or bodies of persons

218. Section 49 clarifies how the Act applies to unincorporated associations or bodies. This provision is necessary because an unincorporated association or body of persons is structured differently to a body corporate.

219. Subsection 49(2) outlines that any obligation that would otherwise fall on the entity is instead imposed on each member of the association's committee of management and that obligations under the Act may also be carried out by any member.

220. Subsection 49(3) outlines that civil penalty provisions of the Act are contravened by each member of the association's committee of management who did, knew about, or aided, the act or omission.

Section 50: Treatment of trusts and superannuation funds and approved deposit funds that are trusts

221. Section 50 clarifies how the obligations in the Act apply to trusts and superannuation funds.

222. Trusts and superannuation funds or approved deposit funds that are trusts do not have legal personality. This provision is necessary to ensure that the obligations in the Act can be imposed on legal persons associated with those entities. Subsection 50(2) explains how obligations apply to an entity with a single trustee and subsection 50(3) applies to entity with two or more trustees.

Division 3 - Reviewable decisions

Section 51: Reconsideration and review of decisions

223. Section 51 sets out the decisions made by the Regulator under provisions of this Act that are subject to review. These are decisions regarding an entity ceasing to be a reporting entity, granting additional time to report or publication of an entity's non-compliance.

Section 52: Application for reconsideration of reviewable decision

224. Section 52 provides that the Regulator must, in their written notice of a decision, include the reasons for the decision and information about the entity's rights of review. This ensures procedural fairness for the applicant and also is consistent with section 28 of the Administrative Appeals Tribunal Act 1975.

225. Subsection 52(2) provides the ability for a person whose interests are affected by a reviewable decision to apply in writing for the Regulator to reconsider the decision. It is intended that reconsideration by the Regulator is the first step in a requests for a decision to be reviewed. Allowing decisions to be reviewed internally by the Regulator provides reviews that are cost-effective, quick, and more accessible for applicants.

226. Under subsection 52(3) the applicant has 14 days from when they are notified of the decision to apply to the Regulator for a reconsideration of a decision. The application must explain the reasons why the applicant is requesting the decision be reconsidered. This enables the Regulator to understand the basis for the review and to respond to the specific grounds set out in the application.

Section 53: Reconsideration of reviewable decision

227. Subsection 53(1) sets out the steps that the Regulator must take after receiving an application to reconsider a reviewable decision under section 52.

228. The Regulator must either personally reconsider the decision or assign it to a delegate who was not involved in making the decision and is at least the same designation as the original decision-maker, for reconsideration. The person who reconsiders the decision is known as the internal decision reviewer.

229. Under subsection 53(2), upon reviewing the decision, the internal decision reviewer must affirm the decision, or vary the decision, or set the decision aside and make a new decision. Under subsection 53(3) the internal decision reviewer must then inform in writing to the applicant of the reconsideration decision, including the date it will come into effect and why they came to their decision.

230. Under subsection 53(4) if the internal decision reviewer does not notify the applicant that it has made a reconsideration decision within 90 days after receiving the application, it is deemed to have affirmed the original decision.

231. Subsection 53(5) provides that the reconsideration decision is to be treated as a decision under the original provision that the decision was made under (other than for the purposes of section 52).

232. Subsection 53(6) provides that the Regulator must give a copy of an internal decision reviewer's decision as soon as practicable after it is made to the Secretary. The reason for notifying the Secretary is to provide transparency regarding the decisions of the Regulator.

Section 54: Review by the Administrative Appeals Tribunal

233. Section 54 provides that an application may be made to the Administrative Appeals Tribunal (AAT) for a review of a reconsideration decision of an internal decision reviewer. This is intended to clarify that the AAT can only review an internal decision reviewer's decision, and not the original decision.

Division 4 - Other matters

Section 55: Former reporting entities

234. Subsection 55(1) provides that reporting entities still have an obligation under section 12 of the Act to report if they have not yet provided a Payment Times Report for a reporting period, even if they have ceased to be a reporting entity since that period. This is intended to ensure that entities who cease to be a reporting entity after the end of a reporting period do not fail to provide their final report for the last reporting period in which they were required to report.

235. Example: Entity Peanut is a reporting entity for the income year 1 July 2026 to 30 June 2027. It has until 30 September 2027 to submit its Payment Times Report for the reporting period 1 January 2027 to 30 June 2027. Entity Peanut receives written notice from the Regulator that it has ceased to be a reporting entity on 10 September 2027. Even though from 10 September 2027 it has ceased to be a reporting entity, it is still required to submit a report for the period 1 January 2027 to 30 June 2027.

236. Subsection 55(2) provides for a number of other obligations that continue after an entity no longer meets the requirement to report.

237. The reason why these obligations continue is to ensure the integrity of the reports that are provided by the entity for the period they were required to report, despite not having to report thereafter.

Section 56: Annual report

238. Section 56 provides that the Regulator will report annually on the operation of this Act, and the report will be included as part of the Secretary of the Department's annual report. This is an important accountability mechanism and provides the public and Parliament with information on the Regulator's performance.

Section 57: Protection against civil liability

239. Section 57 protects the Regulator, their delegates, other APS employees, and the Commonwealth more broadly, from potential civil liability action arising from any actions taken or omitted in good faith, in the performance of their duties under the Act. The Act specifically provides immunity from actions for defamation, breaches of confidence or infringement of copyright. The purpose of this provision is to protect the Regulator and their staff against personal civil liability where they are performing or exercising legislated requirements.

240. This is necessary because there are specific risks under this Act that actions done in compliance with the Act could be perceived as, for example, defamatory. For example, publication of non-compliance information under section 19, or publication of payment times reporting information that could be perceived as reflecting poorly on a reporting entity. This provision makes it clear that those who act in good faith in administering this Act are protected from these kinds of legal proceedings.

Section 58: Rules

241. Section 58 provides the ability for the Minister to make Rules, in the form of legislative instruments that will be subject to consultation, tabled in Parliament and subject to disallowance, either because they are required or permitted by the Act, or because they are necessary and convenient to be prescribed for carrying out or giving effect to the Act.

242. The reason why a rule-making power is necessary is to allow the legislation to respond promptly and flexibly to changes in circumstances.

243. Apart from the restrictions at 58(2), this section enables the Minister to make rules which will provide substance to the operation of the Act. The matters which may be dealt with in Rules made under this section include, but are not limited to:

a.

any further information relating to the income year for the entity;

b.

any further information relating to the description of an entity;

c.

the meaning of a small business;

d.

additional information and accompanying documents required in an application for an entity to be determined as, and cease being, a reporting entity;

e.

information to be included in an application to the Regulator to extend time to submit a Payment Times Report;

f.

the required information and documents to be included in a Payment Times Report including details on supply chain financing arrangements;

g.

information on the types of small business invoices to be included when calculating payment times;

h.

information relating to decisions of the Regulator to not publish certain information; and

i.

additional functions of the Regulator.

244. These matters are dealt with in the Rules, rather than regulations, in accordance with the Office of Parliamentary Counsel's Drafting Direction No. 3.8-Subordinate legislation. That Drafting Direction states that 'OPC's starting point is that subordinate instruments should be made in the form of legislative instruments (as distinct from regulations) unless there is good reason not to do so'.

245. Consistent with the Drafting Direction, the approach of dealing with these matters in rules (rather than regulations) has a number of advantages including:

a.

it facilitates the use of a single type of legislative instrument (or a reduced number of types of instruments being needed for the Act; and

b.

it enables the number and content of the legislative instruments under the Act to be rationalised; and

c.

it simplifies the language and structure of the provision in the Act that provide the authority for the legislative instruments; and

d.

it shortens the Act.

246. Due to these advantages, the Drafting Direction states that drafters should adopt this approach where appropriate with new Acts.

247. The Drafting Direction states that matters such as compliance and enforcement, the imposition of taxes, setting amounts to be appropriated, and amendments to the text of an Act, should be included in regulations unless there is a strong justification otherwise. This Act does not enable rules to provide for any of these matters. This is clarified by subsection 58(2) that specifically prevents rules from including these types of matters.

248. This section also clarifies that rules made under section 58 are a legislative instrument for the purposes of the Legislation Act 2003. Under that Act, legislative instruments and their explanatory statements must be tabled in both Houses of the Parliament within 6 sitting days of the date of registration of the instrument on the Federal Register of Legislation. Once tabled, the rules will be subject to the same level of parliamentary scrutiny as regulations (including consideration by the Senate Standing Committee for the Scrutiny of Delegated Legislation), and a motion to disallow the rules may be moved in either House of the Parliament within 15 sitting days of the date the rules are tabled.

249. Subsection 58(3) specifies that the definition of a small business in the rules may apply, adopt or incorporate any matter in an instrument or writing from time to time. It is envisaged that this will be necessary if, for example, a list of small business suppliers who meet the definition of having an annual total income of $10 million is incorporated into the Rules, and that list changes from time to time as small businesses are created or shut down.

250. Using the example of a list, the intention would be to reduce the regulatory burden on reporting entities by them having to cross-check their systems to determine which of their suppliers is a 'small business' as the document incorporated by reference could serve as a definitive source of information about this. Such a list would be subject to change frequently, and it would not be practical to draft a rule every time this list was updated. The ability to incorporate such a document "from time to time" gives reporting entities continuity of their obligations by ensuring the list (for example) is up to date, and so they can be certain about their obligations and rights under the Act.