By Andy Thiss, SVP & GM at Eftsure
The conversation around NDIS integrity has largely focused on scheme-side fraud: providers and intermediaries claiming against the scheme for services they didn’t deliver.
This is a critical problem to solve, but there’s a parallel problem receiving far less attention: legitimate providers and plan managers are themselves being defrauded by impostor vendors hijacking real practitioners’ invoices and bank details. As the scheme tightens around the first problem, the second deserves the same scrutiny.
The Federal Government’s recent commitment of $821.2 million to strengthening NDIS scheme integrity targets that first direction of fraud. At the same time, the NDIS Quality and Safeguards Commission’s expanding enforcement footprint is changing the questions being asked of providers. Attention has shifted beyond whether an organisation simply has controls in place, towards whether organisations can demonstrate those controls are in place.
For many NDIS providers and plan managers, that presents a real challenge. Unlike traditional organisations that transact primarily with established vendors, NDIS organisations operate within one of Australia’s most fragmented vendor ecosystems: a significant proportion of payments flow to sole traders, independent support workers, allied health practitioners, and micro-businesses.
Some plan managers process payments to tens of thousands of providers each month, with sole traders making up most of that base. The result is a payment environment unlike almost any other sector.
Onboarding is constant. Providers enter and leave the scheme, service categories shift, bank account details change frequently. Finance teams are expected to process those payments quickly, all while maintaining rigorous governance. In the background, sham providers can be spun up in a day, and fraudsters are increasingly adept at impersonating trusted contacts over weeks or months.
Traditional verification methods simply weren’t designed for this level of complexity or risk. Many organisations still rely on controls that validate information at a single point in time. A point-in-time check tells you nothing about the payment going out next month, or whether a document submitted at onboarding still represents the genuine vendor today.
The problem is particularly acute in environments dominated by small businesses and individual operators. These entities are often the most difficult to verify at scale, yet they also represent a substantial portion of the NDIS supply chain, all while regulatory expectations continue to evolve.
Boards, auditors, and regulators are expecting providers to offer evidence, not just assurances. They want organisations to demonstrate who verified a vendor, when verification occurred, what checks were performed, and whether those controls remained effective over time.
For finance leaders, this means payment integrity is becoming an operational and governance issue at once. Importantly, this integrity should not be viewed solely through the lens of fraud prevention. Every misdirected payment has downstream consequences. It can disrupt service delivery, draw resources into recovery, and damage trust between participants, providers, and plan managers.
In an ecosystem built around supporting vulnerable Australians, financial controls ultimately support participant outcomes, too. This is why many organisations are now moving beyond point-in-time verification models towards approaches that continuously monitor vendor information throughout the payment lifecycle: this was a driving factor behind Eftsure’s recent expansion of its platform into NDIS verification at scale.
The NDIS sector has spent considerable time discussing participant safeguards, provider registration, and scheme integrity. Those conversations are important. However, as expectations around governance continue to rise, attention must also turn to the payment infrastructure that sits behind the scheme.
For NDIS finance leaders, the question is whether each payment can be supported by a clear evidence trail, showing that the right vendor was verified at the right time, with a record of the controls applied.
In a scheme built around vulnerable Australians, integrity can’t stop at the provider level. It should extend to every vendor in the payment chain.
