Chapter 1


Annual reports of statutory agencies

1.1        The annual reports of the following statutory agencies in the Attorney-General's portfolio were referred to the Legal and Constitutional Affairs Legislation Committee (the committee) for examination and report between 1 November 2018 and 30 April 2019:

  • Australian Criminal Intelligence Commission—report for 2017–18;[1]
  • Australian Financial Security Authority—report for 2017–18;
  • Australian Institute of Criminology—report for 2017–18;
  • Australian Security Intelligence Organisation (ASIO)—report for 2017–18;
  • Australian Transaction Reports and Analysis Centre—report for 2017–18;
  • High Court of Australia—report for 2017–18; and
  • Independent National Security Legislation Monitor—report for 2017–18.

Consideration of annual reports

1.2        In the following sections, the committee examines in closer detail the annual reports of the Australian Criminal Intelligence Commission (ACIC) and the Australian Transaction Reporting and Analysis Centre (AUSTRAC).

1.3        The ACIC's annual report has been chosen for detailed examination due to three recent developments. Firstly, the ACIC has been the subject of an audit by the Australian National Audit Office (ANAO) in relation to project management. Secondly, the ACIC now comprises what was once the Australian Crime Commission (ACC) and the Australian Institute of Criminology (AIC), the latter of which now operates within the ACIC. Finally, the ACIC has been moved from the Attorney-General's portfolio into the Home Affairs portfolio as a result of machinery of government changes.

1.4        The AUSTRAC report is also considered in greater detail in this report due to its recent incorporation into the Home Affairs portfolio.

Australian Criminal Intelligence Commission

1.5        The 2017–18 annual report of the ACIC was provided to the Minister for Home Affairs on 28 September 2018 and was subsequently tabled in the Senate on 12 November 2018.

1.6        The ACIC is established by section 7 of the Australian Crime Commission Act 2002 (ACC Act).[2] The ACIC's stated purpose is to:

[M]ake Australia safer through improved national ability to discover, understand and respond to current and emerging crime threats and criminal justice issues, including the ability to connect police and law enforcement to essential criminal intelligence, policing knowledge and information through collaborative national information systems and services.[3]

1.7        The ACIC has one outcome and one program based on the Strategic Plan 2016–21 (strategic plan), Corporate Plan 2017–18 to 2020–21 (corporate plan) and the Portfolio Budget Statement 2017–18 (PBS).[4]

1.8        The Chief Executive Officer (CEO) is the accountable authority of the ACIC.[5]

Chief Executive Officer's review

1.9        The annual review of the ACIC was provided by Mr Michael Phelan APM, CEO of the ACIC.[6]

1.10      In his review, the CEO noted that the 2017–18 financial year was marked by the agency's move into the Home Affairs portfolio in December 2017. Mr Phelan stated that this move 'recognised the strategic importance of integrated, joint agency activity to ensure a safer and more secure Australia'.[7] The agency's placement within the Home Affairs portfolio was said to offer a trusted source of criminal intelligence, national policing information and systems for law enforcement.[8]

1.11      The review reflects on a number of ACIC projects that had progressed or been completed during the reporting period, including:

  • maintaining 16 information and intelligence systems used by more than 70,000 police and non-police users daily;[9]
  • establishing the first iteration of the National Criminal Intelligence System (NCIS), designed to support frontline personnel and provide secure access to a national view of criminal intelligence and information;[10]
  • supporting the continued rollout of Joint Cyber Security Centres in multiple cities and permanently deployed cybercrime analysts to the Australian Cyber Security Centre;[11]
  • conducting 212 coercive examinations to discover new information about crime relating to ACIC's special operations and special investigations;[12]
  • delivering 2,162 intelligence products, including a range of unclassified reports;[13] and
  • working with partner agencies to seize illicit drugs valued at over $3.5 billion, dismantle an international criminal enterprise operating encrypted communications, and prosecute a global money launderer and drug trafficker in the United States.[14]

Performance reporting

1.12      According to the corporate plan, the ACIC's function is to assist, alongside Commonwealth and state and territory agencies, in making Australia safer and reducing the impact of crime. However, the nature of the agency's role within this framework results in the ACIC being unable to control outcomes or determine to what extent its performance has contributed to other agencies' outcomes.[15] The corporate plan states:

Our information and intelligence systems and services provide value to our stakeholders by enhancing their ability to undertake their role in keeping Australia safe. We cannot apportion specific aspects of their performance to our contribution, but we can measure the quality, volume of data provided and reliability of these systems. We also seek to measure the efficiency and effectiveness benefits our partners gained through new and enhanced systems.[16]

1.13      The ACIC's performance reporting scheme is broadly structured into four categories as derived from the corporate plan and the PBS. The categories are: Discover, Understand, Respond and Connect, which are reproduced in the annual report.[17] Each category has between one and four subcategories which contain performance measures to be met. The PBS provides a broad performance criteria statement, which does not set any specific key performance indicator (KPI) targets.

1.14      When read alongside the PBS, the annual report appears to provide a relatively 'clear read' in relation to its performance criteria.

1.15      The annual report explains that the ACIC used a mix of qualitative and quantitative measures to examine its achievements against its performance criteria, in addition to utilising a stakeholder satisfaction survey to assess performance against each criterion.[18] Each performance criterion is accompanied with an explanation of the methodology used to measure performance, including why other methodologies were not used if applicable.

1.16      As stated above, the ACIC does not appear to have specific KPI targets. Instead, its performance is assessed according to broad goals. The PBS provided a statement in relation to the planned measurement of the ACIC's performance:

The ACIC collects qualitative and quantitative performance data. The ACIC monitors and analyses trends in quantitative data against relevant performance criteria, where appropriate, which includes:

-          comparative statistics on information and intelligence systems and services availability, usage and support levels
-          demonstrated delivery and implementation of planned systems and services that satisfy stakeholders and users
-          comparative statistics on volume and breadth of intelligence shared
-          the level and types of our activities to discover and understand crime impacting Australia
-          the level, types and results of our responses to disrupting serious and organised crime
-          annual stakeholder survey results that form an overall assessment against the performance criteria.[19]

1.17      For example, the category titled Connect 1 states that the performance criterion is: 'Existing ACIC systems and services are accessible, used and reliable'.[20] While the corporate plan and PBS suggest methods in which the ACIC may seek to identify results related to that goal, such as surveys or comparative multi-year statistics, it does not identify what the specific targets are for the ACIC.[21] Further, the information provided in the performance statement do not make clear which statistics are to be used for assessing performance, as opposed to information provided as additional explanation or evidence. The approach applied to Connect 1 is reproduced across most performance criteria set for the ACIC.

1.18      Out of ten performance criteria, three were reported to be 'partially met'.[22] These criteria included:

  • Connect 1: Existing ACIC systems and services are accessible, used and reliable;[23]
  • Connect 2: The delivery and implementation of new and enhanced ACIC systems and satisfies the needs of stakeholders and users;[24] and
  • Connect 4: The ACIC builds, coordinates and maintains strong and collaborative relationships with domestic and international partners.[25]

1.19      Discussion of each of the relevant criterion is accompanied by supporting data and statistics, detailing information such as relevant projects or products delivered, strategic and operational insights provided to partner agencies, reports completed and usage of ACIC-owned systems. As noted above, it is unclear whether this information is presented as evidence demonstrating that the performance criterion was met or for another purpose.

1.20      As a result of the lack of clarity regarding the specific methods used to measure performance, it is difficult to ascertain whether the ACIC has met its performance criteria or to what extent it has not met the criteria. This is demonstrated in the three 'partially met' performance criteria, where it is uncertain to what extent the ACIC failed to meet the criteria.

1.21      The committee is thus unable to make a clear assessment of whether the ACIC has met or has not met its performance criteria based on the information provided in the report. As previously noted by the committee, the importance of clear performance reporting in annual reports is necessary to 'provide sufficient information and analysis for the Parliament to make a fully informed judgement on department performance.'[26]

1.22      This view has been supported by the ANAO, which stated in a 2013 report on performance measurement and reporting in Australian government agencies:

Performance reporting is most effective in informing the government, the Parliament, and the public when based on clearly expressed outcome statements, program objectives, deliverables and KPIs...[There is a] need for focused and clear outcome statements and well defined program objectives as important in allowing the development of appropriate KPIs. Entities’ periodic review of both outcomes and objectives, together with adherence to Finance guidance, will contribute to meeting the need for focus, clarity and well defined outcome statements and program objectives.[27]

1.23      The committee encourages all portfolio agencies to clearly state whether a performance criteria is met or not, and clearly present supporting evidence.

Biometric Identification Services project

1.24      The Biometric Identification Services (BIS) project was a platform designed to replace the National Automated Fingerprint Identification System and intended to enable a national facial recognition platform for law enforcement agencies across the Commonwealth, states and territories. A discussion of the background to the project can be found in the Parliamentary Joint Committee on Law Enforcement (PJCLE) report Examination of the Australian Criminal Intelligence Commission Annual Report 2016-17.[28]

1.25      Eighteen months after the BIS project development contract was awarded to NEC Australia, it was reported in January 2018 that the project was significantly delayed and experiencing budgetary problems. The ACIC subsequently announced the discontinuance of the BIS project due to the delays, and cancelled the contract with NEC by mutual agreement in June 2018.[29]

1.26      At the request of the ACIC, the ANAO conducted an audit and published a report on the ACIC's handling of the BIS project on 21 January 2019, considering issues such as the procurement process and management of the project.[30] The ANAO found that, while the BIS procurement process was compliant with the Commonwealth Procurement Rules and ICT Investment Approval requirements, the administration of the project thereafter was 'deficient in almost every respect' which contributed to the project continuously missing deadlines.[31] It found that the financial management of the BIS project was poor, and raised concerns about the ACIC being unable to definitively state how much had been spent in total on the project, in addition to a one-off 'goodwill' payment to NEC totalling $2.9 million that was not linked to any contractual milestone.[32] The ANAO reported that total expenditure on the discontinued project amounted to $34 million, having achieved none of the project deliverables or milestones.[33]

1.27      The PJCLE expressed concern in its report regarding the management and cancellation of the BIS project. It noted that there was a significant cost to the Commonwealth, including approximately $26 million which would not be recouped and the resulting renegotiation of contracts for other related projects.[34] That committee acknowledged, however, that the ACIC appeared willing to learn from the experience, as evidenced by the self-initiated request to the ANAO for an audit, and stated that it would monitor the agency's response to the audit report.[35]

1.28      In the 2017–18 ACIC annual report, very little mention is made of the BIS project or how it was funded. The BIS project fell under performance criterion 'Connect 2: The delivery and implementation of new and enhanced ACIC systems and services satisfied the needs of stakeholders and users', which was reported to be 'partially met'.[36] The report stated:

Following consultation with law enforcement partners, we determined the benefits of continuing the project no longer outweighed the costs and risks for our agency and partner agencies, and that the current National Automated Fingerprint Identification System (NAFIS) remains fit for purpose.[37]

1.29      In its discussion of its performance, the ACIC recognised the impact of the discontinuance of the BIS project on its stakeholder survey, which is a measure of performance for the criterion. The ACIC stated that it had learned a number of critical lessons from the experience and identified issues such as:

  • the need to improve communication with stakeholders and manage engagement at the portfolio/agency level rather than on a project level, which had prompted the establishment of a dedicated Technology Collaboration and Coordination Unit to build and develop stakeholder relationships effectively;
  • building capacity to more effectively deliver project, program and portfolio outcomes through the Enterprise Program Management Office, which would also respond to findings of reviews and audits and implement refined practices and processes accordingly;
  • managing projects more effectively and developing a user-centric approach which would adopt processes that meet the Digital Service Standard; and
  • strengthening governance of all projects by including stakeholders in planning and governance at all levels during project management.[38]

1.30      The ACIC annual report provided information about the ANAO audit in its statement on reports on its operation by the Auditor-General, a Parliamentary Committee or the Commonwealth Ombudsman, as required by section 17AG(3)(b) of the PGPA Act. However, the statement does not provide context or reasons for the audit.[39]

1.31      Very little information is provided in the annual report regarding the financial performance of the contract. The financial statements provide limited insight into where and how appropriations were made on the BIS project. Further, the financial statements provide no explanation regarding the impact of the project's closure on the ACIC's other programs and overall budget.

Financial performance

1.32      The ACIC reported an operating deficit of $16.325 million for the 201718 financial year.[40] The agency received $88.46 million in operating appropriations, $2.64 million in departmental capital budget expenses, and $0.580 million for an equity injection.[41]

1.33      The annual report also provides a breakdown of the operating appropriation, noting that $79.607 million was provided in base funding with the remainder being tied to specific projects. Tied funding projects included: funding for the Australian Gangs Intelligence Coordination Centre; enhancing security at all office sites and personnel security capabilities; developing and enhancing cybercrime intelligence and analysis capability; development of the National Order Reference System; supporting the Australian Cyber Security Centre; and establishing a national database of rejected applications for Working with Children Checks.[42]

1.34      In relation to the ACIC's own source income, it collected $124.265 million. This included $97.737 million as a result of the provision of National Policing Information Services, $10.379 million received from the Proceeds of Crime Trust Account, $1.385 million in resources received free-of-charge, and $14.764 million relating to the provision of services.[43] Services provided included biometric systems for the recognition of fingerprints and DNA, identification systems for missing persons and disaster victims, protection services to assist with managing child offenders, and the national police history checking service.[44]

Conclusion

1.35      As discussed earlier, the committee encourages the ACIC to clearly state whether a performance criteria has been met or not, and clearly present supporting evidence. This would assist the committee to reach a fully informed judgement about the ACIC's performance over each financial year. The committee reiterates the ANAO's advice stating that clear tools to measure agency performance are crucial in enabling effective oversight of the functions of government.

1.36      The committee also observes that the annual report contains limited information regarding the cessation of the BIS project. Given the significant expenditure on the project and its failure to meet any deliverables or milestones, further information about the project, its management, costs and the reasons for its discontinuance would be beneficial in avoiding similar problems in the future.

1.37      Noting the comments made by the PJCLE on the BIS project, this committee will continue to monitor future project management by the ACIC and the performance reporting of such projects in annual reports.

1.38      Notwithstanding these issues, the committee finds the report to be 'apparently satisfactory'.

Australian Transaction Reports and Analysis Centre

1.39      AUSTRAC provided its 2017–18 report to the minister on 26 September 2018, which was subsequently tabled in the House of Representatives and the Senate on 12 November 2018.

1.40      AUSTRAC was established under the Financial Transaction Reports Act 1988, and continues in existence under section 209 of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act). AUSTRAC's stated purpose is to:

[P]rotect Australia from financial crime and terrorism financing, and contribute to the growth and resilience of Australia's economy, by discovering, understanding and disrupting criminal activity, through our intelligence and regulatory programs.[45]

1.41      Prior to December 2017, AUSTRAC was an agency in the Attorney-General's portfolio. As a result of machinery-of-government changes, AUSTRAC was moved into the Home Affairs portfolio, under the Minister for Home Affairs and the Minister for Law Enforcement and Cyber Security.[46]

1.42      AUSTRAC has one outcome and one program based on the Corporate Plan 2017–21 (Corporate Plan) and the Portfolio Budget Statement 2017–18 (PBS).[47]

1.43      The Chief Executive Officer (CEO) is the accountable authority of AUSTRAC.[48]

Chief Executive Officer's review

1.44      Ms Nicole Rose PSM, CEO, provided the annual review for the 2017–18 reporting period. Ms Rose commenced her role as AUSTRAC's CEO on 13 November 2017.[49]

1.45      Ms Rose opened the annual review by stating that AUSTRAC has continued its position as Australia's financial intelligence unit and anti-money laundering and counter-terrorism financing (AML/CTF) regulator to pursue its vision of 'a financial system free from criminal abuse'.[50]

1.46      The CEO stated that the establishment of the Home Affairs portfolio had resulted in increased opportunities for AUSTRAC to engage with the public and private sectors. Increased challenges in combating financial crime, including the rise of cryptocurrencies, enabled AUSTRAC to collaborate with these partners via projects such as the Fintel Alliance, the world-first partnership to combat AML/CTF, and the multi-agency Serious Financial Crime Taskforce (SFCT) which identifies and addresses serious and complex financial crimes.[51] AUSTRAC also contributed to the work of other Commonwealth and state/territory agencies, including the federal Department of Human Services and the Western Australian Joint Organised Crime Taskforce.[52]

1.47      Other achievements during the reporting period noted by the CEO included:

  • instituting landmark civil penalty proceedings in the Federal Court of Australia against the Commonwealth Bank of Australia (CBA) for multiple contraventions of the AML/CTF Act, which resulted in the court ordering the CBA to pay a $700 million penalty, the largest civil penalty in Australian corporate history;[53]
  • publishing and disseminating three risk assessments to assist in educating the financial sector's understanding of AML/CTF capabilities and addressing vulnerabilities within the industry and its products;[54]
  • collaborating with regulated entities to establish a 'Community of Practice' and redesign the annual AML/CTF compliance reports;[55]
  • alongside the Attorney-General's Department and the Department of Home Affairs, contributing to legislative reform to the AML/CTF Act, addressing issues such as the regulation of digital currency, enhancing information-sharing capabilities between related bodies corporate, and expanding the range of regulatory offences;[56] and
  • engagement with international partners, including hosting a number of conferences and visits from overseas counterparts.[57]

Performance reporting

1.48      AUSTRAC's performance reporting scheme comprises six performance criteria. These six performance criteria are measured using a number of different methods, which are outlined in the annual report.[58] AUSTRAC does not appear to use specific KPI targets. Instead, the PBS indicates that AUSTRAC measures performance by using a 'range of case studies and quantitative and qualitative reporting'.[59]

1.49      When read alongside the PBS, the annual report appears to provide a 'clear read' in relation to its performance criteria.

1.50      AUSTRAC reported that all performance criteria had been fully achieved for the reporting period. The annual report also noted that all performance criteria established by the PBS were achieved as well.

1.51      Each performance criterion is accompanied with supporting material demonstrating how it was met. For example, the performance criterion titled Corporate Plan Performance Criterion 1.1: Our public and private sector partners readily access intelligence that is of value, included evidence to support this finding:[60]

  • AUSTRAC's continued work on the Fintel Alliance, a public-private partnership established in March 2017 to develop shared intelligence and develop shared intelligence and deliver innovative solutions to protect the Australian economy from criminal abuse, with additional information on related Fintel Alliance projects such as the online money mules project and the child sexual exploitation project;[61]
  • 136,225,100 reports from industry over the reporting period, representing a 21.6 per cent increase on the previous reporting period;[62]
  • contributing to a number of multi-agency task forces, including the SFCT;[63]
  • case studies of AUSTRAC's information being used to inform public partners, including Operation Astatine, which focussed on a NSW-based criminal syndicate involved in drug trafficking and tobacco smuggling;[64] and
  • the production of risk assessments that identify and evaluate the money laundering or terrorism financing risks posed by financial sectors and products, including advice released by the Minister for Justice in July 2017 regarding risks in the securities and derivatives sector, which were reported to have been responded to meaningfully by the industry.[65]

1.52      As noted above, AUSTRAC does not have specific KPI targets for assessing performance. It is therefore reliant on using a wider range of achievements to assess the performance of the agency. As observed in the discussion regarding the ACIC, this can be challenging for the Senate in determining whether agencies have met their performance criteria. Specific KPI targets may assist in promoting a fulsome understanding of AUSTRAC's performance.

1.53      The performance reporting in the annual report is otherwise highly detailed and provides illustrative examples of how AUSTRAC has sought to achieve its performance criteria, even where specific KPIs are not present. The examples demonstrate a clear link with the relevant performance criterion, and are presented clearly and concisely.

Financial performance

1.54      AUSTRAC reported a net operating surplus of $2.2 million for the 201718 financial year. This was compared with the 201617 reporting period which resulted in a net operating deficit of $8.7 million.[66] The net operating surplus includes $4.9 million of unfunded depreciation and amortisation expenses. Total revenue for the reporting period was $70 million, representing a $7.9 million increase over the previous year's results.[67]

1.55      Expenses for AUSTRAC were reported to amount to a total of $67.763 million, which includes employee benefits, supplier costs, and write-down and impairment of intangible assets.[68] In relation to employee benefits, the annual report explains that there was a variance in the budgeted cost compared to the actual expenditure. This was due to two factors: firstly, in 2017, AUSTRAC engaged in a program in which contractors were converted to APS staff, which resulted in a higher cost for employee benefits than originally budgeted. Secondly, due to new funding measures announced in the Mid-Year Economic and Fiscal Outlook (MYEFO) 2017-18, additional resourcing was engaged to meet demand.[69]

1.56      AUSTRAC also reported a total expenditure on legal services for the 201718 financial year as $3,459,004 (exclusive of GST), which includes the cost of providing internal and external legal services.[70]

Conclusion

1.57      The committee commends AUSTRAC on its informative and clearly expressed annual report. While it notes that the lack of specific KPIs can make it difficult for agencies to measure performance, AUSTRAC has provided explanations of its activities in meeting performance criteria, and demonstrated how it has met these criteria with illustrative and clearly related examples of its work. AUSTRAC's reporting is an excellent example to all agencies without specific KPIs of how effective performance reporting can be achieved in circumstances where performance criteria do not have specific targets or refer to broad outcomes.

1.58      The committee finds the annual report to be 'apparently satisfactory'.

Navigation: Previous Page | Contents | Next Page