New $16.5 million maximum penalty for serious contraventions by a NDIS provider

Serious contravention

The NDIS Act did not distinguish between single and repeated contraventions.

New s 11B defines a ‘serious contravention’ as conduct by a NDIS provider or a member of its key personnel that:

• involves a ‘significant failure’, being conduct that represents a significant departure from the conduct that could reasonably be expected from a NDIS provider or its key personnel having regard to the requirements that registered and unregistered NDIS providers and their key personnel are subject to under the NDIS Act (s 11B(2)); or
• is part of a ‘systematic pattern of conduct’, which will be assessed by reference to the following matters:
• the number of times the provider’s or key personnel member’s conduct has not complied with a provision of the NDIS Act (relevant contraventions)
• the period over which the relevant contraventions occurred
• the number of individuals affected by the relevant contraventions
• the provider’s or key personnel member’s response, or failure to respond, to any complaints about the relevant contraventions (s 11B(3)).

Requirement to be registered

Section 73B(1) of the NDIS Act establishes a requirement for NDIS providers to be registered before providing certain classes of supports under a participant’s plan.

The civil penalty for a contravention of that requirement under s 73B(2) was 250 penalty units.

New s 73B(2) to (6) retains the requirement for certain specified supports to be provided by registered NDIS providers and introduces two new ways that requirement may be contravened.

• Providing specified supports to a participant under their plan that the provider is not registered to provide  (s 73B(2)).
• A person holding themselves out as being able to provide specified supports to a participant under their plan and the provider is not registered to provide those specified supports (s 73B(3)).

A contravention of either is:

• A ‘fault-based offence’ carrying a penalty of two years imprisonment or 120 penalty units or both (s 73B(4)).
• A ‘strict liability offence’ carrying a penalty of 60 penalty units (s 73B(5)).

A fault-based offence requires proof that the person engaged in the prohibited conduct intentionally or with knowledge of the relevant circumstances.

A strict liability offence requires proof only that the person engaged in the prohibited conduct.

The section also introduces a civil penalty of 10,000 penalty units for a ‘serious contravention’, and retains the 250 penalty unit civil penalty for a contravention in any other case (s 73B(6)).

False or misleading information in registration applications

Former s 73D provided a civil penalty of 60 penalty units for a person who knowingly provided false or misleading information or documents in, or in connection with, an application for registration.

The provision applied where the person knew the information was false or misleading in a material particular.

Amended s 73D introduces a higher civil penalty of 10,000 penalty units for a ‘serious contravention’ and doubles the civil penalty to 120 penalty units for a contravention in any other case.

Breach of registration conditions

Section 73J establishes a requirement for all registered NDIS providers to comply with their conditions of registration.

A registered NDIS provider who breached a condition of registration contravened that requirement and was liable to a maximum civil penalty of 250 penalty units only.

Amended s 73J introduces a new civil penalty of 10,000 penalty units for a ‘serious contravention’ while retaining the 250 penalty unit civil penalty for a contravention in any other case.

Breach of NDIS Code of Conduct

Section 73V establishes a requirement for a person who is subject to a requirement under the NDIS Code of Conduct to comply with that requirement.

Under former s 73V(3), a person who failed to comply with a requirement under the NDIS Code of Conduct contravened that section and was liable to a civil penalty of 250 penalty units only.

Amended s 73V(3) introduces a new civil penalty of 10,000 penalty units for a ‘serious contravention’ while retaining the 250 penalty unit civil penalty for a contravention in any other case.

Anti-promotion orders

The NDIS Act did not include a standalone power for the Commissioner to prohibit or restrict promotional or marketing conduct through an anti-promotion order.

New s 73ZOA empowers the Commissioner to make an ‘anti-promotion order’ prohibiting or restricting a person from engaging in ’regulated promotional conduct’ of a kind specified by the Commissioner in the order where the Commissioner is satisfied the person has engaged in, or is engaging in, that conduct (s 73ZOA(1)).

‘Regulated promotional conduct’ may be prescribed in the NDIS rules as conduct that involves promoting, advertising or marketing matter related to supports or services for people with disability, NDIS providers or things presented as such (s 73ZOA(2)).

Before any rules prescribing conduct as regulated promotional conduct, the Minister must be satisfied that the conduct undermines the objects of the NDIS Act (s 73ZOA(3)).

Breaching an anti-promotion order attracts a civil penalty of 250 penalty units (s 73ZOB). The Commissioner can also vary or revoke an anti-promotion order (s 73ZOC).

Expanded scope of application

Former s 73ZN empowered the Commissioner to make a banning order prohibiting or restricting specified activities in relation to the following:

• A NDIS provider (or former provider) (s 73ZN(1)).
• A person employed or otherwise engaged by a provider or a member of a provider’s key personnel (s 73ZN(2)).
• A person who the Commissioner reasonably believes is not suitable to be involved in the provision of specified supports or services to people with disability (s 73ZN(2A)).

The power to issue banning orders has been expanded under new subsections 73ZN(2B) and (2C) to include:

• A person who has made an application, for registration as a registered NDIS provider, that has not been finally determined.
• An approved quality auditor.
• A person who is employed or otherwise engaged by, or is a member of the key personnel of, a person in the two categories mentioned above.
• A person involved in providing services that enable or facilitate the provision of supports or services for people with disability or services that involve assisting with or advising on applications for registration.

The Commissioner may make an order if certain circumstances are met. For example, the Commissioner has revoked the registration of the person as a registered NDIS provider, the Commissioner has revoked their approval as a quality auditor or the person is convicted of an offence involving fraud or dishonesty.

Breach of a banning order

Former s 73ZN(10) provided a civil penalty of 1,000 penalty units for a contravention of a banning order.

There was no criminal offence for a contravention.

New s 73ZNA creates a fault-based offence for a contravention of a banning order (including a condition of the order), with a penalty of imprisonment for five years or 300 penalty units, or both (s 73ZNA(2)).

A strict liability offence of 150 penalty units has also been introduced (s 73ZNA(3)).

A fault-based offence requires proof of the person’s intention or knowledge, whereas a strict liability offence requires proof only that the person engaged in the prohibited conduct.

New s 73ZNA introduces a new higher civil penalty of 10,000 penalty units for a ’serious contravention’ (s 73ZNA(4)(a)) while retaining the 1,000 penalty unit civil penalty for a contravention in any other case (s 73ZNA(4)(b)).

Shorter notice periods

Under s 55A of the NDIS Act, the Commissioner has the power to require a person to give information or produce a document to the Commissioner.

Under former s 56(3) the Commissioner was required to afford a person at least 14 days to give the information or produce the document.

New s 56(6) enables the Commissioner to shorten the 14-day minimum requirement if all these conditions are satisfied:

• The notice requiring a person to give information or produce a document is given by the Commissioner.
• The Commissioner reasonably believes that not specifying a shorter period or earlier time would significantly increase the risk of serious harm to a participant.
• The shorter period or earlier time is reasonable in the circumstances.

A civil penalty may be sought for any non-compliance with a shortened timeframe, as the requirement to provide information and documents is a condition of registration.

Whistleblower protections expanded to former staff

Under former s 73ZA(1) only certain people who made a disclosure qualifying for protection were covered. This included people who had a current or present connection to an NDIS provider (for example, a current employee or a contractor) and a person with disability receiving NDIS supports or services from an NDIS provider.

New s 73ZA(1) extends the protections to people who are, or who have been, connected to an NDIS provider.

Identity protection

The NDIS Act did not provide this form of protection for disclosers.

New s 73ZBA(1) provides for the confidentiality of a discloser’s identity. Revealing the whistleblower’s identity, or information likely to identify them, now carries a civil penalty of 30 penalty units.

Limited exceptions apply. They include, for example, a disclosure that is made:

• To the Commissioner or the National Disability Insurance Agency.
• To the Australian Federal Police or the police force of a state or territory or a prosecutor.
• To a legal practitioner for the purpose of obtaining legal advice or representation in relation to the operation of Division 7 of Part 3A of the NDIS Act.
• With the discloser’s consent.
• To lessen or prevent a serious threat to the safety, health or wellbeing of one or more people (s 73ZBA(2)(a)-(e)).