Last updated: 24 Nov 2025

Australia — Regulatory framework

Overview of the key legal sources, competent authorities and technical standards in Australia for FATCA (Model 1 IGA), the Common Reporting Standard (CRS) and the U.S. Qualified Intermediary (QI) regime – including interfaces and practice notes for banks and other financial institutions.

1) Legal sources (selected)

2) Responsibilities and competent authorities

• Australian Taxation Office (ATO) – central authority for FATCA (Subdivision 396-A) and CRS (Subdivision 396-C): issues guidance, registers and supports reporting financial institutions, receives and validates XML returns, and exchanges information with the IRS and CRS partner jurisdictions.
• Australian Government – Treasury – policy lead for the FATCA IGA and CRS implementation, and sponsor of amendments to the TAA 1953 and related legislation on automatic exchange of information.
• Australian Prudential Regulation Authority (APRA) – prudential supervisor of ADIs, insurers and superannuation trustees; its expectations on risk management, governance and internal controls indirectly shape FATCA/CRS/QI compliance frameworks.
• Australian Transaction Reports and Analysis Centre (AUSTRAC) – AML/CTF regulator and financial intelligence unit; AML/CTF Act and Rules set the baseline for KYC, which can be leveraged as approved KYC for QI and for FATCA/CRS due diligence.
• Internal Revenue Service (IRS, U.S.) – responsible for the QI regime and for FATCA registration of Australian financial institutions (GIINs), QI/WP/WT agreements, certifications and periodic reviews.

3) Interfaces: FATCA ↔ CRS ↔ QI

• Consistent classifications and identifiers. U.S. indicia, tax residency, GIINs and entity classifications should be aligned across FATCA, CRS and QI documentation to avoid mismatches between ATO and IRS data sets.
• Superannuation and other exempt arrangements. Annex II to the FATCA IGA lists various Australian entities and products (including certain superannuation funds and other registered plans) as exempt or deemed-compliant. Their treatment under CRS may differ and must be analysed separately.
• Leveraging AML/CTF frameworks. AML/CTF Act customer identification rules and AUSTRAC/industry guidance provide a single risk-based KYC framework. Institutions typically overlay FATCA/CRS-specific indicia checks and self-certifications, and then reuse the same records for QI documentation and reason-to-know assessments.
• Withholding tax vs. reporting. FATCA and CRS in Australia focus on due diligence and reporting to the ATO, whereas the QI regime governs U.S. withholding tax documentation, treaty benefits and liability allocation along chains of intermediaries.

4) Technical and operational standards (high level)

• File format. FATCA and CRS reports are filed in prescribed XML formats, based on OECD/IRS schemas and ATO technical specifications, via secure electronic channels (e.g. Online services for business / practitioner services).
• Validation & error handling. Institutions must design processes to handle ATO validation rules, file-level rejections and record-level errors, and to ensure that corrected or amended reports are submitted in a timely manner.
• Change management. Schema changes, updated ATO guidance and evolving AML/CTF KYC rules require governance for assessing impact, updating procedures, retraining staff and testing system changes before go-live.
• Governance & evidence. Policy documentation, role descriptions, control testing, reconciliations and audit trails are key to satisfying ATO reviews, APRA/ASIC expectations and IRS QI periodic reviews.

5) Helpful internal references

• Australia hub: US tax for banks in Australia
• Reporting & technical implementation (Australia): Reporting & technology
• Supervision & enforcement (Australia): Supervision, reviews & sanctions