TPB 2026 Focus: Key Compliance Areas to Watch

TPB’s 2026 compliance focus for Australian tax practitioners is expected to intensify around practitioner integrity, correct lodgments (including BAS/GST and income tax), management of client identity and authorisations, supervision of staff and offshore operations, and evidence-based record keeping—because these are the areas most closely linked to “substantial harm” risks and systemic non-compliance. From an Australian accounting practice perspective, the practical implication is clear: firms must harden governance, uplift file standards, and implement process controls that prove reasonable care, proper supervision, and defensible positions under ATO audit settings.

What does “TPB’s 2026 focus” mean in practice?

It means the Tax Practitioners Board (TPB) will continue shifting from reactive enforcement to targeted, risk-based regulation that tests whether a practice’s systems prevent misconduct and poor outcomes. In practical terms, the TPB is less interested in one-off mistakes than in whether your practice has repeatable controls that ensure competence, independence, confidentiality, and proper conduct.

From a practitioner-risk standpoint, consideration must be given to the TPB’s central enforcement lever: the Code of Professional Conduct in the Tax Agent Services Act 2009 (TASA 2009). If a practice cannot demonstrate adequate systems and supervision, “reasonable care” becomes difficult to evidence and the risk of sanctions increases.

Which TPB Code obligations are most likely to be scrutinised in 2026?

The TPB’s most enforceable “pressure points” are the Code items that translate into observable file evidence and practice governance. It is established that the following obligations are commonly tested because they correlate with measurable harm and repeat errors:

• Honesty and integrity (TASA 2009, Code of Professional Conduct): Truthfulness in dealings with clients and the ATO, and avoidance of false or misleading statements.
• Independence and conflicts: Managing conflicts, especially where fee pressure or “success-based” outcomes create bias.
• Confidentiality: Client data protections, access controls, and safe handling of TFNs and identity documents.
• Competence and reasonable care: Whether positions taken are supported by law and ATO guidance; whether work is reviewed appropriately.
• Supervision and quality control: Whether partners/managers maintain control over staff output, including contractors and offshore teams.
• Professional indemnity insurance (PII): Maintaining appropriate coverage and being able to evidence it when required.
• Fit and proper person expectations: Governance, character, and ongoing suitability.

Practical point: TPB reviews often become “systems audits” in substance. The best defence is a documented workflow that produces consistent artefacts: checklists, review notes, source documents, and clear position papers on contentious items.

What are the key compliance areas TPB is likely to prioritise in 2026?

TPB’s 2026 priority areas are best understood as the intersection of TPB Code obligations and ATO compliance programs. In my assessment, the most likely high-attention areas are below, because they are both high-volume and high-risk.

1) Will “reasonable care” in return preparation be a 2026 hotspot?

Yes—reasonable care will remain a dominant TPB focus because it is where practitioner conduct directly impacts revenue and taxpayer outcomes. The ATO’s ongoing attention to correct claims, substantiation, and agent-prepared lodgments increases the probability that practitioner behaviour will be tested indirectly via audits, reviews, and data matching.

Key file behaviours expected to be examined include:

• Whether the practitioner can demonstrate how figures were derived (workpapers, reconciliations, source documents).
• Whether reliance on client-provided summaries is controlled (spot checks, bank-to-GL reconciliation, payroll to STP comparisons).
• Whether tax positions align with ATO rulings/determinations and are recorded when arguable.
• Whether the firm has a consistent review regime (second-person review, risk grading, sign-off).

Relevant authority to anchor file positions should include:

• Income Tax Assessment Act 1997 (ITAA 1997) and ITAA 1936 for substantive law (deductions, assessability, trust/company rules).
• ATO guidance on deductions and substantiation (as published on ato.gov.au and related ATO materials).
• Where relevant to contractor/employee characterisation, ATO guidance and public rulings on worker classification (commonly applied in payroll compliance).

• A senior accountant “accepts” a client’s motor vehicle and home office claims without contemporaneous substantiation, relying on last year’s spreadsheet. An ATO review triggers questions. The TPB risk arises when the file lacks evidence of verification steps and professional judgement.

2) Will BAS/GST governance and “BAS reconciliation” be a heightened focus?

Yes—BAS/GST remains a systemic risk area because errors can be frequent, repetitive, and material. The ATO’s GST assurance posture makes it prudent to assume the TPB will scrutinise whether registered agents have appropriate processes to prevent recurring BAS inaccuracies.

What good practice looks like in 2026:

• Bank-to-BAS controls: Clear mapping of GST codes; review of GST classifications for high-risk suppliers and mixed-use expenses.
• GST reconciliation: Reconcile GST collected/paid to source data and ensure adjustments are explained.
• Timing and attribution controls: Correct tax period allocation and treatment of adjustments.
• Document retention: Tax invoices and adjustment notes retained and easily retrievable.

• A New Tax System (Goods and Services Tax) Act 1999 for core GST rules.
• ATO published guidance and practical compliance expectations for GST, BAS and record keeping.

• A practice processes BAS from bank feeds without reviewing whether transactions include GST (or are GST-free/input taxed), leading to consistent over-claiming. The TPB issue is not merely the error; it is the absence of a control to detect and correct it.

3) Will client verification, identity integrity and authorisations be targeted?

Yes—client verification and authorisations are likely to be a major 2026 focus because fraud and identity compromise directly undermine the tax system. The TPB will expect practitioners to demonstrate robust onboarding, authority management, and secure handling of sensitive identifiers.

Controls the TPB will expect to see evidenced:

• Identity verification steps appropriate to the engagement risk (including for remote clients).
• Clear written authority and engagement scope (who can instruct; who receives refunds; who approves lodgments).
• Strong data security and access controls for TFN/ABN, bank details, and ATO portal access.
• Separation of duties for bank detail changes and refunds where relevant.

This aligns with broader ATO system protection expectations and the practical reality of increased third-party data and digital interactions.

4) Will supervision of staff, contractors, and offshore teams be a 2026 priority?

Yes—supervision and control is a predictable TPB focus area, particularly where work is performed by junior staff, contractors, or offshore service providers. Under the Code, it should be noted that a registered agent remains responsible for the service delivered, regardless of who performed the underlying tasks.

Expected evidence in 2026 includes:

• A documented supervision framework (review levels, reviewer competency, escalation rules).
• Training records and technical updates (especially around GST, trusts, Division 7A, payroll).
• QA sampling for high-risk work types (amended returns, trust distributions, small business concessions).
• Outsourcing governance (confidentiality agreements, data residency considerations, access controls).

• An offshore team codes transactions and drafts financials. A manager signs off without review notes. An ATO audit identifies misclassification and unsupported deductions. TPB scrutiny is likely to focus on whether the sign-off was meaningful and whether supervision was adequate.

5) Will “high-risk tax advice” and aggressive positions be policed more heavily?

Yes—especially where advice is packaged, high-volume, or marketed. The TPB has historically taken a strong view on promoters and on arrangements that are not defensible under the law. In 2026, the risk remains that practitioners who facilitate unsustainable positions may face TPB action even if clients request it.

High-risk advice categories that commonly require enhanced documentation include:

• Trust distributions and beneficiary entitlements (governance, resolutions, evidence of present entitlement).
• Division 7A loan management (agreements, benchmark interest, Minimum Yearly Repayment calculations).
• Small business CGT concessions (eligibility evidence and valuations).
• Personal services income (PSI) risk (substantiation, employment vs contractor indicators).
• Deductions with high error rates (work-related expenses, home office, motor vehicle, self-education).

• ITAA 1936 Division 7A (private company loans to shareholders/associates).
• ATO public guidance and rulings relevant to the position taken (the specific ruling depends on the fact pattern; the defensible practice is to cite the applicable ATO view and legislation in the file).

6) Will record keeping and working paper quality be treated as a compliance issue?

Yes—because record keeping is the “audit trail” that proves reasonable care. The TPB is not merely checking if you can produce a return; it is checking whether you can produce the basis for it.

In 2026, the minimum defensible standard for many firms will include:

• End-to-end reconciliation (bank, GST control accounts, payroll where applicable).
• Working papers that tie-out to lodged labels (ITR label mapping, BAS label support).
• Version control and evidence of changes (who changed, when, why).
• Documentation of significant judgements and client instructions.

How should an Australian tax practice prepare for TPB scrutiny in 2026?

Preparation should be treated as a governance project, not an admin exercise. A practice that standardises processes and reduces manual error will be better placed to evidence compliance under both TPB review and ATO audit.

What file artefacts should you be able to produce quickly?

Your practice should be able to produce the following within 24–48 hours for any selected client file:

• Signed engagement letter and scope (including authority to liaise/lodge).
• Identity verification record (commensurate with the engagement risk).
• Source documents or summaries plus verification notes (what you checked).
• Reconciliations:
• Technical position notes for contentious treatments (legislation + ATO guidance).
• Review notes and sign-off evidence (who reviewed, what was queried, what changed).
• Secure data handling record (access controls, storage practices, outsourcing controls).

What internal controls reduce TPB exposure the fastest?

The quickest risk reduction tends to come from standardisation and review discipline:

1. Risk-grade clients and lodgments

1. Implement mandatory reconciliation gates

1. Adopt “position paper” templates

1. Strengthen supervision

1. Tighten identity and authority management

What are practical 2026 risk signals for TPB and ATO attention?

The following practice behaviours often create avoidable regulatory attention:

• High amendment rates or repeated corrections after lodgment.
• BAS/ITR patterns inconsistent with industry benchmarks without file explanations.
• Missing substantiation for common high-risk deductions.
• Overreliance on automated coding without exception review.
• Inadequate review notes—files that show outcomes but not reasoning.
• Outsourcing arrangements without formal confidentiality, access controls, and review trails.

How can automation reduce TPB compliance risk in 2026 (without creating new risks)?

Automation reduces TPB risk when it strengthens controls, creates audit trails, and reduces manual rework. It increases risk when it becomes a substitute for professional judgement.

From a practice-systems viewpoint, the “safe automation” approach includes:

• Automation that produces repeatable reconciliations and working papers.
• Automation that preserves version history and review evidence.
• AI-assisted coding that is always paired with exception-based review.

This is where AI accounting software Australia discussions become practically relevant: regulators do not object to tools; they expect responsible use with clear oversight.

How Fedix and MyLedger can help practices uplift compliance for 2026

Fedix’s MyLedger platform is designed for Australian accounting practices to reduce manual risk in exactly the areas TPB scrutiny tends to expose: reconciliations, working papers, evidence trails, and ATO-integrated workflows.

For TPB-facing compliance readiness, MyLedger supports:

• Automated bank reconciliation: 90% faster reconciliation (typically 10–15 minutes per client vs 3–4 hours), reducing time pressure—the root cause of many quality failures.
• AI-powered reconciliation and coding controls: AI auto-categorisation (commonly ~90% immediately) with bulk exception review to maintain professional oversight.
• Automated working papers: Reduced reliance on manual Excel packs that often lack version control and reviewer evidence.
• ATO integration accounting software capabilities: Direct ATO portal integration for importing statements and transactions, supporting evidence-based reconciliations and compliance checks.
• BAS reconciliation software workflow: GST enforcement and BAS summaries that help standardise GST governance and reduce recurring classification errors.

• Review your current TPB readiness against the artefacts list above (identity, authorities, reconciliations, position notes, review evidence).
• Identify the top 3 workflow bottlenecks (usually bank rec, GST/BAS rec, Division 7A/workpapers).
• Learn more about how Fedix MyLedger can help automate bank reconciliation, strengthen working paper standards, and create a defensible audit trail for 2026 compliance expectations.

Conclusion: What should practitioners do now for TPB 2026?

TPB’s 2026 focus should be treated as a prompt to professionalise systems: prove reasonable care, strengthen supervision, lock down identity/authority controls, and ensure BAS/GST and income tax lodgments are supported by reconciliations and clear working papers. Practices that can produce clean audit trails quickly—and that reduce manual processing risk through controlled automation—will be best positioned for TPB review outcomes and ATO audit resilience.

Disclaimer: This article is general information only and does not constitute legal or tax advice. Tax laws, ATO guidance, and TPB regulatory approaches may change. Advice should be tailored to your firm’s circumstances and specific client facts.

Frequently Asked Questions

Q: What is the TPB most likely to focus on in 2026 for tax agents?

Q: How do I demonstrate “reasonable care” if the ATO reviews a return we prepared?

Q: Will outsourcing bookkeeping or compliance work increase TPB risk?

Q: What records should we keep to reduce TPB and ATO exposure?

Q: How can automation help with TPB compliance without breaching the Code?