Information sheet 7: Our regulatory powers

Reporting entities should continue to use existing guidance notes and information sheets for reporting periods that began prior to 1 July 2024.

Update September 2024

The Regulator is updating its guidance materials for the new Payment Times Reporting Scheme.

We will consult on the process so people can engage with the Regulator and understand the new requirements.

 

Information about the processes we undertake when using our powers under the Payment Times Reporting Act 2020 (the Act) to collect information or when using compliance powers.

On this page

This information sheet provides general guidance only and does not amount to legal advice. Entities are encouraged to seek independent legal advice to clarify their rights and obligations under the Act.

Our regulatory powers

One of the Payment Times Reporting Regulator’s functions is to monitor and enforce compliance with the Payment Times Reporting Act 2020 (the Act). The Act provides powers to gather information from entities, and tools to address non-compliance.

This sheet provides information about our regulatory powers, including an overview of the steps and processes followed when they are used (see Appendix).

Our approach to the use of regulatory powers will depend on the nature of the suspected non-compliance and the conduct of the reporting entity. Information on when we intend on using our regulatory powers is set out in Information Sheet 1: Our approach to regulation.

Information gathering

Voluntary information requests

We may make written requests for you to voluntarily provide information. Voluntary requests allow us to understand or clarify an entity’s compliance with the Act.

Although not compelled to provide information in response to a voluntary request, providing information voluntarily may resolve our concerns without the use of compulsory information gathering powers.

Voluntary requests may relate to:

  • suspected non-compliance
  • clarification of a matter or information in a payment times report
  • requests for specified information or documents.

Most of our compliance activities will commence with a voluntary request for information but in some cases, we may use compulsory information gathering powers without a making a voluntary request.

Compliance audits

What is a compliance audit?

Where we reasonably suspect a reporting entity has contravened the Act, we may require the entity to undertake a compliance audit by issuing a written notice to the entity (a compliance audit notice).

In a compliance audit, an auditor is appointed to undertake an audit and prepare a written report to be given to us within the period specific in the notice, or a longer period if we grant an extension.

If we issue a compliance audit notice, the recipient reporting entity can nominate an auditor. If we consider the nominated auditor to be suitable, we will approve their appointment in writing. If we do not consider the auditor to be suitable, we may request that the entity nominate another auditor, or we will approve an auditor that the entity can engage.

If an entity fails to comply with a compliance audit notice it may be liable for a civil penalty.

Auditor suitability

The requirements relating to the auditor’s qualifications and independence will be set out in the compliance audit notice and can vary depending on the nature of the suspected non-compliance. In general, suitability requirements will include:

  • the auditor’s independence, which may include restrictions on prior engagements and capacities held by the auditor in relation to the entity, and
  • qualifications, which may include professional qualifications and memberships, for example membership to the Chartered Accountants Australia and New Zealand, Certified Practicing Accountants Australia or holding a legal practising certificate.

Auditors are not required to be registered company auditors unless it is stated in the compliance audit notice. Where the suspected non-compliance requires assessment of specialised or technical matters, specific expertise may be included in the auditor requirements.

Obligations for the compliance audit

The reporting entity that is given a compliance audit notice is required to pay the reasonable fees and expenses of the auditor for preparing the audit report. The entity must also provide the auditor, and anyone assisting the auditor, with the reasonable facilities and assistance necessary for the auditor to exercise their duties.

If the entity fails to provide reasonable facilities and assistance, it may be liable for a civil penalty.

On premises information gathering

Powers to gather information on premises

We may enter premises to gather information for compliance purposes with the consent of an entity or under a warrant issued by a court.

Incorporated into the Act are monitoring powers and investigation powers from a standard suite of regulatory powers set out in the Regulatory Powers (Standard Provisions) Act 2014.

Both monitoring powers and investigation powers allow us to enter premises for the purposes of gathering information regarding suspected non-compliance with the Act and offences relating to the Act. However, there are differences in how powers can be used and what is allowable when gathering information.

What is the difference between monitoring and investigation powers?

Monitoring and investigation powers are similar processes but differ in:

  • when we can use the powers, and
  • what we can do when on premises, including the removal of evidence.

Monitoring powers

We can enter premises under monitoring powers in relation to any information given in compliance or purported compliance of the Act and:

  • we suspect there has been a failure to comply with the Act, or
  • we suspect there has been an offence against the Crimes Act 1914 or Criminal Code Act 1995 relating to the Act.

Monitoring powers allow us to search premises, examine or observe any activity conducted on the premises, ask questions and inspect, examine, record and copy anything on the premises relating to the suspected non-compliance. Although we can secure evidence to make copies, we cannot seize evidence using monitoring powers.

Investigation powers

We can enter premises under investigation powers in relation to any suspected contravention of a civil penalty provision of the Act or if we suspect there has been an offence against the Crimes Act 1914 or Criminal Code Act 1995 relating to the Act.

Investigation powers allow us to search premises for evidential material, ask questions and inspect, examine and record evidence found. We can seize evidence and take it from premises using investigation powers.

Consent to enter premises

If we request consent to enter premises to use monitoring or investigation powers, you can refuse. This will be made clear in our request for consent.

If an entity grants consent for monitoring or investigation activities to occur on premises, it can:

  • set a limit of time on the consent granted
  • withdraw its consent at any time even after on-premises activities have commenced.

If an entity does not give consent to use monitoring or investigation powers, we may consider seeking a warrant to exercise those powers.

Rights and obligations

When entering premises, whether with consent or under a warrant, we will provide you with information about your rights and obligations.

You are required to provide our officers and those assisting them with reasonable facilities and assistance.

You may also be required to answer our questions if we have entered a premises under a warrant.

Our powers to respond to non-compliance

Publishing non-compliance

Where we are reasonably satisfied that a reporting entity has failed to comply with the Act, we can publish information about the entity's non-compliance on the Payment Times Reports Register and in any other way we consider appropriate.

Before we make a decision to publish information about non-compliance, we will give you notice of the proposed decision and our reasons. You will be given 28 days to provide written submissions that we will consider prior to making the decision to publish.

You can apply for a review of our decision to publish non-compliance. For more information on your rights to a review see Information Sheet 2: Regulator decisions – Your rights.

We may use our powers to publish information about non-compliance in conjunction with other powers, including information gathering powers and infringement notices. We may also publish information about non-compliance before or after remediation has occurred. For more information on when we may publish information about non-compliance see Information Sheet 1: Our approach to regulation.

Infringement notice

If we have reasonable grounds to believe an entity has contravened a civil penalty provision of the Act, we may issue an infringement notice within 12 months of the alleged contravention.

If you receive an infringement notice, you can pay the infringement penalty amount stated in the notice as an alternative to court proceedings. Payment of an infringement notice is not an admission of guilt and payment can be made to avoid court proceedings for the alleged contravention.

If you choose not to pay an infringement notice, we can commence proceedings against you in relation to the alleged contravention.

The amount payable for an infringement notice is calculated using the following formulation:

Where the notice is for one contravention

The lesser of:

  • 1/5 (20%) of the maximum penalty a court could impose, and
  • 12 penalty units for individuals or 60 penalty units for a body corporate

Where the notice is for more than one contravention

The lesser of:

  • 1/5 (20%) of the combined maximum penalty that a court could impose for all contraventions, and
  • The number of penalty units worked out by multiplying the number of alleged contraventions by 12 for individuals or by 60 for a body corporate

Recipients of an infringement notice can make submissions to the Regulator to have the notice withdrawn and can also request an extension of time to pay.

If an infringement notice is withdrawn, either in response to submissions or information gathered by us, proceedings can be brought against the entity for the contravention.

We are not required to issue an infringement notice before commencing civil penalty proceedings. We may, in some cases, commence civil penalty proceedings without issuing an infringement notice.

Civil penalties

Where non-compliance is repeated, intentional or not remediated following administrative action and is a contravention of a civil penalty provision, we may commence court proceedings. For information on when we may consider proceedings see Information Sheet 1: Our approach to regulation.

Civil penalties apply to reporting entities (other than volunteering entities) for the following contraventions.

Nature of contravention Maximum penalties for individuals Maximum penalties for incorporated entities (body corporate)
Failure to report

60 penalty units

(Can be applied per day of non-compliance)

300 penalty units

(Can be applied per day of non-compliance)

False or misleading reports 350 penalty units 0.6 per cent of total income for the income year in which the contravention occurred
Failure to keep records 200 penalty units 0.2 per cent of total income for the income year in which the contravention occurred
Failure to comply with a compliance audit notice

60 penalty units

(Can be applied per day of non-compliance)

300 penalty units

(Can be applied per day of non-compliance)

Failure to reasonably assist a compliance audit auditor 200 penalty units 0.2 per cent of total income for the income year in which the contravention occurred

Appendix: Overview of processes for regulatory powers

The compliance audit process
Step Process Details

1

We give written notice that a compliance audit is required

If we reasonably suspect that a reporting entity has contravened the Act, we will give a written notice requiring the reporting entity appoint an auditor to review the entity’s compliance with the Act.

The notice will include:

  • details of the suspected non-compliance
  • the matters to be covered by the audit
  • the qualifications and independence requirements of the auditor
  • the time by when the audit must be completed
  • the required form and content of the audit report.

2

The entity nominates an auditor

The reporting entity nominates an auditor that it considers meets the suitability requirements set out in the notice.

3

We approve the auditor in writing

After receiving the nomination, we may:

  • approve the nominated auditor
  • request the entity make alternative nominations
  • if a suitable auditor is not nominated, make an appointment on the entity’s behalf.

4

The auditor undertakes the audit, and the reporting entity gives the audit report to the Regulator

The auditor undertakes the audit and prepares a report in the manner and form, and within the time set out in the notice.

If additional time is required to complete the audit, the reporting entity may request an extension of time in writing.

5

We assess the audit report

We review the audit report and consider potential further action.

If no further action will be taken following assessment of the audit report, the reporting entity will be notified in writing that the compliance action has closed.

On-premises information gathering process
Step Process Details

1

We obtain the consent or a warrant to undertake monitoring or investigation activities

Consent

We may contact an entity to request consent to conduct on-premises information gathering. The request will:

  • be in writing
  • state the nature of the suspected contravention
  • state the powers to be exercised and the activities expected to be undertaken on premises
  • state that consent can be refused and or withdrawn at a later time if given.

If the entity gives consent, we will request that this be provided in writing in a standard form.

Warrant

We may seek a warrant to conduct monitoring or investigation activities from a magistrate or a Judge of the Federal Court or Federal Circuit and Family Court of Australia.

We may seek a warrant without requesting consent or if consent is refused.

2

We enter premises

When entering a premises, we will provide you with information regarding:

  • the powers being exercised
  • the officers that will be exercising the powers
  • the nature of the suspected non-compliance
  • your rights and obligations
  • the activities to be undertaken

Prior to commencing activities, an authorised person will identify themselves and provide identification. If entry is being undertaken under a warrant, you will be given a copy of the warrant.

3

We undertake monitoring and investigation activities

We undertake searches and monitor activities to identify material and evidence relevant to the alleged non-compliance.

We may ask questions while undertaking these activities. If entry to premises was under a warrant, you may be required to answer our questions.

You have a right to observe our activities. If entry to premises was by consent, you can withdraw consent at any time.

4

We copy or seize relevant material

If we identify relevant material during searches and monitoring, we may take copies.

If we entered premises using investigation powers and it is impractical or insufficient for our purposes to take a copy, we may seize evidence and remove it from premises.

If evidence is to be seized and removed from premises:

  • you may ask for a copy of the item to be seized before it is removed (if a copy can be made)
  • you will be given a receipt for items seized.

5

We return seized evidence (if seized during investigations)

If evidence was seized and removed from premises using investigation powers it will be returned as soon as practicable, usually after we have had an opportunity to make copies.

The longest period we can hold evidence, without an extension granted by a court, is 60 days from the date of seizure.

6

We assess information obtained from monitoring

We review the information gathered and consider potential further action.

If no further action will be taken following assessment of the information gathered, the entity will be notified in writing that the compliance action has closed.

The publication of non-compliance process
Step Process Details

1

We identify non-compliance

Non-compliance may be identified following information gathering activities, assessment of the payment times reporting register, information received from a reporting entity, tip-offs or other compliance activity.

2

We give notice of an intention to publish non-compliance

We will give notice of an intention to publish information about non- compliance. The notice will include:

  • information about the non-compliance and the reasons for publication
  • details on how the information is proposed to be published
  • information on how to make submissions before a decision to publish is made.

3

The reporting entity gives submissions

The entity has 28 days from the date of the notice to provide written submissions regarding the decision to publish information about non-compliance.

4

We make a decision whether to publish

Submissions from the reporting entity are considered and then, a decision made whether to publish. The decision may be to:

  • publish the information as proposed in the notice
  • publish the information in a manner modified in response to submissions from the entity
  • not to publish the non-compliance.

The decision is communicated to the reporting entity and information provided on how the entity can request a review of the decision.

5

Information about non-compliance is published

Where the Regulator has decided to publish the information about non- compliance, it is published in the manner set out in the Regulator’s decision.

6

We consider further compliance action

We may continue to pursue remediation and consider using other regulatory powers if the non-compliance is continuing.

The infringement notice process
Step Process Details

1

We identify alleged contravention of a civil penalty provision

When undertaking compliance activities, we may form reasonable grounds to believe that there is a contravention of a civil penalty provision of the Act.

Reasonable grounds to believe that there has been a contravention may be formed from information gathering from a reporting entity, assessment of the payment times reporting register, information received from a reporting entity, tip-offs or other compliance activity.

2

We issue an infringement notice

We issue an infringement notice to the reporting entity. The notice contains all information required by the Regulatory Powers (Standard Provisions) Act 2014 including:

  • a description of the contravention
  • details of the person issuing the notice
  • the effect of paying or not paying the notice
  • how to pay the notice
  • details on how the infringement amount was calculated
  • instructions on how to request withdrawal of the notice
  • instructions on how to request additional time to pay the infringement notice.

Note: we are not required to issue an infringement notice. We may commence civil penalty proceedings without issuing an infringement notice.

3

The infringement notice recipient chooses a response

The reporting entity can:

  • choose to pay the infringement notice within 28 days (or a later time if an extension is given)
  • choose not to pay the infringement notice.

4

We consider further action

If the reporting entity chooses not to pay the infringement notice, we may consider taking further action, including the commencement of civil penalty proceedings in court.