BREACH REPORTING BE AWARE OF YOUR ADDITIONAL BREACH REPORTING OBLIGATIONS Overview From 1 July 2024, additional breach reporting obligations apply to all registered tax practitioners under the Tax Agent Services Act 2009 (TASA). These obligations require you to report 'significant breaches' of the Code of Professional Conduct (Code) in the TASA: = relating to your own conduct, and = by other registered tax practitioners. The reporting obligation is triggered if you have reasonable grounds to believe a breach of the Code has occurred on or after 1 July 2024, and the breach is significant. The breach reporting obligations apply to you in addition to the existing obligations under the TASA that require you to notify us if an event affecting your continued registration, and other changes in circumstances, occur. Significant breaches A 'significant breach of the Code' is a breach that satisfies one of the following tests: = is an indictable offence, or an offence involving dishonesty, under an Australian law = results in, or is likely to result in, material loss or damage to another entity (including the Commonwealth) = is otherwise significant, taking into account the: = number or frequency of similar breaches = impact of the breach on the ability to provide tax agent services, and = extent to which the breach indicates that arrangements to ensure compliance with the Code are inadequate, or = is prescribed by the Tax Agent Services Regulations 2022. Reasonable grounds = You must have 'reascnable grounds' to believe a significant breach has occurred. This means you must have a solid foundation or factual basis for your view. = The test is an objective one would a reasonable person in your position form the belief on the same grounds in the same circumstances? It requires you to make a professional judgment, based on the facts and circumstances. You do not need conclusive proof, however you do need to be able to support your claim and verify or corraborate it, as appropriate. If you are not certain a significant breach of the Code has occurred, but you have reasonable grounds for believing there has been, you must still report. We will assess the information provided to us in a breach report to ensure the reporting of another tax practitioner's conduct is not frivolous, vexatious or malicious. A belief that is solely based on hearsay or the opinion of others without being substantiated will not be based on reasonable grounds. Reporting a breach All significant breaches must be reported to us. If the breach is by another tax practitioner, it must also be reported to their recognised professional association (RPA). Breaches must be notified to us, and the applicable RPA (where relevant), in writing within 30 days of the day you first have, or ought o have, reasonable grounds to believe you, or another tax practitioner, has breached the Code and the breach is significant. Use our online forms to report breaches to us. Contact the relevant RPA to find out how to notify them and what information they require. if you do not meet your obligations Sanctions may be imposed if you fail to comply. You will: breach Code item 2 (requiring you to comply with the taxation laws in the conduct of your personal affairs); and commit an offence under the Taxation Administration Act 1953, which can carry serious criminal penalties. You may also cease to meet the fit and proper registration requirement. ) Further information For more information, refer to TPB(l) D53/2024 Breach reporting under the Tax Agent Services SUMMARY OF BREACH REPORTING OBLIGATIONS Does the registered tax practitioner have reasonable grounds to believe*... They have breached Another registered tax practitioner NO the Code? has breached the Code? YES Does the tax practitioner have reasonabie grounds to believe the breach No obligation s significant (breach satisfies one or more of the following tests)? to report Breach resuits, NO oris likely to resut, Breach 'otherwisa ndctable oferce i materal oss or Breach covered significant (taking Senety? damage to ancther by Regulaticns? into account Ehones) entity inclucing relevant factors)? Commonealth)? YES Tax practitioner must natify the breach within the earlier of 30 days of when they... First have reasonable First ought to have reasonable grounds for the belief grounds for the belief Tax Practitioner has an obligation to report the breach relating to... The conduct of another registered tax practitioner Their own conduct @ [ i Obligation reach to be reported to: Breach to be reported to the TPB. the TPB, and to report = RPA (i aware they are a member). * 'Reasonable grounds to believe' reqires a solid foundation or factual basis for the beief, supported by appropriate evidence. foXin NAT 7SE13.07.2004 CES8343 TPB Website Extract Breach reporting requirements have been strengthened to support the majority of tax practitioners in their voluntarily compliance with professional and ethical standards. By raising the professional and ethical standards of tax practitioners, breach reporting improves the provision of tax practitioner services, enhances consumer protection, and increases community confidence in the integrity of the system that regulates those services and the tax profession. As a registered tax practitioner, you must comply with your breach reporting requirements. This means you must notify us (and the relevant recognised professional association (RPA) if applicable) if you have reasonable grounds to believe that you or another tax practitioner has breached the Code of Professional Conduct (Code) and that breach is a "significant breach'. Significant breach A 'significant breach' of the Code is a breach that: constitutes an indictable offence, or an offence involving dishonesty, under an Australian law = results, or is likely to result, in material loss or damage to another entity (including the Commonwealth) is otherwise significant, including considering, any one or more of the following factors: o the number or frequency of similar breaches by the tax practitioner o the impact of the breach on the tax practitioner's ability to provide tax or BAS agent services o the extent to which the breach indicates that the tax practitioner's arrangements to ensure compliance with the Code are inadequate; or o is akind prescribed by the Tax Agent Services Regulations 2022 (TASR). Determining if a breach of the Code is a 'significant breach' will be decided on a case-by-case basis, having regard to the particular facts and circumstances. Reasonable grounds You must have reasonable grounds to believe a 'significant breach' has occurred. This means you must have a solid foundation or factual basis for your belief, supported by appropriate facts and evidence. Although you don't need to have conclusive proof, you do need to be able to appropriately substantiate your claim and verify or corroborate it as appropriate. If you are not certain if there has been a significant breach of the Code but have reasonable grounds for believing there has been, you must still notify us. It's important to know we may take action against you if a breach report is frivolous, vexatious or malicious. For example, if your claim involves a false or misleading statement, it may raise issues about your compliance with other requirements of the Tax Agent Services Act 2009 (TASA), including being a fit and proper person and the requirement to act with honesty and integrity. Notification period You must notify us (and the relevant RPA if applicable) about a 'significant breach' that occurred on or after 1 July 2024. All breach notifications must be reported within 30 days of the day you first have (or ought to have) reasonable grounds to believe there has been a 'significant' breach of the Code. How to notify us If you are: self-reporting because you have breached the Code, lodge a notify a change in circumstances form reporting another tax practitioner because they have breached the Code, lodge a complaints form. When reporting significant breaches of the Code to us, whether the breach relates to your own conduct, or the conduct of another tax practitioner, you should ensure the following information is included in your breach report: reasons why the Code item(s) were breached, including details of the conduct giving rise to the breach the test you are relying on to conclude the breach is 'significant', and the reasons why (if there is more than one test or reason all should be provided) the 'reasonable grounds' you are relying on to conclude there has been a significant breach, including details, of: o the facts and evidence relied on o any reasonable enquiries made, or independent evidence obtained, to support, verify or corroborate a breach (where relevant) o whether, and to what extent, you have sought professional advice, including legal advice, to support your report (where relevant) supporting documentation relevant to determining whether a breach is 'significant' or you have 'reasonable grounds' for your belief the date you considered you had 'reasonable grounds' to believe a significant breach had occurred. If the breach report has been lodged outside the 30-day notification period, the reasons for the delay details of any previously lodged breach reports, or decisions made not to report, that may be relevant, for example: o reports lodged by another tax practitioner entity about the same breach, or o decisions made not to report due to our compliance approach for breaches already reported, as discussed in the TPB(1) D53/2024 Breach reporting under the Tax Agent Services Act 2009. Where the breach report relates to the conduct of another tax practitioner, you should also provide the details of your relationship with the tax practitioner. If you are concerned about confidentiality, including your identity potentially being disclosed to the other tax practitioner, you should advise us. While some of the above information may be captured in the forms used to lodge the breach report, you should provide as much detail as possible about the breach. How to notify RPAs You need to notify a RPA when reporting another tax practitioner and you are aware of the other tax practitioner's membership. We expect registered tax practitioners to make reasonable enquiries to establish whether the other tax practitioner is a member of an RPA. As a starting point, you can view our list of RPAs and check our Register to see if another tax practitioner is a member of an RPA. While we encourage tax practitioners to review and update their details on the Register, it is not always up to date, so you should check the RPAs website to see if they provide a list of members and/or make direct enquiries with the RPA to confirm membership. To check if a professional association is accredited by us, you can check our list. Further, you should contact the relevant RPA to find out how to notify them of the breach and what information they require. Remaining anonymous When you notify us that you or another tax practitioner has breached the Code, you cannot remain anonymous. You can however, let us know if you have concerns around confidentiality, including in relation to your personal details, when you complete the form. Depending on your relationship with the other tax practitioner, you may be eligible for the extended tax whistleblower protections that commence from 1 July 2024. See Whistleblower legislation for more information in relation to whistleblower protections, including who is considered an 'eligible whistleblower'. What happens after you notify us of a breach? Once you have submitted your form, you will receive an acknowledgement email with a reference number. We may contact you for further information. How we investigate breach notifications -==~rts will lead to a formal investigation. However, all breach reports that we receive will provide us with valuable intelligence and Screenshot olicies, services, and compliance. The TPB take a risk-based approach when deciding whether to commence a formal investigation. In making this decision, we will consider several factors including: nature of the breach seriousness of the breach and level of risk involved number and frequency of breaches whether there is sufficient evidence to support the breach notification in the case of a breach notification about another tax practitioner, the circumstances surrounding the making of the notification and relationship between the parties compliance history of the registered tax practitioner whether the breach has been rectified or remedied, or any steps taken to address it nature and scale of the tax practitioner's business number of clients involved impact or harm to clients and the tax system more broadly whether the breach notification is otherwise frivolous, vexatious or malicious based on the information provided if a breach is reported outside the 30-day notification period, the reasons for any delay in reporting. Failing to comply A failure to comply with any of the breach reporting obligations from 1 July 2024 is a breach of the: Taxation Administration Act 1953, which may carry criminal sanctions Tax Agent Services Act 2009 (TASA) (Code item 2), which requires tax practitioners to comply with the taxation laws in the conduct of their personal affairs. A failure to comply may also impact on you meeting the fit and proper person requirements and other Code items. We recognise breach reporting obligations are new and our focus is first on consultation, education and awareness and improving voluntary compliance, supervisory and regulatory systems. However, we will be responsive to higher risk misconduct and regulatory breaches and will take action where warranted. In the case of a breach of the TASA, sanctions could include: * awritten caution an order requiring a specified action suspending registration terminating registration (imposing a ban on re-registration for up to 5 years). Further information * TPB(1) D53/2024 Breach reporting under the Tax Agent Services Act 2009 * Breach reporting.obligations I8 summary of obligations diagram *The guidance provided above is intended as information only, and is based on our draft policy contained in TPB(1).D53/2024 Breach reporting under the Tax Agent Services Act 2009, which is still being finalised following our recent public consultation. A final version of the TPB(I) will be published in due course