ACNC announces targets

The Australian Charities and Not-for-profits Commission has announced that it will focus on the misuse of complex corporate structures and the way charities manage cyber-security challenges.

‘The ACNC is becoming increasingly concerned about the misuse of complex structures [that might] be part of attempts to conceal non-compliance with the ACNC Act and regulations’, commissioner Sue Woodward said.

‘Charities are free to use a variety of structures to suit their purpose and we acknowledge there can be good and legitimate reasons to do so. However, the decision to utilise complex structures, or the gradual and perhaps ad hoc development of complex structures, also comes with more complex governance obligations.

‘While many charities are well advised and adhere to robust compliance regimes, there are others which may not appreciate that complex structures bring associated governance complexity and risk. Inadvertent non-compliance is more likely because there may not be clear delineation in the oversight of each entity, including the required focus on each charity’s particular charitable purpose.

‘At the rarer and more extreme end, we are concerned about entities that may deliberately use complex corporate structures to try and obscure illegal activities. Our enforcement and compliance activities will focus on charities that attempt to conceal non-compliance with the ACNC Act and Regulations by deliberately using complex structures to avoid adherence to the law […].

‘We will also continue to refer matters to other appropriate government agencies when we have concerns about suspected breaches of other laws.’

Another compliance focus will be the challenges charities face on cyber-security.

‘This is a key governance risk for charities’, Ms Woodward said.

‘In our reviews we work with charities to better understand how they protect themselves from cyber risks and manage cyber-security incidents.’

The ACNC will look at cyber-challenges faced by charities by asking:

  • What makes charities vulnerable to cybercrime
  • How charities manage and mitigate cyber security risks, and
  • How charities ensure third parties manage risk on their behalf.

Ms Woodward said that the ACNC will maintain a focus on conduct that poses the greatest risk to people, funds and assets.

‘Consistent with our statutory objectives, we take enforcement action when there is a significant risk to public trust and confidence in registered charities.’

The ACNC will prioritise:

  • Conduct that harms people, particularly children and vulnerable adults
  • Misuse of a charity for terrorist purposes or to foster extremism, indirectly or directly
  • Financial mismanagement, including fraud and significant private benefit, and
  • Activities that put a charity at risk of having a disqualifying purpose so they are no longer eligible to be registered with the ACNC.