Tax Practitioners Board exposure draft

The Tax Practitioners Board (TPB) has released this draft Information Sheet (TPB(I) D53/2024) as an exposure draft. It has also released a summary document and high-level decision tree that should be read in conjunction with this draft Information Sheet. The TPB invites comments and submissions in relation to the information contained in this Information Sheet, Summary document and high-level decision tree within 28 days. The closing date for submissions is 27 May 2024. The TPB will then consider any submissions before settling its position, undertaking any further consultation required and finalising the TPB(I).

Written submissions should be made via email at tpbsubmissions@tpb.gov.au or by mail to:

Tax Practitioners Board 
GPO Box 1620 
SYDNEY NSW 2001

Disclaimer

This document is in draft form, and when finalised, will be intended as information only. It provides information regarding the TPB’s position on the application of subsection 30-40 of the Tax Agent Services Act 2009 (TASA), which applies from 1 July 2024. 

While this draft TPB(I) seeks to provide practical assistance and explanation, it does not exhaust, prescribe or limit the scope of the TPB’s powers in the TASA. In addition, please note that the principles, explanations and examples in this draft TPB(I) do not constitute legal advice and do not create additional rights or legal obligations beyond those that are contained in the TASA or which may exist at law.

Document history

This draft TPB(I) was issued on 29 April 2024 and is based on the TASA as at the date of issue.

Issued: 29 April 2024

Introduction 

1. This draft Information sheet (TPB(I)) has been prepared by the Tax Practitioners Board (TPB) to assist registered tax agents and BAS agents (collectively referred to as registered tax practitioners) understand the breach reporting obligations under sections 30-35 and 30-40 of the Tax Agent Services Act 2009 (TASA), which apply from 1 July 2024. 
2. These obligations broadly require registered tax practitioners to report:
   • ‘significant breaches’ of the Code of Professional Conduct (Code) in the TASA relating to their own conduct to the TPB; and
   • ‘significant breaches’ of the Code by other registered tax practitioners to the TPB and recognised professional association(s) (RPAs) of that tax practitioner.
3. The registered tax practitioner must have reasonable grounds for the belief that they, or the other tax practitioner, has breached the Code, and the breach is significant.
4. In this TPB(I), you will find information on:
   • the existing obligations under section 30-35 of the TASA to notify the TPB of a change in circumstances (paragraphs 14 to 23)
   • the additional obligations under sections 30-35 and 30-40 of the TASA to notify the TPB and RPAs of breaches of the Code (paragraphs 24 to 116), including the meaning of key terms and phrases
   • when you must notify the TPB and RPAs of breaches of the Code (paragraphs 117 to 148)
   • client confidentiality and legal professional privilege (paragraphs 149 to 152)
   • consequences for failing to comply with the breach reporting obligations (paragraphs 153 to 168)
   • TPB’s approach to investigating breach notifications (paragraphs 169 to 174)
   • case studies (paragraph 175). 

When the breach reporting obligations apply

5. The obligations in sections 30-35 and 30-40 of the TASA apply to a significant breach of the Code, where a registered tax practitioner has reasonable grounds to believe that the breach occurred on or after 1 July 2024.
6. The breach reporting obligations do not obviate or diminish the broader legal, ethical, contractual, and professional frameworks in which tax practitioners operate. For example:
   • the legal requirements under the TASA may be supplemented by professional standards required of members of a particular RPA
   • under common contractual terms of agreements with clients or professional indemnity insurers, tax practitioners are required to act in a timely and efficient manner to address risks and to mitigate losses. 

Who the breach reporting obligations apply to

7. The breach reporting regime applies only to registered tax practitioners in relation to their own conduct (in the case of self-reporting) or the conduct of another registered tax practitioner (in the case of breach reporting by another practitioner). It does not apply to any unregistered tax practitioners, including non TPB registered entities that a tax practitioner may employ, use or otherwise engage to provide tax agent services on their behalf.

Objective of breach reporting obligations

8. The breach reporting obligations were introduced through amendments made to the TASA by Treasury Laws Amendment (2023 Measures No. 1) Act 2023 as part of: 
   • broader reforms to implement recommendations arising from an independent review into the effectiveness of the TPB and the TASA; and
   • the Government’s response to the PricewaterhouseCoopers tax leaks matter.
9. The focus of the reporting regime is on identifying, managing and targeting non-compliance with the Code obligations by registered tax practitioners, with the objective of:
   • improving the conduct of tax practitioners in providing tax agent services 
   • enhancing the protection of clients; and
   • increasing community confidence in the integrity of the system that regulates those services and the tax industry. 
10. By introducing an obligation to report significant breaches of the Code, the regime also helps to mitigate the risk of non-compliance.
11. Consistent with the object of the TASA^[1] and other statutory disclosure regimes^[2], the expanded regime seeks to uphold and enhance professional and ethical standards across the registered tax practitioner sector. It also serves to provide the TPB as regulator, and RPAs, with timely intelligence and data to:
    • provide and shape support and services for tax practitioners
    • provide ongoing education to increase compliance
    • inform compliance action
    • identify, assess and target compliance and systemic risks.
12. The regime adopts a proactive approach to compliance and managing risk. The obligations will encourage registered tax practitioners, who are well positioned to understand their obligations under the Code, to self-assess on an ongoing basis and improve their voluntary compliance. 
13. By requiring the reporting of ‘significant’ breaches of the Code, it will also allow the TPB and RPAs to focus their compliance action, strategies, education, support and services on targeting higher risk issues impacting the tax profession.

Existing notification obligations - section 30-35

14. Section 30-35 of the TASA outlines what changes a registered tax practitioner must notify the TPB of in writing.
15. Notification must be given within 30 days of the day on which the registered tax practitioner becomes, or ought to have become, aware that the event outlined in section 30-35 of the TASA occurred.
16. These notification obligations apply where one or more of the events outlined in the table below occurs:

17. If a registered tax practitioner does not comply with these obligations, they will breach:
    • section 8C of the Taxation Administration Act 1953 (TAA), which may carry criminal sanctions; and 
    • subsection 30-10(2) of the TASA, which requires tax practitioners to comply with the taxation laws in the conduct of their personal affairs (Code Item 2).
18. It is also a factor that may be taken into consideration when determining whether a registered tax practitioner continues to meet the ‘fit and proper’ registration requirement.

Tax practitioner registration requirements

19. A tax practitioner registration requirement is defined in section 90-1 of the TASA as matters about which the TPB must, under Subdivision 20-A of the TASA, be satisfied before the Board is obliged to grant an application for registration under the TASA.
20. For an individual this includes:
    • being a fit and proper person
    • meeting the qualification and experience requirements
    • having professional indemnity insurance that meets the TPB's requirements, and
    • completing continuing professional education that meets the TPB's requirements (renewal only).
21. For a partnership this includes:
    • each individual partner or director of a company partner is fit and proper
    • a company partner is not under external administration and has not been convicted of a serious taxation offence or an offence involving fraud or dishonesty during the previous 5 years
    • meeting the sufficient number requirement to provide tax agent services to a competent standard, or to carry out supervisory arrangements, and
    • having professional indemnity insurance that meets the TPB's requirements.
22. For a company this includes:
    • each director of a company is fit and proper
    • the company is not under external administration and has not been convicted of a serious taxation offence or an offence involving fraud or dishonesty during the previous 5 years
    • meeting the sufficient number requirement to provide tax agent services to a competent standard, and to carry out supervisory arrangements, and
    • having professional indemnity insurance that meets the TPB's requirements.

Section 20-45 events

23. A section 20-45 of the TASA event includes being:
    • convicted of a serious taxation offence
    • convicted of an offence involving fraud or dishonesty
    • penalised for being a promoter of a tax exploitation scheme
    • penalised for implementing a scheme that has been promoted on the basis of conformity with a product ruling in a way that is materially different from that described in the product ruling
    • an undischarged bankrupt or going into external administration
    • sentenced to a term of imprisonment. 
       

Additional breach reporting obligations

24. From 1 July 2024, registered tax practitioners have additional breach reporting obligations.
25. In summary, these obligations require registered tax practitioners to notify the:
    • TPB if they have reasonable grounds to believe that they have breached the Code and that breach is significant (breach self-reporting)
    • TPB and the relevant RPA if they have reasonable grounds to believe that another registered tax practitioner has breached the Code and that breach is significant (breach reporting of another tax practitioner).
26. If a tax practitioner fails to comply with the additional breach reporting obligations, they will breach section 8C of the TAA and subsection 30-10(2) of the TASA (Code Item 2). It is also a factor that may be taken into consideration when determining whether they continue to meet the 'fit and proper' registration requirement (refer to paragraphs 153 to 168 of this draft Information Sheet). If there is a breach of the TASA, there may be consequences for that breach - refer to paragraphs 161 to 168 of this draft Information Sheet for more information).

Breach self-reporting

27. Section 30-35 of the TASA requires that a registered tax practitioner must notify the TPB in writing if the tax practitioner has reasonable grounds to believe that they have breached the Code and that the breach is a significant breach (section 30-35(4) of the TASA).
28. Notification must be given within 30 days of the day on which the registered tax practitioner first has, or ought to have, reasonable grounds to believe that they have breached the Code and that the breach is a significant breach. 

Breach reporting of another tax practitioner

29. Subsection 30-40(1) of the TASA requires that a registered tax practitioner must notify the TPB in writing if the tax practitioner has reasonable grounds to believe that another registered tax practitioner has breached the Code and that the breach is a significant breach.
30. Further, under subsection 30-40(2) of the TASA, if a registered tax practitioner (the first tax practitioner) has reasonable grounds to believe that another registered tax practitioner (the second tax practitioner) has breached the Code and that the breach is significant, and the first tax practitioner is aware that the second tax practitioner is a member of a RPA,^[3] the first tax practitioner must also notify that RPA.
31. Notification of the section 30-40 obligations must be given within 30 days of the day on which the registered tax practitioner first has, or ought to have, reasonable grounds to believe that the other tax practitioner has breached the Code and that breach is significant breach.  

What does 'significant breach' mean?

32. Subsection 90-1(1) of the TASA defines a ‘significant breach of the Code’ as a breach that:
    1. constitutes an an indictable offence, or an offence involving dishonesty, under an Australian law 
    2. results, or is likely to result, in material loss or damage to another entity (including the Commonwealth) 
    3. is otherwise significant, including taking into account any one or more of the following:
       • the number or frequency of similar breaches by the tax practitioner
       • the impact of the breach on the tax practitioner’s ability to provide tax agent services
       • the extent to which the breach indicates that the tax practitioner’s arrangements to ensure compliance with the Code are inadequate; or
    4. is a breach of a kind prescribed by the Tax Agent Services Regulations 2022 (TASR).
33. Determining if a breach of the Code is a ‘significant breach of the Code’ must be decided on a case-by-case basis, having regard to the particular facts and circumstances. 
34. The breach reporting obligations do not make a distinction between ‘actual’ or ‘alleged’ breaches. However, as explained below, registered tax practitioners must have reasonable grounds to believe there has been a significant breach. This means they must have a solid foundation or basis for their belief, supported by appropriate facts and evidence. They do not need to have conclusive proof but they need to be able to appropriately substantiate their claim.

What is an ‘indictable offence, or an offence involving dishonesty, under an Australian law’?

35. Whether a breach of the Code constitutes a ‘significant breach’ within the meaning of paragraph 90-1(1)(a) of the TASA will ultimately depend on the nature and type of the breach and the relevant Criminal law (Commonwealth, State or Territory). 
36. It involves a consideration of whether the breach constitutes an ‘indictable offence’ or an ‘offence involving dishonesty’ under an ‘Australian law’, having regard to the:
    • meaning given to ‘indictable offence’ in the relevant jurisdiction; and
    • nature of the conduct involved and whether it involves ‘dishonesty’.
37. For the purposes of the TASA, ‘Australian law’ means a ‘Commonwealth law’ (law of the Commonwealth), ‘State law’ (law of a State) or a ‘Territory law’ (law of a Territory)^[4]. An offence under an Australian law may be against a statutory provision or common law.
38. In some circumstances, the offence under an Australian law may be both an ‘indictable offence’ and ‘offence involving dishonesty’. However, for paragraph 90-1(1) of the TASA to apply, the breach only needs to satisfy one of these requirements.
39. Offences covered under paragraph 90-1(1)(a) of the TASA may include, but are not limited to, those involving fraud (including social security and tax fraud), theft/stealing, money laundering, bribery and corruption, embezzlement, dealing with proceeds of crime, dishonest use of position, knowingly making false or misleading statements, cyber-crimes and unlawfully obtaining or disclosing information.^[5]

Indictable offences

40. 'Indictable offence' is not defined in the TASA or TASR. As such, the term is given the meaning provided by the relevant criminal law of the Commonwealth, State or Territory law that applies to the offence. Whether an offence is an ‘indictable offence’ will therefore vary according to the jurisdiction.
41. For example, in the case of an offence under Commonwealth law, an ‘indictable offence’ is an offence against a law of the Commonwealth punishable by imprisonment for a period exceeding 12 months, unless the contrary intention appears.^[6] In Queensland, ‘indictable offences’ mean ‘crimes’ and ‘misdemeanours’ as provided for under the relevant statutory Code,^[7] and in New South Wales, they mean offences that can be prosecuted on indictment.^[8]
42. Generally speaking, indictable offences are the more serious criminal offences heard in a higher court, such as the District or Supreme Court, and may require a trial by judge and jury.

Offences involving dishonesty

43. The term ‘dishonesty’ is similarly not defined in the TASA and TASR. The phrase is therefore given its ordinary meaning, having regard to the context and purpose of the provision in which it appears.
44. The Macquarie Dictionary^[9] defines ‘dishonesty’ (noun) as meaning:
    1.    lack of honesty, a disposition to lie, cheat, or steal
    2.    a dishonest act as a fraud or theft.
45. Similarly, it explains the term ‘dishonest’ (adjective) in the following way:
    1.    not honest, disposed to lie, cheat or steal: a dishonest person
    2.    proceeding from or exhibiting lack of honesty; fraudulent.
46. The term ‘dishonest’ has been given a specific meaning in some statutory contexts, derived from common law principles.^[10] For example, the Criminal Code Act 1995 (Cth)^[11] defines ‘dishonest’ as meaning dishonest according to the standards of ordinary people and known by the defendant to be dishonest according to those standards.^[12] Similar definitions are contained in criminal law legislation in State and Territory jurisdictions.^[13]
47. Consistent with this approach, the TPB considers that the meaning and scope of the term ‘dishonest’ for the purposes of paragraph 90-1(1)(a) is determined by reference to its ordinary meaning and community standards, subject to any express definition that applies in the criminal law relevant to the offence. 
48. This position also aligns with the interpretation of the words ‘offence involving fraud or dishonesty’ as used in paragraph 20-45(b) of the TASA for the purposes of the ‘fit and proper’ registration requirement in section 20-15 of the TASA.^[14]
49. For a breach of the Code to be an offence ‘involving’ dishonesty, the TPB considers that the conduct giving rise to the offence must include an element of ‘dishonest’ conduct.^[15]

Determining whether a breach is covered

50. It is not the case that a breach of a particular Code item will automatically constitute an ‘indictable offence’ or an ‘offence involving dishonesty’. It will ultimately depend on the facts and circumstances of the case. For example, whilst Code item 1 requires a registered tax practitioner to act with ‘honesty’ and integrity, and it is reasonable to expect that non-compliance with this Code item may involve an element of dishonest conduct, the breach still needs to amount to an ‘indictable offence’ or ‘offence involving dishonesty’ within the meaning of paragraph 90-1(1)(a).
51. Registered tax practitioners must have reasonable grounds for their belief that a breach of the Code is an ‘indictable offence’ or an ‘offence involving dishonesty’, having regard to the criminal law that applies to the offence under the Commonwealth, State or Territory law. 
52. The TPB appreciates that determining whether an offence is covered by paragraph 90-1(1)(a) involves legal concepts and laws that tax practitioners may not have expertise in. 
53. Whilst tax practitioners are not expected to have conclusive evidence that a breach has occurred, they may wish to seek legal advice in forming a view on the matter. It is up to the tax practitioner to exercise professional judgement as to whether legal advice is sought. 
54. Even if a registered tax practitioner is unsure whether a breach of the Code constitutes an ‘indictable offence’ or an ‘offence involving dishonesty’, they must still report it if it is considered ‘otherwise significant’ for the purposes of paragraph 90-1(1)(c).
55. The obligation for a tax practitioner to self-report to the TPB if they are convicted of an offence involving fraud or dishonesty already exists under the TASA.^[16] However, the obligation under the additional breach reporting regime is broader as there is no requirement that the registered tax practitioner has been 'convicted' of the offence.^[17]

When will a breach result, or be likely to result, in material loss or damage to another entity (including the Commonwealth)?

56. Whether a breach of the Code by a registered tax practitioner constitutes a ‘significant breach’ within the meaning of paragraph 90-1(1)(b) of the TASA will ultimately depend on the facts and circumstances. 
57. With the exception of ‘entity’ and ‘Commonwealth’, the terms used in paragraph 90-1(1)(b) are not defined in the TASA or TASR and are therefore given their ordinary meaning, having regard to their statutory context. 

Loss or damage

58. The Macquarie Dictionary^[18] relevantly defines the terms ‘loss’ and ‘damage’ as follows:
    • Loss (Noun)
          1. detriment or disadvantage from failure to keep, have, or get…
          2. that which is lost
          3. amount or number lost
          4. being deprived of or coming to be without something that one has had…^[19] 
    • Damage (Noun)
      1. injury or harm that impairs value or usefulness…
      2. (plural) law: the estimated money equivalent for detriment or injury sustained
      3. colloquial cost; expense…^[20]
59. Given the broad meaning attributed to these terms, and in the absence of any limitation or qualification (express or implied), the TPB considers that ‘loss or damage’ for the purposes of paragraph 90-1(1)(b) captures any detriment, disadvantage, injury, harm or cost to another entity resulting, or likely to result, from the breach, provided it is considered ‘material’. It covers both financial and non-financial ‘loss or damage’. 
60. For example, it may include a financial loss to a client resulting from fraudulent or dishonest conduct or a failure to provide competent services or take reasonable care in applying the taxation laws. It may also include damage caused to the reputation of a client or the Commonwealth, a loss of privacy, breach of confidential information, or unauthorised disclosure of a client’s identity, and loss or damage in the form of adverse impacts on the health and wellbeing of clients as the result of a tax practitioner’s conduct.

When loss or damage is 'material'

61. The TASA and TASR do not explain, or offer any insight into, when loss or damage will be 'material'. The Macquarie Dictionary^[21] relevantly defines 'material' in the following way:
    • adjective: of substantial import or much consequence
    • phrase: material to, pertinent or essential to.
62. Whether loss or damage to the other entity is ‘material’ will ultimately depend on the facts and circumstances. The TPB acknowledges that the concept of ‘materiality’ has a subjective element in the sense that the degree of significance or importance attaching to the loss or damage, and the impact or consequence it has for the other entity, is specific to that other entity. The same loss or damage may be viewed as material by one entity but not another. 
63. Because the loss or damage is to another entity, a registered tax practitioner may also not be aware of, or in a position to appreciate, the exact nature and scope of the loss or damage, including how and to what extent it has impacted the other entity.
64. In light of this, the TPB considers that loss or damage will be ‘material’ if a reasonable person, having the knowledge, skill and experience of a registered tax practitioner, would expect it to be of substantial import, effect or consequence to the other entity. This requires the tax practitioner to exercise their professional judgement, taking into account the individual circumstances, including the information known to them about the breach.

Result or be likely to result

65. The Macquarie Dictionary defines the terms ‘result’ and ‘likely’ as follows:
    • Result (Noun)
          1. that which results the outcome, consequence or effect…
          3. to spring, arise, or proceed as a consequence from actions, circumstances, premises etc; be the outcome…
          4. to terminate or end in a specified manner or thing.
    • Likely (adjective)
      1. probably or apparently going or destined (to do, be, etc): likely to happen
      2. seeming like truth, fact or certainty, or reasonably believed or expected; probably: a likely story.^[22]  
66. Having regard to the ordinary meaning of these terms, the TPB considers that a breach will ‘result’ in material loss or damage to another entity, if there is a sufficient connection or relationship between the breach and the loss or damage, such that it can be said that the loss or damage is a consequence, outcome or effect of the breach. The registered tax practitioner must believe on reasonable grounds, based on the information known or available to them, that the loss or damage arose, or proceeded as a consequence of, the breach.
67. For a breach to be ‘likely’ to result in material loss or damage, the loss or damage needs to be a probable consequence, outcome, or effect of the breach, not just a mere possibility. Consistent with the interpretation given to the term in other statutory contexts, including the criminal law jurisdiction, the TPB considers that ‘likely’ refers to a substantial – a ‘real and not remote – chance’, or a ‘real chance or possibility’, that the loss or damage will result.^[23]
68. Applying this standard, if a reasonable person, having the knowledge, skill and experience of a registered tax practitioner, would expect the loss or damage to result from the breach in the sense of it being a real and not remote possibility, this will be sufficient. It is not necessary to determine the question with any certainty. Whether the loss or damage is considered a ‘likely’ result is ultimately a professional judgment to be made by the tax practitioner, having regard to the circumstances. 
69. Given the broad scope afforded by the wording in paragraph 90-1(1)(b), the loss or damage that results, or is likely to result, from a breach covers not only direct consequences, outcomes, or effects of the breach, but potentially indirect ones. For example, if a registered tax practitioner breaches Code item 6 by unlawfully disclosing client information to a third party, and the client suffers from identity theft in the future because of that breach, the breach will be significant as it has resulted in indirect loss or damage to the client.

Other entity (including the Commonwealth)

70. Finally, the material loss or damage that results, or is likely to result, from the breach must be to another ‘entity’, including the ‘Commonwealth’. The term ‘entity’ is broadly defined for the purposes of the taxation law, including the TASA, as including an individual, body corporate, partnership, unincorporated association, trust, superannuation fund and approved deposit fund.^[24] In this context, ‘Commonwealth’ refers to the ‘Commonwealth of Australia’.^[25]
71. In many cases the relevant ‘entity’ will be a client of the registered tax practitioner. However, it could potentially include an entity a tax practitioner is the supervising agent for, a related entity of a client, or an entity that is a party to an arrangement or transaction with a client.
72. Loss or damage to the Commonwealth could potentially include reputational damage or prejudice to an investigation.

When will a breach be ‘otherwise significant?’ 

73. Registered tax practitioners are not required to report all other breaches of the Code, only those that are considered ‘otherwise significant’ within the meaning of paragraph 90-1(1)(c).
74. Whether a breach of the Code is 'otherwise significant' is ultimately a question of fact to be decided on a case-by-case basis, having regard to the circumstances. It is not the case that a breach of a particular Code item will always be ‘otherwise significant’. 
75. The term ‘significant’ is not defined in the TASA or TASR, and therefore takes its ordinary meaning, having regard to the statutory context in which it appears. The Macquarie Dictionary^[26] relevantly defines ‘significant’ (adjective) as meaning ‘Important; of consequence’.^[27] 
76. The use of ‘otherwise’ makes it clear that for a breach to be a ‘significant breach’ within the meaning of paragraph 90-1(1)(c), it is not one ordinarily covered by paragraphs 90-1(1)(a) and (b). That is, it is not an indictable offence, or an offence involving dishonesty under an Australian law and has not resulted, and is not likely to result, in material loss or damage to another entity.
77. When considered in the context of the TASA and its legislative intent, the TPB considers a breach of the Code to be ‘otherwise significant’ if the practitioner considers it is still sufficiently important, serious or material for it to be reported, taking into account the particular circumstances, notwithstanding the fact it is not covered by paragraphs 90-1(1)(a) and (b). 
78. This will be the case if the breach (or potential breach) reflects, or is capable of reflecting, on a tax practitioner’s fitness and proprietary for registration, and their conduct more broadly as a registered tax practitioner in providing tax agent and BAS services to a competent standard. 
79. Adopting this view is consistent with:
    • the broader policy intent of the TASA to ensure that services of registered tax practitioners ‘are provided to the public in accordance with appropriate standards of professional and ethical conduct’^[28]; and 
    • the fit and proper test for registration eligibility, which looks at whether an individual is of ‘good fame, integrity and conduct’.^[29]  
80. It also aligns with the above-mentioned objectives of statutory disclosure regimes in the regulatory context more generally. Focussing on the more important, serious or material breaches will allow the TPB and RPAs to focus their compliance action, strategies, education, support and services on targeting higher risk issues impacting the tax professional industry.

Factors to consider

81. Determining whether a breach is ‘otherwise significant’ requires a registered tax practitioner to make a judgment based on a holistic assessment of the circumstances and the information known to them at a point in time. Although a tax practitioner is not expected to conclusively determine the issue, they still need to have ‘reasonable grounds’ for their belief.
82. In making this determination, registered tax practitioners should take account of one or more of the following factors specifically referred to in the TASA^[30]:
    • The number and frequency of similar breaches of the Code.
      • The greater the number or frequency of similar breaches, the more likely it may be that the breach is significant. Repeated breaches of the Code reflect on a tax practitioner’s fitness for registration. They may also indicate an increased risk of further non-compliance with the TASA, an underlying systemic issue, or inadequate compliance arrangements to mitigate risk. Even if a breach, when considered by itself, is minor in nature, it may still be ‘significant’ when considered against the background of other similar breaches. These similar breaches may be:
        • known to the registered tax practitioner to have occurred in the past
        • result from the same act by a registered tax practitioner (for example, where the same transaction is performed for several entities), or
        • also being considered when deciding whether a breach is ‘significant’ and should be reported.
      • Whilst the number and frequency of similar breaches is a relevant factor, we recognise it may not always be indicative that a breach is significant. One single breach may be 'otherwise significant' when considered in isolation and independent of any similar breaches.
    • The impact of the breach on the tax practitioner’s ability to provide tax agent or BAS services.
      • If a registered tax practitioner considers the breach will or may negatively impact their, or another tax practitioner’s, ability or capacity to provide the tax agent or BAS services covered by their registration, this may indicate that the breach is ‘significant’. For example, a breach of particular Code items may indicate a broader underlying issue that may continue to impact a tax practitioner’s ability to provide those services, or potential for other (including similar) breaches of the Code. 
    • The extent to which the breach indicates that the tax practitioner’s arrangements to ensure compliance with the Code are inadequate.
      • If the nature of the breach itself, or the circumstances surrounding the breach, indicates that there are broader systematic issues with the arrangements that a tax practitioner has in place to ensure compliance with the Code, it is more likely that the breach will be ‘significant’. For example, if the breach is of particular Code items, this may increase the likelihood of the breach being viewed as significant if the nature of such breaches is suggestive of broader inadequacies. 
      • If a breach is isolated or minor, whilst this in itself is not determinative, it may suggest the breach is not significant. Factors such as the length of time it took to identify the breach and the extent to which the arrangements helped to identify and mitigate the breach, and prompt remedial action, will be relevant considerations when determining whether the breach is indicative of inadequate compliance arrangements.
83. A breach may be ‘significant’ if only one, or a combination, of the above factors apply.
84. However, when deciding whether a breach is ‘otherwise significant’, registered tax practitioners are not limited to these factors. They can take into account any factor they consider relevant. Other considerations may include the:
    • nature and scale of the tax practitioner's business
    • number of clients involved
    • complexity of the arrangements
    • loss or potential financial or non-financial loss to clients
    • vulnerability of affected clients, and
    • impacts and harm on the tax system more broadly.
85. All registered tax practitioners should be aware of the standards of professional and ethical conduct expected of them under the TASA, including the Code.
86. As such, they should be well-positioned to make an assessment about whether a breach is ‘otherwise significant’ in relation to their own conduct, given their compliance history, the compliance arrangements they have in place, and the facts and circumstances surrounding the breach are readily known to them. 
87. The TPB recognises that establishing whether a breach is ‘significant’ in relation to the conduct of another registered tax practitioner may be more difficult, as the practitioner is not necessarily privy to the same information about the breach (or potential breach). However, provided there are ‘reasonable grounds’ to conclude that the breach is ‘significant’, and they can substantiate their reasoning, this will be sufficient. 
88. For example, a registered tax practitioner may be operating in a small firm and have knowledge or reasonable grounds to make that conclusion about the professional conduct of their partner. In another circumstance, a registered tax practitioner may be apprised of another tax practitioner’s misconduct by virtue of a review or report, including via an audit, an internal review, or a ‘due diligence’ analysis associated with the purchase or sale of a business.
89. In balancing their understanding of the facts and in exercising professional judgement, tax practitioners considering significant breach reporting obligations must have regard to the TASA policy objectives. TPB guidance may be supplemented by advice from other professionals and RPAs. In finely balanced circumstances, tax practitioners are always encouraged to engage with the TPB in a timely, cooperative and transparent manner.
90. If a registered tax practitioner is undecided whether a breach is ‘otherwise significant’ but they have reasonable grounds for suspecting it may be, they should also report it.
91. Even if a breach is not considered ‘otherwise significant’, registered tax practitioners are still expected to take steps to address or remedy the breach if it relates to their own conduct.

Interaction with above tests for determining 'significant breaches'

92. It is generally expected that a registered tax practitioner will consider whether a breach is covered under paragraphs (a), (b) and (d) of the definition of ‘significant breach’ in subsection 90-1(1) in the first instance, before considering whether it is ‘otherwise significant’. However, if they are unsure, they can still report the breach under this paragraph if they have reasonable grounds for suspecting it may be.
93. If a breach is covered (or potentially covered) by more than one paragraph of the definition, a tax practitioner only needs to report the breach to the TPB and the applicable RPA (where relevant) once. However, they should advise the TPB and the RPA of all reasons why they have reasonable grounds for believing that the breach is ‘significant’.

When is a breach prescribed by the TASR?

94. The TASR can prescribe certain breaches as being ‘significant’ for the purposes of the breach reporting obligations for registered tax practitioners.
95. Currently there are no breaches prescribed in the TASR as being ‘significant breaches’. The TPB will update this guidance if any breaches are prescribed in the future.

What does 'reasonable grounds to believe' mean?

96. For the breach reporting obligations to apply, a registered tax practitioner must have ‘reasonable grounds to believe’ that they or another registered tax practitioner has breached the Code and that the breach is a significant breach.
97. The phrase ‘reasonable grounds to believe’ is not defined, or otherwise explained, in the TASA. As a result, it is given its ordinary meaning, having regard to the purpose of the provision and its statutory context.
98. As discussed below, what constitutes ‘reasonable grounds to believe’ in any given scenario will ultimately depend on the facts and circumstances and must be considered on a case-by-case basis. 
99. The Macquarie Dictionary^[31]relevantly defines the key terms used in the phrase as follows:
    • Reasonable
      1. endowed with reason
      2. agreeable to reason or sound judgment
      3. not exceeding the limit prescribed by reason; not excessive: reasonable terms.
    • Ground/s
      …
      5. (often plural) the foundation or basis on which a theory or action rests; motive; reason: grounds for a statement.
    • Believe
      1. to have belief in
      2. to think
      3. to credit; accept as true.
100. Having regard to the ordinary meaning of these terms, it is clear that the phrase ‘reasonable grounds to believe’ requires the registered tax practitioner to have a sound foundation or basis in the circumstances on which to credit or form their belief that they, or another tax practitioner, has breached the Code and that breach is ‘significant’.
101. Further, it is established in case law that when legislation uses the term ‘reasonable grounds’ to describe a basis for a state of mind, for example, in forming a belief about a matter, there needs to be an existence of facts which are sufficient to induce that state of mind in a reasonable person.^[32] Whether a person has reasonable grounds for a belief is an objective test and it is irrelevant whether the person subjectively believes they have reasonable grounds. A ‘reasonable belief’ is a term that has been used in some criminal jurisdictions and is generally considered to infer a higher threshold than a ‘reasonable suspicion’.^[33] 
102. For a registered tax practitioner to have ‘reasonable grounds to believe’ that they, or another tax practitioner, have breached the Code and the breach is significant, the foundation or basis for the belief does not need to be established to a high evidentiary standard. This means there does not have to be conclusive proof. It is sufficient if a reasonable person, possessing the required knowledge, skill and experience of a registered tax practitioner would, when objectively considered, form the belief on the same grounds in the same circumstances.
103. Whether a registered tax practitioner has ‘reasonable grounds to believe’ that they, or another registered tax practitioner, have breached the Code and the breach is significant, involves looking at whether:
     • a reasonable person in considering the tax practitioner’s conduct, would consider that the conduct has breached the Code;^[34] and

     • in those situations where a reasonable person does believe the conduct has breached the Code, that person would also believe the breach is ‘significant’, having regard to the definition in subsection 90-1(1) of the TASA (refer to paragraph 32 of this Information Sheet). 

104. Generally, the TPB would expect registered tax practitioners to be aware of the facts and circumstances surrounding a breach of the Code by their own conduct and be well-placed to make an assessment about whether notification to the TPB is warranted. Even though the registered tax practitioner is required to make a decision in the context of their own conduct, they still need to consider the question objectively and address bias.
105. Whether a registered tax practitioner has ‘reasonable grounds to believe’ that another tax practitioner has breached the Code, and the breach is significant, may be more difficult to establish, given they may not be privy to the same facts and information.
106. Making such a determination will depend on an analysis of the surrounding circumstances and consideration of a number of factors, including but not limited to:
     • the source of the information forming the basis of the belief and the credibility and reliability of that source/information
     • whether there is independent evidence, verification or corroboration of the breach, including the conduct giving rise to the breach 
     • the circumstances in which the tax practitioner became aware of the breach, including the nature of the relationship between the registered tax practitioners
     • the proximity of the registered tax practitioner to the conduct of the other practitioner who has purportedly breached the Code (for example, through business dealings, mutual clients or working relationships)
     • whether, and to what extent, the tax practitioner made reasonable enquiries or sought advice to ascertain whether a breach of the Code occurred
     • whether there are any alternative reasonable explanations that could counter the allegation that a significant breach has occurred.
107. Evidence, verification, or corroboration of the breach may be obtained, for example, through first-hand experience or observation, publicly available information from the TPB and/or other regulators, client information or complaints, or professional advice obtained in relation to the breach.
108. If a registered tax practitioner has based the belief on hearsay, gossip or the opinion of third parties and has not made further enquiries or obtained independent verification or advice to substantiate the belief, this will not be sufficient for them to have ‘reasonable grounds’ for that belief. Conversely, if a registered tax practitioner has founded their belief on first-hand experience and/or observation of conduct over time, such that they have a sound factual basis on which to credit their view, and they can corroborate it with evidence as relevant, this will more readily support a finding that reasonable grounds for the belief exist.
109. The TPB appreciates that the nature of the relationship between the parties may, in some cases, make notifying the breach difficult or sensitive (for example, if they are a colleague or associate). It may also have a bearing on the credibility of the notification made and increase the potential for frivolous, vexatious or malicious claims (for example, where one registered tax practitioner is in direct competition to another). 
110. However, consistent with the object of the TASA and the breach reporting obligations, it is important that registered tax practitioners make an objective assessment of the need to report and ensure there are reasonable grounds to support the claim.
111. The TPB will assess the information provided and make further enquiries (as appropriate) to ensure the reporting of a significant breach relating to another tax practitioner’s conduct is reasonable and is not frivolous, vexatious or malicious. 
112. The TPB may take action against the notifying tax practitioner if the TPB considers that a breach report is frivolous, vexatious or malicious, for example, if the claim involves the making of a false or misleading statement. Such situations may raise issues about the notifying tax practitioner’s compliance with other requirements of the TASA, including:
     • the fit and proper person requirement, which tax practitioners must meet to maintain their registration, and
     • other Code items, including the requirement to act with honesty and integrity (Code Item 2), which may lead to the imposition of administrative sanctions. For further information, refer to paragraphs 161 to 168 of this draft information sheet.
113. There is no set formula for determining whether there are reasonable grounds to believe that a registered tax practitioner has breached the Code. Whether a breach has occurred is determined objectively, taking into account the facts and circumstances of the case.
114. If there are sufficient facts and information to conclude, when objectively considered, that there are reasonable grounds to believe that a breach of the Code has occurred, the registered tax practitioner must notify the TPB (and if the breach relates to the conduct of another tax practitioner, their RPA as required). As discussed above, this does not require facts or evidence amounting to proof of a breach. It is sufficient that a reasonable person in the position of the tax practitioner would report the breach in the same circumstances.
115. Similarly, there is no set formula for determining whether the breach is significant, although there is guidance provided in subsection 90-1(1) of the TASA. Whether a particular breach of the Code is significant is determined objectively, taking into account the facts and circumstances of the case, including consideration of the factors set out in paragraphs 81 to 84 above (as appropriate). 

116. Whilst registered tax practitioners may wish to seek professional advice when determining whether they have reasonable grounds for believing that they, or another tax practitioner, have breached the Code and the breach is a ‘significant breach’, this is not essential. Whether this is appropriate may also depend on the nature of the breach involved.

Notification of significant breaches

Timeframe for notifying breaches

117. 'Significant breaches' of the Code must be notified to the TPB, and applicable RPA (where relevant), within 30 days of the day on which the registered tax practitioner first has, or ought to have, reasonable grounds to believe that they have breached the Code and that breach is significant, or that another registered tax practitioner has breached the Code, and that breach is significant.

What does 'first have, or ought to have' mean?

118. The phrase 'first have, or ought to have' has two elements that need to be considered:
     • The term 'have' looks at the point in time when the registered tax practitioner actually forms the view that there are reasonable grounds for believing that a significant breach has occurred. That is, when they first have a sound foundation and basis for the belief.
     • The phrase ‘ought to have’ looks at the point in time when the tax practitioner is objectively taken to have reasonable grounds for believing that a significant breach has occurred. The test is an objective one, which considers when a reasonable person in the same position as the registered tax practitioner with knowledge of the same facts and circumstances, and having made reasonable enquiries, is likely to have reasonable grounds for the belief.^[35]
119. Determining when a registered tax practitioner first ‘ought to have’ reasonable grounds for the belief that a significant breach of the Code has occurred will depend on the facts and circumstances. It will also vary depending on whether the significant breach relates to their own conduct or the conduct of another registered tax practitioner.
120.  A registered tax practitioner will be taken to have reasonable grounds to believe that there has been a breach of the Code and that breach is significant where, objectively assessed, that belief is likely to be held by a reasonable person, possessing the required knowledge, skill and experience of a registered tax practitioner, having regard to the considerations discussed above.^[36] This is the case whether the breach of the Code relates to a registered tax practitioner’s own conduct or another tax practitioner’s conduct.
121. The TPB acknowledges that it may be more difficult to establish if a registered tax practitioner ‘ought to have’ reasonable grounds for believing that another tax practitioner has breached the Code and that breach is significant. In making that assessment, regard should be had to the factors set out in paragraphs 81 to 84 above (as appropriate).
122. The 30-day notification period runs from the day the registered tax practitioner first has, or ought to have reasonable grounds for the belief. If there are multiple grounds supporting the belief, and these grounds become evident at different times, the timeframe runs from when the tax practitioner first had sufficient grounds for the belief.
123. If a reasonable person in the same position as the registered tax practitioner would have had reasonable grounds to believe that a significant breach had occurred at an earlier time than when the tax practitioner actually formed the belief, the 30-day notification period runs from that earlier point in time.

Reporting outside the 30-day period

124. If a tax practitioner does not comply with the 30-day notification period, they must still report the breach. This is because the breach reporting obligations not only require that the breach be reported to the TPB, and applicable RPA (where relevant), but also that it be reported within the specified 30-day timeframe.
125. When reporting the breach, the tax practitioner must give reasons for the delay in notifying the breach and support their claim with appropriate evidence and facts. The TPB will take this information into account when assessing the report and determining the appropriate compliance action to take. We will consider any extenuating circumstances or relevant factors that give rise to the delay. 
126. As the 30-day notification period runs from the day the tax practitioner has, or ought to have, reasonable grounds for believing a significant breach has occurred, and not 30 days from the date of the breach, tax practitioners should be well positioned to report on time.
127. It is important that tax practitioners keep us informed of any issues that are or may adversely impact on their registration. Transparency and cooperation can support early resolution of issues.
      

Who to notify

Notifying the TPB

128. If a registered tax practitioner has reasonable grounds to believe that they, or another registered tax practitioner, have breached the Code, and the breach is a significant breach, they must notify the TPB.
129. Notification must be made using the:
     • Notify a change in circumstances form if the breach relates to their own conduct
     • Online Complaints form if the breach relates to the conduct of another registered tax practitioner.
130. The TPB will acknowledge receipt of the report and consider its merits in line with the law supporting the breach reporting obligations and our compliance approach (refer to paragraphs 169 to 174 of this draft Information Sheet). Lodging a report and obtaining acknowledgment of receipt does not confirm that we will commence a formal investigation or take any compliance action in relation to the report. Each report will be considered on a case-by-case basis.
131. Further information about the details the TPB requires tax practitioners to provide when reporting significant breaches of the Code, will be published on the TPB website when the guidance is finalised.

Notifying recognised professional associations

132. If a registered tax practitioner has reasonable grounds to believe that another practitioner has breached the Code and it is a significant breach, and the other practitioner is a member of a professional association recognised by the TPB under the TASR, they must notify that association of the breach in writing. 
133. Professional associations are accredited by the TPB as either ‘recognised tax agent associations’ or ‘recognised BAS agent associations’, collectively referred to as RPAs.
134. The obligation to notify the RPA only applies if the registered tax practitioner is ‘aware’ of the other tax practitioner’s membership with the RPA. This will be the case if the tax practitioner has knowledge that the other practitioner is a member of an RPA or could obtain this knowledge by making reasonable enquiries. 
135. The TPB expects registered tax practitioners to take reasonable steps and to make reasonable enquiries to establish whether the other tax practitioner is a member of a RPA.
136. The TPB provides information on RPAs, including a list of RPAs that are accredited by the TPB.
137. The TPB Register may include information about whether a registered tax practitioner is a member of an RPA. Tax practitioners are encouraged to review and update their details on the register. However, the TPB does not generally verify RPA membership details. 
138. Tax practitioners who are considering reporting Code breaches to an RPA, may wish to make additional enquiries, including with the relevant RPA, to confirm membership. In some cases, the RPA website may provide a list of members. 
139. Breaches must be notified in writing. Registered tax practitioners should contact the relevant RPA to find out how to notify them of the breach and what information they require.

Reporting obligations if breach already reported

140. Section 30-40 of the TASA imposes an obligation on registered tax practitioners to report significant breaches of the Code by other tax practitioners.
141. However, if a registered tax practitioner has actual knowledge that a significant breach of the Code has already been reported to the TPB, and to an applicable RPA (where relevant), by another tax practitioner in accordance with the breach reporting obligations, the TPB will not, as a general rule, take any compliance action if they do not report the breach. 
142. This compliance approach will only apply if the registered tax practitioner:
     • believes the information provided to the TPB about the breach, including the details of the breach, to be accurate; and
     • has no further material information to add about the breach. 
143. Adopting this pragmatic and risk-based compliance approach avoids the need for duplicate reporting in such cases.
144. For example, a tax practitioner may have actual knowledge that a significant breach has already been reported because:
     • the breach has been reported by a member of the same firm (such as another partner, or a managing partner on behalf of the firm)
     • the TPB has publicly released information about the breach and/or any enforcement action taken in relation to the breach (for example, in the form of media releases, news articles or other communications).
145. Actual knowledge requires the registered tax practitioner to rely on something more than a suspicion, hearsay, gossip, the unsubstantiated opinion of third parties, or publicly available information published by entities other than the TPB. The position needs to be supported, and the tax practitioner must be able to verify and corroborate it as required. 
146. If a registered tax practitioner decides not to report a significant breach of the Code in accordance with the breach reporting obligations because they have actual knowledge that it has already been reported, they should document their decision and the reasons for it and ensure the decision can be readily supported if required. 
147. If a tax practitioner is unsure whether a breach has been reported to the TPB, and to an applicable RPA (where relevant), has additional information regarding the breach that may assist any potential investigation, or does not agree that the information that has been provided is accurate, they must still report the breach themselves.

Reporting obligations if breach remedied

148. A registered tax practitioner still has an obligation to report a significant breach of the Code to the TPB, and applicable RPA (where relevant), if a breach has been ‘rectified’, or they have taken steps to address or remedy the breach. Rectification of a breach is a factor the TPB may take into consideration when deciding what further action it might take (refer to paragraph 171 of this draft Information Sheet).

Client confidentiality and legal professional privilege

149. Under Code item 6 (section 30-10(6) of the TASA), registered tax practitioners must not disclose information relating to the affairs of a client or former client, to a third party unless they have obtained the client’s permission, or they have a legal duty to do so.
150. Notifications to the TPB and RPAs under the breach reporting regime may involve the disclosure of client information. However, as these disclosures are required by law under the TASA, they will generally be covered by the legal duty exception.  As such, breach reporting disclosures will be compliant with Code item 6. 
151. This is subject to any information, including client information, being protected by legal professional privilege (LPP). LPP protects confidential communications between a qualified legal advisor and their client from compulsory production where they were made for the dominant purpose of seeking legal advice, or for use in existing or anticipated litigation. Once waived, LPP cannot be restored and may be lost permanently. Waiver may occur by way of widely distributing a confidential legal advice to different third parties or in communications that refer to and/or disclose the content or essence of the legal advice. 
152. The TASA, including the breach reporting obligations and Code item 6, does not override the law relating to LPP.^[37] As such, registered tax practitioners should consider whether LPP applies before providing information to the TPB, and applicable RPA (where relevant), and if so, whether they wish to waive LPP in order to provide the information to the TPB and RPA.

Consequences for failing to comply with the breach reporting obligations

153. The TPB will adopt a transitional approach to enforcing compliance with the breach reporting obligations, focusing first on consultation, education and building awareness, and making improvements in voluntary compliance, supervisory and regulatory systems. However, the TPB will always be alert and responsive to higher risk misconduct and regulatory breaches. For example, when investigating a tax practitioner in relation to a fraud, consideration will be had to broader compliance responsibilities, including breach reporting.
154. A failure to comply with any of the breach reporting obligations is a breach of section 8C of the TAA and of subsection 30-10(2) of the TASA (Code Item 2). It is also a factor that may be taken into consideration when determining whether a registered tax practitioner continues to meet the ‘fit and proper’ registration requirement. 
155. Noting that no 2 cases are the same, the TPB will take a pragmatic and risk-based approach to assessing non-compliance with the breach reporting obligations and determining the appropriate compliance action to take.
156. Each breach will be considered on a case-by-case basis, having regard to the facts and circumstances present when a registered tax practitioner became aware, or ought to have become aware, that the breach occurred. This may include looking at the extent of the failure to comply with the obligation and the risk associated with that failure to comply.

Section 8C of the TAA

157.  Paragraph 8C(1)(d) of the TAA makes it an offence for a person to refuse or fail to notify the Commissioner of Taxation, or another person or thing, when and as required under a 'taxation law', to the extent that they are capable of doing so.^[38] This applies equally to a refusal or failure to notify the TPB.^[39]
158. As the TASA is a 'taxation law' within meaning of the ITAA 1997 for the purposes of section 8C^[40], it is therefore an offence for a registered tax practitioner to fail to comply with any of the breach reporting obligations.
159. The offence is one of 'absolute liability'.^[41] The penalties imposed for offences under section 8C depend on the type of registered tax practitioner entity that has committed the offence (individual or corporation), and whether there have been any previous offences.
160. An offence under section 8C is punishable under section 8E by a fine of up to $6,260 for a first offence; $12,520 for a second offence; or $15,650 and/or imprisonment for up to 12 months, for a third or subsequent offence. Under section 8ZF of the TAA, a corporation that has committed an offence under section 8C may be fined up to $55,500 for a third or subsequent offence.

Subsection 30-10(2) of the TASA

161. Subsection 30-10(2) of the TASA states that 'you must comply with the taxation laws in the conduct of your personal affairs' (Code Item 2).
162. The term 'taxation laws' in the context of the Code means:
     1. an Act of which the Commissioner of Taxation has the general administration (including any part of an Act to the extent to which the Commissioner has the general administration of the Act); or
     2. legislative instruments made under such an Act (including such a part of an Act); or
     3. the Tax Agent Services Act 2009 or TASR.^[42]
163. 'Personal affairs' also includes the affairs of the registered tax practitioner's practice, for example, the registered tax practitioner's duties and obligations with regard to maintaining registered tax practitioner registration.^[43] This includes notifying the TPB of any changes in circumstances, including that they no longer meet a registration requirement or there is a change in the composition of their tax practice, within a specified period of time. 
164. The breach reporting obligations in sections 30-35 and 30-40 of the TASA are therefore taxation laws that registered tax practitioners must comply with in the conduct of their personal affairs.
165. If a registered tax practitioner fails to comply with taxation laws in the conduct of their personal affairs, including a failure to comply with the breach reporting obligations, the TPB may find that the registered tax practitioner has breached the Code and may impose sanctions for that breach. The TPB will take into account the relevant facts and circumstances when considering breach reporting issues, including the facts surrounding that failure to comply, in determining what sanction, if any, to impose on a registered tax practitioner who has been found to be in breach of Code Item 2.
166. In addition, it is important to be aware that conduct that leads to a breach of Code Item 2 could impact on a tax practitioner meeting the fit and proper person requirement and other Code items, such as Code Item 1, which relates to honesty and integrity.
167. If a registered tax practitioner breaches the Code, the TPB may impose one or more of the following sanctions:
     • a written caution
     • an order requiring the tax practitioner to do something specified in the order
     • suspension of the tax practitioner's registration
     • termination of the tax practitioner's registration (and a period within which a terminated tax practitioner may not re-apply for registration).
168. The TPB’s Information Sheet TPB(I) 34/2018 Code of Professional Conduct – complying with taxation laws in the conduct of your personal affairs provides additional guidance to assist registered tax practitioners understand their obligations under Code Item 2.

TPB's approach to investigating breach notifications

169. The TPB has the power to formally investigate matters under the TASA, including breaches of the Code.^[44] However, a 'significant breach' is reported to us by a registered tax practitioner in line with the breach reporting obligations will not automatically trigger the commencement of a formal investigation.
170. Consistent with our current approach to investigating complaints, we will undertake a preliminary analysis of the breach notification, make relevant enquiries and use information available to us to assess and validate the potential breach and mitigate the risk of frivolous, vexatious or malicious claims.
171. The TPB will take a risk-based approach when deciding whether to commence a formal investigation. In making this decision, the TPB will consider several factors including, but limited to, the following: 
     • nature of the breach
     • seriousness of the breach and level of risk involved
     • number and frequency of breaches
     • whether there is sufficient evidence to support the breach notification
     • in the case of a breach notification about another tax practitioner, the circumstances surrounding the making of the notification and relationship between the parties
     • compliance history of the registered tax practitioner
     • whether the breach has been rectified or remedied or any steps taken to address it
     • nature and scale of the tax practitioner’s business
     • number of clients involved
     • impact or harm to clients and the tax system more broadly
     • whether the breach notification is otherwise frivolous, vexatious or malicious based on the information provided
     • if a breach is reported outside the 30-day notification period, the reasons for any delay in reporting the breach, and any consequences for TPB investigation and other agencies as a result of the delay.
172. When reporting significant breaches of the Code by another tax practitioner for the purposes of the breach reporting obligations, tax practitioners will need to identify themselves to the TPB to comply with their obligations.
173. Subject to the passage of Treasury Laws Amendment (Tax Accountability and Fairness) Bill 2023, tax practitioners may be eligible for the extended tax whistleblower protections that are proposed to commence from 1 July 2024. These proposed changes seek to provide protections for disclosures by eligible whistleblowers to the TPB relating to the misconduct of tax practitioners. Eligible whistleblowers will have their identity protected, unless it is to an authorised body, or with the whistleblower’s consent.
174. The TPB has additional guidance on investigations, which includes information on the process, approach to dealing with complaints, and investigations into breaches of the Code. 

Case studies

175.  These case studies provide general guidance only. In all cases, consideration will need to be given to the specific facts and circumstances.
      

Case study 1 – ‘reasonable grounds to believe’ tax practitioner does not meet an ongoing registration requirement and has breached Code

David is a registered tax agent. He is the sole director and one of 2 nominated supervising agents of a registered tax agent company. He employs 10 staff to provide tax agent services on behalf of the registered tax agent company. Of the 10 staff:

• one staff member, Gaby, has 5 years’ experience in providing tax agent services and is the other nominated supervising agent. She is largely responsible for the training of new staff, and the reviewing of work undertaken by the less experienced staff members
• 2 are recent graduates with less than 6 months’ experience; and
• the remaining staff members have 2 years’ experience.

Gaby recently commenced maternity leave. David did not nominate a replacement supervising agent.

After a period of 6 months, David began receiving complaints from clients in regard to the quality of work undertaken by some of the employees of the registered tax agent company, with a number of clients’ tax returns adjusted during audits undertaken by the Australian Taxation Office (ATO), with additional tax shortfall penalties and interest charges imposed on clients.

David was concerned that the registered tax agent company was likely in breach of its obligation to ensure that the tax agent services provided on behalf of the company are provided competently (Code Item 7) and whether the number of supervising agents nominated was adequate and decided to make further enquiries.

David discovered that a number of staff oversights and errors had occurred, quality checks and controls had not been updated to reflect the change in supervising agents, and staff training had ceased.

The company’s failure to ensure that adequate supervisory and quality control arrangements were in place, and staff had the required skills and experience, meant that the company had failed to ensure that the tax agent services provided on its behalf were provided competently.

David had reasonable grounds to believe that the company had breached its ongoing registration requirement to have a sufficient number of individuals, being registered tax agents, to provide tax agent services to a competent standard and to carry out supervising arrangements, and as such, was also in breach of Code item 7.

David also had reasonable grounds to believe the breach was significant, noting that the breach:

• resulted in material loss to the clients
• was considered ‘otherwise significant’ given that:
  • there were a number of clients impacted over a period of 6 months
  • the ability for the tax agent company to provide a competent service was impacted by the change in supervising agents; and 
  • the tax agent company’s arrangements to ensure compliance with the Code were inadequate given all training and quality assurance of work was undertaken by one staff member. 

Case study 2 – tax practitioner’s conduct equates to a significant breach of the Code 

Ivan is a registered tax practitioner. He is the sole director of a registered tax agent company.

Over a period of 12 months, Ivan lodged false BAS without the knowledge or authorisation of more than 10 clients. Following an ATO investigation, the ATO cancelled the lodgements to prevent a significant amount of BAS credits being paid when it was discovered that the entities were not carrying on an enterprise for GST purposes.

Ivan subsequently misappropriated client refunds by nominating them to be paid into his own bank account, or the bank account of another individual who was not entitled to the returns. Further, he put a number of clients at risk when he shared his credentials used to access ATO systems with another individual. This allowed unsupervised access to confidential taxpayer information and left the clients open to their information being used fraudulently.

In these circumstances, Ivan was aware that he had breached the Code, or at the very least, had reasonable grounds to believe that he had breached the Code and the breach was significant, noting the:

• breach may constitute an offence involving dishonesty under an Australian law, as misappropriation of client funds involves dishonest conduct
• breach of client confidentiality was likely to result in material loss or damage to the impacted clients
• lodgement of false BAS was likely to result in material loss or damage to the Commonwealth; and 
• breach would have been considered ‘otherwise significant’, given the impact of the breach on Ivan’s ability to provide tax agent services and the extent to which the breach could be said to indicate inadequate arrangements to ensure compliance with the Code. 

As such, Ivan was under an obligation to notify the TPB, within 30 days of the day on which he became, or ought to have become aware, or first had, or ought to have had, reasonable grounds to believe that he had breached the Code and the breach was significant. 

Case study 3 – tax practitioner’s conduct does not equate to a significant breach of the Code

Samantha has been a registered tax agent for 5 years and is employed by ABC Pty Ltd, a registered tax agent company.

Recently, the tax agent company received a complaint from a new client that identified the following issues concerning the BAS services provided by Samantha:

• Samantha had not passed on the client’s most recent tax refund in a timely fashion
• Samantha had failed to provide the client with a finalised copy of the client’s return and Notice of assessment; and
• client instructions and interactions were not documented properly.

After further investigation, the tax agent company discovered that this was a once off occurrence and no other clients had been impacted.

While Samantha’s behaviour may be considered to be a breach of the Code (Code item 7) as she had failed to provide tax agent services competently, the breach does not equate to a significant breach of the Code, noting the breach:

• does not constitute an indicatable offence, or an offence involving dishonesty, under an Australian law,
• has not resulted, nor is it likely to result, in a material loss or damage to the client,
• is not considered to be ‘otherwise significant’ given it was a once-off, had not impacted Samantha’s ability to otherwise provide tax agent services, and was not indicative of any systemic issue that would result in non-compliance with the Code.

Case study 4 – tax practitioner, through credible information, is aware that another tax practitioner’s conduct equates to a significant breach of the Code 

Colin is a registered tax agent in a medium sized accounting firm.

Colin has recently become aware, through interactions with former clients of a former colleague, that the former colleague, also a registered tax agent and a member of the same RPA as Colin, has been receiving tax refunds on behalf of clients and depositing those refunds into their own personal business account and retaining them. The tax practitioner has breached Code Item 3 as he has failed to account to clients for money held on trust. 

Colin is also aware that the former colleague has been misleading clients into believing their tax returns had been lodged and advising them that they owed tax, money which was then paid to the tax practitioner, and used for the tax practitioner’s own benefit.

Colin followed up these complaints by checking the firms working files and online records which confirmed false or fraudulent lodgements.

In these circumstances, Colin has reasonable grounds to believe that another registered tax agent has breached multiple Code items and the breaches are significant, taking into account the following:

• it appears the tax practitioner may have committed an offence involving dishonesty under an Australian law, having misappropriated client funds
• the misappropriation of funds has resulted in, or is likely to result, in material loss or damage to the tax practitioner’s clients; and 
• the breach is otherwise significant given the behaviour has been ongoing for some time and involves multiple breaches of the Code. 

As such, Colin is under an obligation to notify the TPB within 30 days on which he first had reasonable grounds to believe that the other agent had breached the Code and the breach is a significant breach of the Code. In addition, at the time Colin had reasonable grounds to believe that the other agent had breached the Code and the breach is a significant breach of the Code, Colin had an obligation to notify the other agent’s RPA of the breach. 

Case study 5 – tax practitioner, through ‘gossip’ thinks that another tax practitioner’s conduct may equate to a significant breach of the Code 

Brittany is a registered BAS agent. She attends monthly discussion group sessions with other registered BAS agents. She is also a member of an online forum that discusses new and emerging issues in the BAS agent space.

At a recent discussion group session, Brittany overheard two attendees gossiping about a mutual acquaintance. She overheard them discussing the new requirements for BAS agents to complete 90 hours of continuing professional education (CPE) and how their mutual acquaintance, an individual known to Brittany, has been falsifying their CPE certificates. She also overheard them saying that this mutual acquaintance had made false statements to the TPB to hide the fact that they had not completed their CPE.

Brittany made no further enquiries regarding what she had overheard. She also did not have any independent evidence to suggest that the individual had in fact falsified their CPE certificates. In fact, Brittany had recalled seeing this mutual acquaintance at several of the discussion groups she attends, as well as 2 recent technical workshops delivered by her professional association. While Brittany thinks that the conduct may equate to a significant breach of the Code, her belief is founded solely on the gossip overheard at the group discussion session.

In these circumstances, Brittany would not be under an obligation to notify the TPB. She would not be considered to have reasonable grounds to believe that the individual had breached the Code.

Case study 6 – tax practitioner, a direct competitor of another practitioner, makes a vexatious unsupported claim to the TPB 

Tamara is a registered tax agent in a large well-known accounting firm. Max, a registered tax practitioner in another leading accounting firm known to be in direct competition with Tamara’s firm, recently took over one of her clients. Tamara was unhappy to have lost this client as they were a ‘big client’ and she had only recently joined the firm and was keen to make an impression.

Tamara overhears a discussion between colleagues at her firm regarding the client’s change in firms, and the fact that it had come as a surprise to the firm given the rumours that had been circulating that Max had been involved in fraudulent tax claims. 

Tamara decides to report a breach of the Code to the TPB using the Online Complaints form as the breach relates to the conduct of another registered tax practitioner. The information accompanying the breach notification provides very little detail about the breach and contains a number of statements that do not appear to be supported in any way.

As part of their investigations process, the TPB undertakes a preliminary analysis of the notification to assess and validate the purported breach and determine whether Tamara has ‘reasonable grounds’ for believing there has been a significant breach of the Code by Max.

The TPB makes initial enquiries with Tamara regarding the background to the purported breach, the circumstances in which she became aware of it and the nature of the relationship between the parties in an attempt to substantiate the claim. It becomes clear during these communications that she is basing her view solely on the hearsay, speculation or the unsubstantiated opinion of her colleagues. The history to the takeover and competition between the firms may also have a bearing on the credibility of the notification made and increases the potential for it to be vexatious. 

The TPB does not have any information to indicate that Max has a history of non-compliance with the TASA, including the Code, or the taxation laws more broadly. 

As the breach notification has not been sufficiently supported with appropriate facts and evidence, and the TPB is not satisfied there are reasonable grounds for the belief that there has been a significant breach, they decide not to commence a formal investigation in response to the report. 

References

^[1] Effective from 1 January 2024, the object of the TASA is to support public trust and confidence in the tax profession and the tax system by ensuring that tax agent services are provided to the community in accordance with appropriate standards of professional and ethical conduct: section 2-5 of the TASA.

^[2] See, for example, the breach reporting regime administered by the Australian Securities and Investments Commission (ASIC), which broadly requires Australian financial services licensees and Australian credit licensees to report certain breaches of the Corporations Act 2001 and National Consumer Credit Protection Act 2009 to ASIC, including ‘significant breaches’ of core obligations. 

^[3]A list of recognised professional associations is published on the TPB’s website.

^[4] Section 3-5 and subsection 90-1(2) of the TASA; section 995-1 of the Income Tax Assessment Act 1997.

^[5] Offences may be described differently depending on the Commonwealth, State or Territory law that applies. Whether there is an indictable offence or offence involving dishonesty will ultimately depend on the facts and circumstances.

^[6] Section 4G of the Crimes Act 1914

^[7] Section 3 of the Criminal Code Act 1899 (Qld)

^[8] Section 3 of the Criminal Procedure Act 1986 (NSW)

^[9] The Macquarie Dictionary, Macmillan Publishers Australia, 2023

^[10] Based on the criminal test of dishonesty expressed in R v Ghosh [1982] 3 WLR 110

^[11] Section 470.2 of the Criminal Code Act 1995

^[12] See also, section 9 of the Corporations Act 2001 (Cth), which defines ‘dishonest’ as meaning ‘dishonest according to the standards of ordinary people’.

^[13] See for example, section 4B of the Crimes Act 1900 (NSW) and section 300 of the Criminal Code 2002 (ACT)

^[14] The Explanatory Memorandum to the Tax Agent Services Bill 2009 states at paragraph 2.51: ‘The offence of dishonesty takes its ordinary meaning. Under section 130.3 of the Criminal Code, dishonest is defined as dishonest according to the standards of ordinary people in circumstances where the defendant is aware of these standards. Consequently, the scope of ‘dishonest’ is determined by community standards.

^[15] The Macquarie Dictionary Macmillan Publishers Australia, 2023, relevantly defines ‘involve’ (verb) as meaning:’1.To include as a necessary circumstance, condition, or consequence; imply; entail;….3. To include, contain, or comprehend within itself or its scope’.

^[16] If a registered tax practitioner is convicted of an offence involving fraud or dishonesty, this is an event that already needs to be reported to the TPB under section 30-35 of the TASA and may affect their continued registration under section 20-45 of the TASA.

^[17] If a tax practitioner has been convicted of a fraudulent and dishonest offence, and that conduct is considered a ‘significant breach’ of the Code as it constitutes an indictable offence or an offence involving dishonesty, this can be reported to the TPB using the same form.  

^[18] The Macquarie Dictionary, Macmillan Publishers Australia, 2023

^[19] The Australian Oxford Dictionary, Oxford University Press, 2004, similarly defines the term in the following way: 1 the act or an instance of losing; the state of being lost…; 2. A person, thing or amount lost; 3. the detriment or disadvantage resulting from losing…

^[20] The Australian Oxford Dictionary, Oxford University Press, 2004, similarly defines ‘damage as meaning: 1. Harm or injury impairing the value or usefulness of something, or the health or normal function of a person, 2. (law) a sum of money claimed or awarded in compensation for a loss or injury;…4. (colloq) cost…’

^[21] The Macquarie Dictionary, Macmillan Publishers Australia, 2023.

^[22] The Australian Oxford Dictionary, Oxford University Press, 2004 similarly defines the term as ‘2. Having an appearance of truth or fact; seeming as if it would happen, or prove to be as stated; probable. 

^[23]Boughey v the Queen (1986) 161 CLR 10 [High Court decision considering the term in the Criminal Code Act 1979 (Tas)]; Tillmanns Butcheries Pty Ltd v Australasian Meat Industry Employees’ Union [1979] FCA 85 (Full Federal Court decision considering the term in the context of the Trade Practices Act 1974); WKNH v Australian Securities and Investments Commission [2018] AATA 1325 (AAT decision considering the term in the context of the Business Names Registration Act 2011 (Cth).  

^[24] Subsection 995-1(1) and section 960-100 of the ITAA 1997. The note to subsection 995-1(1) clarifies that the term entity covers all kinds of legal person, and groups of legal person and other things, that in practice are treated as having a separate identity.

^[25] Section 2B of the Acts Interpretation Act 1901 (Cth)

^[26] The Macquarie Dictionary, Macmillan Publishers Australia, 2023

^[27] The Australian Oxford Dictionary, Oxford University Press, 2004 similarly defines the term (adjective) as ‘noteworthy; important, consequential: a significant figure in history’.

^[28] Section 2-5 of the TASA

^[29] Section 30-5 of the TASA

^[30] See paragraph 90-1(1)(c)

^[31] The Macquarie Dictionary, Macmillan Publishers Australia, 2023

^[32] George v Rockett [1990] HCA 26; (1990) 170 CLR 104

^[33] For example, see section 3W of the Crimes Act 1914

^[34]The TPB’s guidance in respect of the application of Code items will be informative for the tax practitioner when making this assessment. See TPB information products by topic, including TPB(EP) 01/2010 Code of Professional Conduct.

^[35] For example, in Le'Sam Accounting Pty Ltd and Tax Practitioners Board [2021] AATA 1593 (21 May 2021) the Administrative Appeals Tribunal considered circumstances where a registered tax practitioner was aware, or ought reasonably to have been aware, of certain actions taken by an employee engaged in the provision of tax agent services.

^[36] See paragraphs 96 to 116 above (as appropriate).

^[37] Section 70-50 of the TASA

^[38] Subsection 8C(1B) of the TAA

^[39] Section 8AC of the TAA provides that section 8C applies to the TASA by replacing references to the Commissioner of Taxation with the TPB. 

^[40] The term ‘taxation law, as used in the TASA, is given the same meaning as in section 995-1 of the 1997: subsection 90-1(2) of the TASA. Paragraph (c) of the ‘definition’ of ‘taxation law’ in subsection 995-1(1) includes the TASA and TASR.

^[41] An offence of ‘absolute liability’ is an offence where no fault elements apply to the physical elements of the offence and the defence of reasonable mistake is not available: section 6.2 of the Criminal Code Act 1995 (Cth), which applies to offences under the TAA.

^[42] Under section 90-1(2) of the TASA, the term ‘taxation laws’ has the same meaning in the TASA as in section 995-1 of the Income Tax Assessment Act 1997.

^[43] Bar Association (NSW) v Cummins (2001) 52 NSWLR 279 at 289; Re John Jeremy William Wyborn and Tax Agents’ Board of New South Wales [2007] AATA 1492

^[44] Section 60-95 of the TASA.