A range of compliance and enforcement tools are used to encourage compliance. The tools can be used either individually or in combination. These are shown in the compliance pyramid diagram below.
Education and guidance
Education and guidance are integral to supporting voluntary compliance with the Act.
The Regulator may regularly publish information to assist reporting entities.
In the first instance, the Regulator will often work with the reporting entity to provide education and advice so they can meet the requirements. However, responsibility for complying with the requirements rests with the reporting entity. This includes ensuring the accuracy of all information provided to the Regulator.
A guidance letter may be sent by the Regulator. For example, this may be done for low compliance risks.
This is a non-legislative measure and would be in the form of a letter from the Regulator.
It is not a mandatory step that the Regulator issue a guidance letter.
In some cases the Regulator may decide to proceed to other compliance actions without issuing a guidance letter.
Guidance letters may include:
- what non-compliance has been identified
- what corrective action should be undertaken
- what other compliance action the Regulator may take if the non-compliance is not remedied within a specified timeframe
- education about how to remain compliant in the future
The Regulator can publish the identity of non-compliant reporting entities. This includes details of their failure to comply with their obligations. Publication may occur on the Payment times reports register and in other ways that the Regulator considers appropriate.
Before publishing that an entity is non-compliant, the Regulator must notify the reporting entity. This includes the reasons for the decision.
The Regulator must invite a written submission from the entity. Any submission must be provided within 28 days.
The Regulator must consider any submission provided by the entity before deciding whether to proceed to publish.
If the entity does not agree with the Regulator’s decision to publish, they can first request an internal reconsideration of the decision.
If an entity does not agree with the decision made following a reconsideration they can appeal to the Administrative Appeals Tribunal.
Audits for non-compliance
The Regulator can require reporting entities to undertake compliance audits. This may be done when the Regulator reasonably suspects that an entity hasn’t met the requirements of the scheme.
A suitably qualified and independent auditor will be nominated and appointed by the reporting entity. It must also be approved by the Regulator. In some cases, the Regulator may not approve the nominated auditor. If so, the Regulator may require the appointment of an alternative auditor.
An audit can examine the reporting entity’s compliance with:
- the Act
- aspects of the Act
For example, the audit could examine whether an entity has provided correct and relevant information in a report.
The reporting entity will be notified about the audit requirements. The Regulator will specify:
- the auditor’s required qualifications and independence
- the matters to be covered by the audit
- the form and content of the audit report
The reporting entity must provide the auditor with all reasonable facilities and assistance to enable the auditor to carry out their duties.
The reporting entity will be required to pay for the auditor’s services.
Infringement notice process
There are a number of civil offences in the Act. As an alternative to undertaking formal court action, the Regulator or an infringement officer may issue an infringement notice. This is done when the Regulator or infringement officer reasonably believes there are alleged contraventions.
An infringement notice requires the entity to pay a penalty for the alleged contravention. It will set out the applicable penalty. Multiple infringement notices can be issued depending on the number of contraventions identified.
If the entity does not pay the penalty in the infringement notice, court proceedings can be brought against the entity in relation to the contravention.
Monitoring and investigations
The Regulator has monitoring and investigation powers to support compliance and enforcement actions. Monitoring and investigations may help to confirm or identify if there is a compliance issue. Depending on the outcomes, it will determine the need for further action.
The monitoring and investigation powers allow the Regulator or representatives to enter a premises. This happens with:
- the occupier’s consent
- a monitoring warrant (under monitoring powers)
- an investigation warrant (under investigation powers)
A relevant warrant may be issued if it is reasonably necessary to access the premises to determine whether a provision of the Act has been complied with. This includes determining if information subject to the Act is correct. This may include exercising powers such as:
- searching the premises
- inspecting documents
- making copies
- taking images
- securing or seizing evidence
These are part of a standard suite of monitoring, investigation and enforcement powers set out in the Regulatory Powers (Standard Provisions) Act 2014.
Following monitoring or investigation, decisions may be made to take further enforcement action. This may include imposing penalties for non-compliance.