In 2020, the Australian Government announced the full implementation of the Modernising Business Registers (MBR) Program, which unifies the Australian Business Register and the Australian Securities and Investments Commission (ASIC) registers onto a single platform, to be administered by the Commonwealth Registrar under legislation and as a separate statutory function of the Australian Taxation Office. The MBR Program has been subject to extensive public consultation since its announcement, with the Government indicating that it has received broad support from industry and government stakeholders so far.
The Government has now released draft exposure materials and opened consultation in relation to a key part of the MBR Program, the Director Identification Number (or DIN) regime. The DIN regime allows more effective tracking of directors and their corporate history, providing traceability of a director's relationships across companies, reducing the use of fictitious identities and improving data integrity and security, with the ultimate aim of clamping down on illegal phoenixing, which costs the Australian economy between A$2.9 billion and A$5.1 billion annually.
How will the DIN regime work in practice?
The recent tranche of draft exposure materials includes a draft Data Standard framework, the Corporations Director Identification Number Data Standard 2021, which sets out the basic elements of the regime:
For the purposes of giving an individual a DIN, the Registrar may require and collect the following information:
- name and former name(s);
- address and former address(es);
- contact details; and
- date and place of birth.
Currently, a director's former and current names, address, place and date of birth is provided to ASIC.
The Registrar may request, but not compel, an individual to provide a tax file number.
If the Registrar is not satisfied that the individual's identity is established, the Registrar may request and collect other information necessary to establish their identity.
An individual must make an application for a DIN through the electronic platform provided by the Registrar or in the form provided by the Registrar.
An application for a DIN must be made by the individual to whom the application relates. An application must not be made by another person on behalf of the individual, unless the Registrar is satisfied that an exception applies. Exceptions include situations where an applicant may require assistance to apply for a DIN if they are unable to prepare the application themselves (for example, due to disability, injury or illiteracy). The Registrar will assess an individual’s circumstances on a case by case basis.
An individual who makes an application for a DIN must declare that:
- the individual is the applicant identified in the application;
- the information provided in the application is true and correct;
- the individual is an eligible officer, or intends to become an eligible officer within 12 months of applying for a DIN; and
- the individual does not already have a DIN, or the individual has been directed by the Registrar to apply, or apply again, for a DIN.
An individual who has a DIN may request the Registrar to update their name, addresses and/or contact details from time to time. They must also further inform the Registrar of any errors or corrections to the information given in their application for a DIN.
There are various obligations on the Registrar regarding the use and storage of information given in a DIN application, including that the Registrar may make a record of information collected or generated in the course of processing the individual’s DIN application (including subsequent updates or corrections to that information), the Registrar may validate, verify or authenticate any information received, the Registrar may use the information for the performance of its functions and exercise of its powers, and the Registrar must record and store information provided to it in a secure environment.
Under the draft Data Standard, the Registrar will communicate electronically with individuals who have provided information to it, unless electronic communication is not possible. An individual adversely affected by a decision made under the Data Standard can apply for review of a decision under the Corporations Act 2001 (Cth).
How much time do directors have to apply?
The draft exposure material also contains various draft legislative instruments regarding the timeframe for directors to apply for a DIN during the early stages of the regime. To ensure that the DIN system will provide a robust, reliable, and consistent user experience, there will be a public beta trial of the relevant technology systems before all directors are onboarded into the system. So that directors are not disadvantaged or in breach of the law, legislative instruments have been drafted that remove the need for directors to apply for a DIN in these early stages.
The materials propose that directors appointed under the Corporations Act will have between the end of testing and 30 November 2022 to obtain a DIN. This timeframe applies for both existing directors appointed before the DIN regime commenced, and directors appointed during the testing phrase.
Meanwhile, directors of Indigenous corporations governed by the Corporations (Aboriginal and Torres Strait Islander) Act 2006 (Cth) have separate obligations to apply for a DIN between the end of the testing phase and 30 November 2023. The later date is owing to the fact that the MBR Program plans to commence issuing DINs to CATSI Act directors after the Corporations Act directors have been fully onboarded into the system. To be clear, if an individual has applied for or received a DIN under one Act, that individual does not need to apply for a DIN under the other Act.
What can and cannot be disclosed
The draft exposure material also contains the Corporations (Director Identification Number) Disclosure Framework (PGPA Bodies, courts and tribunals) 2021, which relates to the disclosure of protected information that is DIN information or is related or connected to DIN information.
The need for this additional Disclosure Framework is driven by the fact that, currently, a person is prohibited from disclosing protected information if the protected information was obtained by the person in the course of their official employment unless one of the exceptions under the Corporations Act applies. The Corporations Act presently allows disclosure to a government entity, however bodies being Commonwealth entities and companies within the meaning of the Public Governance, Performance and Accountability Act 2013 (Cth), do not fall within the meaning of government entity as defined under the Corporations Act. Public governance, performance and accountability (PGPA) bodies include, but are not limited to, non-corporate Commonwealth entities, corporate Commonwealth entities and Commonwealth companies such as ASIC, the Australian Prudential Regulation Authority and the Reserve Bank of Australia.
Under the draft Disclosure Framework, the disclosure of DIN information is authorised if the disclosure is:
- made to a person in official employment of a PGPA body for use, in the course of the performance of duties of the person; and
- in relation to performing or exercising functions and powers of that PGPA body.
The disclosure of DIN information to a court or tribunal is authorised by the instrument subject to section 1270Q of the Corporations Act, which exempts a person from being required to provide protected information to a court or tribunal except where the disclosure is necessary for giving effect to a taxation law or an Australian business law.
While the draft Disclosure Framework authorises the disclosure of DIN information to PGPA bodies, courts or tribunals, it is worth noting that nothing in the instrument specifically requires or compels such a disclosure. Each body will have their own mechanisms for the prevention of misuse of this information, which addresses any risk of the misuse of DIN information by these bodies or individuals in their employ.
The draft Disclosure Framework also provides that applications can be made for particular protected information not to be disclosed, and that individuals making such an application must demonstrate how the detrimental consequence to the individual of disclosure outweighs the benefit of disclosure by the PGPA bodies, courts or tribunal performing their functions. The Explanatory Statement to the draft Disclosure Framework seems to indicate that this is a high bar, and that "it is generally not appropriate to suppress DIN information from PGPA bodies, courts and tribunal[s] given the importance of these agenc[ies] to the function of government and to the Australian community". As a point of reference, currently directors are entitled to use an alternative address in place of their usual residential address in forms and application lodged with ASIC, and on ASIC's public database, if:
- the Australian Electoral Commission has granted them "silent enrolment" status. This means that their name, but not their residential address, is on an electoral roll (under the Commonwealth Electoral Act 1918 (Cth) because of section 104 of that Act); or
- their name is not on an electoral roll at all within Australia and ASIC determines, in writing, that including their residential address on its public database would put at risk the director's personal safety or the personal safety of members of that director's family.
Next steps for creating the DIN regime
The release of further draft exposure material in relation to the DIN regime instils greater confidence that the Australian Government is committed to its rollout as part of the broader modernisation of Australia's regulatory regime through more flexible, user-friendly and streamlined registry services. Current and prospective Australian company directors and companies can continue preparing for the implementation of this regime by familiarising themselves with the regime.
Consultation on the draft Data Standard and Disclosure Framework closed on 1 April, with consultation on the draft transitional period legislative instruments open until 16 April 2021. All submissions will be published on the Commonwealth Treasury website (here and here). At this point in time, Treasury is yet to indicate which element of the MBR Program will be the subject of its next public consultation.