AdvertorialSponsored Content

Aged care directors can now be personally fined up to $165,000. Is your board ready?

A director can now be fined $165,000 out of their own pocket, even if the provider is cleared. Here's what closes the gap before the Commission finds it for you.

Most aged care boards still think about compliance the way they always have: something the organisation is responsible for, collectively, on paper. A shared risk, carried by the entity, insured against and reported on once a quarter.

That thinking is now out of date.

Under the Aged Care Act 2024, “responsible persons,” directors and key management personnel, face civil penalties in their own name. Up to $165,000 where their conduct contributed to death or serious injury. Up to $82,500 for a Code of Conduct breach. The liability attaches to the individual regardless of whether the provider itself is found at fault.

In the April–June 2025 quarter alone, the Aged Care Quality and Safety Commission investigated 130 providers and workers for potential Code of Conduct breaches and issued 34 banning orders. Some of the people named in those investigations sat on boards that had no idea anything was wrong until the letter arrived.

What does responsible person’ actually cover?

The provisions took effect on 1 November 2025. They apply broadly, not just to the CEO, but to directors, company secretaries and anyone in a position to exercise significant influence over the provider’s conduct. The Commission doesn’t need to establish organisational liability first. It can pursue the individual directly.

For a board member, that changes the question from ’Is our organisation compliant?’ to ’Can I personally show I acted on what I knew, or should have known?

Where does personal exposure actually come from?

David Morgan, Managing Director of Whistleblower Technologies at Veremark, has sat across the table from boards working through exactly this problem.

“I’ve reviewed board packs where the only information directors saw was what had already been filtered, summarised and softened by three layers of management before it reached them,” Mr Morgan says.

“Nobody was hiding anything on purpose. But by the time an issue reached board level, it had been rewritten so many times it barely resembled the original complaint.”

“In one case, a serious concern about a staff member’s conduct had been raised informally twice before it was ever logged anywhere. When the Commission carried out an unannounced review, the board learned about it at the same time the regulator did.”

Mr Morgan’s view is blunt:

“Ignorance isn’t a defence anymore. If you didn’t know, the next question is: why didn’t your systems tell you?”

What the Aged Care Rules 2025 actually require

This is the part that turns “should have known” from a vague standard into a documented one.

Providers must run a formal whistleblowing system with secure, confidential reporting channels. Disclosures have to feed into the same pipeline as complaints and incidents, not sit in a separate inbox. Staff need training. Victimisation has to be actively prevented, not just prohibited on paper. The data has to demonstrably drive continuous improvement.

All of it is a condition of registration. None of it is optional paperwork.

For a board, a working system is more than compliance. It’s the evidence trail that shows a concern was raised, escalated and acted on. It’s the difference between a director who can say, ‘I acted reasonably on what reached me,’ and one who can’t.

How boards actually close the gap

Mr Morgan points to the same three investments regardless of provider size:

Integrated reporting One system for whistleblowing, complaints and incidents, with clear ownership and a visible audit trail. Not three spreadsheets that stop being updated the moment someone difficult gets appointed.

Leadership screening Due diligence at the point of hire, especially at executive level. A board that skips this is betting its own personal liability on someone else's judgment.

Capability building Ongoing training so staff and managers actually know how to handle a disclosure when one lands, not a once-off module nobody remembers by month three.

Why this can’t wait for the next board meeting

The Commission investigated 130 providers and workers in a single quarter. Some of those names had never been flagged internally before the investigation started.

Boards that build the visibility now – through integrated reporting, leadership screening and real training – are the ones who find problems while they’re still theirs to fix.

The ones that don’t often find out from a banning order with their own name on it.

For a full breakdown of what “responsible persons” liability means in practice, what a compliant reporting system needs to include under the Aged Care Rules 2025, and where the Commission is most often finding the gap, read Veremark’s report: Whistleblowing in the New Aged Care Framework.

Do you have an idea for a story?
Email: rebecca.cox@news.com.au
Show More

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button