The stories that mattered to you in 2024
Posted on 17 Dec 2024
It’s been a busy year in the charity and not-for-profit sector.
Posted on 20 Mar 2024
By Greg Thom, journalist, Institute of Community Directors Australia
The ability of charities to manage cyber security threats will be a key focus of the Australian Charities and Not-for-Profits Commission’s approach to compliance and enforcement over the coming year.
ACNC commissioner Sue Woodward described cyber security as a “key governance risk for charities”.
“In our reviews we work with charities to better understand how they protect themselves from cyber risks and manage cyber security incidents.”
Ms Woodward said the regulator would consider three key questions when assessing the challenges faced by charities relating to cyber security:
Ms Woodward’s comments follow several high-profile cyber security breaches involving the charity sector in 2023.
One of the largest related to Brisbane-based telemarketer Pareto Phone, which was the victim of a ransomware attack that affected more than 70 Australian and New Zealand charities.
The incident resulted in the details of tens of thousands of donors to charities including WWF Australia, the Australian Conservation Foundation and Plan International being splashed across the dark web.
“At the rarer and more extreme end, we are concerned about entities that may deliberately use complex corporate structures to try and obscure illegal activities.”
Speaking at the Australian Governance Summit in Melbourne, Ms Woodward outlined the ACNC compliance and enforcement focus for 2024–2025.
High on the list was increasing concern about charities’ misuse of complex corporate structures to conceal non-compliance with the ACNC Act and Regulations.
The ACNC was particularly concerned about organisations deliberately using complexity as a cover for wrongdoing.
“At the rarer and more extreme end, we are concerned about entities that may deliberately use complex corporate structures to try and obscure illegal activities.”
“We will … continue to refer matters to other appropriate government agencies when we have concerns about suspected breaches of other laws,” she said.
Ms Woodward said charities were free to use a variety of structures to suit their purpose and the regulator acknowledged there can be legitimate reasons to do so.
However, the decision to use complex structures, or the gradual and perhaps ad hoc development of complex structures, also came with more complex governance obligations.
“While many charities are well advised and adhere to robust compliance regimes, there are others which may not appreciate that complex structures bring associated governance complexity and risk,” said Ms Woodward.
“Inadvertent non-compliance is more likely because there may not be clear delineation in the oversight of each entity, including the required focus on each charity’s particular charitable purpose.”