Skip to content

Chapter 3 – Prevention of internal fraud

3.1 Pursuant to the Commonwealth Fraud Control Framework, described in the previous chapter, the ATO must have in place measures to prevent, detect and respond to fraud. This chapter examines key ATO prevention measures in relation to internal fraud, namely:

3.2 In exploring the above measures, the IGT has considered ATO practices and processes alongside those of other Commonwealth government agencies as well as revenue authorities in other jurisdictions. Stakeholders’ concerns in this regard have also been examined in analysing the information obtained from the ATO.

3.3 The IGT’s analysis has included scrutinising a sample of the ATO’s FPII investigations into officers’ alleged breaches of relevant APS Code of Conduct and/or ATO procedures. In total, 39 investigations, which were completed between 2011 and 2018, were reviewed and they covered areas such as conflicts of interest, unauthorised access, misuse of ATO property, abuse of position and unauthorised release of information.

3.4 Approximately half of the allegations in the above investigations were substantiated and, of these, 30 per cent were referred for management action, 20 per cent were referred to the CDPP or state police and the remainder were to be considered for misconduct by the ATO’s HR area, namely the ATOP business line.

Maintaining integrity through recruitment and ongoing staff monitoring

3.5 The ATO is integral to the fabric of Australian society. In addition to its primary role of revenue collection, it performs a variety of ancillary, but critical, functions. These include holding one of the largest repositories of highly personal and commercially sensitive information about individuals and businesses operating in Australia and overseas.

3.6 The ATO is also afforded significant powers, including coercive information gathering and interrogation, restricting movements of individuals and garnishee notices, many of which are exercised without the need for judicial authorisation.171

3.7 Australia’s comparatively high level of voluntary compliance relies on the public’s continuing confidence in the ATO and its officers to exercise its considerable powers in a fair and equitable manner and use the extensive information at their disposal only for the purpose for which it was obtained. One measure through which the ATO can achieve these outcomes is through appropriate staff recruitment processes and ongoing checks to ensure its workforce maintains integrity and shares the values that such an organisation must possess.

3.8 Relevantly, both the Australian Standard on Fraud and Corruption and Control172 and the ATO’s Fraud and Corruption Control Plan highlight the importance of employment screening as a preventative control.

Stakeholder concerns

3.9 In submissions to this review, stakeholders cited publicly known examples of former ATO staff who had been involved in unethical behaviour, including fraud. Almost all examples took place many years ago and at a time when the ATO’s recruitment and vetting processes were limited to conducting a criminal history check, contacting nominated referees and carrying out a security clearance check. However, some stakeholders believed that the ATO’s recruitment processes have not changed substantially since that time.

3.10 Stakeholders believed that improved ATO recruitment processes, including vetting, may have identified a history of questionable behaviour which had become evident years after they were recruited. For example, an ATO staff member, whose employment had been terminated by the ATO, was rehired through a recruitment exercise conducted by external recruiters on behalf of the ATO.

3.11 Stakeholders also expressed concern that there appeared to be insufficient enforcement of staff’s obligation to disclose changes to their circumstances which could impact their ongoing suitability to perform roles. They commented that the regime was not effective to address staff forgetfulness. Therefore, at times, changes in circumstance would only be detected at the next security clearance check which occurs every five years.

Relevant materials

3.12 The ATO is an agency that employs one of the largest numbers of staff in the APS. As at 30 June 2017, it employed 20,435 staff.173 Whilst the number of positions advertised historically may have been lower during 2013 when the government introduced temporary measures to restrict new hiring,174 the ATO has advertised over 650 positions and received over 140,000 job applications in response to those job advertisements since 1 January 2015.175

Recruitment

3.13 The ATO’s CEI 2015/05/01 outlines the ATO’s general principles for recruitment, selection and mobility for all ATO employees, including SES officers. In particular, this instruction requires the ATO to ‘use fair, transparent processes that are in accordance with APS legislation, redeployment and employment principles and value the candidate experience’.176 In addition, the ATO’s CEI 2014/06/07 on security practices requires managers to ensure that appropriate integrity checks are completed prior to and during the engagement of staff.177 The ATO has advised that the intensity of integrity and security clearance checks is based on the nature and seniority of the position as well as the level of responsibility and the sensitivity of information associated with the position.

3.14 To assist in the handling of the high volume of job applications, the ATO has centralised the management of its recruitment processes, including the associated integrity checks, in the ATOP business line.

3.15 Once an ATO business line has identified the need to fill a position and confirmed the requirements for the role, such as the level of security clearance, the ATOP business line assists the business area with the recruitment process by coordinating the following: 178

3.16 Where a candidate’s written application is considered suitable by the selection panel, the ATOP business line will check whether the candidate has prior employment history with the ATO. If so, further checks are conducted against the ATO’s People Issue Escalation System database179 for records of any fraud, misconduct or performance concerns and this information is provided to the selection panel at the interview stage. These checks were previously performed just before an offer of employment was made. Furthermore, prior to June 2016, these checks were not required to be performed for external candidates, however, since that time procedures have been put in place so that they are applied to all candidates.180

3.17 All ATO job applications request current supervisors/managers to be listed as a referee and the ATOP business line contacts the nominated referees of suitable candidates. The steps involved in these checks, however, differ between large and small scale recruitment exercises.181 The ATOP business line has advised that referee reports are conducted as ‘best business practice’ and recommended for all external engagements but may not be necessary for internal promotions or if the selection panel and/or the delegate already have sufficient knowledge about the candidate.182 Completed referee checks are provided to the selection committee as part of the selection committee report.183

3.18 Once the selection committee report has been approved and the preferred candidate identified, the ATOP business line will conduct a Pre-Engagement Integrity Check (PEIC) before an offer of engagement is made.184

Pre-Engagement Integrity Checks

3.19 The ATO requires a PEIC for all individuals who are engaged by the ATO in any employment capacity185, including those transferred from other APS agencies186, contractors and consultants187, as almost all positions would need access to information that would be considered sensitive.188

3.20 A PEIC seeks to verify whether the candidate is ‘honest, responsible, trustworthy and willing to comply with policies and procedures to safeguard Australian Government resources’.189 Such verification is achieved through checking identity and any criminal convictions which are not ‘spent’190 by conducting a police check and residential address history for the past five years.191 Successful completion of a PEIC allows candidates to access ATO information appropriate to their level of security clearance.

3.21 For EL positions, shortlisted candidates undergo an ‘enhanced PEIC’ which involves additional checks to confirm the candidate’s qualifications, employment history, digital footprint, professional memberships and company directorships.192 As part of this employment history check, subject to the candidate’s consent, the ATOP business line will contact the HR area of the previous employer to identify whether any unethical behaviour was reported.193

3.22 Since November 2017, enhanced PEICs are also required for all APS 6 positions and for more junior staff where the relevant business line determines the position to be of high risk.194

3.23 As set out in Table 3.1 below, the ATO has conducted over 24,300 PEICs and over 200 enhanced PEICs since 1 July 2015 at a cost of over $474,000.195

Table 3.1: Numbers and costs of pre-employment integrity checks

2015–16

2016–17

1 July 2017 – 6 October 2017 (YTD)

TOTAL

No. of PEICs 11,579 10,223 2,556 24,358
No. of Enhanced PEICs 18 158 58 234
Cost $191.804.82 $244,409.90 $38,155.00 $474,369.72

Source: ATO

3.24 Generally, a successful candidate will not start work until a PEIC or an enhanced PEIC has been completed. However, the ATO has advised that it will allow a candidate to start their role before the PEIC has been completed196 where the Director of the ATOP Security and Vetting team has provided approval based on the submission of a business case from the director of the relevant business line.197 The ATO has advised that in the period 1 July 2016 to 19 October 2016, it had allowed 18 candidates to begin their role without first completing a PEIC.198

3.25 There are also positions where the ATO considers a PEIC is generally not required.199 Such positions include certain secondments and delivery or attendance at official meetings (or training) by foreign nationals who would have no access to ATO systems or taxpayer information. In these cases, the relevant business line must obtain and retain a declaration of secrecy from the person who has not been required to undergo a PEIC.200 The ATO has advised that it has processed 230 applications to not conduct a PEIC since July 2015.201

3.26 In addition to the PEIC and enhanced PEIC, the ATOP business line requests the FPII unit to check candidate’s details against its records. The FPII unit is also requested to conduct searches to determine if the candidate’s name is on the CDPP Prosecution List (i.e., whether the Commonwealth has initiated a prosecution against the candidate on behalf of the ATO). If there is a match, the FPII unit will review the case information and share any relevant information with the ATOP business line.202

3.27 The figure below summarises the above checks.

Figure 3.1 – Outline of ATO integrity checks during recruitment

Source: ATO

Declarations by employees

3.28 Candidates who are subject to PEICs are also required to complete a declaration regarding their compliance with tax and superannuation obligations as well as any conflicts of interest they have, for example by also being registered as a tax or Business Activity Statement (BAS) agent.203

Security clearances

3.29 Positions which have access to security-classified information are known as ‘designated security assessed positions’ (DSAPs).204 Those holding a DSAP are required to obtain a security clearance before they can begin work. Security clearances are conducted by the Australian Government Security Vetting Agency (AGSVA) in the Department of Defence.

3.30 The type of clearance required will depend upon the type of information that may be accessed. The information itself is classified according to the level of damage that may be sustained as a result of its unauthorised release. Where such release results in:

3.31 A Baseline security clearance is required to be renewed at least every 15 years and generally confirms an applicant’s identity, citizenship, background for the past five years (residential addresses, employment and overseas travel history), qualifications and professional referees as well as police records (excluding spent convictions), financial history (including a summary of assets, income, liabilities and expenditure) and that an official secrets declaration and relevant statutory declarations have been completed.206

3.32 A NV1 security clearance is required to be renewed at least every 10 years. It is granted after completion of a suitability screening questionnaire by the applicant, an assessment by the Australian Security Intelligence Organisation, verification of the applicant digital footprint, financial position and police check as well as the same checks associated with Baseline security clearance.207

3.33 A NV2 security clearance is required to be renewed at least every 5–7 years. The processes involved in obtaining NV2 clearances are the same as those in NV1 with more referee checks and an additional security interview.208

3.34 Once a person has been granted a security clearance, they are required to disclose to the ATO’s security section, security advisor or directly to AGSVA any changes or events which are relevant to the security clearance, for example, entering/leaving a significant relationship, material change in finances or being the subject of a criminal investigation (‘notifiable events’).209

3.35 Irrespective of whether a person occupies a DSAP, an ATO officer may be required to obtain a security clearance where the position involves access to aggregations of information (for example an Information and Communications Technology administrator) or is otherwise a ‘Trusted Position’. A Trusted Position is one where the abuse of the position would cause a level of harm.210 For example, where the abuse of that position would result in a level of harm to the agency operations, commercial entities or members of the public, a Baseline security clearance will be required. Where the level of harm could be expected to seriously damage national security (a ‘medium to extreme business impact level’) the position will require a NV1 security clearance.

3.36 An ATO flowchart outlining how it determines the security clearance level for positions is provided in the figure below.

Figure 3.2: How the ATO determines which positions require a security clearance

Source: ATO

3.37 Following the events associated with Operation Elbrus, the ATO has more recently examined high risk positions in its own review into conflicts of interest and security clearance processes. The report of this review (ATO September 2017 Report) makes the following observations and recommendation about high risk positions:

…internal integrity related processes and controls should be strongly geared towards those individuals or position holders that, for varying reasons, present a heightened level of risk to the organisation. That is, organisational efforts … should strongly focus on those positions where non-compliance would result in an unacceptable consequence. As such, we have suggested the development of an approach to identify and manage ‘high risk roles’, which will further support the existing measures in place. The development of this approach should be informed by work undertaken by FPII in 2015 which identified some ‘job ‘families’ such as those with IT administrator access that may be considered to be of higher fraud and corruption risk….

… Recommendation 6: It is timely for the ATO to identify those positions that would be deemed to be high risk. The identification of high risk roles should consider whether additional scrutiny or controls should be in place to appropriately manage the risks related to those specific roles. Example of controls could include the rotation of roles, dual signoff or security checks above the existing security clearance requirements.211

3.38 As a result of the above recommendation, the ATO has commenced a process of identifying high risk positions, which is in addition to DSAPs and Trusted Positions, and determining suitable level of checks for those positions. Further risk mitigation measures are also being considered where misconduct by the occupant of those positions would ‘seriously undermine the confidence in the ATO’s integrity‘. The ATO considers that such positions will include those that require officers to:212

3.39 The ATO must identify, record and review positions that require a security clearance as well as the level of clearance required for those positions.213 The ATO has advised that the level of requisite security clearance associated with the relevant roles is recorded on its HR system, ‘SAP’.214 Both DSAPs and Trusted Positions are included in this register which is reproduced in Table 3.2 below.

Table 3.2: Number of security assessed positions, by type and functional area

Functional area/Group

Business line

Type of security clearance assessed

TOTAL

Trusted Positions

DSAPs

Enterprise Solutions & Technology (EST) All BSLs 2,642 285 2,927
Client Engagement PGH 702 251 953
Smarter Data 575 62 637
PGI 179 41 220
Other BSLs 1,064 148 1,212
Corporate and Enabling Services ATOC 241 60 301
ATO Finance 431 45 476
Other BSLs 218 77 295
Law Design and Practice All BSLs 412 94 506
Service Delivery All BSLs 786 103 889
Office of Commissioners N/A 14 0 14
ACNC (a) N/A 19 29 48
TPB (a) N/A 26 2 28
TOTAL (b)   7,309 1,197 8,506

Source: ATO, as at 20 February 2018.
Note (a): In accordance with the Schedule 1 of the PGPA Rule the Commissioner of Taxation is the Accountable Authority for the Australian Charities and Not-for-profits Commission (ACNC) and the Tax Practitioners Board (TPB).
Note (b): When comparing this total against the totals in the subsequent tables, please note that since October 2017, there was an increase in the positions requiring a security clearance: ATO communication to the IGT, 20 February 2018.

3.40 As indicated by the Table above, over 85 per cent of security assessed positions are for Trusted Positions. The majority of Trusted Positions are in the Enterprise Solutions & Technology (EST) and Client Engagement Groups.

3.41 Table 3.3 below sets out the total number of staff with security clearances by functional area as at 10 October 2017. The greatest number of staff with higher level security clearances, i.e. NV1 and NV2, are located in the EST, Client Engagement, and Corporate and Enabling Services Groups as well as those in the Office of the Commissioners. The Law Design and Practice and Service Delivery Groups have the lowest number of staff with NV1 and NV2 security clearances.

Table 3.3: Number of staff with security clearances by level and functional area

Functional area/Group

Business line

Security clearance level

TOTAL

Baseline

NV 1

NV 2

Enterprise Solutions & Technology All BSLs 2,694 102 20 2,816
Client Engagement PGH 670 215 9 894
Smarter Data 588 12 5 605
PGI 201 12 2 215
Other BSLs 1,176 16 0 1,192
Corporate and Enabling Services ATOC 210 42 4 256
ATO Finance 442 13 3 458
Other BSLs 287 31 0 318
Law Design and Practice All BSLs 505 5 0 510
Service Delivery All BSLs 867 10 0 877
Office of Commissioners N/A 4 5 5 14
ACNC (a) N/A 37 10 3 50
TPB (a) N/A 28 1 0 29
TOTAL 7,709 474 51 8,234

Source: ATO, as at October 2017
Note (a): In accordance with Schedule 1 of the PGPA Rule the Commissioner of Taxation is the Accountable Authority for the ACNC and the TPB.

3.42 Since September 2016, the ATO has conducted three assessments to determine if staff held the appropriate security clearance levels for their positions.215

Table 3.4: Numbers of mismatched security clearances

Sept 16 – Feb 17

Mar 17 – Aug 17

Sept 17

No. of staff with mismatched clearances 397 243 103
Total no. of security clearances 8,352 8,200 8,200
% of mismatched clearances 4.8% 3.0% 1.3%

Source: ATO, as at September 2017

3.43 Table 3.4 above shows that the percentage of staff who held a security clearance of a lower level than that required for their position (‘mismatched security clearance’) has declined with each assessment from 4.8 per cent in February 2017 to 1.3 per cent in September 2017. Data from the August 2017 security mismatch report indicates that these mismatches were the result of officers not holding security clearances at all or holding lower security clearance than the positions they held required.216

3.44 It should also be noted that the ATO September 2017 Report makes the following observations and recommendation about improving the analysis of security clearance mismatches to enable the relevant areas to take appropriate action:

…opportunities have been identified to strengthen the monitoring, reporting and actioning of security clearance mismatches and mandatory training completion rates. Currently these processes are treated as standalone.

Recommendation 7: Opportunities for improvement include better collaboration between Security Vetting and Workforce Analytics to adopt a joint risk based approach to security clearance mismatches and mandatory training. This could consider combining data to identify higher risk situations (e.g. long periods without the required clearance and/or training, or significant mismatches in security clearance held versus those required, failure to obtain required clearances/training, etc.). This analysis should then inform appropriate areas for escalation, including staff managers/SES and FP&II.217

3.45 As a result of the above recommendation, the ATO has commenced a process to develop an analytical tool to improve the ‘automation and efficiency of producing security clearance mismatch reports’.218

3.46 The ATO has since advised that it has improved quarterly security mismatch reporting and, since September 2017, they are being sent to relevant Assistant Commissioners who determine whether the relevant position holders should obtain the requisite security clearance or adjust the security clearance level of the roles.219

Waivers for aspects for the security clearance process

3.47 The ATO can seek endorsement from AGSVA for a waiver of parts of the eligibility criteria for holding a security clearance in two circumstances, namely: where the candidate is not an Australian citizen or where they have an ‘uncheckable background’ which can occur if the candidate has spent time outside of Australia during the ‘checkable period’. Furthermore, the Commissioner must form the view that the candidate is ‘necessary to the agency meeting its outcomes’ and ‘the role cannot be redesigned so that access to classified information or resources is restricted to existing personnel with the appropriate clearance’.220

3.48 The ATO is required to include all waivers within its Annual Protective Security Policy Framework compliance reports.221 The ATO has advised that since July 2015, it had granted 14 waivers (based on citizenship grounds) for Baseline and above security clearances. Waivers were provisionally approved by a Director of the ATOP business line but any ratification of the waiver rests with AGSVA.222 The ATO has advised that it conducts annual reviews of all security clearance waivers issued.223

3.49 For non-Australian citizens, a citizenship employment waiver may also be granted where the vacancy requires specialist skills, knowledge or qualifications that are seen to be in limited supply in the Australian labour market and the Deputy Commissioner, ATOP, has approved the waiver. The ATO has advised that it had also recently implemented a policy where non-citizens are not permitted to be employed as permanent employees.224

3.50 The ATO has also advised that it has employed 28 non-Australian citizens since July 2015.225 On 6 September 2017, the ATO approved the establishment of a register to record business cases for employment citizenship waivers as well as any work-related visa restrictions. This register is required to be kept up-to-date and is required to be monitored by the Personnel Security Team.226

Ongoing suitability checks

3.51 In addition to all the security checks described thus far, the ATO has advised that all its employees, who were recruited since 1 July 2016, may be subject to ongoing suitability checks as a condition of their employment:

To be eligible for employment in the ATO, you must be an Australian citizen (at the time you begin employment with the ATO) and agree to have a criminal history records check… You may also be required to undergo further integrity checks during the course of your engagement with the ATO.227

3.52 It should be noted that employees who were recruited prior to 1 July 2016 are not required to undergo ongoing suitability checks as it had not been incorporated into their conditions of employment when they accepted the position.228

3.53 For employees who hold a security clearance from AGSVA, the ATO had been relying solely on AGSVA’s periodic security clearance renewals as an ongoing suitability check. However, recently, the periods for security clearance renewals was extended by AGSVA, for example the seven year period for a Baseline security clearance renewal was extended to 15 years.

3.54 In mid-2017, the ATO piloted a ‘Security Health Check’229 in the ATOP and ATO Finance business lines which required managers to discuss with staff the currency of their assigned security clearance, identify any notifiable events and confirm that they had completed their security awareness training. Where these steps are not completed by the due date or the relevant requirements are not satisfied, there would be follow-up action, including revocation of the security clearance sponsorship.230 On 9 March 2018, the ATO rolled out this pilot to all areas of the ATO and such checks are now required to be completed on an annual basis.231 From this date, managers must also provide written confirmation that their staff have complied with this requirement.232

3.55 In total, approximately 67 per cent of the ATO workforce undergo one of the above forms of ongoing suitability checks with the remainder (33 per cent) not being subject to such checks.

IGT observations

3.56 As stated earlier, recruitment processes and ongoing monitoring of staff is one preventative measure against internal fraud. The recruitment and retention of suitable individuals upholds the integrity and high ethical values of the organisation, fostering an environment where committing wrongdoing is a rare event.

Establishing the level of checks required for each position

3.57 Appropriate checks conducted at recruitment and on an ongoing basis assists in maintaining the integrity of the workforce. No such system of check can completely eliminate risk of fraud but it can significantly minimise it.

3.58 A balance must be struck between the levels of checks required against the time, cost and intrusiveness associated with such checks. For example, an NV1 clearance has a benchmark processing time of 121 days.233 The level of checks has to reflect the risk associated with an unsuitable person filling a particular position.234 Accordingly, each position has to be assessed to determine the level of risk associated with it and the level of checks required to mitigate those risks.

3.59 As mentioned earlier, the ATO has traditionally conducted pre-employment checks of staff and required staff to obtain a security clearance for those in DSAPs or Trusted Positions. The ATO September 2017 Report indicates that it will be reassessing the security vetting that is needed for ‘high risk positions’, together with any risk mitigation work needed to address risks if a gap is found to exist.235 The ATO’s work in this area is in its early stages and its outcomes are unclear at this stage. For example, the extent of the reassessment is not clear nor are a number of other related issues such as the distinguishing features of DSAPs, Trusted Positions and ‘high risk positions’. It is also not clear whether positions of influence, such as those that involve influencing or coordinating the activities of many staff, would fall within one of these three categories when appropriately risk-assessed.

3.60 The IGT is of the view that all or the vast majority of the positions at the ATO should be risk-assessed at least once and for areas that present moderate to high risk, a reassessment should be required periodically. It is acknowledged that the ATO has begun to conduct such reassessment for those positions which require a security clearance.

3.61 Having determined the risk levels of each position, appropriate pre-engagement and ongoing checks should be devised and conducted. In doing so, it may be necessary to look beyond the position itself and consider the interactions that a person in such a position has with other staff. For example, roles such as executive assistants should have the same level of security clearance as the positions that they support as they are likely to view and have access to the same security-classified information. It is unclear if the ATO has imposed such a requirement on its support staff. For example, it would be reasonable to expect that all executive and personal assistants to the four Commissioners have the same level of security clearance as the Commissioners they support, for example a NV2 clearance level. However, information provided by the ATO indicates that only five of the fourteen positions in the Office of Commissioners are required to have such security clearances.

Checks conducted at recruitment

3.62 As mentioned earlier, the ATO conducts a number of checks to identify potential issues of concern at the recruitment stage. The ATO has access to its own HR records to check some of these issues for internal candidates but for external candidates, it has to rely on information provided by third parties.

3.63 One of the checks is contacting referees which, in some cases, is done by the ATOP business line rather than the selection panel. Where such checks are performed by the ATOP business line, it provides a degree of independence in the process and mitigates the risk of ‘confirmation bias’ where the selection panel may not ‘place sufficient weight on any red flags because a positive impression of the candidate has already been formed’.236 However, contacting referees is not mandatory for internal promotions or where the selection panel and/or the delegate already have sufficient knowledge about the candidate.237 Whilst this may be efficient, it may give rise to perceptions of bias.

3.64 The ATO also obtains the contact details of candidates’ current supervisors who are an important, contemporaneous source of information as they may alert the ATO of any suspected fraud or unethical behaviour. However, they may be motivated not to disclose any knowledge of a candidate’s impropriety for a number of reasons, such as a desire to help the candidate to relocate, notwithstanding the advice of the Australian Public Service Commission (APSC) to provide ‘an honest assessment of work performance, attendance and behaviour’.238 The risk of such incomplete disclosure by a supervisor may be ameliorated, however, if an enhanced PEIC process is conducted. The latter also assists to address the limitations of referees’ feedback.

3.65 It should be noted, however, that since November 2017 the enhanced PEIC process is not conducted for positions at the APS 5 level and below or for contractors unless specifically requested by the relevant business line. As a result, the ATO is limited to confirming the veracity of a candidate’s claimed employment history. In such circumstances, the ATO would not be made aware of any misconduct in their previous employment unless disclosed by the nominated referees. It should be noted that, in a wider context, it has been found that eight per cent of employees involved in fraudulent conduct have a known history of dishonesty with a previous organisation.239

3.66 Accordingly, the IGT is of the view that, for all external candidates, the ATOP business line should obtain relevant information, such as that relating to misconduct, from the HR department of their prior employers as part of the pre-engagement checks. Such action would be consistent with proposed legislation240 to authorise Commonwealth agencies to collect, use, and disclose personal information for the purposes of preventing, detecting, investigating or dealing with fraud or corruption against the Commonwealth.

3.67 Another check conducted at recruitment is the police check where the candidates’ names are checked against the Australian Criminal Intelligence Commission’s (ACIC) National Police Checking system to identify if they have any ‘disclosable court outcomes’, such as court convictions, findings of guilt and appearances subject to spent convictions and non-disclosure legislation. However, this police check does not identify connections to organised crime through family members.

3.68 As highlighted by the NSW Independent Commission Against Corruption (ICAC)241, for positions that have access to high level security-classified information or have a high ‘business impact’ risk, it is important to extend employment screening to an applicant’s family and associates. For example, Operation Elbrus and related events have revealed that a senior ATO officer has close family members who may have had business and social connections to a number of people known to law enforcement agencies. Unfortunately, the revelation came too late for the ATO to avoid reputational damage.

3.69 Other criminal intelligence holdings, such as the ACIC’s National Criminal Intelligence System, contains a valuable source of information which would assist the ATO to ascertain whether candidates for a higher risk position, or their relatives, are known by law enforcement bodies either by reason of their own conduct or that of their associates. Accordingly, the IGT is of the view that the ATO should explore using other criminal intelligence holdings for candidate vetting where it may lawfully do so.

3.70 It is important to note that candidates should be afforded opportunity to address any unsubstantiated allegations against them that are uncovered in the vetting process. It is acknowledged that in some circumstances such information cannot be disclosed to prevent putting others at risk or jeopardise the investigations of law enforcement agencies.

3.71 In addition to the above checks, candidates are currently required to provide a declaration about the state of their tax affairs as part of their applications. If the declaration is later found to be incorrect, the candidate may be subject to disciplinary proceedings. However, these declarations cannot be verified against taxpayer information held by the ATO due to tax secrecy laws which effectively prohibit using such information for employment purposes, notwithstanding any consent for such use.242

3.72 Public confidence would likely be affected if ATO officers were found to be non-compliant with the very laws that they are tasked with enforcing. For example, if ATO officers were making decisions about late lodgment of income tax returns of others whilst not being compliant themselves, the community would view that as ‘double standards’.243

3.73 An exemption to tax secrecy laws may be required to allow the Commissioner to verify the tax compliance history of candidates before they are offered employment with the ATO.

3.74 In addition to tax compliance declaration, it would be prudent for the ATO to require candidates to also make declarations about their financial circumstances. The ATO’s experience shows that problem gambling, for example, may increase the risk of unethical behaviour and fraud.244 In fact, it is an issue amongst all Commonwealth agencies. A census of the most costly fraud incidents in 2014 indicated that gambling was amongst the primary motivations for committing fraud245 whilst some studies estimate that 10 to 25 per cent of problem gamblers commit gambling-related offences, the most common being fraud.246

3.75 Further checks which may be helpful include identifying pre-existing personal relationships with ATO officers as well their financial interests and those of their partners or close family members that may later give rise to conflicts of interest. As stated earlier, the extent of such further checks depends on the level of risk associated with the position in question.

Ongoing checks

3.76 After candidates commence employment at the ATO, it is important to conduct ongoing checks to ensure that no subsequent changes or events negatively impact their suitability for their roles. Ongoing checks also provide a safety net where previous checks may not have uncovered all relevant issues.

3.77 The ATO has advised that it has recently implemented a process where managers annually remind employees, who hold security clearances, to report any relevant changes in their circumstances. Managers must also now provide written confirmation that their staff have complied with these requirements. The IGT is of the view that, whilst such reminders and confirmation are helpful, a more rigorous process is needed. Employees should be required to make an annual disclosure, including nil responses, about all matters that are assessed in the pre-employment checks for their current position. Such disclosures should also be periodically checked. Such ongoing checks could also include verification against Australian criminal records, bankruptcies, directorships as well as a social media search. The frequency of these checks may vary depending on the level of risk associated with each position.

Recommendation 3.1

The IGT recommends the ATO:

  1. conduct a risk assessment of every position in the organisation to determine the level of pre-employment and ongoing checks required and periodically reassess the risk associated with moderate to high risk positions;
  2. use criminal intelligence databases to determine whether candidates for high risk positions are known to law enforcement, either by reason of their own conduct or that of their associates or relatives;
  3. as part of its pre-employment checks:

    1. depending on the level and types of risk associated with the relevant position, require candidates to provide declarations about matters such as their financial circumstances; and
    2. request information, such as that relating to misconduct, from previous employers of external candidates; and
  4. require all employees to make an annual disclosure about matters that are assessed in the pre-employment checks of their current position and periodically check such disclosures at a frequency rate reflective of the risk associated with the relevant position.

ATO RESPONSE

  1. Agree

    The ATO will conduct the risk assessments using the various job types to assess the likely integrity risks.

  2. Agree

    The ATO will utilise such information for high risk positions to the extent that it is lawful and considered appropriate.

  3. (i) Agree

    (ii) Disagree

    The ATO undertakes thousands of engagements each year, the bulk of which are not considered to be in high risk positions. Existing processes involve the declaration of past misconduct by candidates and referee checks with the candidate’s current manager / employer. Verification over and above this is done using a risk based approach. A range of other controls are also in place to reduce the risk of fraud from those working for or on behalf of the ATO.

  4. Disagree

    All staff undergo security, privacy and fraud training to ensure they are aware of their integrity obligations and the ATO undertakes regular awareness campaigns to remind staff to disclose any changes in their circumstances. Additionally, 40% of ATO staff are subject to annual security discussions with their manager as a result of holding a security clearance. This is reflective of the higher risk involved. To further assure the ongoing suitability of ATO personnel, the ATO proposes to introduce a declaration process for all staff as part of the building pass renewal process (every five years).

Rotation of staff

3.78 In addition to ongoing checks, risk of internal fraud or other unethical behaviour that may arise post commencement of employment may be further minimised by ensuring that staff do not stay in high risk positions for prolonged periods of time.

Stakeholder concerns

3.79 Certain stakeholders noted that, in relation to the events of Operation Elbrus, Michael Cranston occupied the same positions, including Deputy Commissioner of the PGH business line, for a considerable period and questioned the general appropriateness of officers holding such positions for extended periods. Stakeholders believed that regular rotation of very senior and specialist staff as well as those in high risk positions is important for avoiding the development of enclaves and reducing the risk of undetected fraud. They were also of the view that regular rotation also benefits the organisation and the individual provided that the positions continue to be filled by those with the necessary skillset and interest.

Relevant materials

3.80 The ATO Executive conducts annual discussions following the mid-year performance appraisal process of SES officers.247 The opportunity for SES Band 1 officers to move to different areas is considered during these discussions. The decision to move SES Band 1 officers will depend on factors such as performance as well as whether the officer has ‘had a change in role or higher duties opportunities in recent times’.248 The ATO has advised that while there is no set timeframe for the rotation of SES officers there is a ‘rough guide’ of three years in a role before an SES officer may be required to rotate to a new area.249

3.81 The ATO September 2017 Report made a number of recommendations including the need to identify high risk roles and to consider additional scrutiny or controls for these positions.250 Subsequently, a newly established team within the ATOP business line, called the ATO Integrity Unit, commenced a pilot to address this recommendation.251 The pilot developed a range of proposed controls for such positions which include ‘fixed term in role (given effect by contract position or staff rotation)’ and ‘mandated time out of role (minimum continuous stretch of leave or short term at level rotation)’.

3.82 In relation to Michael Cranston’s tenure within the PGH business line, as noted in Appendix B, Michael Cranston was the Deputy Commissioner of the Serious Non-Compliance (SNC) business line from 2007–08 until 2011–12 when he became the Deputy Commissioner of the Small and Medium Enterprises (SME) business line. When the SNC and part of the SME business lines were amalgamated into the PGH business line in 2013–14, Michael Cranston became the Deputy Commissioner of PGH. Thus until the events of Operation Elbrus in May 2017, Michael Cranston held the senior position of Deputy Commissioner of SNC and its successor business line, PGH, for eight years.

IGT observations

3.83 Those in senior positions have high levels of influence over decisions and the individuals who report to them. Such influence is not limited to senior officers. Specialists holding vital knowledge about the inner workings of the organisation, such as IT, also wield considerable influence. The prolonged stay of officers in such positions may heighten the risk that subcultures may form under their influence which are out of step with the organisation’s values.252 The ACLEI has noted that, within the law enforcement context:

strong bonds that exist amongst staff … may result in sub-cultures of misplaced loyalty and accompanying loss of objectivity, which in turn may lead to a reluctance to report misconduct or, in some cases, to a propensity to cover-up wrongdoing.253

3.84 In order to effectively manage the risks of either misplaced loyalties or team values diverging from those of the ATO, consistent with practices of enforcement agencies, it would be prudent for the ATO to implement strategies such as regular rotation of staff in high corruption risk areas.254

3.85 As noted above, the ATO also considers ‘length of time in position’ for determining the movement of SES Band 1 officers. It does not appear, however, that such formal considerations occur for SES Band 2 officers, i.e. Deputy Commissioner level. The current consideration of ‘period in position’ for SES Band 1 officers also appears to focus purely on the career progression of officers.

3.86 It is encouraging, however, that the ATO September 2017 Report and subsequent actions are looking at rotations for high risk roles. The IGT supports such an initiative and is of the view that the ATO should formalise its rotation process for SES Band 1 and SES Band 2 officers as well as any other high risk roles, not only for career progression purposes but also for addressing integrity risks.

3.87 It is acknowledged that rotations may present challenges for a large organisation like the ATO that relies on both IT to service the public as well as tax technical and commercial knowledge to respond to an increasingly complex environment.255 Therefore, succession planning would be required to ensure multiple officers have the expertise and ability to fill these roles.

3.88 Accordingly, the IGT is of the view that the ATO formalise its rotation process for SES Band 1 and SES Band 2 officers as well as for high risk roles. IGT is also of the view that the ATO proactively identify qualified and experienced individuals as part of succession planning arrangements to facilitate such rotation.

Recommendation 3.2

The IGT recommends the ATO formalise its fraud risk controls relevant to SES officers and officers in high risk roles including the periodic rotation of officers.

ATO RESPONSE

Agree

Fraud training and awareness

3.89 Fraud training performs an important function in communicating to staff the organisation’s values as well as raising awareness of the types of behaviour that constitute fraud.256 A clear understanding of fraud and reminders of its serious consequences help to foster an ethical culture where internal fraud is a rare event and, if it arises, staff can promptly identify and report it.

Stakeholder concerns

3.90 Stakeholders have raised a number of concerns about the content and enforcement of fraud awareness and ethics training that is delivered to ATO officers. In particular, the effectiveness of online training packages was questioned and the difficulty of ensuring that they are appropriately completed by ATO officers was also raised. For example, stakeholders have observed that recent refresher training allowed officers to simply book the online training module and ‘click confirm participation’ to satisfy the requirements. By contrast, other stakeholders recalled that there was a previous requirement for SES officers to provide assurance to the relevant Deputy Commissioners that their staff had completed the training. It was also linked to the performance pay of SES officers.

3.91 In relation to the regularity of the ATO’s fraud training and communications, some stakeholders were of the view that the ATO had not reinforced the importance of fraud awareness for a long time. Others, however, recalled that the ATO previously conducted training and refresher courses on such topics as conflicts of interest for all ATO officers and that prior to the commencement of certain sensitive audits, the team involved would need to ensure that the training was completed.

Relevant materials

3.92 All new starters at the ATO, including casual staff and contractors257, are required to complete a Security, Privacy and Fraud online training package (Standard SPF Training) within one month of commencement.258 Thereafter, refresher training must be completed every two years.259

3.93 All managers with direct reports are also required to complete the online ‘Security, Privacy and Fraud: Managers’ training package (Managers’ SPF Training) in addition to the Standard SPF Training.260

3.94 The Standard SPF Training takes approximately one and a half hours to complete and covers topics such as security classifications, IT security, passwords, fraud and fraud reporting.261 The Managers’ SPF Training covers topics such as threatening behaviour, breach of information disclosure rules, security classification, working from home and other security concerns.262 Both of these packages also cover a range of other integrity-related topics such as conflicts of interest and unauthorised access as well as the acceptance and declaration of gifts.263

3.95 The ATO reviews and updates both training packages annually, with the aim of improving the package’s readability, and when needed to take into account changes in legislation and policy.264 The current versions of these training packages deliver content through interactive slides, videos and workplace scenarios which are aimed at engaging the user and improving memory retention. By contrast, previous versions of these training packages were delivered as textual documents for the officer to study.265

3.96 Once a new starter has completed reviewing the content of the Standard SPF Training package, they are required to complete a multiple choice assessment. Some scenario-based decision-making questions are included in the Managers’ SPF Training assessment but are not included in the Standard SPF Training assessment.266 For both training packages, the assessment is comprised of ten questions which are selected from a pool of 20.

3.97 For both training packages, the officer must correctly answer at least seven questions in the assessment (70 per cent pass mark) to successfully pass and complete the training package. If the officer does not pass the assessment, they are able to access and attempt the assessment two additional times. If the officer is not able to successfully pass after three attempts, access to the assessment will be locked. Access to the assessment can be reset after the officer’s team leader has been provided with assurance that the officer has learned the material.267

3.98 The ATO retains records of completion of mandatory training on its electronic employee record system. Since June 2017, the ATO sends quarterly reminder e-mails to staff to notify them of any outstanding training requirements that they may need to meet. From July 2017 onwards, completion records have been automatically provided to team leaders in monthly manager reports that cover the officers within their reporting line.268 Prior to the implementation of these changes, the training completion records were manually extracted from the ATO’s electronic employee record system and passed on to business line representatives who were responsible for monitoring conformance with the training requirements by staff in their area.

3.99 It is a manager’s responsibility to use the reporting systems in place to identify and address any instances of non-completion of training amongst their staff.269 If such training has not been completed within a ‘few weeks’ of being required, the ATO’s People Support Team (PST) will contact the relevant manager and, if required, follow up with staff directly in the following month.270

3.100 The completion rate of the Standard SPF Training is monitored on an organisational basis by the ATO’s leadership as a quantitative indicator of the overall integrity of the organisation.271 An ATO Executive Report from May 2017 indicates that the completion rate by internal ATO employees meets the target of 97 per cent but the completion rate by external workers was significantly below this benchmark at 56 per cent.272 As a result, the ATO has been seeking to implement strategies to improve these figures, such as using third-party software to improve external system access to training materials, sending regular targeted e-mails to the managers of contractors who have not completed the required training and confirming with vendors the ATO’s training requirements and expectations.273 The ATO has recently advised the IGT that as at 31 January 2018, there were 1,464 contractors who had not completed the Standard SPF Training and assessment. Of these 1,464 contractors, 896 had the necessary systems access to complete the training and assessment.274

3.101 The ATO also provides non-mandatory fraud and ethics training via other channels such as targeted face-to-face training275, telepresence276, webinars277, live streaming and online discussion forums278. In addition, the ATO has recently advised the IGT that in 2016–17, FPII attended 22 site visits which included multiple interactive sessions attended by a total of 1,537 participants — an increase from 2015–16 where three sessions were held and attended by 350 participants.279 Staff can also participate in external training sessions run by other government organisations or private sector providers to obtain a range of fraud and security qualifications.280

3.102 In addition, the ATO undertakes a number of awareness raising activities through multiple channels as part of the FPII unit’s communication strategy, which seeks to achieve 90 per cent awareness amongst ATO staff regarding the activities which indicate fraud and corruption, including the consequences of involvement in these activities.281 Examples of such awareness raising activities include regular staff newsletter articles, digital signage within ATO office buildings, ‘kNOw fraud’ messaging on officers’ log-on and lock screens, content on the ATO intranet282 and special events such as ‘security, integrity and fraud awareness week’.283

IGT observations

3.103 As mentioned earlier, fraud training and awareness programs can perform a very important role in shaping a positive organisational culture by recalibrating individuals’ judgements of improper conduct. While there is usually common agreement that certain egregious actions will constitute fraud and/or corruption, for actions which are at the fringes, there may be disagreement and a need for clarity. As the ATO recognised in its 2017 Corruption Risk Review:

individuals who undertake corrupt conduct may themselves not identify or rationalise such activity as being in itself corrupt. Some individuals may in fact be deceived into performing or enabling corrupt acts without knowing (such as responding to a manager’s request for what appears to be a legitimate need).284

3.104 The ATO’s fraud and prevention training and awareness programs can help to guide staff conduct and prevent unethical behaviour. Importantly, they can provide staff with the confidence to proactively refer matters to the FPII unit when they identify fraud and corruption risks. As will be discussed in the following chapter, such referrals are one of the main sources for FPII investigations — more than two-thirds of investigations were initiated as a result of staff referrals.285 Without an effective training program, a key pillar of the ATO’s integrity framework would be eroded as ATO officers are better placed to detect certain risks, such as conflicts of interest, than automated detection systems.

3.105 In the IGT’s view, fraud training should be completed soon after commencement of employment so that new starters begin their career at the ATO on the right footing. The current situation where new starters have one month to complete the Standard SPF training which is not part of induction tasks, such as obtaining wi-fi access, referring to the ATO’s social media guidelines and arranging to provide systems access286, may create a perception that completion of fraud training is not considered to be as high a priority as the other tasks.

3.106 Furthermore, there is a risk that new starters may be able to access taxpayer information before the ATO is able to assure itself that staff understand their obligations regarding fraud, privacy and security issues. Relevantly, New Zealand’s IRD requires all three mandatory online training packages on code of conduct, security and privacy to be completed within the first week. Accordingly, the IGT is of the view that the mandatory Standard SPF training package should be completed by new starters as soon as they obtain access to the ATO’s systems and before they have access to taxpayer information.

3.107 The above approach would ensure no one who has not undertaken the SPF training would have access to taxpayer information. It is acknowledged that the ATO currently performs well in this area with respect to its officers, 97 per cent of whom have successfully completed the necessary training. However, the completion rate for contractors engaged by the ATO is only 56 per cent and is a concern.287 The ATO is currently trialling solutions to allow contractors to complete training without the need to log onto the ATO’s systems. However, the IGT believes that this is only a partial solution as 61 per cent of contractors who had not completed the mandatory training had access to ATO systems to complete the training.288 The IGT is of the view that, where a contractor has access to the ATO’s systems but fails to complete the mandatory training package after a reasonable timeframe of follow-up, the ATO should withdraw their access to its systems.

3.108 Successful completion of mandatory training packages, however, does not of itself guarantee that staff have absorbed the material and refined their understanding of appropriate behaviours. The design of the assessment has significant impact on appreciation of the course content. For example, staff may feel a deep understanding is not required as the assessment is not particularly onerous or that the consequences of failure are insignificant.

3.109 The assessment of the Standard SPF Training package is designed such that staff may be deemed to have successfully passed the assessment despite three incorrect answers in each of three possible attempts. Such an assessment methodology increases the probability that questions which were posed in previous attempts will be raised again. As there are a limited number of potential answers in a multiple choice format, it is possible for staff to successfully pass the assessment without fully understanding the training package’s content.

3.110 Furthermore, the learning outcomes for the Standard SPF Training package and its accompanying assessment do not contain any workplace specific examples.289 Therefore, even if staff have understood the content of the training, they may be uncertain as to how it applies in their particular work area. This view appears to be consistent with the results of the ATO’s latest Fraud and Corruption Control Survey in which only 77 per cent of respondents indicated that they had the necessary levels of awareness to recognise fraud and corruption even though the completion rate of the Standard SPF Training for officers is 97 per cent.290 The IGT is of the view that the Standard SPF Training assessment could be improved by the inclusion of tailored scenarios which deal with common ethical issues that arise in various ATO business areas.

3.111 The manner in which fraud training is delivered is equally important for staff engagement and understanding of risks of internal fraud. Both the Standard SPF Training and the Managers’ SPF Training packages are delivered online. Whilst the ATO has sought to improve a reader’s active engagement with the training through increased use of audio-visual materials and interactive elements, there is scope for further enhancement such as allowing staff to raise questions. In the IGT’s view, fraud prevention training for new starters ought to provide opportunities to raise questions and receive immediate response as well as be able to engage in discussion where opinions differ. Such an approach would provide new starters with a deeper understanding and ethical conduct is more likely to become second nature to them.

3.112 The induction of new staff in New Zealand’s IRD involves their manager conducting a guided discussion with them about general ethical matters as well as workplace scenarios relevant to their area of work. This allows the manager to gauge their new team member’s understanding of their obligations and pave the way for the new starter to raise relevant issues with their manager in the future. It also reinforces the message that ethics and fraud awareness is an integrated aspect of their day-to-day work and not a separate ‘corporate’ obligation.

3.113 In the IGT’s view, the ATO should adopt a similar approach by requiring its managers to conduct guided discussions on ethical matters with new starters as soon as they have completed their Standard SPF Training assessment. Such discussion should be aimed at testing the new starter’s ability to identify ethical issues arising from practical scenarios in their area of work. For example, individuals in the TEC area of the PGH business line may be provided with a scenario designed to test their ability to identify an organised crime group’s attempt to ‘cultivate’ a colleague. Alternatively, individuals working in the PGI business line may be provided with a scenario designed to test their ability to identify the ethical issues involved in auditing a company in which their parents may have a substantial financial interest.

3.114 The success of the above approach, however, depends on managers’ ability to instil integrity values which are consistent with the ATO’s. Research indicates a new starter’s first supervisor is one of the most powerful factors in shaping his/her approach to integrity issues291 and if the supervisor does not display loyalty to the ethical and professional standards of the organisation and instead conveys a ‘that’s the way we do things here’ attitude, the written rules will be ignored by the new starter.292 It has also been noted that workplace sub-cultures can result in misplaced allegiance to individuals over and above the organisation’s professional standards.293 This highlights the importance of the supervisor’s own ethical standards being aligned with that of the organisation.294 For this reason, the IGT considers that for such a discussion to take place, the ATO should provide adequate support for the relevant supervisors or managers.

3.115 Support for managers may be in the form of face-to-face training provided by the ATO’s fraud and integrity experts, namely those working in the FPII unit. This unit is ideally suited to deliver such training to supervisors and managers as their daily work involves the investigation and resolution of ethical issues arising in the workplace. This includes providing instruction on the necessary skills they will need to instil the desired values in staff and in dealing with sensitive situations, such as when a staff member has been involved in, or has observed, misconduct.

3.116 Until recently, fraud training delivered by the FPII unit would have required officers to travel to the relevant locations to deliver/receive the training. However, travel is no longer a prerequisite with the ATO’s increased use of videoconferencing, telepresence and webinars. Whilst it is ideal to deliver fraud training in person, there are costs associated with this, especially as the ATO offices are geographically dispersed.

3.117 It would be beneficial for the FPII unit to deliver the initial fraud training in person or through telepresence sessions as it helps the establishment of rapport and familiarity between FPII officers and new starters. In New Zealand’s IRD, this kind of familiarity and rapport with the Integrity Assurance team was encouraged to give IRD officers greater confidence to report fraud should the need arise. There is a lesser need to deliver refresher training in person or through telepresence and these can be delivered through such means as webinars.

Recommendation 3.3

The IGT recommends the ATO strengthen its fraud awareness and ethics training by:

  1. requiring new staff to complete the mandatory fraud training during their induction process and prior to allowing them access to taxpayer information;
  2. withdrawing access to ATO systems for contractors who fail to complete the mandatory training package within a reasonable timeframe;
  3. incorporating into the assessments of mandatory training packages, a series of practical scenarios that requires staff to apply ethical principles;
  4. requiring managers to discuss with new starters ethical matters as they apply to their work area, including by way of practical scenarios, and ensuring that those managers receive sufficient guidance and support for this process to take place shortly after new starters have completed the mandatory fraud training; and
  5. increasing the level of staff interaction in its mandatory fraud training particularly those delivered by the Fraud Prevention and Internal Investigations unit.

ATO RESPONSE

  1. Agree
  2. Agree
  3. Implemented
  4. Agree
  5. Agreed

    The ATO has already expanded the channels which employees engage, using internal communication products, which allows for real-time engaging discussions.

Controls in relation to conflicts of interest

3.118 The importance of managing conflicts of interest in the public sector is highlighted by the NSW ICAC:

The community has a right to expect that public officials at all levels perform their duties in a fair and unbiased way, and that the decisions they make are not affected by self-interest, private affiliations, or the likelihood that they, or those close to them, will financially gain or lose. The perception that a conflict of interest has influenced an outcome can undermine public confidence in the integrity of the organisation and the individual. Unresolved or badly managed conflicts of interest can actually lead to corruption or abuse of public office, or the perception that these exist.295

3.119 The OECD has also noted the connection between inadequately managed conflicts of interest and corruption.296 Accordingly, it is important for the ATO to have strong controls in place to ensure conflicts of interest are appropriately identified and managed to prevent unethical behaviour.

Stakeholder concerns

3.120 Stakeholders have raised a number of concerns about the adequacy of the ATO’s management of conflicts of interest. In particular, stakeholders have observed that the controls which the ATO has in place for declaring and managing conflicts of interest do not compare favourably to those adopted by others, for example the courts or the private sector.

3.121 Stakeholders have suggested that the ATO should strengthen the above controls by requiring all staff to formally declare their interest with respect to the sensitive information to which they have access. Some officers, for example, have access to market sensitive information which provides them with an opportunity for insider trading. Other ATO officers may have been in the private sector previously and may now be dealing with former clients or colleagues. There is a concern that the ATO’s current controls are not adequate for managing the risk of conflicts of interest inherent in these types of situations. The perception is that the only control is self-disclosure, which is not checked, analysed or otherwise monitored.

3.122 Stakeholders have also raised concerns about lack of controls where ATO officers leave the organisation to join the private sector. A number of submissions asserted awareness of situations where an ATO officer has signed off on a ‘very advantageous’ negotiated outcome for a taxpayer and, soon afterwards, that officer left the ATO to join the firm that was advising taxpayer in question. To address this potential issue, stakeholders have suggested a number of options such as the implementation of ‘gardening leave’ provisions. They have also suggested a system of ‘changing the locks’ to periodically change certain sensitive internal ATO information so that the latter cannot be advantageously used by those leaving the ATO.

3.123 Questions have also been raised about family members, spouses or partners who work in the same areas within the ATO or in related roles and the extent to which they may be allowed to influence one another’s views or collude to achieve certain outcomes. There are perceptions that former associates were recruited from the private sector in preference to internal candidates who may have possessed more relevant experience and been better suited to the roles in question.

3.124 Stakeholders have also made general observations that the ATO, in its attempt to cut red tape, may have gone too far and weakened the pre-existing controls and integrity framework. There is a concern that the current ATO guidelines and CEIs may not provide staff with sufficient guidance to properly deal with a variety of problematic situations.

Relevant materials

3.125 There are three legislative sources which impose an obligation on ATO officers to declare conflicts of interest.

3.126 Firstly, section 42 of the PGPA Act requires financial statements to be prepared in accordance with the accounting standards. Since 1 July 2016, Australian Accounting Standard AASB 124 Related Party Disclosures applies to public sector entities with the result being that ATO SES officers are required to disclose any related party transactions that that they or their close family members may have with the ATO.

3.127 Secondly, subsection 13(7) of the Public Service Act 1999 requires APS employees to take positive steps to avoid conflicts of interest, as it requires them to:

3.128 If an ATO officer does not comply with the above obligations and does not disclose material personal interests, they may be in breach of the APS Code of Conduct which may in turn result in disciplinary sanctions, including termination.298

3.129 Thirdly, subsection 13(5) of the same Act requires employees to ‘comply with any lawful and reasonable direction given by someone in the employee’s agency who has authority to give the direction’. The Commissioner has given direction to ATO officers, in the CEI 2014/06/10, to disclose conflicts of interest. Failure to follow a CEI may also result in the ATO officer being found to have breached the APS Code of Conduct.

3.130 CEI 2014/06/10 was implemented in June 2014 to replace an earlier ATO policy. Subsequently, it has undergone a substantial update in October 2017 as a result of an internal review which was conducted following the events connected with Operation Elbrus. A brief outline of the initial CEI, the findings of the internal review and resulting changes in the update are provided below.

ATO policy prior to October 2017

3.131 From November 2014 to October 2017, CEI 2014/06/10 had required all ATO officers to take all reasonable steps to identify, avoid and/or manage any conflicts of interest as well as ensure that they were not being improperly influenced by family, personal or other relationships. Where officers became aware of a conflict of interest, they were to discuss it with their manager and submit conflict of interest forms if their manager required it.299 It should be noted that until late 2016, such forms were kept in a register that each business line maintained themselves. Since late 2016, however, the ATO implemented a single ATO register which recorded, on a prospective basis, all such conflicts of interest forms.300

3.132 CEI 2014/06/10 defined a conflict of interest as a situation in which ‘a person’s personal interests could appear to, or are likely to inappropriately influence the performance of their duties. They may be real, perceived, or potential and may be financial or non-financial.’301 The CEI also set out the test to apply in identifying a conflict of interest, namely ‘whether an impartial observer would reasonably question if the personal factors may inappropriately influence the way you behave and the way you carry out your duties’.302

3.133 ATO managers were required to ensure that their staff were aware of and complied with their obligations under the CEI. As the authorised decision makers, managers had to ensure that conflicts of interest were brought to their attention and addressed promptly. Where the conflicts of interest involved contact with persons engaged in illegal conduct, that matter had to be brought before a Deputy Commissioner.303

3.134 CEI 2014/06/10 also outlined several other principles for managing conflicts of interest and made reference to the ATO’s other existing CEIs regarding the receipt of gifts and engaging in outside employment. It did not contain any additional consolidated guidance or examples on how conflicts may manifest themselves in the workplace. It did, however, provide a link to an explanatory video on how to apply the policy. In total, the CEI was two pages long.

Internal ATO review of conflicts of interest policies and procedures

3.135 As stated earlier, prompted by the events of Operation Elbrus, the ATO commenced an internal review to assess ‘the extent to which current [conflict of interest] policies and procedures are appropriate to address integrity risks [and] whether processes and systems are effective to ensure officers comply with policy requirements and their obligations’.304 The review examined, not only CEI 2014/06/10 and associated guidance, but also broader processes such as the administration of the conflicts of interest register. The CEI had been scheduled to be reviewed at a later time, however, the events in Operation Elbrus resulted in the review being brought forward.

3.136 The resulting ATO September 2017 Report made a number of recommendations, with four of these being about the ATO’s management of conflicts of interest. One key aspect of these recommendations was the need to update guidance material for ATO officers. The guidance was believed to be ‘a large volume dispersedly located’.305 Other key aspects of these recommendations related to increasing staff awareness of the ATO’s policies and improving how the ATO handles the conflicts of interest declarations. These key aspects are summarised below:

3.137 Management agreed with the recommendations in the ATO September 2017 Report and, as a result, CEI 2014/06/10 as well as supporting guidance was updated and released to all staff on 12 October 2017.307 As CEI 2014/06/10 and the associated guidance underwent significant change, these updated documents are considered in more detail below.

Updated CEI 2014/06/10 and associated guidance regarding conflicts of interest

3.138 The updated CEI made a number of significant changes to ATO staff responsibilities as well as the process for disclosing, considering and registering conflicts of interest. One of these changes was to expand the application of the CEI to Australian Charities and Not-for-profits Commission (ACNC) and Tax Practitioners Board (TPB) staff, including SES officers. Another change was to increase the responsibilities of officers by incorporating additional requirements and providing greater clarification of existing requirements, including the following:

3.139 The additional officer requirements were further explained and include the following:

Conflicts may be ongoing or temporary. When you change roles you must review your financial and personal interests having regard to your new duties and identify and report any conflicts that arise due to a change. If you undertake a particular task such as a procurement, recruitment or writing a share market sensitive taxation ruling, you need to consider if your personal or financial interests might give rise to a conflict of interest in respect of that task that should be reported.

Examples of the type of financial interests that may need to be declared include:

  • Shares or options in a company to which your work[; and]
  • An interest as a beneficiary of a trust to which your work relates.

Examples of personal interests or associations that may need to be declared include:

  • Personal relationships or close associations with persons such as journalists or members of the tax profession, or employees of an organisation to which your work relates[; and]
  • Close personal and/or family relationships between staff members that may give rise to perceptions of favouritism or nepotism.309

3.140 Managers were also given greater responsibilities and their existing responsibilities were clarified in the updated CEI. These included ensuring:

  • conflicts of interest matters brought to [their] attention are dealt with promptly by discussion and notification via the ATO Integrity Register form and are escalated to the appropriate decision maker if it is not [themselves; and]
  • mandatory training is current for [them] and all of [their] employees, including contractors.310

3.141 The updated CEI was more than double the size of the previous version and also provided a link to a guidance document which emphasises the importance of managing conflicts of interest, including that ‘failing to effectively manage conflicts of interest can lead to improper decision-making and corruption and will expose employees to adverse consequences’.311 This document also provides more expansive guidance on a number of issues including the following.

Definitions of conflicts as well as interests

3.142 Whilst the CEI itself notes that conflicts of interest can be real, perceived or potential, the guidance document explains these terms in greater detail.

3.143 A real conflict of interest occurs where there is a ‘direct conflict between your public duties and responsibilities and your personal or financial interests’, whilst a perceived conflict arises where ‘it appears or is perceived that your personal or financial interests could improperly influence the performance of your duties at work’ even if there is no actual conflict. A potential conflict occurs where ‘your personal or financial interests could conflict with your official duties in the future’.312

3.144 Greater guidance on the two main types of interests, namely personal or financial interest, is also provided and expansive definitions are applied. For example, personal interests are defined in the guidance document to include a person’s own interests as well as the interests of individuals and groups with which they associate. A person may not only have an interest in obtaining a benefit for themselves, friends or family, but they may also have an interest in bringing disadvantage to rivals or enemies.313

3.145 Financial interests are defined to include a person’s shareholdings, directorships, outside employment, involvement in their own or their family’s business, trusts as well as offers and acceptances of gifts or benefits. For example, the guidance document notes that a conflict may arise due to an immediate family member’s shareholdings, however, the family member’s consent may be needed to disclose the details of the shareholding.314

3.146 The guidance document also provides an expansive definition for non-financial interests as it advises ATO staff that such interest can arise from family and personal relationships, personal values or beliefs, involvement in community groups or activities, professional associations or former colleagues.315

3.147 In addition to the definitions of key terms, the guidance document identifies a number of circumstances in which a conflict of interest may arise, including those involving personal relationships in the workplace, recruitment exercises and officers who are planning to leave the ATO for outside employment. The guidance for each of these circumstances is summarised below.

Application of CEI and declaration requirements

3.148 Whilst all officers, including SES and contractors, are required to identify and disclose conflicts of interest as and when they occur, there is a requirement for SES officers to make annual declarations about their financial and personal interests that could involve a real or perceived conflict of interest. Therefore, they have to make a positive declaration, even if there was no conflict to declare or no change to previous declarations. It should be noted that the Commissioner, an ATO Executive member or a Deputy Commissioner may also apply this requirement for non-SES officers if the role ‘warrants a particular transparency about private interests’.316

Personal relationships in the workplace

3.149 The guidance document states that ‘it is generally not appropriate for couples, family members or close personal friends to have any direct supervisory or line responsibility over one another’ and provides an example of two spouses who both work in the ATO.317 The two spouses would not need to report their relationship merely because they work for the ATO but if they became involved in any work together they should submit a conflict of interest form and discuss the situation with their managers, even if the conflict is only perceived.318 It is important to note that the updated CEI also specifically mentions ‘personal and/or family relationships between staff members that may give rise to perceptions of favouritism or nepotism’ as an example of a personal interest that may need to be declared.319

Recruitment

3.150 With respect to recruitment, the guidance document provides an illustrative example where a member of an ATO recruitment selection panel discovers that a former colleague, with whom she remained in regular contact, had applied for the position. As the panel member’s association with the applicant is a perceived or real conflict of interest, the guidance document points out that the panel member ‘should advise the other selection panel members of the conflict, including the chair of the committee, the recruitment delegate and/or the recruitment campaign leader, her manager and submit a conflict of interest form’.320 The appropriate decision maker in this case, being the recruitment delegate or the recruitment campaign leader, will decide how the conflict should be managed. The CEI also specifically refers to participation in recruitment activities as a situation where officers will need to consider whether their personal or financial interests might give rise to conflicts of interest.321

3.151 It should be noted that selection panels involved in the recruitment of SES officers have additional requirements imposed on them by section 21 of the Australian Public Service Commissioner’s Directions 2016 (the APS Commissioner’s Directions). For example, the selection panel must include either the APS Commissioner or a representative of the APS Commissioner.322 According to the APSC’s guide to engagement, mobility and separation of SES officers, the APS Commissioner’s representative is expected to be an APS employee from outside the portfolio and hold a position substantively at a level above the level of the relevant vacancy. The representative has a key role in assisting the selection panel in upholding merit and in ensuring that decisions are consistent with relevant APS Values, APS Employment Principles and the relevant legislative framework.323 At the end of the selection process and before an SES officer is promoted or engaged, the APS Commissioner’s representative is required to certify that the selection process complies with both the Public Service Act 1999 and the APS Commissioner’s Directions.324

3.152 The participation of the APS Commissioner’s representative in such processes is intended to bring an external perspective to the selection panel as they consider the broader range of management and leadership capabilities required at SES level and avoid a narrower focus only on the particular requirements of the role concerned. This helps to ensure individuals selected to perform SES duties will possess the full range of skills required to operate at the SES level in the APS. The representative is expected to be fully independent, impartial and not be a referee for any of the candidates, unless this is unavoidable. In addition, it is preferred that agencies nominate a different individual to represent the APS Commissioner on each occasion. This will help to maintain the independence of the representative, and to ensure this role is spread evenly across the APS.325

Officers leaving the ATO

3.153 ATO officers must submit a conflict of interest form as soon as they are aware that they will be taking a role in the private sector. The officer’s Deputy Commissioner will then consider a number of issues including the importance and sensitivity of the officer’s ATO role, the nature of the private sector appointment, the relationship between the future employer and the ATO as well as the period during which ATO information or contacts would be of value to the officer in their new role. The Deputy Commissioner is authorised to implement strategies to manage any conflicts such as changing the officer’s duties, approving leave until the new appointment commences or making a determination that the officer is not to work through their notice period.326 An additional reminder to report this type of conflict of interest is provided to SES officers as part of their exit checklist when they leave the organisation.327

3.154 The guidance document also sets out the following expectations of former officers in external roles:

3.155 Furthermore, SES officers who leave the ATO are prohibited from engaging in lobbying government representatives on any matters which they had previously worked on in the previous 12 months when at the ATO.329

Security, derivatives or share ownership

3.156 Staff are alerted to conflicts of interest arising not only when they are working directly on a company in which they or an immediate family member holds securities, derivatives or shares, but also when they are involved in discussions or exposed to information about that company.330

Relationship or contact with persons involved in, or suspected of, illegal or criminal activity, or associates of such person

3.157 Although it is not strictly a conflict of interest, all officers are required to declare any relationship or contact that occurs between themselves and persons involved in, or suspected of illegal or criminal activity, or associates where such persons may affect the performance of their duties or the reputation of the ATO. For these declarations, the officer’s Deputy Commissioner must be notified. Furthermore, the guidance states that:

…any unreported contact with these persons or their associates, which comes to the attention of the ATO will be fully investigated and may lead to misconduct proceedings.331

3.158 It should be noted that the above guidance more closely reflects a prior detailed direction which had been given to all SNC business line staff in 2007.

Management of disclosed conflicts

3.159 Having assisted officers to identify conflicts of interests, the guidance describes options available to the decision makers to manage the conflicts of interest that are raised with them. Where there is a low risk that the conflict would improperly influence decisions or duties, the decision maker may decide to monitor the situation whilst allowing the officer to continue their normal duties. Where there is a higher risk, the decision maker may decide to restrict the involvement of the conflicted officer. This may be suitable where the conflict of interest occurs on an infrequent basis and where the officer can be practically separated from the relevant activity or decision.

3.160 The decision maker may also decide to involve other officers in the relevant process in order to provide supervision of the conflicted officer who cannot be easily removed from the situation.

3.161 Other options include reassigning the officer to another position within the organisation at the same level. This is more appropriate for ongoing conflicts of interest. The decision maker may also ask the officer to divest or relinquish their private interest that is causing the conflict of interest where the above options are not able to resolve the conflict.

3.162 Finally, if an officer does not accept the method chosen by the decision maker to manage the conflict, the officer may resign from the ATO. The guidance states:

This may be the case if the personal interest is more important to the employee than their employment and the decision maker considers the personal interest needs to be relinquished. It is important to note that this is not a decision made by the manager, but only by the employee.332

Verifying disclosures and non-disclosures

3.163 The ATO has relied on officers’ self-disclosure of conflicts of interest as there has not been a reliable data source to independently obtain that information. However, following the completion of the ATO September 2017 Report, a new scan has been included in the ‘FPII Detection Program’ which is aimed at detecting undeclared conflicts of interest333 by analysing officers’ digital footprints and FPII intelligence assessments.334

Conflict of interest disclosures and investigations within the ATO

3.164 The ATO had implemented a centralised register for conflict of interest declarations on 1 July 2015 and, by December 2017, that register contained declarations made by 177 officers. During this same period, the FPII unit had received allegations that 52 officers had a conflict of interest, including the following:

3.165 In eight of the 52 cases raised with the FPII unit, the allegations were found to be substantiated. Of these substantiated cases, two were referred to the ATOP business line for potential misconduct proceedings, three were referred to the officers’ managers for their action and in four cases no further action was taken. It should be noted that of the 52 cases raised with the FPII unit, only eight of the officers had lodged conflict of interest declarations on the central register.336

IGT observations

3.166 Effective management of conflicts of interest is of critical importance to the ATO. As the OECD has asserted, such conduct can lead to corruption:

While a conflict of interest is not ipso facto corruption, there is increasing recognition that conflicts between the private interests and public duties of public officials, if inadequately managed, can result in corruption.337

3.167 Furthermore, robust controls to appropriately manage conflicts of interest will foster greater community trust in the ATO and increased voluntary compliance. For such controls to be effective, however, staff must clearly understand the circumstances in which conflicts of interest arise and what the ATO requires of them.

3.168 As stated earlier, significant improvements have been made to CEI/2014/06/10 and the accompanying guidance document following Operation Elbrus. For example, the new guidance document provides a more complete definition of conflicts of interest and more expansive explanations including a number of examples that will better assist officers and their managers to identify conflicts of interest.

3.169 The guidance document also makes it clear that the requirement to avoid or declare such conflicts is ongoing and must be considered before beginning any work associated with external or internal client dealings, for example, before conducting work on settlements, audits and rulings. The new arrangements also provide clearer guidance on the respective responsibilities of managers and decision makers in managing conflicts of interest.

3.170 Transparency of such declarations is also promoted by the registration on a single register which should assist to promote a positive disclosure culture338, a fraud and corruption control in itself. Furthermore, the register should be periodically analysed not only to assess completeness and to identify broader themes but also to ensure that appropriate actions are taken to address the conflicts declared.

3.171 It should be noted that the above measures should be underpinned by an organisational culture that fosters ethical behaviour. Accordingly, a program of awareness raising is required, particularly because the emphasis on disclosure and management of conflicts of interest may not have been as pressing a priority in the past, as indicated by the low numbers of disclosures made. The challenge is to develop an environment where positive disclosure is the norm to address the difficulties in detecting undeclared conflicts of interest as many officers’ personal and financial interests are not systematically captured.

Clarification of guidance material

3.172 Whilst CEI/2014/06/10 and accompanying guidance material have been much improved, there is room for further improvement. Such improvements may increase staff compliance by clarifying ambiguities which could otherwise result in non-disclosure, particularly because of previously formed habits based on the previous guidance. In the IGT’s view the following areas in the guidance material require clarification.

Registration of conflict and discussion with manager

3.173 The CEI/2014/06/10 and accompanying guidance material require officers to discuss conflicts of interest issues with their managers as soon as they become aware of them and to register them by submitting an ATO Integrity Register form ‘as required’. It is unclear, however, whether the form is to be submitted before or after such discussions, particularly as managers are required to promptly deal with matters raised and registration of the conflict of interest is listed as only one such option.339 Accordingly, there is a risk that managers may incorrectly advise officers not to register some conflicts of interest.

3.174 The CEI/2014/06/10 and guidance material should clearly require officers to register the conflicts of interest, using ATO Integrity Register Forms, as soon as they become aware of them. The contents of the forms would then become the basis for the discussion with their managers. The forms can be updated after the discussions to reflect the action to be taken to address the conflicts of interest. Such an approach will assist in normalising a practice which fosters positive disclosure and increase transparency on the ATO’s management of an important corruption risk.

Management of disclosed conflicts

3.175 While the guidance document currently describes the options available to decision makers to manage conflicts of interest that have been raised with them, it provides limited details on factors that should be considered in choosing the most appropriate option. The decision makers should be required to consider factors such as:

Types of conflicts

3.176 As noted above, the guidance document defines the different categories of conflicts of interest, namely ‘real’, ‘perceived’ or ‘potential’ conflicts of interest. However, there is some inconsistent use of these terms and introduction of new terms. For example, in relation to separation arrangements, officers are required to notify as soon as they become aware that the role they will be taking in the private sector may give rise to ‘possible’ conflicts of interest. However, ‘possible’ conflicts of interest is not defined in the guidance material and it may be better to use the defined term, ‘potential’. Another example is in the context of personal relationships where officers are asked to notify ‘even if the conflict is only perceived’, which could also result in officers forming the impression that this requirement indirectly excludes ‘potential’ conflicts of interest.

3.177 Inconsistencies such as those above increase ambiguity and may result in an increased risk of non-compliance.

‘Should’ or ‘must’?

3.178 Throughout the guidance document, the use of the word ‘should’ and ‘must’ introduces some uncertainty as to whether some actions are mandatory or an aspiration. For instance, example 1 in the guidance document states that if an officer, in the mining and energy segment of the PGI business line, has a shareholding in a mining company, they should report it via the ATO Integrity Register Form. Similarly, in example 8, it is stated that if an officer has a conflict of interest due to being on a procurement panel and is related to one of the tenderers before the panel, they should discuss the situation with their manager. By contrast, examples 3 and 4 state that officers must disclose their relationships via the ATO Integrity Register Form.

3.179 It should be noted that some guidance provided by other Commonwealth agencies do make a clear distinction between the use of such words. For example, the AGD’s Protective Security ‘Personnel Security Guidelines’340 makes a specific distinction between the use of the phrase ‘need to’ (as a mandatory requirement) and ‘should’ (as better practice).

The test to apply

3.180 As noted above, a key test for officers to determine the existence of a conflict of interest is ‘whether an impartial observer would reasonably question if your financial or personal interests might influence the way you behave and the way you carry out your duties’. However, the guidance given to managers asks them to ‘first establish whether or not a conflict of interest exists’ with no reference to the impartial observer test. Such language may lead managers to regard themselves as the impartial observer in applying the test.

Personal interests arising from previous opinions

3.181 The guidance document does not refer to conflicts of interest which may arise where officers could be perceived to be prejudiced or biased because of their previous involvement or opinion.341 For example, an officer may have conflicts of interest when they internally review a decision in which they had been previously involved.

Information other than that related to the taxpayer

3.182 The CEI/2014/06/10 and the accompanying guidance material alert officers to certain issues which, whilst not strictly amounting to conflicts of interest, are closely related integrity issues. These include issues that arise from contact with known criminals. However, other closely related issues, such as inadvertently disclosing sensitive ATO information in family or social settings, are not mentioned. For instance, examples two, three and four discuss conflict of interest issues that may arise in family settings. However, no mention is made about the need to ensure sensitive ATO information, such as thresholds for compliance activities, are kept confidential at all times.

Movement of personnel between the ATO and the private sector

3.183 There are benefits in the recent increase in the movement of personnel between the ATO and the private sector as it has facilitated the sharing of skills, experience and information.342 However, it has also resulted in greater risk of conflicts of interest arising from prior relationships and expressed views.

3.184 Once private sector personnel join the ATO, they are required to follow CEI 2014/06/10 and the accompanying guidance material to avoid or declare conflicts of interest — including conflicts which arise from previous employment or relationships. Officers who intend to leave the ATO and join the private sector are required to disclose any conflicts of interest that may arise in their new role as soon as they become aware of it. There are, however, no examples in the guidance to assist the reader. It is possible that this type of conflict of interest may not be well understood by all staff as an examination of the ATO’s central conflicts of interest register reveals that no such disclosures have been made.343 Accordingly, the ATO should consider including examples of this type of conflict of interest.

3.185 Where officers disclose conflicts of interest in connection with starting a new role in the private sector, the guidance document sets out some of the possible treatment strategies available, including approval of leave until the new appointment commences or not working through the notice period. These strategies can be further bolstered by subjecting such officers to a period of ‘gardening leave’ or a ‘cooling off period’ before they commence their new employment. This approach is adopted by many overseas government agencies.344 The ATO does not currently include provisions in its standard employment contracts which could facilitate such an approach. The IGT believes that the ATO should explore whether these provisions could be practically enforced in the Australian context and, if so, include them in new employment contracts. Alternatively, legislation to impose post-employment conditions on ATO officers could be considered as is the case in the United States (US) with ex-IRS officers.345 However, the benefits of doing so should be balanced against the impact on flow of skills, experience and information between the APS and private sectors.346

3.186 Once an officer has left the ATO and began their new employment, they may seek to use prior relationships with ATO staff as a means of influencing ATO decision-making or obtaining information to assist them in their new employment. The guidance document makes it clear that former officers are prohibited from doing so. However, it would be difficult to monitor and enforce as demonstrated by recent media coverage of CRA’s experience in this area.347 It seems, therefore, that the enforcement of such prohibition relies on current ATO officers disclosing approaches made by their ex-colleagues. Currently, there is no requirement for officers to disclose these approaches unless, in their view, they amount to conflicts of interest. In the IGT’s view, officers should be required to report any such approaches to improve the ATO’s visibility of these risks.

3.187 Once approaches from ex-officers have been identified and their attempts to influence or obtain information have been prevented, the ATO may be able to refer them to professional bodies or industry associations to which they belong for any relevant disciplinary action.

3.188 Ex-ATO officers may also have had access to important information, for example, thresholds for commencing compliance activity which could be used to design undetectable non-compliant arrangements. In such a case, it could be argued that the ATO should ‘change the locks’ or regularly change the thresholds to address the risk of a former officer disclosing confidential information about how the ATO operates to their new employers. However, the ATO’s internal thresholds are based on their analyses of risk and changing these thresholds may affect the ATO’s compliance results and cause inconsistencies. It would be more appropriate to remind ATO officers that the ATO could take criminal action348 for any disclosure and/or civil action for use of its intellectual property.

Communication strategies

3.189 It is critical that the updated CEI/2014/06/10 and accompanying document are actively promoted and endorsed by the Commissioners and other senior executives. The ATO has already issued circulars and other existing materials such as a video on conflicts of interest. However, the IGT believes that more can be done to increase staff’s awareness and compliance. For example, the video can be updated to begin with a message from the Commissioner on the importance of managing conflicts of interest and to promote an organisational culture that emphasises transparency and integrity.

Annual declarations

3.190 As noted above, SES officers and other officers in high risk roles are required to submit annual declarations detailing their personal and financial interests. They are also required to make these declarations even where there is no change or where there is nothing to declare (i.e. ‘nil declarations’). Such regular disclosures would assist in increasing staff acceptance of the instructions by establishing a habit of positive disclosure.

3.191 Whilst it may be disproportionate to require all ATO officers to complete a form detailing their personal and financial interests, the ATO can use the Security Health Check. As mentioned earlier, it was piloted last year and is to be rolled out annually. During this process, officers could be asked by their managers to confirm that they have complied with CEI 2014/06/10 and that all required disclosures have been captured in lodged ATO Integrity Register Forms. It is acknowledged, however, that the Security Health Check currently only applies to officers who hold a security clearance. The ATO may consider using another existing annual process that applies to all officers, or using the annual process described in recommendation 3.1(d) in this report.

3.192 Such a process would also provide the FPII unit with intelligence concerning staff attitudes towards conflicts of interest that could be used in their broader work of detecting integrity issues.

Verifying ATO officers’ compliance

3.193 Other than providing adequate guidance to ATO officers and raising awareness of their conflict of interest obligations, the IGT considers that a healthy conflict of interest system would also seek to regularly analyse the declared conflicts on the central register.

3.194 The ATO September 2017 Report indicates that ‘timely periodic reviews to ensure ongoing completeness and accuracy of the register, and to identify broader themes for dissemination and response’ would be undertaken.349 It is unclear as to whether these periodic reviews have commenced. The IGT is of the view that they should also examine the actions taken to address the declared conflicts and ensure that those actions were appropriate. For example, a decision maker may have come to the conclusion that it was not necessary to separate a husband and wife from working in the same team because they did not have any supervisory or line responsibility over each other. However, upon review, it may be discovered that due to the rankings of the officers involved, the closeness of their relationship and the nature of their work, the initial decision maker had not made the correct decision. By allowing a second pair of eyes to examine the conflict, the ATO gains the ability to rectify any errors that had been made as well as identifying trends.

3.195 The periodic review of the central register may also identify particular issues such as the underreporting of certain types of conflicts. For example, if the ATO had identified that there were zero instances of ATO officers reporting potential conflicts associated with exiting the organisation, they may have come to the conclusion that this type of conflict was not well understood by its officers and taken steps to address the issue.

3.196 The IGT believes that the periodic reviews could also verify the accuracy of conflicts of interest disclosed on the register. However, to do so, the ATO would need to acquire more information, personal and financial, about its officers. While it does not have the necessary information at present, as mentioned previously, there are opportunities to obtain it. For example, the recruitment process could be used to capture information from new employees about any pre-existing relationships that they may have with other ATO officers. There is also an opportunity for the ATO to acquire information from its HR area and its managers about officers who are leaving the organisation. The ATO could then use such information to verify if conflicts are being adequately disclosed and managed.

3.197 The ATO could consider the pilot being conducted by HMRC in the United Kingdom (UK) which is analysing the shareholdings and directorships of staff and their families as a means to detect conflicts of interest.

3.198 The IGT also considers that the periodic review of the register should be undertaken by officers in units such as FPII because they already have the expertise and deal with other related matters.

Conflicts of interest in recruitment

3.199 In relation to concerns that have been raised with the IGT concerning the potential for conflicts of interest in the SES recruitment processes, the APS Commissioner’s Directions require the involvement of the APS Commissioner or his representative on the selection panel for any recruitment of SES officers. Such measures help to maintain a level of independence in the process, which would help address perceptions of favouritism in the recruitment of private sector practitioners to SES positions. In addition, the CEI provides a basis for the ATO to take disciplinary action if ATO officers who participate in such activities do not adequately disclose any conflicts of interest. The conflicts of interest guidance document also provides an illustrative example of how a selection panel member is expected to behave should they discover that they have a pre-existing relationship with an applicant.

3.200 Conflicts of interest may also arise where a person who is hired as a consultant has a relationship with those involved in the procurement process. As noted above, CEI 2014/06/10 continues to apply in such situations. Persons involved in a procurement process must disclose their conflict of interest through the ATO Integrity Register Form. In addition to the above controls, the procurement process also has similar controls.350

3.201 The above safeguards seem to adequately deal with the concerns about the potential for inappropriate recruitment practices as collusion amongst multiple personnel and members of the selection panel would be required in order to circumvent them. Nevertheless, such concerns persist as indicated by submissions to this review. The IGT is of the view that where any such allegations are raised they may be best addressed through specific complaints to the IGT or referrals to the FPII unit.

Recommendation 3.4

The IGT recommends that the ATO:

  1. update its conflict of interest guidance document to clarify ambiguities and provide further explanation, including practical examples, as well as require officers to register their conflicts of interest as soon as they become aware of them;
  2. bolster its processes for ensuring that former colleagues of current ATO officers do not obtain information or exert influence by virtue of their previous associations;
  3. improve awareness and compliance with its conflict of interest polices and guidance including through its active promotion by the Commissioners and other senior executives;
  4. conduct periodic reviews on the central conflicts of interest register to identify trends, verify the accuracy of the declared information as well as ensure that the appropriate management actions have been taken to address the conflict; and
  5. seek ways to capture and analyse information for detecting undeclared conflicts of interest as part of some its existing checks as well as from other sources.

ATO RESPONSE

  1. Agree

    Enhancements to the Conflict of Interest Chief Executive Instruction and guidance material have been completed. The ATO will consider the report’s findings to determine if further enhancements are required.

  2. Implemented
  3. Implemented
  4. Agree

    The central conflict of interest register is monitored and reviewed in line with the recommendation. However, further work will be undertaken to mature these processes.

  5. Agree

    The ATO regularly analyses registers and declarations, and use data mining activities to detect undisclosed conflicts of interest. Further work will be undertaken to mature these processes.

Controls in relation to senior officers’ intervention in cases

3.202 It is important for organisations to have clear and unambiguous lines of reporting which set out roles, responsibilities and lines of authority of all officers, including procedures for managing the escalation of concerns from those outside of the organisation. In this regard, the manner in which ATO senior officers intervene or become involved in operational matters upon the request of taxpayers or their representatives has to be clearly defined and transparent so as not to give rise to perceptions of undue influence, or at worse, suspicions of corruption.

Stakeholder concerns

3.203 Some stakeholders have raised concerns that certain taxpayers may have received favourable treatment in ATO audits, rulings or disputes after the taxpayer’s representative had directly contacted a more senior officer with whom they had a pre-existing relationship. These concerns relate to current ATO officers being contacted by their former colleagues in the private sector particularly in the light of more recent recruitment of external candidates for senior ATO roles.

3.204 Whilst there is general agreement that the ability to escalate matters to senior officers is a valuable check on the work of more junior officers and for raising broader issues, there is concern about a lack of transparency in how those escalations are managed. In submissions to the review, some ATO officers have cited circumstances where failure to transparently record or communicate the nature of interactions between senior officers and taxpayers or their representatives have given rise to perceptions of inappropriate and undue influence.

Relevant materials

3.205 Whilst senior officers, such as SES officers, are involved in managing the strategic direction of the ATO, they may also become involved in operational matters.

3.206 SES officers may generally become involved in cases in one of three ways. First, they may have involvement at the outset in cases which involve taxpayers that are considered to be ‘high impact’ due to their volume of tax revenue or market influence. For example, if one of the top 30 largest Australian taxpayers is the subject of an ATO audit, an SES officer will attend the initial meeting with the taxpayer to discuss the audit management plan and attempt to obtain a mutual commitment to the timely completion of the audit.351

3.207 Secondly, SES officers may become involved in cases as a result of internal processes which bring cases to their attention. For example, cases which reveal a heightened importance, sensitivity or complexity may be brought to the attention of senior officers for discussion in the ATO’s internal forums and committees.352

3.208 Thirdly, SES officers may become involved in cases as a result of taxpayers or their representatives directly contacting them or seeking intervention. The Commissioner has indicated that such direct contact occurs frequently.353

3.209 The ATO has confirmed that it does not have specific guidance regarding senior officer intervention. They are expected to comply with the ATO’s broader policies governing conduct, such as the Taxpayers’ Charter, ATO CEIs and APS Code of Conduct.354 As mentioned earlier, pursuant to CEI 2014/06/10, ATO officers are required to take reasonable steps to identify and disclose conflicts of interest so that they can be appropriately managed. For example, if a senior officer has a pre-existing relationship with the person who is seeking assistance, the senior officer would be expected to disclose the conflict of interest.

3.210 CEI 2014/01/01, on Records Management, requires ATO officers to also adhere to business processes and system instructions to create full and accurate digital records of their ATO activities, including decisions and actions.355 As part of the records management requirements, all ATO officers involved in active compliance cases, including SES officers356, are required to keep contemporaneous records on the relevant file in the ATO case management system (‘Siebel notes’).357 The ATO guidelines state that ‘effective notes’ are important as they support ‘active case management’, provide ‘a sequence of events’, can be ‘relied upon in case review [… to] meet accountability requirements’ and demonstrate transparency.358

3.211 Every time staff interact with a taxpayer, take action or make any decision, they are required to record such events in Siebel notes.359 If such contact is ‘meaningful’ and results in an outcome, the guidelines require ATO officers to make Siebel notes, at a minimum of, the following:

3.212 Similarly, Siebel notes are required to be kept for all internal communications and decisions made regarding the case.361

3.213 The ATO has provided records which confirm that since January 2013, 341 Siebel notes have been recorded by six different SES officers in total, with 330 of these notes having been made by one particular SES officer. Only one of these Siebel notes documents communication with a taxpayer. All but one of the 341 Siebel notes was recorded in 2013 and 2014.362

3.214 ATO senior management have advised that ‘[w]here an SES officer does not have access to the Siebel case management system, the case officer is responsible for ensuring that the relevant records are attached to the Seibel file”. They have also advised that other SES officer interactions and decisions may have been recorded separately in forms other than Siebel notes, such as within e-mails sent to case officers. However, they acknowledged it would be impractical to assure that all externals’ contact with the SES officers had been documented and attached to the case files.363

IGT observations

3.215 The IGT is of the view that taxpayers should have an avenue of escalation when they encounter difficulties in their dealings with the ATO. However, there is a need for transparency and appropriate controls for such escalation to prevent actual or perceived undue influence by relevant senior officers in individual matters.

3.216 There are a number of options to manage requests for escalation, including senior officer intervention. One option is to prohibit such officers from becoming involved in the matter at all, even if they are the responsible officer for the area. In the US, senior officers in the IRS are only privy to high level information and generally do not have any direct involvement in individual cases. When senior IRS officers are approached for their involvement, they encourage taxpayers to raise and resolve their concerns with the manager of the relevant case officers directly. The CRA in Canada has a similar approach. It is noted, however, that there are structural differences between the Australian and the US tax administration such as the separate appeals area in the US.364 Whilst prohibiting senior officer intervention in individual cases may reduce the risk of inappropriate interference, it may also prevent earlier resolution of disputes.

3.217 Another option is to allow senior officers who are responsible for the relevant area to intervene in cases, in a limited capacity, for example to address procedural fairness concerns, ensure staff conduct is appropriate and provide assurance that decisions have been made in accordance with the relevant policies. Importantly, substantive issues would be required to be resolved through a separate merits review or other dispute resolution process such internal review365. This approach would minimise perceptions that senior officers intervene in cases to influence decisions on substantive issues and may assist to empower more junior case officers to resolve the concerns raised.366

3.218 Currently, taxpayers may seek to resolve their difficulties with the ATO through the free service offered via the office of the IGT, as the taxation ombudsman, which is an important safety valve for the administration of the tax system, including the provision of a right of access for more vulnerable taxpayers such as small business and individuals.

3.219 A further alternative option may be to limit senior officer intervention to clearly defined situations, which are set out in written policy, and require the intervening officer to personally document all actions taken as well as explain any substantive changes to the original decision maker. Such an approach would promote full transparency and accountability of such interventions as well as operate as an integrity safeguard against actual or perceived undue influence being exerted by the relevant senior officer. Furthermore, disputes may be resolved more promptly through such an approach and promote more consistent decision-making as well as provide junior staff with valuable on-the-job training in a manner that reduces any sense of disempowerment.

3.220 Importantly, where senior officers receive requests for escalation or intervention in relation to areas outside of their responsibility, it would be mandatory to refer such matters to the responsible SES officer in the relevant area as well as personally document the initiating request that they had received and the subsequent referral.

3.221 The IGT believes that the last alternative canvassed above strikes an appropriate balance between resolving disputes at the earliest opportunity and ensuring the requisite degree of transparency and integrity safeguard. Should concerns persist after this option is implemented, it may be necessary to consider other alternatives such as those adopted by the IRS.

3.222 The ATO’s general record keeping requirements outlined earlier are an important first step in the process. However, as mentioned earlier, the ATO’s records show that these requirements are not being followed, i.e. SES officers’ interaction are not documented in Siebel notes. The ATO has advised that such interactions may be documented in emails attached to the case file but it cannot provide assurance that all such interactions have been documented in this manner. Accordingly, the requisite degree of transparency, integrity and accessibility, as discussed above, requires improvement.

3.223 The IGT is of the view that the record keeping rules must ensure intervention by senior officers in cases is always recorded in a centralised case management system and personally documented in a form which is easily accessible for verification. Importantly, such documentation should include details of the senior officers’ contact with the relevant taxpayers and ATO case officers as well as the details of the decisions made, supporting reasons, resulting outcomes and briefing provided to the relevant case officers by way of feedback loop.

Recommendation 3.5

The IGT recommends the ATO improve the policies regarding senior officer intervention by:

  1. specifying the circumstances in which senior officers are authorised to intervene in individual matters;
  2. where senior officers receive requests to intervene in matters outside their area of responsibility, requiring such requests to be transferred to their counterpart in the relevant area;
  3. requiring intervening officers to document the initial request and all subsequent actions, including the details of decisions made, supporting reasons and resulting outcomes as well as briefings provided to the original decision maker on a single centralised system and in a form which is transparent and easily accessible; and
  4. periodically reviewing senior officers’ compliance with such policies.

ATO RESPONSE

  1. Agree
  2. Agree
  3. Agree

    The ATO agrees that changes can be made to our existing records management approaches to make the documenting and recording of intervention requests more transparent and easily accessible to all ATO stakeholders in a case. The ATO will do so in a way that seeks to prevent duplication of effort and the imposition of undue process. As a matter of principle, the ATO considers it is critical that its senior officers maintain an open and healthy engagement with our clients and other participants in the tax system. This is central to putting our clients at the centre of everything we do.

  4. Agree

Controls in relation to settlements

3.224 The settlement process is a necessary and important feature of the Australian tax administration system, enabling taxpayers and the ATO to negotiate and resolve their disputes in a cost-effective manner without resorting to litigation. However, appropriate management, accountability and transparency of the settlement process are essential to preserve the integrity of the tax system and to maintain community confidence.367

3.225 It is acknowledged that, in some cases, it may be appropriate to proceed to litigation, particularly where there may be a public interest in clarifying uncertainties in the law.368

Stakeholder concerns

3.226 Stakeholders believe that as settlements involve the exercise of discretionary powers, it is important that there are clear guidelines to ensure ATO officers settle disputes on appropriate terms. They are particularly concerned that the current Code of Settlement is too brief and lacks some important guidance that was previously included.

3.227 Stakeholders were also of the view that the confidential nature of settlements could result in unreasonably favourable settlement terms being hidden from scrutiny. Some believed that more transparency was required as an integrity measure. Parallels were drawn with the private ruling system, where details about the ruling, redacted of identifying information, is published in the ATO’s Register of Private Rulings (on its website).

Relevant materials

3.228 The ATO’s guidance on settlements, Code of Settlement Practice, has been publicly available since 1999. Most recently, it was reviewed and updated in October 2014. It is much shorter and is only two pages in length now with an accompanying 16-page document, entitled Practical Guidance to the ATO Code of Settlement which includes examples of settlements and four model settlement deed templates.369

3.229 As part of the settlement assurance process, the ATO designed and trialled a process between July to October 2015 with the aim of providing the community with a level of confidence that its settlements with large and multinational taxpayers were a ‘fair and reasonable outcome for the Australian community’. This process is referred to as the Independent Assurance of Settlements or ‘IAS’.370

3.230 The above assurance process was piloted in consultation with The Honourable Justice Garry Downes who is a retired Federal Court judge and former President of the Administrative Appeals Tribunal (AAT). Following the pilot, the ATO amended its settlement documentation templates and implemented the IAS process from February 2017.371 The IAS uses a panel of three retired Federal Court judges to annually review 10 to 12 settlement cases that have already been finalised. The assurers review separate cases independently of each other. Case officers are made available should the assurers have questions for them.

3.231 The ATO has published the outcomes of the IAS in its 2016–17 Annual Report:

In 2016–17, the assurers have completed reviews of five settlements as part of the independent assurance of settlements process. They concluded that the ATO’s treatment of these were a fair and reasonable outcome for the Australian community.372

3.232 The reports issued by the IAS assurers are provided to the relevant Deputy Commissioners and Assistant Commissioners. The reports are also discussed at a fortnightly meeting of three Assistant Commissioners from the PGI, PGH and Review and Dispute Resolution (RDR) business lines, known as the Triumvirate meetings.373

3.233 The assurance reports for the first three cases were shared with settlement teams in debrief sessions in July 2017 and reports for the fourth to sixth assured cases were shared in October 2017. As at December 2017, the ATO is in the process of collating the learnings and feedback from the IAS and has not yet progressed to implementing the identified improvements.374

3.234 In addition to the recently implemented IAS process, the ATO has a range of measures to govern the use of settlements, which vary between business lines. For example, whilst all SES officers have a delegation to make a settlement decision, some business lines, such as PGH, Small Business (SB), Individuals, Indirect Taxes (ITX), Superannuation and RDR, also provide settlement authorisation to EL2 officers. In the PGI business line, only SES officers have the delegation to make a settlement decision.

3.235 Furthermore, with the exception of PGI375 and RDR, all business lines are required to refer settlement matters to a settlement panel. These panels may provide advice or parameters within which the settlement decision maker may settle.376

3.236 The ATO publishes high level details of its settlement activities in its Annual Reports. The ATO’s 2016–17 Annual Report contains information about the numbers of settlements and the variances, both broken down by stage in the compliance activity and by market segment.

3.237 Table 3.5 below illustrates how the detail of settlement activities published by the ATO has changed in the last five financial years.

Table 3.5: Details of settlement activities reported by the ATO by financial year

Annual Report year

Details reported by the ATO

2016–17 Numbers of settlements and dollar variances broken down by stage at which settlement occurred (pre-audit, audit, objection, etc.), market segment and client group.
2015–16 Total number of settlements only.
2014–15 Numbers of settlements broken down by stage. Numbers of settlements and dollar variances broken down by market segment.
2013–14 Percentage of settlements (numbers can be inferred) broken down by stage. Numbers of settlements and dollar variance broken down by market segment.
2012–13 Numbers of settlements and dollar variance broken down by market segment.

Source: ATO Annual Reports

3.238 As indicated by Table 3.5 above, the most recent 2016–17 Annual Report contains more details about its settlement activities than it had in previous years.

International comparison

3.239 In his 2017 performance audit377 into the ATO’s use of settlements, the Auditor-General found that the ATO publishes more details of settlement activities than the revenue agencies of the UK, US and New Zealand— refer to Table 3.6 below.

Table 3.6: Extract from ANAO performance audit of ATO settlements

Reporting

Australia

United Kingdom

United States

New Zealand

Public reporting of settlement numbers Yes No Yes No
Public reporting of settlement amounts Yes No Yes No
Public reporting of settlements by market segment Yes No No No

Source: ANAO’s Performance Audit on the Australian Taxation Office’s Use of Settlements (2017–18)

3.240 In the UK, HMRC employees can only make decisions about settlements after they have considered the rules and policies outlined in HMRC’s litigation and settlement strategy — a detailed 41-page document that not only outlines the settlement principles but also clearly describes various scenarios where HMRC will not consider settlement as an option. For example, the document specifically states where ‘there are only two possible outcomes consistent with the law, HMRC will not accept any out of court resolution which splits the difference’.378

3.241 Further governance and assurance processes are in place to ensure that HMRC’s settlements comply with the litigation and settlement strategy. In addition to checks undertaken by the authorising officer, both HMRC’s central review teams and its internal audit area will review a sample of around 400 settlement cases annually and report their findings to the Tax Assurance Commissioner. The findings from these reviews are then published in HMRC’s Annual Report to ensure transparency.379 Through these controls, HMRC seeks to provide assurance that there is no element of favouritism in its settlement decisions and in doing so combats the perception of ‘sweetheart deals.’

3.242 In addition, HMRC’s Annual Report contains information about its internal annual review of governance in settlements. It details weaknesses discovered in the review (such as absence of audit trails, authorisations at the wrong level, incorrect figures entered into IT systems and delays) as well as improvements it is undertaking to address those weaknesses.380

Past reviews

3.243 The ATO’s use of settlements has been the subject of prior scrutiny. In 2009, the IGT’s Review into aspects of the Tax Office’s settlement of active compliance activities381 made recommendations to improve the administration of settlements including transparency and integrity aspects.

3.244 The IGT conducted two subsequent reviews, Review into the Australian Taxation Office’s use of early and alternative dispute resolution382 and The Management of Tax Disputes383 which examined aspects of settlements. In particular, in the latter review, the IGT recommended to Government that the ATO create a dedicated Appeals Group, separate from its compliance and legal advisory functions, to manage and resolve disputes. This sought to provide the highest level of independence and facilitate a fresh and impartial review of taxpayers’ cases whilst ensuring that any settlements are adequately scrutinised and in the best interest of the community.

3.245 As mentioned earlier, the ANAO recently completed a performance audit into the ATO’s use of settlements and found that the ATO effectively uses settlements to resolve disputes with taxpayers and that those settlements have generally been concluded in line with its policies and procedures. The ANAO made three recommendations to the ATO, with which the ATO agreed, in relation to a review of its ‘pre-settlement assurance’ mechanisms across business lines, incorporating future compliance obligations as part of settlement terms and for the recordkeeping obligations to be enforced.384

IGT observations

3.246 As noted earlier, the ANAO very recently conducted an audit of the ATO’s settlement practices and found them to be effective with some recommendations for improvement with which the ATO has agreed. Given this ANAO report and time needed for the ATO to implement the resulting recommendations, the IGT is of the view that there is little utility in a re-examination at this time, particularly in the light of his own previous reviews and recommendations on this topic. However, the ATO could provide more public information about its IAS process such as improvement opportunities that have been identified and work undertaken to implement them.

Recommendation 3.6

The IGT recommends that the ATO publish more information about its Independent Assurance of Settlements process such as identified improvement opportunities and work undertaken to implement them.

ATO RESPONSE

Agree

Controls in relation to letters of comfort

3.247 In a self-assessment system, taxpayers are responsible for correctly applying the law to their circumstances.385 Due to complexity, however, taxpayers may seek advice from their own advisers or from the ATO. In its advisory role, the ATO may provide advice with different levels of protection for taxpayers including private rulings which are binding on the ATO. The ATO may also provide less formal non-binding advice about a range of matters. One example of such advice is a ‘letter of comfort’.

Stakeholder concerns

3.248 Stakeholders have raised a number of concerns that when approaching the ATO to obtain private rulings, they have been offered letters of comfort instead. The reason provided by the ATO has been that, in the timeframe within which such advice was required, it was more feasible to issue letters of comfort as the private ruling process is more rigorous involving peer reviews and various approvals.

3.249 In addition to the concerns of a lack of certainty associated with letters of comfort, in the context of this review, stakeholders have questioned whether the less rigorous process for issuing these products exposes the ATO to integrity risks. In particular, they have mentioned that all private rulings appear on a public register and can be viewed by all whereas this is not the case with letters of comfort.

Relevant materials

3.250 The ATO issues a range of correspondence which may be considered as letters of comfort.

3.251 The first type of letter of comfort issued by the ATO is sent to large numbers of taxpayers to inform them that the ATO considers their tax position be ‘low risk’ according to its risk rating system as part of its ‘Certainty Project’. This Project covers a range of specific business lines and its overall goal is to provide certainty to taxpayers that their income tax returns for a particular year would not be audited.

3.252 The ATO’s Individuals business line issued 504,907 letters of comfort in the 2015–16 financial year and 500,582 in the 2016–17 financial year. However, this business line has decided to discontinue this practice and will not issue any such letters for the 2017–18 financial year.386

3.253 The PGH business line had been sending two different types of letters of comfort. The first type was the Income Tax Assurance Notification (ITAN) which are issued to taxpayers regarded as lower risk:

The ITAN is an acknowledgement (a ‘thank you’) for our lower risk clients for doing the right thing. It is also to provide encouragement to continue to engage early with the ATO and acknowledge that we appreciate their efforts in managing their tax affairs.387

3.254 The second type was the Income Tax Profile (ITP) which was issued to a range of taxpayers, who had been classified as medium risk, with the aim of encouraging them to address ATO concerns and engage early with the ATO or their tax agent.388

3.255 Over the 2014–15 and 2015–16 financial years, the PGH business line had issued more than 68,000 ITANs and 8,400 ITPs. It has since decided to stop issuing ITANs and ITP notices in bulk. However, PGH compliance officers may generate an ITP on demand as a tool to assist in their interactions with taxpayers.389

3.256 The ATO’s ITX business line had also conducted a pilot in April 2016 involving the issuance of 2,090 Tax Assurance Notifications to PGH taxpayers that consisted of a consolidated certainty letter covering income tax and GST from the PGH and ITX business lines’ perspectives respectively.

3.257 The ITX business line had also issued approximately 5,500 GST Assurance Notices which were notification letters providing comfort in relation to GST aspects of the March 2016 quarterly BAS. This has also been discontinued due to difficulties in accurately identifying the risk rating of taxpayers promptly.390

3.258 The ATO’s internal research for all the projects had indicated that whilst certainty was a valuable objective for taxpayers and the provision of it desirable for the tax system, it was unclear whether issuing unsolicited notifications was the most effective way to provide certainty.391

3.259 The second type of letter of comfort is issued in response to taxpayers’ requests, seeking confirmation that their tax treatment of a particular transaction is compliant. Alternatively, the request may arise where the ATO has concluded compliance activity, for example a review or audit, and the ATO has not made an adjustment. In such cases, some taxpayers may seek more formal confirmation that the transaction need not be reviewed or audited in the future, especially where such transactions are ongoing.

3.260 ATO officers are required to follow certain procedures depending on the type of compliance activity, such as audits or reviews that they are conducting. At the conclusion of such activity, finalisation letters are generally approved by the case officer’s manager. For example, procedures for PGH and PGI standard audits and standard risk reviews392 make a distinction between a case owner (i.e. the case officer) and the case approver (i.e. the case officer’s manager). Case officers must obtain the approval of the case approver before the case outcomes can be communicated to the taxpayer.

3.261 Taxpayers may also request letters of comfort unconnected with any compliance activity. In response, the PGI business line can use a product called a ‘Tailored Compliance Engagement’ (TCE) letter which:

…generally convey[s] our risk assessment [at a point in time] of the tax risks associated with a prospective or a recently implemented arrangement or transaction, and outlines our compliance approach. It [is] … designed to provide taxpayers with the opportunity and incentive to seek early engagement on potential areas of compliance risk and attempts to balance the tension between timeliness vs absolute certainty.

While this approach does not have the legally binding effect of a ruling, the ATO will stand by the compliance assurance provided for the outlined arrangement as long as there are no changes in the law, client’s circumstances [or] disclosed facts.393

3.262 Training material for the TCE letter indicates that the ATO should not use a TCE letter where the taxpayer has requested a private ruling even where the private ruling would take a long time.394 This TCE product is saved within the Siebel system. Since the introduction of TCE letters in early 2016, the ATO has received 95 requests from taxpayers.395

3.263 The procedures that case officers must follow when authoring a TCE letter are located in the same place as the procedures for more common ATO compliance products such as risk reviews and audits. The procedures for TCE letters indicate that, not only must the case be approved by a case approver (similar to the abovementioned products), but the case officer must also obtain SES officer sign-off before it can be sent to the case approver.396

IGT observations

3.264 Generally, taxpayers desire certainty and timeliness with respect to their tax affairs and interactions with the ATO. The ATO acknowledges such need but stresses that a balance has to be struck between timeliness and certainty. A number of previous IGT reviews have made recommendations aimed at improving taxpayer certainty in a range of specific circumstances397 as well as using pilots398, randomised controlled trials399 and other forms of testing to ensure ATO processes are effective.

3.265 The ATO has acknowledged that, whilst taxpayers desire certainty, the means by which it is delivered should be subject to a regular evaluation. Having evaluated the costs and benefits of letters of comfort, it has decided to discontinue them in most instances. They have been maintained in the form of TCE letters, in the PGI business line where there are defined procedures for their issuance, including manager and SES officer approval. Such letters are also saved within the Siebel system enabling the ATO or scrutineers, such as the IGT, to review them, however, they do not appear on a public register as edited private rulings do.

3.266 The IGT acknowledges that more transparency may be required with respect to letters of comfort. However, given their current low numbers, the ATO’s existing processes in this regard and stakeholder concerns going beyond transparency issues, it may be appropriate to conduct a review covering all relevant issues at a later time if such concerns persist.

Predictive models

3.267 Another fraud prevention strategy may be to detect early signs of staff behaviours that if left unchecked may lead to fraud.

Stakeholder concerns

3.268 Stakeholders believe that the ATO could better prevent fraud and misconduct by identifying behaviours or factors which are indicative precursors to fraudulent activity (‘red flags’) and taking targeted action to address them.

3.269 Stakeholders noted that the ATO’s experience with officer misconduct would provide a guide in identifying red flags. They also suggested that the ATO should analyse information from a number of different sources within the organisation including its IT and HR areas, as well as all those who manage staff, to identify and address negative staff behaviour. Whilst such areas within the ATO would be aware of different aspects of officers’ behaviours, the ATO could draw on these sources to develop a more holistic picture of officer behaviour to proactively identify weaknesses in the ATO’s fraud prevention systems.

3.270 Stakeholders have also suggested that some reliance can be made on broader Australian and international research to identify appropriate red flags. However, the most useful red flags are those that are drawn from the ATO’s own experience.

Relevant materials

3.271 The ATO’s Fraud and Corruption Control Plan lists a range of controls including the ‘Organisational Behavioural Assessment’ (OBA), which it describes as a key measure in identifying and responding to potential insider threats.400

3.272 Since 2014, the ATO has annually produced an internal report which analyses behavioural events with the aim of identifying indicative precursors of workplace behaviour of most serious concern, including misconduct, fraud or corruption (the OBA report).401 The OBA report is primarily a report to the ATO’s ARC and is used to identify high fraud risk areas or profiles for the FPII unit to target intelligence activities and/or fraud prevention and mitigation strategies.402

3.273 In developing the OBA report, the ATO identifies data which indicates ‘intentional/volatile behaviours by employees and viewed by the organisation as contrary to its legitimate interests’. The ATO refers to these as Counterproductive Workplace Behaviours (CWBs). CWBs may affect the organisation when it takes such forms as misuse of information and resources, fraud and absenteeism, or it may be directed at individuals within the organisation, for example violence, harassment and bullying. The table below sets out examples of such behaviours.403

Table 3.7: Examples of Counterproductive Workplace Behaviours

Behaviours directed at the organisation Behaviours directed at individuals
Misuse of information and resources
Destruction of property
Theft
Fraud
Sabotage
Misuse of employee privileges
Absenteeism and tardiness
Violence
Verbal abuse
Harassment
Bullying
Disciplinary problems

Source: ATO

3.274 The ATO identifies CWBs from information traditionally held in silos by fraud and integrity, HR, security areas404 and includes the following sources:

3.275 The OBA report draws upon data from the previous calendar year and does not identify individual officers. Where specific FPII substantiated case files are examined for further detail to develop fraud profiles or typologies, these are only conducted by FPII Intelligence Analysts with a NV1 security clearance. 406

3.276 Once the data has been collected, the ATO seeks to detect correlations between that data and conducts a statistical analysis407 to determine the strength of the relationship between different types of workplace behaviours. It is noted that such correlation does not, of itself, establish a causal relationship408 and must be considered in the light of other factors. For example, sites with fewer staff may have a lower rate of reporting types of CWB compared to larger sites. It does not necessarily follow that smaller offices are a means of reducing CWB.

3.277 Once a correlation is identified, the ATO may develop a hypothesis to explain the relationship. For example, with respect to the correlation between staff numbers and the rate of CWB reporting, the ATO hypothesises that larger sites grant more anonymity to staff who report misconduct, whereas in smaller sites there are likely to be relationships between the person suspected of misconduct and the potential reporter.409

3.278 The focus of the OBA report has been to analyse the incidence and prevalence of CWBs by ATO office location or ‘site’ and to identify clusters of CWBs (‘hot spots’).410

3.279 Once the OBA report identifies a hot spot, the FPII unit conducts or recommends risk mitigation activity in that site. For example, where the analysis of survey data shows that staff in Site A are less likely to report fraud if they see it, the FPII unit may run face-to-face fraud awareness sessions in Site A, alerting people to the available channels for staff to refer matters to FPII and/or their obligations to do so.411

3.280 Where relevant, the FPII unit may also consult with the PST to assist in delivering risk mitigation strategies, or to better understand staff culture in these sites.412 One of the functions of the PST is to provide face-to-face support to managers in their relevant site. Their position would enable them to provide insight to the FPII unit about the trends or behaviours occurring.413

3.281 Once risk mitigation activity has taken place, the ATO reviews the situation to see if there have been any changes. For example, where the FPII unit has delivered face-to-face awareness sessions on site to promote a positive reporting culture, it may refer to results of subsequent surveys (such as the ATO ‘Pulse Survey’) to see if staff sentiment has changed (i.e. an increase in staff indicating they would be more willing to report wrongdoing to the FPII unit) or if there has been an increase in referrals to the FPII unit subsequent to the session being delivered.414

3.282 Since 2014, all OBA reports have provided a site-based analysis of hot spots. The 2015 OBA report included additional analysis by business line415, however, the analysis has not been included in the 2016 or 2017 OBA report ‘due to continued structural change and an inability to confidently match activity to the changing business lines’.416

3.283 The 2017 OBA report provided a number of fraud risk profiles drawn from substantiated case data over the previous five years.417

3.284 The OBA report has always been provided to the ARC418, however, the manner in which information from the OBA report has been communicated and to whom has changed over time. In 2014, information from the OBA report was also informally communicated to the ATOP business line and members of the ATO Executive in identified sites.419 OBA information was also provided in 2015 to business line Executives with a presence in identified sites420 and information from the 2016 OBA report was presented to Site Leaders of various ATO offices highlighted in that report. Snapshots at the ATO Group level were also created and disseminated on request from Group Executives.421

3.285 In 2017, the information from the OBA report was also provided to additional groups in the following manner:

IGT observations

3.286 The ATO’s OBA is based on the premise that certain behavioural events can be used as a predictive indicator of more serious misconduct, fraud or corruption. The OBA’s identification of such behavioural events is based on correlations of employee behaviours, at the group level (most commonly an ATO site).

3.287 By contrast, other organisations such as law enforcement agencies use ‘early intervention’ systems to identify individual officers whose performance exhibit concerns.423 There are a number of reasons why, in the current context, it is preferable for the ATO to adopt a site-based OBA approach rather than one focusing on individual officers.

3.288 First, the ATO does not collect the type of behavioural information at an employee level which would be useful in making accurate predictions. For example, studies by the Association of Certified Fraud Examiners (ACFE) have found that ‘living beyond means’ and ‘financial difficulties’ behaviours are exhibited by a significant percentage of perpetrators of occupational fraud.424 However, such information is not readily available from the ATO’s electronic employee record system and if the ATO sought such information it may be perceived as a breach of trust which could undermine staff morale.425

3.289 Secondly, even if the ATO could collect the information needed, it would be difficult to design prevention strategies to target an individual without raising perceptions that the employee had been ‘judged guilty’ of conduct that they had not yet engaged in. Such a prevention strategy removes the anonymity that is provided by current prevention strategies which are targeted at the group level. In any event, the ATO has a range of other prevention controls aimed at addressing unethical conduct at an individual level.426

3.290 Thirdly, any predictive models would also need to consider the influence that the officer’s colleagues and workplace have on the officer’s conduct. For example, case studies by ACLEI have shown that working in small teams can lead to the development of negative subcultures ‘where loyalty to a friendship group rather than to a set of professional standards’ prevails.427

3.291 In the IGT’s view, the ATO’s OBA is a positive initiative as it draws together information from different areas of the ATO to enable it to better understand employee behaviour at the site level. This focus on site level behaviour provides benefits over a focus at the individual level as it considers behavioural issues of groups of officers which inherently takes into account the influence of colleagues and culture at the workplace. Such a focus also appropriately allows the ATO to avoid using individual information and only relies on aggregated data.

3.292 It should be remembered, however, that any model’s reliability depends on the data used, the analysis conducted and the accuracy of its results. In this respect, the ATO has used Pearson Product Moment Correlation modelling to measure the strength of certain red flags as predictors of misconduct in the context of its own organisation and has determined that certain correlations which are found in other organisations are not evident in the ATO context. For example, whilst the ATO acknowledges the connection between low levels of employee engagement and unplanned leave428, the ATO’s OBA analysis has found little if any correlation between unplanned leave and substantiated fraud cases.429

3.293 As mentioned earlier, the OBA draws together and analyses data that has been previously isolated from each other, namely data sourced from its HR, security and internal investigation functions. Such analysis is important as the separation between information held by different areas within an organisation is considered to be one of the main organisational factors that enable insiders to act maliciously:

To fully understand the level of risk an employee poses, an organisation should be able to access information held by [HR] concerning performance and welfare issues, information held by IT about access to electronic data, and Security for physical breaches of security policies.430

3.294 For example, an employee who does not take leave or is protective of their work may simply be perceived as a performance management issue by one area within the agency, but when viewed in the context of a known associate or unexplained wealth, it may be as an indicator of corrupt behaviour.431

3.295 In the IGT’s view, the OBA allows relationships between different sources of data to be made visible and, as a result, provides the ATO with a more holistic understanding of employee behaviours. It is, therefore, an opportunity to explore the relationship between less obvious variables. This is especially the case when one considers the fact that trusted insiders are likely to avoid triggering obvious indicators of fraud or misconduct. The ATO could test other data sets such as those related to employee technology usage. For example, the OBA could compare substantiated misconduct information against use of screen capture applications or the internet.432

3.296 The ATO should take a ‘best fit’ approach to its model as the focus is on addressing agency-specific risks433 and in doing so also consider the usefulness and relevance of other red flags identified in the literature and with the information holdings the ATO may use. For example, the ATO could consider the ACFE literature which indicates ‘unusually close relationship with vendor/customer’ as a significant red flag434 and, compare existing variables against data drawn from the conflicts of interest register and FPII investigation files.

Recommendation 3.7

The IGT recommends the ATO consider incorporating, into its Organisational Behavioural Assessment process, other data sets including employees’ technology usage and conflicts of interest disclosures.

ATO RESPONSE

Implemented


171 IGT, Submission to the House of Representatives Standing Committee on Tax and Revenue, Inquiry into the External Scrutiny of the Australian Taxation Office (March 2016) p 7.

172 Above n 84.

173 Above n 7, p 115.

174 APSC, State of the Service 2012–13 (2013) p 3; Ben Packham, ‘Hiring freeze imposed on Australian Public Service’, The Australian, 31 October 2013.

175 ATO communication to the IGT, 24 November 2017.

176 ATO, ‘Chief Executive Instruction 2015/05/01 Recruitment, Selection and Mobility’ (Internal ATO document, 1 December 2016).

177 ATO, ‘Chief Executive Instruction 2014/06/07 Security’ (Internal ATO document, 31 March 2015) pp 1–2.

178 ATO communication to the IGT, 12 October 2017.

179 Note that on 26 August 2017 the ATO migrated the People Issue Escalation System database to a new case management database called ‘People Connect’.

180 ATO communication to the IGT, 12 October 2017; ‘Standard external recruitment template: information flow’ (Internal ATO document, undated).

181 ATO communication to the IGT, 24 November 2017.

182 ATO, ‘Referee reports’ (Internal ATO document, 24 November 2017).

183 ATO communication to the IGT, 24 November 2017; ATO, ‘Selection Committee Report template’ (Internal ATO document, January 2017).

184 ATO, ‘Standard external recruitment template: information flow’ (Internal ATO document, undated).

185 ATO, ‘Pre-engagement integrity check’ (ATO intranet, 24 October 2017).

186 Transfer between agencies pursuant to section 26 of the Public Service Act 1999.

187 Above n 185.

188 AGD, Information security management guidelines – Australian Government security classification system (2015).

189 Above n 185.

190 A conviction is ‘spent’ under subsection 85ZM(2) of the Crimes Act 1914 if ‘the person has been granted a pardon for a reason other than that the person was wrongly convicted of the offence’ or ‘the person was not sentenced to imprisonment for the offence for more than 30 months and the waiting period’ (i.e. 10 years since the date of conviction or 5 years for juvenile offenders: Crimes Act 1914 s 85ZL) for the offence has ended.

191 The address history is checked through proof of identity documents provided by the candidate such as their driver’s licence and bank statements.

192 Above n 185.

193 ATO communication to the IGT, 24 January 2018.

194 ATO, ‘Enhanced checks’ (Internal ATO document, undated).

195 ATO communication to the IGT, 12 October 2017.

196 ATO, ‘Fraud and Corruption Control – Exemptions/exceptions to Pre-Engagement Integrity Checks’ (Internal ATO document, submitted to the ARC on 23 March 2017).

197 Above n 185.

198 Above n 196.

199 ibid.

200 Above n 185.

201 ATO communication to the IGT, 12 October 2017.

202 ibid.; ATO, ‘Integrity checks’ (Internal ATO document, undated).

203 ATO, ‘ATO pre-engagement documentation’ (Internal ATO documentation, 4 April 2012).

204 Security classified information is information, the unauthorised release of which, could cause damage to the National Interest, organisations and/or individuals: see, above n 188.

205 Department of Defence, ‘Clearance Subject FAQs’ <www.defence.gov.au>.

206 AGD, Personnel security guidelines – Vetting Practices (2017) p 20.

207 ibid.

208 ibid.

209 Department of Defence, ‘Maintaining your clearance’ <www.defence.gov.au>.

210 AGD, Australian Government Personnel Security Protocol (2017) p 16.

211 Above n 11, pp 3 and 7.

212 ATO, ‘ATO Office Minute’ (Internal ATO document, 26 September 2017).

213 AGD, Protective Security Policy Framework, (9 May 2016) PERSEC 3.

214 ATO, ‘Security checks for positions’ (Internal ATO document, 29 November 2016).

215 ATO communication to the IGT, 12 October 2017.

216 ibid.

217 Above n 11, pp 3 and 8.

218 ibid.

219 ATO communication to the IGT, 24 November 2017.

220 AGD, Personnel security guidelines – Agency personnel security responsibilities (2015) pp 37–38.

221 ibid., p 37.

222 Department of Defence, ‘Security Officer’ <www.defence.gov.au>.

223 ATO communication to the IGT, 12 October 2017.

224 ATO, ‘ATO Office Minute’ (Internal ATO document, 17 August 2017).

225 Above n 223.

226 Above n 224.

227 Above n 223.

228 ibid.

229 ibid.; note that the name of this process was later changed to “Annual Security Clearance Check”.

230 Above n 11, p 3.

231 ATO communication to the IGT, 1 May 2018.

232 ibid.

233 Department of Defence, AGSVA Key Performance Indicators < www.defence.gov.au>.

234 NSW ICAC, Strengthening employment screening practices in the NSW public sector (February 2018) p 14.

235 Above n 212.

236 Above n 234, p 20.

237 Above n 182.

238 APSC, Managing Integrity Risks in the Workplace –A toolkit (2016) para [2.1.4].

239 KPMG, Fraud and Misconduct Survey Australia and New Zealand (2010) p 15.

240 Schedule 7 to the Crimes Legislation Amendment (Powers, Offences and Other Measures) Bill 2017.

241 Above n 234, p 26.

242 Taxation Administration Act 1953 (TAA 1953) sch 1 s 355-35 and Privacy Act 1988, APP 10.

243 Treasury, Review of Taxation Secrecy and Disclosure Provisions (2006).

244 See, for example, Graeme Webber, ‘ATO officer jailed’, The Age, 20 September 2003.

245 See also, AIC, ‘Fraud within the Commonwealth: A census of the most costly incidents’ (March 2017) AIC Statistical Bulletin where gambling is indicated as one of a number of primary motivations.

246 AIC, ‘Gambling-motivated fraud in Australia: who, why and how’, AIC Crime Reduction Matters, No. 72(19) (2008).

247 ATO, ‘SES Moves and Vacancy Discussion’ (Internal ATO document, 3 March 2017).

248 ibid.; ATO, ‘SES Band 1s (including those on CLP Program) to be considered for moves’ (Internal ATO document, undated).

249 ATO communication to the IGT, 26 October 2017.

250 Above n 11, p 7.

251 ATO, ‘High Risk Roles – Integrity risk susceptibility pilot’ (Internal ATO document, undated).

252 Australian Commission for Law Enforcement Integrity (ACLEI), Griffin, M, Integrity Leadership: Countering corruption impulses in difficult environments, Speech to the Australian Public Sector Anti-Corruption Conference (2015) p 2.

253 ACLEI, Resistance to corruption: A pilot review of the internal anti-corruption arrangements of the Australian Crime Commission and the Australian Federal Police (2009) p 2.

254 ACLEI, ‘Integrity framework checklist for law enforcement agencies’ <www.aclei.gov.au>.

255 The risk with long tenures is likely to heighten as senior roles within the ATO may become more specialised in the future, making them difficult to replace or rotate. For future trends, refer to the IGT’s current Review into the Future of the Tax Profession (2018).

256 Above n 84, p 38.

257 ATO, ‘Mandatory training in the ATO’ (Internal ATO document, 24 October 2017).

258 ATO, ‘Manager – Employee new to the ATO’ (Internal ATO document, undated) p 4.

259 Above 257.

260 ibid.

261 ATO, ‘Security, Privacy & Fraud Assessment questions – August 2017’ (Internal ATO document, August 2017) pp 2–3.

262 ATO, ‘SPF Managers Assessment questions – August 2017’ (Internal ATO document, August 2017) p 2.

263 ATO, ‘Security, Privacy and Fraud – Accessible version’ (Internal ATO document, June 2017).

264 ATO, ‘Publishing Checklist’ (Internal ATO document, undated).

265 ATO, ‘Security Awareness – Security Essentials’ (Internal ATO document, undated circa 2011); ATO, ‘Security, Privacy and Fraud’ (Internal ATO document, undated circa 2011).

266 Above n 261, pp 3–10; Above n 262, p 2.

267 Above n 261, p 1; Above n 262, p 1.

268 ATO communication to the IGT, 20 October 2017.

269 ATO, ‘Supporting mandatory Security, Privacy & Fraud training completion’ (Internal ATO document, undated).

270 ATO, ‘Non-completion of training’ (Internal ATO document, 22 August 2017) p 1.

271 Above n 101, p 2.

272 ATO, ‘ATO Executive Report Quarter 3, 2016–17’ (Internal ATO document, May 2017) p 47.

273 ibid., p 44.

274 ATO communication to the IGT, 20 February 2018.

275 For example, the FPII unit will conduct on-site awareness sessions in the Perth office as a result of increased counter workplace behaviours observed in the 2017 Organisational Behavioural Assessment; ATO, ‘Australian Taxation Office Organisational Behavioural Assessment – 2017’ (Internal ATO document, 2017) p 14.

276 ATO, ‘Fraud and corruption project engagement and advice’ (Internal ATO document, submitted to the Audit and Risk Committee (ARC), on 6 September 2017) p 3.

277 ATO communication to the IGT, 20 October 2017.

278 ibid.

279 ATO communication to the IGT, 1 December 2017.

280 ATO, ‘Fraud/Security Awareness, Privacy and Investigations External Training Programs’ (1 July 2015 to 30 September 2017)’ (Internal ATO document, undated); ATO, ‘Fraud/Security Awareness, Privacy and Investigations Conferences and Forums’ (1 July 2015 to 30 September 2017)’ (Internal ATO document, undated).

281 ATO, ‘Fraud Prevention & Internal Investigations Communication Strategy (2016–2017)’ (Internal ATO document, undated).

282 ATO, ‘FPII Communication Strategy (2016–2017)’ (Internal ATO document, undated).

283 ATO, ‘Security, Integrity and Fraud Awareness Week 2017 Schedule’ (Internal ATO document, undated).

284 Above n 10, p 7.

285 ATO, ‘Internal Investigations Analysis Breakdown of Reasons since 1 July 2015’ (Internal ATO document, undated).

286 ATO, ‘Induction checklist for managers with new employees’ (Internal ATO document, 12 February 2018).

287 Above n 272, p 47.

288 ATO communication to the IGT, 20 February 2018.

289 Above n 261.

290 ATO, ‘2016 ATO Fraud and Corruption Control Survey’ (Internal ATO document, 2016).

291 Queensland Crime and Misconduct Commission, ‘Improving misconduct in the QPS: the importance of ethical culture’ (2013) 11 Research and Issues.

292 Queensland Police, Taskforce Bletchley (2015) p 21.

293 Philip Moss Integrity Commissioner, ‘Matching measures to risks’ (Speech delivered at the Corruption Prevention Network (CPN) Seminar Hosted by the ATO, 12 June 2009) p 8.

294 Above n 292, p 161.

295 NSW ICAC, Identifying and managing conflicts of interest in the public sector (2012) p 2.

296 Above n 35, p 96.

297 Public Service Act 1999 s 13(7).

298 Above n 81; Public Service Act 1999 s 15.

299 ATO, ‘Chief Executive Instruction 2014/06/10 Conflict of Interest’ (Internal ATO document, 1 May 2017).

300 Above n 11.

301 Above n 299.

302 ibid.

303 ibid.

304 ATO, ‘Review of Integrity Measures’ (Internal ATO document, 8 June 2017).

305 Above n 11, p 5.

306 ibid., p 4.

307 ATO communication to the IGT, 2 November 2017.

308 Above n 81, para [5].

309 ibid., para [3].

310 ibid., para [5].

311 ATO, ‘Conflicts of Interest’ a guidance document accompanying ‘Conflicts of Interest – CEI 2014/06/10’ (Internal ATO document, 12 October 2017) p 1.

312 ibid., p 2.

313 ibid., pp 2–3.

314 ibid., p 4.

315 ibid., p 12.

316 ibid.

317 ibid.

318 ibid., p 3.

319 Above n 81.

320 Above n 311, p 11.

321 Note: ATO employees, amongst other APS staff, are legally obliged to exercise their power in relation to the employment of others without patronage or favouritism: Public Service Act s 19; Above n 81.

322 Australian Public Service Commissioner’s Directions 2016 s 21.

323 APSC, The Senior Executive Service: an HR practitioner’s guide to engagement, promotion, mobility and separation (2015) p 7.

324 Above n 322.

325 Above n 323, p 7.

326 Above n 311, p 7.

327 ATO, ‘Employee Certification’ (Internal ATO document, undated); ATO, ‘Obligations on Ceasing Tax Office Employment or Contract’ (Internal ATO document, undated).

328 Above n 311, p 7.

329 Department of Prime Minister and Cabinet, Lobbying Code of Conduct (2013) p 4, cl 7 <http://lobbyists.pmc.gov.au>.

330 Above n 311, p 9.

331 ibid., p 5.

332 Above n 311, p 13.

333 ATO, ‘Conflict of Interest Review – BSL Project Proposed Outline’ (Internal ATO document, 25 October 2017).

334 Above n 11, p 3.

335 ATO communication to the IGT, 19 December 2017.

336 ibid.

337 Above n 35, p 96.

338 Above n 238, p 18.

339 Above n 81, para [5].

340 Above n 220, para [9].

341 Isbester v Knox City Council [2015] HCA 20.

342 See also, APSC, APS Values and Code of Conduct in practice: A guide to official conduct for APS employees and agency heads (2015).

343 ATO communication to the IGT, 1 December 2017.

344 OECD, CleanGovBiz Integrity in practice Public sector integrity: Providing services efficiently, (2012) p 8.

345 United States 18 U.S.C § 207.

346 See above n 342.

347 Harvey Cashore, Kimberly Ivany and Katie Pedersen, ‘Senior federal tax enforcer joined KPMG as its offshore ‘sham’ was under CRA probe’, CBC news Canada, 12 April 2016.

348 Crimes Act 1914 s 70(2) (Unauthorised disclosure of information by current and former Commonwealth officers).

349 Above n 11.

350 See, Department of Finance, Commonwealth Procurement Rules (2018); ATO, ‘Chief Executive Instructions – Procurement (CEI 2014/03)’ (Internal ATO document, 1 July 2014).

351 ATO, ‘Audit Products – Discussion of case plan with senior tax officer and taxpayer’ (Internal ATO document, 7 September 2016).

352 ATO communication to the IGT, 3 November 2017.

353 Commonwealth, Senate Economics Legislation Committee, Proof Committee Hansard – Estimates, 30 May 2017, p 23 (Commissioner of Taxation).

354 ATO communication to the IGT, 20 November 2017.

355 ATO, ‘Chief Executive Instruction 2014/01/01 Records Management’ (Internal ATO document, 6 January 2014) p 1.

356 ATO, ‘Guidelines for effective notes in compliance’ (ATO Internal document, 2 August 2017).

357 ATO, ‘Siebel Notes’ (ATO Internal document, 13 September 2017) p 1.

358 Above n 356.

359 Above n 357, p 1. Note that the initial contact is recorded as a Siebel Activity.

360 Above n 356, p 4; Note that the initial contact is recorded as a Siebel Activity.

361 Above n 357, pp 1–2 and 5.

362 ATO communication to the IGT, 13 December 2017.

363 ATO communications to the IGT, 7 June 2018, 19 February 2018 and 24 May 2018.

364 See IGT, The management of tax disputes (2015) pp 27–29.

365 See, for example, ATO, ‘Independent review of the Statement of Audit Position for groups with a turnover greater than $250m’ (23 January 2017) <www.ato.gov.au>.

366 See APSC, Capability Review Australian Taxation Office (2013) p 21.

367 Above, n 364 p 80.

368 IGT, Review into the Australian Taxation Office’s use of early and alternative dispute resolution (2010) p 51.

369 ATO, ‘Code of settlement’ (18 August 2015) <www.ato.gov.au>.

370 ATO, ‘IAS Reports – ATO response’ (Internal ATO document, 6 June 2016) p 4.

371 Above n 14, para [3.32].

372 Above n 7, p 68.

373 Above n 14, para [3.35].

374 ibid., para [3.36].

375 Note: the ANAO audit found that the PGI business line provide ‘adequate assurance on the integrity of settlement decision-making’: above n 14, p 29.

376 Above n 14, paras [2.16] and [2.24]; ATO, ‘Practical Guide to the ATO Code of settlement’ (13 February 2017) example 5.2.

377 Above n 14.

378 HMRC, Litigation and Settlement Strategy (30 October 2017) p 39.

379 HMRC, HMRC Annual Report and Accounts 2016–17 (13 July 2017) p 106.

380 ibid.

381 IGT, Review into aspects of the Tax Office’s settlement of active compliance activities (October 2009).

382 Above n 368.

383 Above n 364.

384 Above n 14, pp 8 and 10.

385 IGT, Review into improving the self assessment system (2013) para [2.1].

386 ATO communication to the IGT, 20 November 2017.

387 ATO, ‘Private groups client experience ITAN & ITP (Transparency) Strategy 2017/18’ (Internal ATO document, 8 June 2017) p 1.

388 ibid.

389 ibid.

390 ATO, ‘ATO Office Minute’ (Internal ATO document, 20 September 2016); ATO, ‘TES certainty project an organisational view of the efficacy of certainty and assurance notifications’ (Internal ATO document, April 2017).

391 ATO, ‘TES Certainty Project An organisational view of the efficacy of certainty and assurance notifications’ (Internal ATO document, April 2017).

392 ATO, ‘Review standard – PGH’ (Internal ATO document, 3 January 2018); ATO, ‘Audit standard – PGH’ (Internal ATO document, 1 December 2016); ATO, ‘Review standard – PGI risk review’ (Internal ATO document, 4 January 2018); ATO, ‘Audit Complex’ (Internal ATO document, 4 January 2018).

393 ATO, ‘PG&I Tailored Compliance Engagement, version 1.1’ (Internal ATO document, April 2016).

394 ATO, ‘TCE Presentation Training Material’ (Internal ATO document, June 2016).

395 ATO communication to the IGT, 1 February 2018.

396 ATO, ‘TCE (Tailored Compliance Engagement)’ (Internal ATO document, 9 November 2017).

397 IGT, Report into the Australian Taxation Office’s large business risk review and audit policies, procedures and practices, recommendation 8.1 para [8.37] — the IGT made recommendation to increase certainty for large business taxpayers at the conclusion of risk reviews by ensuring the ATO had made a decision to proceed to audit promptly and commence the audit as soon as possible; IGT, Review into the Tax Office’s administration of public binding advice, recommendation 4 para [5.61]—the IGT made recommendation about the ATO’s interpretation of ‘general administrative practice’.

398 IGT, Review into the Australian Taxation Office’s use of early and alternative dispute resolution, recommendation 6.1 (para 6.49)—the IGT recommended the ATO pilot a separate ‘Appeals section’ from the ATO’s compliance functions; IGT, Review into the Australian Taxation Office’s use of benchmarking to target the cash economy, see IGT observation at para [3.122] regarding the use of pilots before issuing bulk correspondence.

399 IGT, Review into the Australian Taxation Office’s compliance approach to individual taxpayers – income tax refund integrity program, recommendation 5.1 para [5.23]—the IGT recommended the ATO use randomised controlled trials in correspondence design.

400 Above n 86.

401 ATO, ‘Organisational Behavioural Assessment (OBA) 2017 report findings’ (Internal ATO document, 2017).

402 ATO, ‘FPII Organisational Behavioural Assessment 2013, 11 July 2014 report submitted to the ARC’ (Internal ATO document, 11 July 2014).

403 Above n 401.

404 ATO, ‘Australian Taxation Office Organisational Behavioural Assessment Report on analysis of 2014 calendar year’ (Internal ATO document, July 2015) p 3.

405 ATO ‘Australian Taxation Office Organisational Behavioural Assessment – 2017 National Program Manager Information pack’ (Internal ATO document, 2017) see ‘Site based findings’ section.

406 ATO communication to the IGT, 15 November 2017.

407 The Pearson Product Moment Correlation model.

408 Above n 402.

409 ibid., p 9.

410 ATO ‘FPII Organisational Behavioural Assessment Inter-agency Workshop’ (Internal ATO document, December 2014).

411 Above n 405, see ‘Burnie’ as an example.

412 ibid., see ‘Chermside’ as an example.

413 Above n 404, p 8.

414 Above n 401, see ‘Parramatta’ as an example.

415 Above n 404.

416 ATO, ‘Australian Taxation Office Organisational Behavioural Assessment July 2016’ (Internal ATO document, July 2016) p 2.

417 ATO, ‘Australian Taxation Office Organisational Behavioural Assessment – 2017’ (Internal ATO document, 2017) p 2.

418 For example, ATO, ‘Minutes to the 28 August 2014 ATO ARC’ (Internal ATO document, 9 September 2014), ATO, ‘Minutes to the 29 August 2016 ATO ARC Meeting’ (Internal ATO document, undated).

419 ATO communication to the IGT, 15 November 2017.

420 For example, ATO, ‘Office Minute FPII to Acting Deputy Commissioner CAS Service Delivery’ (Internal ATO document, 30 July 2015).

421 See, for example, Site Report for Chermside in ATO, ‘Fraud Prevention and Internal Investigations Snapshot of Organisational Behavioural Assessment results, Chermside’ (Internal ATO document, undated).

422 See, ATO, ‘Organisational Behavioural Assessment Snapshot for Service Delivery Group’ (Internal ATO document, 2017).

423 See, for example, Office of Police Integrity Victoria, OPI Research Paper No. 1, Early Intervention Systems for Police Agencies (2007) p 2.

424 Association of Certified Fraud Examiners (ACFE), Report of the Nations on Occupational Fraud and Abuse 2016 Global Fraud Study (2016) p 68.

425 See, Cifas (UK Fraud Prevention Service), Staff fraud and dishonesty: Managing and mitigating the risks (2012) p 30.

426 For example, restricting access to information on a business needs basis and requiring officers to disclose conflicts of interest.

427 ACLEI, ‘Vulnerabilities Brief, Integrity Risk Case Study’ (March 2017) p 6 <www.aclei.gov.au>.

428 Commissioner of Taxation, Annual Report 2012–13 (2013) p 82.

429 See, ‘Behavioural connections – correlation analysis’ in above n 401.

430 United Kingdom Centre for the Protection of National Infrastructure, CPNI Insider Data Collection Study Report of Main Findings April 2013 (2013) p 14 <www.cpni.gov.uk>.

431 AGD, Protective security better practice guide: Identifying and managing people of security concern – integrating security, integrity, fraud control and human resources (2015) para [12].

432 See, Raytheon, Whitepaper – Best Practices for Mitigating and Investigating Insider Threats (2009).

433 See, ACLEI, Corruption and the changing opportunities for women in law enforcement (2017) p 38.

434 Above n 424, p 68.