Audit implications of new penalty regime

Richard Smith

The new ATO penalty regime has cast some doubt on the reporting responsibilities of auditors. Richard Smith examines the reporting implications of the regulator’s new powers.

With the new administrative penalty legislation coming into effect from 1 July 2014, there will be an increased focus on compliance breaches by SMSFs and how they are reported. While the Australian Taxation Office (ATO) undertakes its own compliance activity, the majority of compliance breaches are identified by a fund’s auditor and reported via an auditor contravention report (ACR).

As there is potential risk of financial penalties being levied against trustees personally, auditors may face increased pressure not to report breaches to the ATO. Therefore, auditors and their clients need to be clear on the specific reporting requirements where compliance breaches occur.

Reporting obligations for auditors

Where a breach of the legislation is identified, auditors have a number of reporting obligations they are required to follow.

Legislative requirements

Section 129 of the Superannuation Industry (Supervision) (SIS) Act 1993 states if an auditor forms the opinion that it is likely a contravention of the SIS Act or SIS Regulations may have occurred, may be occurring, or may occur, they are required to report the matter to the trustee and the ATO.

Auditors can report matters to the trustees in a management letter or audit report and to the ATO in an ACR.

Audit report and ACR

Auditors are required to audit specific sections and regulations of the SIS Act that are in the approved auditor’s report. Where there are material breaches of any of these, the auditor will qualify their opinion in the compliance part of the audit report.

The ACR lists all sections and regulations that are reportable to the ATO, however, it does not include all of those specified in the audit report. For example, section 35B of the SIS Act is included in the approved auditor’s report, however, breaches of this section are not required to be reported to the ATO.

There are seven tests to determine whether a breach is to be reported. In addition, auditors are permitted to use their professional judgment to report other breaches that are outside of these tests.

Management letter

Auditing standards require auditors to report compliance breaches to the trustees even if they are not material and have not been reported to the ATO. By engaging with the trustees, auditors communicate issues of governance and can educate them so as to hopefully prevent more serious breaches occurring in the future.

Independence and professional standards

Auditors are required under legislation and professional standards, such as “APES 110: Code of Ethics for Professional Accountants”, to comply with ethical principles. Independence is a key principle and ensures the auditor is free to form an objective opinion without undue influence being applied.

An auditor should assess independence as part of their audit and identify any threats to independence that may exist, such as intimidation from a client. The Auditing Standards Board in “Guidance Statement 9” includes an example of an intimidation threat as “a threat of replacement … or the loss of other general accounting or tax work if the auditor’s opinion is modified or an ACR is submitted to the ATO”.

Where there is pressure from a client to influence the auditor’s opinion, including pressure to not report breaches to the ATO, the only safeguard available may be to refuse to accept the engagement.

Penalty provisions from 1 July 2014

The ATO’s new powers will encompass enforced rectification of the breach and require trustees to complete education courses. However, it is the third power of applying administrative penalties that has attracted most attention because of the size of some of the penalties and the fact trustees will be personally liable for breaches within a fund.

Penalties can be applied for breaches of specific provisions within the SIS Act, ranging from five penalty units, currently equivalent to $850, to 60 penalty units, equivalent to $10,200.

The intention is to have penalties that are commensurate with the breach and easier for the ATO to administer. It will also mean the ATO can intervene earlier by issuing penalties for minor breaches, thereby reducing the likelihood of compliance issues occurring or continuing in future years. This may result in a reduction in the number of funds being made non-complying or trustees being disqualified as trustees will hopefully learn from their mistakes earlier on.

How will the ATO administer penalties?

It is important to note the penalty regime will not only apply to breaches reported after 1 July this year, but existing breaches from prior years could also fall under the new framework.

In her speech at the 2014 SMSF Professionals’ Association of Australia SMSF National Conference, ATO deputy commissioner of superannuation Alison Lendon said: “While the start date is 1 July … contraventions still existing on that date will come under the new penalty regime. The message for SMSF trustees is clear: rectify any contraventions as soon as possible or be liable for a penalty.”

The second important point is penalties will not be automatically applied across the board.

ATO director of tax and regulatory risk Nathan Burgess confirms that while the ATO has these powers at its disposal, it will not be applying them to all reported breaches. Burgess says the ATO has established a framework to identify compliance breaches, including those reported by auditors. The ATO will assess the breaches to determine whether the fund is to be audited and result in penalties being applied.

Identification and verification of breaches

The ATO has an ongoing compliance program and as a part of this program funds are risk assessed, after which the trustees may be contacted or the fund audited.

An ACR being received is one trigger for this process and when the ATO is notified of a compliance breach, the fund is risk rated. This includes an assessment of the reported breach along with other factors, such as the fund’s compliance history and previously reported breaches. The fund will then be categorised as low, medium or high risk and the trustees contacted.

Low-risk funds

Where a fund is rated as low risk, a letter will be sent to the trustees, outlining the breach and confirming no further action is to be taken given the minor nature of the breach and the fund’s good compliance history.

Medium-risk funds

For medium-risk funds, the trustees will receive a telephone call from an ATO officer to discuss the breach. The purpose of the call is to discuss the circumstances around the breach, along with the trustees’ understanding of what has occurred so the regulator can be satisfied the trustees are aware of their responsibilities. Assuming this is the case, the ATO will be able to finalise the matter and, again, the trustees will receive a letter stating no further action will be taken. However, where trustees are evasive, are unaware of the breach occurring or have little understanding of their responsibilities as a trustee, it is likely the matter will be escalated to an audit.

High-risk funds

For high-risk funds, the ATO will conduct an audit that will look into the reported breach, but also encompasses the operations of the fund as a whole, for example, on-time lodgement history, on-time payment of tax, taxation claims and compliance history.

The ATO will complete audits on about 3000 funds during 2014/15, of which around 60 per cent will result from ACRs lodged and the remainder from their internal compliance program.

In determining which funds are audited, the ATO will focus on breaches of the borrowing and lending rules, financial assistance and in-house assets rules. However, the ATO will also focus on breaches of section 104 and 104A where there are changes to the trustees, to ensure records are properly maintained and registers updated in accordance with legislation.

Application of penalties

Where an audit is conducted, and the ATO verifies the reported breach did occur, it is at this point that administrative penalties will be imposed

One concern has been that an event or transaction by the trustees may result in breaches of more than one section of the SIS Act, which would trigger multiple penalties being levied. Burgess confirms where this occurs the ATO will usually remit all but one of the penalties, however, it will be the highest penalty that is levied.

For example, where a single event causes a breach of two sections, resulting in penalties of $10,200 and $1700 respectively, the ATO would likely remit the lesser amount and the penalty of $10,200 would apply.

Burgess says the ATO does not regard these administrative penalties as a revenue measure, but an action to correct behaviour.

Appealing a penalty

Trustees will have the option to write to the ATO to appeal or request remission of penalties. In the first 12 months of implementation, the tax office will look more favourably on requests to remit penalties, in particular where funds have not had a history of compliance issues. Similarly, where there are multiple trustees and it is the actions of one trustee that triggers the penalty, the ATO will consider remitting penalties for the other trustees. However, after 12 months it will be assumed that trustees are aware of both their responsibilities and the penalties that can be levied and therefore trustees will need to present a strong case for remittance.

Where trustees write to the ATO to remit a penalty, they will only have this opportunity once. Any request for remittance of penalties for subsequent breaches is unlikely to be successful.

While many trustees may want to avoid an ACR being lodged, as part of the remission assessment process, the ATO will look at the circumstances surrounding the reporting of the breach. Burgess says “that all things being equal, an SMSF with an ACR will have a better chance of a remission than ones without”.

Again, he says remission requests will be determined on the facts of the case and not by a revenue target.

Payment of penalties

The penalties will be applied to each trustee. Where there is a corporate trustee, there is only one trustee, so the penalty will be imposed once and each director will be jointly and severally liable for the payment. Where there is more than one trustee, for example, four individual trustees, each trustee will be penalised, therefore potentially the penalty could be four times that levied against a corporate trustee.

Another key message is that all trustees are equally responsible and, therefore, in situations where there is a dominant trustee or someone has agreed to act as a trustee for a friend or a client, all trustees should be fully aware of what their responsibilities are.

The ATO stated in its recent SMSF news bulletin “the penalty cannot be paid using the resources of the SMSF and doing so would be considered a serious breach likely subject to more significant penalties from the ATO”.

Burgess confirms where the ATO is made aware the penalty has been paid for by the fund, “at a minimum they will look to disqualify the trustee, with the fund risking being made non-compliant”.


It is important both the profession and trustees are fully aware of how the penalty regime will be implemented and therefore communication from the ATO and professional bodies will need to be clear and consistent. Auditors will also need to know their reporting requirements and ensure they are reflected in their audit procedures.

Copyright © SMS Magazine 2024

ABN 43 564 725 109

Benchmark Media

Site design Red Cloud Digital