April 16, 2021

Din Din Din!

Your days as a director are

about to be ‘numbered.’

The Federal Government is working on implementing a Director ID number system, which will allow for the tracing of directors across companies.

This system is to be implemented from November 30, 2022, and Directors will be required to apply for a new Directors ID Number (or DIN) by that date.

This system will be managed separately to the Tax File Number (TFN) and Australian Business Number (ABN) system now in operation and will be managed by the Commonwealth Registrar, operating as a separate statutory function of the ATO as part of the Governments “Modernising Business Registers (MBR) program.

In the 2020 federal budget, additional funding was announced to integrate the system with the government’s Modernising Business Registers (MBR) program.This integration will create a super registry by bringing together the Australian Business Register and 31 other registers currently administered by the Australian Securities and Investments Commission, forming the Commonwealth Registrar.

It is hoped this system will prevent the use of false identities and help prevent illegal phoenix activity, where directors deliberately liquidate companies to avoid paying debts, which is estimated to cost the Australian economy between $1.8 billion and $3.2 billion each year. i.e. It ‘should’ make it easier to trace directors who move operations from one company to another, or who have a record of ‘companies closing’ year on year.

How the Director ID system will work

All directors will be required to establish their identity with the Commonwealth Registrar before receiving their unique director ID, which they will retain throughout their lifetime, even if they cease to be a company director.

This process will involve directors providing their names and former names, addresses and former addresses, contact details, and their date and place of birth.

Directors will also need to prove their identity using key identifying documents, such as a driver’s licence, passport, birth certificate or visa, and may be asked to provide their tax file number (TFN). I expect that this last part will become a critical aspect so that it is harder for people to obtain multiple DIN’s. It is currently relatively simple for a person to have two different sets of details listed with ASIC, depending on whether or not middle names are included in the filings, address details, etc., are maintained correctly.

While the Commonwealth Registrar will operate separately from the ATO, it may ask the ATO to provide the TFN of applicants to verify their identities, and details provided to the registry may be cross-checked against the taxation office’s records.

Directors will face significant civil and criminal penalties if they fail to apply for a director ID by the deadline and for conduct that contravenes the new rules, including falsifying identify information or intentionally apply for multiple director IDs

For companies registered under the Corporations Act, directors face potential civil penalties of up to 5,000 penalty units, or $1.1 million.

What Happens next?

According to the proposed arrangements, the director ID regime will go through a testing phase, which will run until October 31 this year. As part of this phase, the Commonwealth Registrar will invite a group of existing directors to test the system to make sure it has a robust, reliable and consistent user experience.

After this testing is completed, existing directors and those who became directors during the testing phase will have a little over 12 months to apply for their director ID number.

Anyone who wishes to become a company director after November 30, 2022, will need to apply for a director ID before being appointed as a director. This may slow down new company setup processes for small businesses, depending on the approval processes involved, which is why I expect the submission of the TFN will be crucial in the identification process.

So by early 2023, anyone in business will need to add a new identification number to their lists! TFN, ABM, ACN and now DIN.

What has not been reported on so far is the impact of this process on directors of Australian companies that reside overseas. What will the process be for these individuals, and what forms of ID will be accepted? Will they be required to apply for an Australian TFN if they don’t already hold one? Time will tell on that one.

I recall the chaos when the ABN system was first implemented, Hopefully, 20 odd years later, some lessons have been learned, and the ‘trial process’ will consist of a bit more than a few ‘mates filling in some forms to check it all out’ to test the process. There will be a flurry of activity with various corporate register and management systems that will need to update systems to record the DINs and changes to every single ASIC form that needs to be lodged for company activities to incorporate the DINs into the system.

As the systems become apparent, we will liaise with our clients to arrange the application process to ensure it is as smooth as possible.

For more information or to discuss what you need to do as part of this process, please email us at info@fiscalartisans.com.au, or call me on 0409 788 399.

by Fiscal Artisans

April 1, 2021

With almost all businesses and professional activities finding their activity pushed on line over the last 12 months, and the ease with which we open up our phones and mobile tablets to buy, sell, book appointments and the like, the whole area is open for exploitation.

So what can you do about it?

Ironically, the Government has been urging businesses to improve their IT security, only to find that Parliament House has also been hacked (as has RMIT, Nine Media, and many other organisations)

So, a few suggestions are listed below

1. Use a reputable web host

A quality web host is your first line of defence against cyberattacks on your website. So rather than opt for the cheapest host, do your homework and invest in a solid hosting package with a reputable host.

Hosting is what makes your website visible to people around the world.

Check that your web host supports the latest versions of basic web technologies, such as PHP and MySQL. PHP 7 is the official recommended PHP version for WordPress, which now powers 30 percent of all websites.

It’s also worth considering VPS or dedicated hosting. These ensure your website isn’t on a shared server — and not vulnerable to DDOS attacks on other websites sharing the same resources.

2. Ramp up your website security

Bad actors are using increasingly sophisticated tactics to break into websites. Their goal? Sometimes it’s to steal customer data that can be sold on the dark web. Other times it’s to gain access to a bigger company’s network through your site. Regardless of their motives, the outcome is bad for your business.

Look at what your web site host offers in terms of security, ensuring that they offer the following services

WAF prevention

The Web Application Firewall (WAF) feature stops malware before it gets a chance to enter your website. It intercepts and inspects incoming data and removes malicious code, preventing damage from being done to your site (and your business reputation).

Malware scanning and removal

Website Security includes a scanner that checks your website for malicious content that could put your site, your customers, and your future prospects at risk. The product automatically scans for malware daily, alerting you when it finds something. All you need to do is submit a malware removal request and our team gets right to work.

Blacklist monitoring and removal

Likewise, if your site is infected and blacklisted as a resulet, you will be notified of the problem and website host can work to get your site cleaned up and removed from the blacklist.

SSL Certificate protects private data

A SSL certificate enables encrypted communication between your customers and your website. It helps to decrease the risk of losing sensitive information to hackers such as:

Usernames

Passwords

Emails

Credit card numbers

The SSL helps to protect all the private data that is of most interest to hackers and thieves. But there’s another benefit to having an SSL: Google heavily favours SSL-encrypted websites and pushes them higher in search rankings than those without, helping your business become more visible to new customers.

Advanced DDoS mitigation

The Distributed Denial of Service (DDoS) attack can bring down your website by overwhelming it with a flood of automated traffic. And every minute your site’s down, you’re losing customers and sales.

The advanced security monitoring and WAF features of a good hosting service’s Website Security suite will hep to prevent DDoS attacks.

3. Use strong passwords

Always create and use strong and unique passwords — preferably based on pass phrases — for your website, email and any other accounts associated with your online business.

Like usernames, passwords are another piece of the puzzle for hackers to guess. The stronger your password, the more difficult you make it for hackers to successfully log in to your website. If you use WordPress, it will automatically force a strong password during installation and ask you to check a box if you enter a weak one on purpose.

If you need a hand coming up with a strong password, read this for tips. Or use a tool like Secure Password Generator — it will create strong passwords for you. Be sure to keep them safe and don’t share them with anyone.

AND DON’T RE-USE THEM ON DIFFERENT PAGES! Yes it is a pain, but then so is losing your identity and your money to some offshore hacker who is benefitting from all of your effort with a keystroke.

4. Add two-factor authentication

Even with a strong username and password combination, Brute Force attacks can be used to guess your log in details. This is where two-factor authentication can help.

Two-factor authentication introduces another step in the login process. You still enter your username and password, then you’re asked to enter a code that is sent to your mobile device or authentication app. This thwarts automated Brute Force attacks designed to crack your username and password combination.

Many systems (like Xero, and many bank web pages) require 2FA systems to be installed. While it adds to the time spent in logging in and working on these systems, just think – if it takes you that long to get in with all the information at your fingertips, how much longer – and therefore harder – is it for someone else to get in? It IS your money and your business that you are protecting! And make it compulsory for your employees to use 2FA when logging in to your systems – especially in Work From home arrangements.

5. Keep all software up-to-date

Ensuring all software you use for your website — including your Content Management System — is up-to-date and running on the latest version is one of the easiest ways to protect your site from attack.

Only download and use software (such as WordPress plugins and themes) from credible, reputable sources, such as premium providers. While it might be tempting to use free software, sometimes dodgy developers insert malicious code, which would compromise your site.

And only keep software on your site and system that you’re actually using. The more unused software you have, the higher the risk of getting hacked. So review your site regularly to ensure it’s lean and running on essential software.

Website security is your responsibility

Like filing your tax returns or submitting business activity statements, digital security is another important facet of running a business that SMBs need to prioritise. It’s not something you can simply put in the too-hard basket — not when 20 percent of Australian SMBs have already suffered a cybercrime event. Businesses are spending literally thousands of dollars each year cleaning up after hackers who penetrate their sites.

ID – Fiscal Artisans