ATO’s systems vulnerable to tax fraud, IGTO report cautions
The IGTO has found the ATO’s controls for preventing fraud inadequate, with fraudsters managing to lodge fraudulent returns undetected.
The Inspector-General of Taxation and Taxation Ombudsman (IGTO) has released its interim report focusing on the ATO’s risk management controls for preventing fraudsters from committing tax identification (TaxID) fraud.
The interim report is part of the IGTO’s investigation into TaxID fraud that commenced in December 2023 and identified a wide range of concerns from stakeholders concerning tax fraud.
Stakeholders raised concerns about the ability of fraudsters to access taxpayers’ online accounts, register for ABN/GST, change personal contact and banking details and then lodge returns/BASs which generate refunds to bank accounts that the fraudster controls, all without being detected by the ATO, ATO systems, taxpayers or their registered agents.
The investigation also found there was a perceived lack of ATO support where TaxID fraud occurred and that reports of fraud were not being actioned by the ATO or were not actioned promptly.
The ATO’s treatment of legitimate taxpayers as fraudsters when they are victims of fraud was another concern raised in the report.
It also found there was confusion about the requirement for a legitimate taxpayer to lodge an objection against amendments made fraudulently to their tax returns and filings.
IGTO makes recommendations to improve ATO’s fraud management
Within the report, the IGTO has called for improvements to make the ATO less attractive to fraudsters by making it harder for them to divert monies to the fraudster’s bank account, without impacting legitimate taxpayers.
One of the recommendations has called for ATO systems to monitor suspicious devices and bank accounts for further investigation and verification, and monitor devices and bank accounts known to be associated with fraud.
The IGTO report said the ATO should also develop tighter and more robust controls that pause the processing of suspicious filings – both original and amended lodgements – and suspend related refunds.
“For example, amendments to claim Pay-As-You-Go withholding (PAYGW) credits which exceed the PAYGW amounts recorded against the employee in the employer records should raise suspicion and investigation where the taxpayer’s ATO Online account information, such as contact details and bank account, have been changed (especially on an unknown device) before the refund is issued,” the report stated.
The IGTO noted that refunds that involve a high risk of TaxID fraud can include unusual lodgement behaviours and claims that generate refunds and that are coupled with recent changes in the taxpayer’s contact and bank account details.
“The IGTO recommends the ATO develop tighter and more robust controls which pause the processing of original and amended filings and lodgements for verification where the taxpayer’s ATO Online account information, such as contact details and bank account, have been changed at the time of or close to the time of lodgement (especially on an unknown device),” the report said.
“The ATO should not pay high-risk refunds unless and until there has been adequate authentication of the bank account details.”
The report said authentication of high-risk refunds may include:
▪ Verifying any amendments to filed returns and change of bank account details directly with the taxpayer;
▪ Verifying whether a change of bank account details was made by the taxpayer (or their registered agent);
▪ Verifying what information the bank has used to comply with the Australian Anti-Money Laundering/Counter-Terrorism Financing’s (AML/CTF)’s ‘Know Your Client (KYC) requirements as part of the bank account opening process;
▪ Scanning the ATO systems to identify if the bank account is registered on unrelated taxpayer accounts.
It has also recommended that the ATO bring its payment systems up to financial industry standards and develop a dedicated application for trusted devices to allow safe and trusted real time communications between the ATO and taxpayer for verification purposes.
The ATO said it is pleased that IGTO’s interim report recommendations align broadly with ATO-identified work in progress, and agree in principle with the majority of recommendations made.
“The ATO notes that some recommendations are dependent on matters for Government to consider,” it said in a statement.
“The ATO looks forward to IGTO’s final report with any remaining findings and recommendations from this investigation, and will provide an ATO response against each recommendation in both interim and final reports as a consolidated set at that time.”
IGT and Tax Ombudsman Karen Payne said the IGTO is urging the ATO to consult and advocate for legislative authority to implement these critical IGTO recommendations where it believes it currently does not have the relevant authority.