The Bill – introduced into Parliament in December last year – provides the legal framework for Director Identification numbers.
- Director IDs will be mandatory for all directors, and are expected to be rolled-out by mid-2021;
- The reform offers an opportunity to remove sensitive personal director information from public registers;
- Significant penalties will apply to those who fail to hold a Director ID or seek to circumvent the regime.
Following passage of a legislative package introducing a new Commonwealth Modern Business Registry Regime, all directors should prepare to be issued with unique director identification numbers (Director IDs). The Director IDs will be kept permanently and provide traceability of a director’s profile and relationships across companies over their career.
The new regime is expected to be rolled-out in the first half of 2021, with key details yet to be worked through including what director information will be made publicly available.
Assistant Treasurer Michael Sukkar told Parliament that Director IDs will “provide greater insights to regulators, businesses and individuals on the identity and affiliations of directors and prevent the use of fictitious identities,”.
Critically, a mandatory identification system also presents an opportunity to address one of the AICD’s long-standing privacy concerns — director personal information held on publicly accessible corporate registers. In the AICD’s view, the availability of detailed personal information about directors creates unnecessary risks in terms of safety, identity theft and privacy.
Significant progress has been made in both the UK and New Zealand in removing unnecessary director details from public registers. In a bid to combat illegal phoenixing activity here in Australia, the AICD has supported this reform throughout the Parliamentary consultation and welcomes a new flexible and technology-neutral modern business registry regime.
Further background on key features of the legislation and proposed Director ID framework is available here.
Modern Business Register
Under the new legislation, all registry functions (i.e. the establishment, maintenance and use of registers) will be appointed to one single Commonwealth Business Registrar (Registrar) to be administered by the ATO – with 34 ASIC registers and Australian Business Register the first in scope to be consolidated. Additional registers may be brought into the registry regime by future legislative amendment.
Importantly, ‘regulatory’ functions are not impacted by the legislative changes and functions such as monitoring, enforcing the law and licencing will continue to be administered by ASIC.
The Government is currently developing a new technology platform to deliver the new centralised registry, as it looks to decommission legacy systems.
Director ID requirement
The procedures and requirements needed to obtain a Director ID (such as what a director needs to provide to apply for a DIN and how they provide those details) will not be included in primary legislation but in the data standards – a separate legislative instrument expected to be made subject to public consultation in coming months.
Under the new Director ID requirement, directors will be required to apply for a DIN prior to be appointed as a director. For the first 12 months of the operation of the new requirement, an individual who is appointed as a director will have 28 days to apply for a Director ID. While for existing directors, transitional provisions will apply providing a 15-month window to apply once the new requirement is mandated.
The legislation gives the Registrar power to administer the new Director ID requirement, including: the issuance and cancellation of Director IDs, extending application periods, issuing infringement notices, establishing identity verification requirements and procedures, and maintaining records.
Giving the regime some teeth, there are several civil and criminal penalties under the legislation for:
- failing to apply for a DIN within the required timeframe;
- deliberately providing false identity information to the registrar;
- intentionally providing a false DIN to a government body or relevant body corporate; and
- intentionally applying for multiple DINs.
The new Director ID regime is expected to be implemented in the first half of 2021.
Data standards and disclosure framework
The Registrar will also administer, and have regulatory responsibility for, the new regime. This will involve developing the data standards and disclosure framework.
Central to the implementation of the modern business registry regime, the data standards will describe:
- what and how information may be collected;
- the manner and form in which information is given to the Registrar;
- when information is to be given;
- how information is authenticated, verified or validated;
- how information is stored and corrected; and
- how information held by the Registrar may be integrated or linked.
An advantage of the data standards being determined by way of legislative instrument is that they will be able to be amended over time to keep up with changes in best practice, industry preference, the needs of those using registry services, and technology.
Importantly, the disclosure framework determined by the Registrar will determine the protection and disclosure of information held by the Registrar. The disclosure framework will operate in accordance with existing Australian law, particularly relevant privacy laws.
AICD monitoring and engagement
The AICD will continue to update members on the progress and timing of the Director Identification program roll-out over the coming months.