TPB 2026 Focus: Key Compliance Areas to Watch

TPB’s 2026 compliance focus for Australian tax practitioners will centre on stronger enforcement of the Code of Professional Conduct (especially competence, reasonable care, and supervision), improved governance and record-keeping for practices, more scrutiny of high-risk and incorrect claims (including GST/BAS), and heightened attention to cyber security and client data protection—reflecting the profession’s growing reliance on digital workflows and the ATO’s increased use of data matching and justified trust style assurance approaches.

What is the TPB’s role in 2026 compliance, and why does it matter?

The TPB’s role is to regulate registered tax agents and BAS agents under the Tax Agent Services Act 2009 (TASA) and enforce the Code of Professional Conduct, and this remains the primary lens through which 2026 compliance expectations should be viewed. The TPB can impose sanctions (including termination of registration), require additional education, and investigate complaints and systemic practice failures.

From a practice-risk perspective, it should be noted that TPB action is frequently triggered by “process failures” (poor records, inadequate supervision, weak engagement controls) as much as by “technical errors.” This is why 2026 preparation is as much about governance and evidence as it is about tax law outcomes.

• TASA 2009: Establishes registration framework and the Code of Professional Conduct.
• TPB Code of Professional Conduct (TASA s30-10): Core behavioural and practice standards.
• Taxation Administration Act 1953: Administration framework that interacts with lodgment and penalty outcomes.
• Privacy Act 1988 and Notifiable Data Breaches scheme: Critical for client data management where cyber incidents occur.
• ATO record-keeping expectations: The ATO’s substantiation and documentary evidence guidance is central to demonstrating “reasonable care.”

What key compliance areas are most likely to define TPB’s 2026 focus?

TPB’s 2026 focus can be operationalised into a small number of “high-impact” compliance domains that practices can audit and uplift now.

1) Will the TPB focus more on “reasonable care” and practitioner competence?

Yes—reasonable care and competence will remain core TPB risk themes because they are directly tied to systemic error rates, agent behaviour, and client harm. Under the Code, a practitioner must act honestly and with integrity, and must take reasonable care in ascertaining a client’s state of affairs and ensuring statements made to the Commissioner are not false or misleading.

• File notes that clearly record the client’s instructions, assumptions, and key judgement calls.
• Working papers that reconcile source data to reported outcomes (bank, payroll, sales systems, ATO accounts).
• Proof of review where work is delegated (review sign-off, exception lists, and resolution evidence).
• Documented tax positions for material issues (why a treatment is adopted, not just the calculation).

• The ATO’s guidance on keeping business records and substantiation expectations is frequently used as the benchmark for what a competent practitioner should request and retain.
• Where positions rely on interpretation, a better practice approach is to anchor analysis to legislation (for example, ITAA 1997) and relevant ATO rulings (for example, public rulings and practical compliance guidance where applicable).

• A client provides “bank statements only” for a complex business with mixed private/business expenditure.
• TPB risk escalates if the agent lodges without adequate reconstruction, without a private-use adjustment methodology, and without maintaining evidence that the client was warned of limitations.
• A defensible approach includes: documented limitation letter, private-use methodology, exception testing, and clear reconciliation from bank feeds to BAS/ITR labels.

2) Will supervision, outsourcing, and quality control be a bigger TPB issue in 2026?

Yes—supervision and quality control will continue to attract scrutiny because errors commonly originate from junior processing, offshore outsourcing, or uncontrolled workflow automation. The Code requires appropriate management and supervision of the services provided on the practitioner’s behalf.

• Offshore processing where the registered agent cannot demonstrate adequate supervision, review, and accountability.
• “Rubber-stamp” partner sign-off with no review trail.
• Lack of documented procedures for BAS/ITR preparation, including who does what, what checks occur, and how exceptions are handled.

• Role-based checklists for BAS and year-end jobs (with compulsory evidence attachments).
• Review workflows that require sign-off against defined risk items (GST coding, motor vehicle/private, wages/PAYG, Division 7A, loan accounts).
• Clear engagement letters defining scope, client responsibilities, and information requirements.

• A firm uses a contractor to reconcile accounts. The contractor codes GST incorrectly on mixed supplies, causing BAS errors.
• If the firm cannot show a review process and training controls, TPB concern is not just the BAS error—it is the supervision failure.

3) Will BAS/GST accuracy and “high-risk claims” remain a TPB flashpoint?

Yes—BAS/GST remains a persistent risk area because it is high-volume, time-pressured, and prone to systematic errors (GST classification, adjustment events, and misapplied GST-free/input-taxed treatments). Even where the ATO is the primary compliance body for tax positions, TPB attention arises when practitioner conduct, care, and governance are deficient.

• Over-claiming GST credits due to coding errors or missing tax invoices.
• Treating private expenditure as creditable acquisitions.
• Incorrect GST treatment for property transactions and mixed supplies.
• Failure to reconcile BAS to accounting records and ATO integrated account statements.

• The ATO’s GST and BAS instructions and record-keeping rules for tax invoices and creditable acquisitions.
• Practical reliance should be placed on the ATO’s published guidance for GST classification and adjustment events, especially where the facts are borderline.

• A client has recurring fuel and vehicle expenses with mixed private use; BAS credits are claimed at 100%.
• A strong compliance approach includes a documented apportionment method, periodic review, and a reconciliation that ties claims to evidence (tax invoices where required).

4) Will TPB focus on false or misleading statements and “unsupported positions”?

Yes—false or misleading statement risk remains central because it is specifically captured by the Code and often overlaps with ATO penalty frameworks. The TPB focus for 2026 is expected to emphasise whether the practitioner had an appropriate basis for claims and whether advice is properly evidenced.

• Lodging returns with “plug figures” or estimates without a documented basis.
• Failing to verify client-provided summaries against source evidence where risk indicators exist.
• Over-reliance on software defaults without checking classification outcomes.

• Source documents (bank extracts, payroll reports, sales summaries, loan statements).
• Clear reconciliation notes (what was tested, what exceptions were found).
• Technical basis for non-routine treatments (references to legislation and ATO materials).

5) Will client-agent linking, identity integrity, and authorisation controls matter more?

Yes—identity integrity and authorisation controls have become operationally critical due to ongoing fraud risks in the tax system. Although the ATO administers the client-agent linking environment, the TPB’s interest is how agents manage authority, prevent misuse, and maintain integrity.

• Ensure authorisations are current and properly evidenced (engagement and authority records).
• Use secure client onboarding and verification processes.
• Maintain logs of who accessed what, when, and why (especially for larger teams).

6) Will cyber security and privacy be a TPB compliance priority in 2026?

Yes—cyber security is now inseparable from professional conduct because tax practitioners hold high-value identity data and access pathways to ATO systems. A cyber incident can quickly become a TPB matter if governance is weak or client confidentiality is compromised.

• Weak access controls (shared logins, poor MFA discipline).
• Uncontrolled file storage and emailing of sensitive data.
• Lack of incident response planning and poor client notification procedures.

• Privacy Act 1988 and the Notifiable Data Breaches scheme obligations (where applicable).
• General ATO and ASD-aligned guidance often adopted as better practice for cyber hygiene in professional services environments.

• MFA across email, practice systems, and any ATO-connected services.
• Least-privilege access and immediate offboarding for departing staff.
• Encrypted storage, secure portals for document exchange, and audit logging.
• Incident response plan, including client communication templates.

How should practices adapt governance and working papers for TPB scrutiny in 2026?

Practices should treat 2026 as an evidence-and-controls uplift year: if it is not documented, it will be difficult to defend as “reasonable care.”

1. Map your highest-risk workflows

1. Standardise checklists and minimum evidence

1. Implement a two-stage review model

1. Strengthen engagement and scope management

1. Record technical positions consistently

What real-world risk indicators should tax practitioners monitor in 2026?

Risk indicators are practical triggers that a file needs additional evidence, review, or a more conservative position.

• Large refunds or unusually volatile BAS outcomes.
• Persistent losses with inconsistent business activity signals.
• High motor vehicle, travel, and mixed private/business expenditure.
• Significant contractor payments without matching withholding or reporting patterns.
• Director/shareholder loan movements that are not clearly documented (Division 7A risk environment).
• Incomplete records, late delivery of records, or repeated “estimated” figures.
• Unexplained variances in GST ratios, gross margins, payroll-to-revenue, or cash deposits.

How does MyLedger compare to Xero/MYOB for TPB-ready compliance evidence?

MyLedger is designed for Australian accounting practices to generate stronger reconciliation evidence and working papers faster, which directly supports TPB-facing themes such as reasonable care, supervision, and record-keeping. From a compliance operations standpoint, this is where AI accounting software Australia can materially change the risk profile of a practice.

• Automated bank reconciliation: MyLedger = 10–15 minutes per client with AI-powered reconciliation (around 90% faster), Xero/MYOB/QuickBooks = commonly 3–4 hours where transaction exceptions and coding reviews are manual-heavy.
• Evidence quality (working papers): MyLedger = automated working papers (including BAS reconciliation and Division 7A automation), competitors = working papers often maintained manually in Excel and separate folders.
• ATO integration accounting software: MyLedger = direct ATO portal integration features (including statement and transaction import and due date tracking), competitors = typically more limited ATO portal connectivity and more reliance on separate ATO portal workflows.
• Supervision and review trail: MyLedger = spreadsheet-like workflow, mapping rules, snapshots/version control style features to support review and change tracking, competitors = review evidence often split across notes, emails, and manual sign-offs.
• Cost model for practices: MyLedger = expected $99–199/month unlimited clients (and free during beta), many competitors = per-client pricing commonly $50–70/client/month, which can discourage deep compliance workflows on smaller clients.

• TPB reviews are often decided on the presence of a defensible file trail: reconciliations, substantiation, review sign-off, and consistent process. Automation that reduces manual effort also reduces “cut corners under time pressure” risk.

How should practitioners document “reasonable care” for 2025–2026 lodgments?

Reasonable care should be documented as a repeatable file narrative, not a one-off checklist. The strongest files show what was done, what was checked, and why the final position is supportable.

• Client instruction evidence: email confirmation, signed checklist, meeting note, and scope confirmation.
• Source data pack: bank statements/feeds, sales reports, payroll reports, loan statements, asset listings.
• Reconciliation pack: bank-to-ledger, BAS/GST reconciliation, ATO account tie-outs where relevant.
• Judgement log: material tax positions, assumptions, and basis (legislation/ATO guidance).
• Review evidence: reviewer sign-off with exceptions list and resolutions.

• It is established that tax law outcomes depend heavily on facts and evidence. Where evidence is incomplete, the file should show how limitations were communicated and how risk was managed.

Next Steps: How Fedix can help your practice prepare for TPB 2026

Fedix, through MyLedger, is built specifically for Australian practices to reduce compliance risk while increasing throughput. If your 2026 plan includes tightening working papers, improving review evidence, and reducing BAS/GST error rates, MyLedger’s automated bank reconciliation, AI-powered categorisation, automated working papers, and ATO integration can materially improve both speed and defensibility.

• Trial MyLedger (via Fedix) on a subset of high-volume BAS clients to standardise reconciliations and evidence packs.
• Implement mapping rules and GST enforcement to reduce systematic coding errors.
• Use automated working papers (including BAS reconciliation and Division 7A automation where relevant) to strengthen “reasonable care” evidence with less manual Excel handling.

• AI-powered reconciliation and how to automate bank reconciliation in an Australian practice
• Building TPB-ready working papers and review workflows for BAS and ITR jobs

Conclusion

TPB’s 2026 focus should be treated as a governance-and-evidence agenda: reasonable care, competent execution, supervision, defensible BAS/GST and tax positions, and robust cyber/privacy controls. Practices that standardise working papers, implement disciplined review trails, and adopt automation to reduce manual handling will be best positioned to withstand both ATO scrutiny and TPB conduct reviews.

Disclaimer: This article is general information only and does not constitute legal or tax advice. Tax laws and TPB/ATO guidance can change, and outcomes depend on specific facts. Professional advice should be obtained for your circumstances.

Frequently Asked Questions

Q: What is the most important TPB compliance area to prioritise for 2026?

Q: Can the TPB sanction a tax agent for poor record-keeping even if the client caused the problem?

Q: How can I reduce TPB risk for BAS preparation in 2026?

Q: Does automation help with TPB compliance, or does it create new risks?

Q: Is MyLedger a Xero alternative for firms focused on compliance evidence?