director ids

Recent legislation requiring directors to obtain a director identification number (director ID) is expected to prevent such occurrences as fake directors registering for boards, and to help curb repeated illegal phoenixing activity.

“There are already risks of penalties for directors involved in illegal phoenixing, but that has not stopped the practice,” says Edward Martin, a partner at Gadens. “The director ID will not be a silver bullet to stop phoenixing, but it will make tracking and regulating those directors who are involved much easier and better enable the Australian Securities and Investments Commission (ASIC) to stop them from engaging in repeated phoenixing.”

Phoenixing is when companies deliberately avoid paying liabilities by shutting down an indebted company and transferring assets to another company. This hurts trade creditors, employees and the public through lost taxes. In 2011, the Australian Tax Office (ATO) estimated 6000 companies were involved in illegal phoenixing. In July 2018, PwC’s The Economic Impacts of Potential Illegal Phoenix Activity report for the ATO, ASIC and Fair Work Ombudsman, estimated between $2.85b and $5.13b is lost every year from salaries, superannuation, GST, withholding tax and other payments, for example, to suppliers.

The director ID will be a unique identifier that a director will keep forever, enabling regulators to better track directors of failed companies who use fictitious identities. (See breakout below.) Martin believes the new regime will help overcome issues with data integrity, which have been a constant thorn in the side of policing phoenixing.

Earlier this year, before he stepped down from ASIC, Commissioner John Price told a parliamentary committee that the Australian system for registering directors was just that — a registration system; not a checking system. Asked whether Elvis Presley or Homer Simpson could register as a company director, he replied: “Quite possibly”.

Director IDs will tighten the process for the registration of directors and help avoid the appointment of directors to companies without their knowledge or consent.

Showing just how easy it is to circumvent this registration system, an ABC Radio National investigation revealed in February how a Victorian accounting firm had recruited the homeless and people battling addiction to act as “dummy directors” of companies. It identified dozens of fake directors linked to almost 200 companies — many of which went into liquidation, collectively owing tens of millions to the tax office, other creditors and employees.

“The introduction of director IDs is really about bringing something into existence that probably should have been done years ago,” says Stephen Hundy, a partner at Worrells Solvency & Forensic Accountants. “It’s quite remarkable that there have been no checks and balances when it comes to companies and whether the director details recorded with ASIC are correct, or if the person being recorded as a director actually exists.”

Hundy says the introduction of director IDs should make it easier for regulators and insolvency practitioners to identify and track directors involved in illegal phoenixing. However, he notes: “Like most things, those who wish to act unlawfully will find new ways to get around the system and therefore, it is unlikely to eliminate the practice.”

Dealing with the data

Andrew Lacey, managing principal at law firm McCabe Curwood, cautions the director ID regime may not provide much more than what’s currently available to regulators. Directors already have to provide information such as their name, date of birth and residential address to ASIC, and it’s an offence to provide false information. But Lacey notes that ASIC is not currently required to verify the identity of directors, which makes it easier for them to provide false details. This will change. “The new regime comes with significant penalties for failing to obtain a director ID or providing false information, which should provide a sufficient deterrent to ensure that the integrity of the register is maintained,” he says.

He believes the success of the director ID regime will depend on how the data is used. “For example, if the regulators proactively review the data to determine patterns then they may be able to intervene before phoenixing occurs,” he says. “However, even if the regime doesn’t necessarily make it harder for phoenixing, it’s fair to assume it will make it easier for the regulators to prosecute and catch directors for breaches of the law in the long run, and that’s a good thing.”

Lacey adds that the director ID regime may help crack down on the use of “directors for hire” by disqualified directors. “For example, where an individual becomes a director of multiple disparate companies — or more companies than they could reasonably be expected to [still] be able to comply with their director duties — this can be used by the regulators to investigate,” he says. “We can also reasonably anticipate that director IDs can be used to identify disqualified directors and pursue them if they seek to become a director of a company prior to the end of the disqualification period.”

Hundy believes the registration and tracking directors could eventually lead to some form of education and qualification requirements to hold the position of director. “That’s something I see as being much needed, particularly at the small and medium-sized enterprise level,” he says.

Martin warns that preparing for the change requires some planning and organisation by companies and their directors. “With the government facing unprecedented coronavirus-related challenges in 2020, the timeframe for implementing a director ID regime in the first half of 2021 might prove to be aspirational, but we do know that it will be operational by 2022,” he says. “Directors should nonetheless not take their eyes off the ball when the deadline for the commencement of the director ID regime looms closer.”

Need to know

The introduction of director IDs is part of a new regime to modernise multiple business registries, which also brings new penalties, writes AICD policy adviser Laura Bacon.

The Treasury Laws Amendment (Registries Modernisation and Other Measures) Bill 2019 finally passed both houses of parliament on 12 June. Following passage of a legislative package introducing a new Commonwealth Modernising of Business Registers (MBR) regime, all directors should prepare to be issued with unique director identification numbers (director ID). The director IDs will be kept permanently and provide traceability of a director’s profile and relationships across companies over their career. The new regime is expected to be rolled out in the first half of 2021, with key details yet to be worked through, including what director information will be made publicly available.

Assistant Treasurer Michael Sukkar told parliament that director IDs will “provide greater insights to regulators, businesses and individuals on the identity and affiliations of directors and prevent the use of fictitious identities”.

Critically, a mandatory identification system also presents an opportunity to address one of the AICD’s long-standing privacy concerns — director personal information held on publicly accessible corporate registers. The AICD view is that the availability of detailed personal information about directors creates unnecessary risks in terms of safety, identity theft and privacy.

Significant progress has been made in both the UK and New Zealand in removing unnecessary director details from public registers. In a bid to combat illegal phoenixing activity in Australia, the AICD has supported this reform throughout the parliamentary consultation and welcomes a new flexible and technology-neutral modern business registry regime.

Modern Business Register

Under the new legislation, all registry functions (the establishment, maintenance and use of registers) will be appointed to one single Commonwealth Business Registrar, to be administered by the ATO — with 34 ASIC registers (including the Companies Register) and the Australian Business Register the first in scope to be consolidated. Additional registers may be brought into the registry regime by future legislative amendment.

Importantly, “regulatory” functions are not impacted by the legislative changes, and functions such as monitoring, enforcing the law and licensing will continue to be administered by ASIC.

The government is developing a new technology platform to deliver the centralised registry as it decommissions legacy systems.

Director ID requirement

The procedures and requirements needed to obtain a director ID (such as what a director needs to provide to apply for a director ID and how they provide those details) will not be included in primary legislation, but in the data standards — a separate legislative instrument expected to be made subject to public consultation in coming months.

Directors will now be required to apply for a director ID prior to being appointed as a director. For the first 12 months of the operation of the new requirement, an individual who is appointed as a director will have 28 days to apply for a director ID. For existing directors, transitional provisions will apply, providing a 15-month window to apply once the new requirement is mandated.

The legislation gives the registrar power to administer the new requirement, including: issuance and cancellation of director IDs, extending application periods, issuing infringement notices, establishing identity verification requirements, and maintaining records.

Giving the regime some teeth, there are several civil and criminal penalties under the legislation for:

  • Failing to apply for a director ID within the required timeframe.
  • Deliberately providing false identity information to the registrar.
  • Intentionally providing a false director ID to a government body or relevant body corporate.
  • Intentionally applying for multiple director IDs.

Data standards and disclosure framework

The registrar will also administer and have regulatory responsibility. This will involve developing the data standards and disclosure framework. Central to the implementation of the new registry regime, the data standards will describe:

  • What and how information may be collected.
  • The manner and form in which information is given to the registrar.
  • When information is to be given.
  • How information is authenticated, verified or validated.
  • How information is stored and corrected.
  • How information held by the registrar may be integrated or linked.

An advantage of the data standards being determined by way of legislative instrument is that they will be able to be amended over time to keep up with changes in best practice, industry preference, the needs of those using registry services, and technology.

Importantly, the disclosure framework determined by the registrar will determine the protection and disclosure of information held by the registrar. The disclosure framework will operate in accordance with existing Australian law, particularly relevant privacy laws.