Following various rounds of public discussion and consultation since 2015, Australia will require directors to be registered and assigned with a unique Director Identification Number (DIN). The new regime, created by the Treasury Laws Amendment (Registries Modernisation and Other Measures) Act 2020 (Cth), is set to have significant implications from a corporate governance perspective.
The DIN regime has been introduced to promote good corporate conduct and combat illegal phoenixing activity. Illegal phoenixing involves deliberately avoiding paying liabilities by shutting down an indebted company and transferring its assets to another company. It is estimated to cost Australia between A$2.9 billion and A$5.1 billion annually. This makes the DIN regime – which is set to increase compliance costs by approximately A$21.5 million per year on average over 10 years – a comparatively cost-effective solution in combatting such activity. The Government also expects the requirements will improve traceability of directors across companies, enable regulators to track directors of failed companies more efficiently, and improve the insolvency process.
Who is in charge of operating the DIN regime?
The DIN regime will be administered by a registrar which will be an existing Commonwealth body that is yet to be appointed. Under the Act, the registrar is granted the power and ability to provide, record, cancel and re-issue a person's DIN. The registrar will have little to no discretion in the exercise of these functions and must give a person a DIN if that person is eligible to apply and has sufficiently established their identity.
A DIN will be automatically cancelled by the registrar if the person allocated the DIN does not become a director within 12 months of receiving their DIN. However, once a person is given a DIN and appointed to act as a director, the person will keep the DIN for their lifetime, including if the person ceases to be a director.
What are the key obligations?
Broadly, there are four key obligations under the DIN regime. Persons must:
- apply for a DIN prior to being appointed as a director or within a prescribed period of being directed to do so by the registrar (being 28 days if not specified in the registrar’s direction);
- not knowingly apply for multiple DINs;
- not deliberately provide false identity information to the registrar; and
- not misrepresent a DIN to a government body or registered body.
The regime contemplates a 12-month transitional period, during which:
- a person who is already a director immediately before the commencement of the DIN regime must apply for a DIN within a period yet to be specified; and
- any person who is appointed a director within the first 12 months of the DIN regime’s operation must apply for a DIN within 28 days of their appointment as director.
How will directors' identities be verified?
While Australian law currently requires directors’ details to be lodged with the Australian Securities and Investments Commission (ASIC), there is no requirement for ASIC to verify these details. This has led to ASIC’s records bizarrely including Mickey Mouse, Porky Pig and Squidward Tentacles as company directors. Although Australian law also prohibits the provision of false or misleading information (including under the Criminal Code), the requirement to verify a director’s identity is clearly needed and long overdue.
The DIN regime rectifies this by requiring verification of a director’s identity. The requirements for establishing a person's identity are yet to be defined, but the Act’s Explanatory Memorandum suggests that the registrar could require the usual 100 points of identification. A person’s tax file number could also be used, where the person is willing to provide it, to assist the registrar in verifying the person's identity.
Who must apply for a DIN?
The new DIN requirement applies to any “eligible officer” of a “registered body”. Broadly, these terms have been defined to initially include appointed directors and acting alternate directors (regardless of the name given to their position) of:
- a company, registered foreign company that is a body corporate or registered Australian body (all of which are registered under the Corporations Act 2001 (Cth)), including companies responsible for managed investment schemes and registered charities; and
- an Aboriginal and Torres Strait Islander corporation registered under the Corporations (Aboriginal and Torres Strait Islander) Act 2006 (Cth).
The DIN requirements therefore, at least initially, do not extend to unincorporated bodies, de facto or shadow directors or company secretaries.
Are there any exemptions?
The specifics of the exemptions to the regime have not yet been defined. However, it is clear that under the new regime, the registrar will have the power to:
- exempt a person or class of persons where the imposition of the requirement would have unintended consequences or would otherwise be unsuitable; and
- provide certain exempted persons additional time to apply for a DIN.
What happens in the event of non-compliance?
Criminal and civil penalties apply to anyone found in breach of their obligations under the DIN regime. These penalties vary depending on the breached obligation and the severity of the breach, and many of these penalties attract personal liabilities for directors, for example:
- individuals applying for multiple DINs or misrepresenting a DIN could be faced with 12 months' imprisonment; and
- individuals failing to apply for a DIN will be committing an offence of strict liability which, under the Corporations Act, carries:
- a maximum civil penalty of the greater of A$1,050,000 (5,000 penalty units) or three times the benefit derived or detriment avoided because of the contravention; and
- a maximum criminal penalty of A$12,600 (60 penalty units).
Body corporates also need to be aware that if they are found to be involved in a violation under the DIN regime they could also be fined, with the maximum civil penalty being the greater of:
- A$10.5 million (50,000 penalty units);
- three times the benefit derived or detriment avoided because of the violation; or
- 10% of the annual turnover of the body corporate up to a maximum of A$525 million (2.5 million penalty units).
The registrar may also issue infringement notices to individuals or corporations for minor breaches of the DIN regime.
Defences for non-compliance with the DIN regime
Defences are available to persons failing to apply for a DIN prior to their appointment as a director, including that:
- the person applied for a DIN prior to being appointed and the application has not yet been dealt with or processed by the registrar (noting that the regime provides an obligation for the person to apply, not obtain, a DIN); or
- the person was appointed as a director without their knowledge (eg. through theft or forgery).
Defences are also available to persons applying for more than one DIN, including where:
- the person was directed by the registrar to reapply (eg. if the director’s existing DIN profile has been lost or corrupted); or
- the person’s initial DIN was cancelled by operation of law or by the registrar, noting that a cancelled DIN may be reallocated to the same person if they later reapply.
What directors and companies should be doing to get ready for the DIN regime
The DIN regime will automatically commence on 23 June 2022, or such earlier date as proclaimed by the Governor-General. While some media outlets are suggesting that the DIN regime will begin in the first half of 2021, this has not been confirmed by proclamation as yet.
Companies and directors should continue to stay updated on the new regime and prepare for the legislation to come into force, including being aware of incoming obligations and compliance requirements as outlined above. In particular, once the verification requirements under the DIN regime are specified, we recommend companies begin collating (with appropriate safeguards) the personal identification documents of their directors (in particular of their foreign directors which could take more time) so that applications can be submitted in a timely manner and the company can ensure full compliance with the requirements.