Skip to main content

The ACNC has announced it will focus on the misuse of complex corporate structures and the way charities manage cyber security challenges.

At the Australian Governance Summit in Melbourne today, Commissioner Sue Woodward AM discussed key elements of the ACNC compliance and enforcement focus for 2024-25.

“The ACNC is becoming increasingly concerned about the misuse of complex structures, where they may be part of attempts to conceal non-compliance with the ACNC Act and Regulations,” Ms Woodward said.

“Charities are free to use a variety of structures to suit their purpose and we acknowledge there can be good and legitimate reasons to do so. However, the decision to utilise complex structures, or the gradual and perhaps ad hoc development of complex structures, also comes with more complex governance obligations.

“While many charities are well advised and adhere to robust compliance regimes, there are others which may not appreciate that complex structures bring associated governance complexity and risk. Inadvertent non-compliance is more likely because there may not be clear delineation in the oversight of each entity, including the required focus on each charity’s particular charitable purpose.

“At the rarer and more extreme end, we are concerned about entities that may deliberately use complex corporate structures to try and obscure illegal activities. Our enforcement and compliance activities will focus on charities that attempt to conceal non-compliance with the ACNC Act and Regulations by deliberately using complex structures to avoid adherence to the law we administer. We will also continue to refer matters to other appropriate government agencies when we have concerns about suspected breaches of other laws,” she said.

Another compliance focus will be the challenges charities face relating to cyber security.

“This is a key governance risk for charities,” Ms Woodward said. “In our reviews we work with charities to better understand how they protect themselves from cyber risks and manage cyber security incidents.”

The ACNC will look at challenges faced by charities relating to cyber security by asking questions about:

  • what makes charities vulnerable to cybercrime
  • how charities manage and mitigate cyber security risks
  • how charities ensure third parties manage risk on their behalf.

Ms Woodward said the ACNC will always maintain a focus on conduct that poses the greatest risk to people, funds and assets. “Consistent with our statutory objectives, we take enforcement action when there is a significant risk to public trust and confidence in registered charities.”

The ACNC considers the following matters to be so detrimental that they will always be regarded as a priority:

  • Conduct that harms people, particularly children and vulnerable adults
  • Misuse of a charity for terrorist purposes or to foster extremism, indirectly or directly
  • Financial mismanagement including fraud and significant private benefit
  • Activities that put a charity at risk of having a disqualifying purpose so they are no longer eligible to be registered with the ACNC.

Read more in the ACNC compliance and enforcement focus for 2024-25.