Skip to main content

As the national regulator of charities, the ACNC:

  • is committed to supporting charities so that they understand and meet their ongoing obligations to us
  • will not hesitate to act where there is a risk of harm to the public, or of serious wrongdoing
  • works with state, territory and federal agencies – as well as those with international jurisdiction – to curtail activities that threaten public trust and confidence in the charity sector.

Our Regulatory Approach Statement provides more detail about our overall approach to regulating the sector. Importantly, the way we regulate is proportionate to the harm we seek to address.

This can range from developing guidance material, to providing regulatory advice to charities, to the use of enforcement approaches for more serious matters.

Focus areas

To help charities and the public better understand our work, the ACNC publishes information about the regulatory areas on which we focus our attention. This information helps charities meet their obligations, and supports public trust and confidence in the sector.

These focus areas touch on the entire lifecycle of registered charities and are complementary to the ACNC’s ongoing compliance and enforcement priorities outlined below. Our regulatory focus also includes our education and broader register integrity work.

Our focus areas can be on:

  • issues we have identified that will support charities to protect themselves from risk, or
  • emerging trends or common failures that we see as part of our work.

Appropriate records management is core to the operations of all charities, and is a fundamental legal obligation no matter a charity’s size, complexity or maturity.

Even if your charity does not need to submit financial reports to the ACNC (because it is small or a Basic Religious Charity (BRC)), it must still retain financial and operational records. The ACNC Act empowers the Commissioner to require your charity to provide these under certain circumstances.

Beyond compliance with legal and ACNC obligations, appropriate record-keeping plays a vital role in supporting a charity’s governance and decision making, and in maintaining public trust and confidence across the charity sector.

The transparency achieved through appropriate record-keeping enables accountability, and helps charities build trusted relationships with beneficiaries, donors, members, partners, and grant makers. It is an important contributor to charities’ credibility and community standing and helps charities demonstrate the impact of their vital work.

Through the ACNC’s work, we find that charities lacking appropriate record-keeping commonly experienced other governance failures such as:

  • inadequate management practices leading to governance failures
  • poor management of conflicts of interest leading to decisions that do not serve a charity’s best interests
  • fraud and financial misconduct, including charity funds being primarily used for the private benefit of its Responsible People rather than for achieving charitable purposes
  • failure to appropriately safeguard vulnerable people.

When the ACNC receives a concern, assessing a charity’s records is a key first step in the ACNC’s work. Records that appropriately demonstrate a charity’s compliance with ACNC requirements will see us able to quickly assess whether further regulatory action is required – be it through education and guidance, or an enforcement outcome.

We have seen that appropriate and effective record-keeping is generally reflective of good governance, decision making, financial management and risk management.

The ACNC Act outlines the types of records that your charity must keep and the length of time those records must be retained. Knowing how these obligations apply to your charity is important, and our guidance can help.

But the requirements outlined in the ACNC Act are generally not prescriptive, recognising there is no one-size-fits-all approach to record-keeping. Every charity must consider its own circumstances in determining how best to develop a fit-for-purpose approach to governance. This should include consideration of factors such as a charity’s size, complexity, purpose, and structure.

However, there are minimum standards. As set out in the ACNC Act, your charity must keep two types of records:

  • financial records, and
  • operational records.

Financial records must:

  • correctly record and explain how your charity receives and spends its money or other assets (transactions)
  • correctly record and explain your charity’s financial position and performance, and
  • allow for true and fair financial statements to be prepared and audited or reviewed, if required.

Operational records must show how your charity:

  • is entitled to be registered as a charity and as its subtypes
  • meets its obligations under the ACNC Act, and
  • meets its obligations under tax law.

The ACNC is concerned about the use of complex structures that may be part of attempts to conceal non-compliance with the ACNC Act and Regulations.

Charities are free to use a variety of corporate structures to suit their purpose, and we acknowledge that there can be good and legitimate reasons for these structures. The decision to utilise complex corporate structures, or the gradual (perhaps ad hoc) development of complex structures, also comes with increasingly complex compliance and governance obligations.

While many charities are well advised and adhere to robust compliance regimes, there are others which may not appreciate that complex structures bring associated governance complexity. These charities are at heightened risk of inadvertent non-compliance because they fail to understand the regulatory obligations that arise from some or all of the entities being registered charities.

At the more extreme and rarer end, we are concerned about entities that may deliberately use complex corporate structures to obscure illegal activities.

Our enforcement and compliance activities target charities that attempt to conceal non-compliance with the ACNC Act and Regulations by deliberately using complex structures to avoid adherence to the laws we administer. We continue to refer matters to other appropriate government agencies where we have concerns about suspected breaches of relevant law.

Compliance reviews

Our compliance reviews enable us to help charities:

  • identify and address issues early on, and
  • proactively respond to emerging risks.

We draw on learnings from our previous work, as well as information we have about emerging risks in the sector, to decide on the reviews’ focus.

The ACNC publishes compliance review reports that summarise our findings. We also use reviews to improve and better direct our education and guidance work.

Helping charities maintain good governance supports the sustainability of the charity sector and helps to maintain public trust and confidence in the sector.

The ACNC has a role in supporting Australia’s compliance with the Financial Action Task Force (FATF) obligations. These are internationally agreed-on standards aimed at guarding against money laundering and terrorist financing risks.

Our 2025-26 compliance reviews will work to ensure that charities that may be at an increased risk of being misused for terrorism financing understand their need to protect themselves, and are meeting FATF obligations.

Our focus will be on ensuring charities:

  • understand the risks they face due to their operating locations and activities
  • have strong governance arrangements – including appropriate financial controls, as well as proper risk management policies and procedures
  • have established appropriate due diligence measures – including oversight and monitoring of their partners, their overseas projects and funds sent overseas, and
  • keep appropriate records and report annually to the ACNC.

In 2024-25, our compliance reviews are focused on challenges being faced by the charities sector relating to cyber security, as this is a key emerging issue.

In our reviews, we work with charities to better understand how they protect themselves from cyber risks and manage cyber security incidents.

We will look at whether charities have policies and procedures about:

  • the types of sensitive and personal information the charity holds
  • the collection, storage, management, and disposal of electronic information
  • the management of sensitive or personal information
  • incident management in the case of a cyber security breach, including data breaches, viruses, and cyber attacks
  • training employees and volunteers on how to avoid and manage cyber threats.

We are also interested in understanding how:

  • activities undertaken by charities could make them vulnerable to cyber security risks
  • charities manage and mitigate financial risks arising from cyber security vulnerabilities
  • charities ensure that the third parties they engage with also have suitable policies and processes in place for managing risks associated with cyber security vulnerabilities.

How we determine our regulatory priorities

The ACNC’s approach to setting priorities for our regulatory activities is informed by the ACNC Regulatory Approach Statement, the Commissioner's Policy Statement: Compliance and enforcement and the Commissioner's Policy Statement: Guidance and education.

We have developed these regulatory priorities having considered a range of factors. These include emerging risks and their potential for harm, as well as concerns received from the public.

Several sources of information also influence the ACNC’s regulatory priorities:

  • Data gained from various sources, including charities’ Annual Information Statements, feeds into our assessments.
  • Our active stakeholder engagement program helps us understand issues and pressures the sector is facing.
  • Concerns from the public, of which we receive about 3,700 each year, with the ACNC examining and assessing all concerns received.
  • Insights gained through our work with other regulators – state, territory and federal agencies, as well as international regulators.

We use discretion when exercising our functions and addressing non-compliance and its impacts. This discretion includes how we:

  • prioritise and allocate resources
  • manage cases, and
  • decide on our educational priorities and the compliance action we take.

Our ongoing compliance and enforcement efforts

Outside of the ACNC’s specific regulatory focus, our ongoing efforts aim to encourage compliance with the ACNC Act and Regulations.

We will always focus our compliance and enforcement efforts on conduct that poses the greatest risks to public trust and confidence in charities.

We take the strongest steps – including using our powers and available enforcement actions – when non-compliance is significant, deliberate or persistent.

The following matters are so serious that we will always regard them as a priority in our ongoing work:

  • conduct that harms people, particularly children and vulnerable adults
  • the misuse of a charity for terrorism purposes, or to foster extremism (a focus of our compliance reviews in 2025-26)
  • financial mismanagement, including fraud and significant private benefit
  • charities operating in a way that indicates they have a disqualifying purpose and are not entitled to remain registered with the ACNC.

The ACNC continues to work closely with other regulators and government agencies, assessing matters they may identify and refer to us for investigation.

When our intelligence work uncovers broader illegal activity – for example, detecting suspicious conduct that could be related to terrorism financing, money laundering or serious fraud – we refer these matters to the appropriate authorities.

Overview of the ACNC’s regulatory responses

The ACNC uses a range of methods and approaches to respond to regulatory issues we identify. These responses allow for a proportionate and risk-based approach to address non-compliance and risks of harm.

The nature and degree of risk identified – as well as the seriousness of any contravention – helps the ACNC determine the best approach to get the charity back on track, and to pinpoint what the charity must do to show us it is complying with its obligations.

The approaches we use in our work

We use each of the following approaches in our regulatory work.

Education and guidance

Insights we gain from our work shape the guidance published on our website, as well as the information we provide through our other communication channels – including newsletters, podcasts and social media.

Self-evaluations

Our compliance work helps us identify charities that might be vulnerable to certain risks. We provide these charities with a self-evaluation to help them assess their compliance with the ACNC Act and Regulations.

The self-evaluation is available on the ACNC website.

Reviews

We meet with charities to gain an understanding about how they operate – their activities, governance, and risk mitigation strategies around specific issues like cyber security and working with vulnerable people.

By doing so we can help charities address any gaps in their governance and risk mitigation, and we identify good practices that help us improve our guidance to support the sector more broadly.

Self-audits

We can ask charities to conduct a self-audit across a range of governance areas.

Charities must submit the results of their self-audit to us and are encouraged to develop an action plan to address any issues it identifies.

Investigations

The ACNC will investigate charities when we suspect they are not complying with their obligations, or when the consequences of their governance failures present a risk of harm.

A charity under ACNC investigation may be required to provide evidence demonstrating compliance with their obligations. Failure to respond may result in revocation of that charity’s registration.

If appropriate, and in circumstances where charities show a willingness and capacity to improve, the ACNC will work with them to address non-compliance. This work may include regulatory advice and guidance.

For serious breaches, or persistent non-compliance, we assess if it is appropriate for us to use our enforcement powers. This may include the use of compliance agreements, formal directions, enforceable undertakings, the removal of Responsible People, or revocation of a charity’s registration.

Outcomes from our investigations support public trust and confidence in charities by mitigating significant harm and helping ensure charity funds are directed toward their charitable purposes.