The ATO's 2025–26 compliance programme has three converging risk areas for businesses with corporate card programmes: data matching coverage broader than most businesses assume, tighter documentation requirements for the FBT actual method, and spend policy failures increasingly treated as board governance issues. Proactive monitoring with a full audit trail is the difference between a defensible position and an $82,000 liability.
The data matching reality
Under its data matching programmes, the ATO receives corporate card transaction data from major Australian banks on a regular basis. This is not a hypothetical future capability — it is operational now.
If your FBT lodgement does not reconcile with the transaction data the ATO already holds, the discrepancy can be identified algorithmically. The average ATO FBT audit liability for an SME is $82,000 — a figure that includes back-tax, penalties, and interest on unpaid amounts, none of which are avoidable once the audit process begins.
The businesses most exposed are not those running obvious entertainment programmes. They are businesses where entertainment and meal spend occurs on corporate cards, where the FBT position has never been formally reviewed, and where there is no contemporaneous documentation to support either the liability calculation or a defence under the actual method.
The actual method problem
The FBT actual method for entertainment can reduce your liability significantly compared to the 50/50 split method. The trade-off is documentation: you need contemporaneous records of who attended, the business purpose, and the cost per head for every relevant transaction.
In practice, most businesses try to reconstruct this information at or near 31 March. By that point, cardholders do not remember who attended a dinner in July. The business purpose is vague or missing. The cardholder who submitted the expense may have left the company.
The records that would have supported an actual method claim — and potentially saved thousands in FBT liability — no longer exist in any reliable form.
What contemporaneous actually means
The ATO's position on “contemporaneous” is strict. Records captured at or near the time of the transaction carry weight. Records reconstructed months later from credit card statements and calendar invites do not.
SpendGuard addresses this by prompting the cardholder to capture attendee count and business purpose at the point of submitting the expense — not at month-end, not at year-end. The FBT liability per transaction is calculated under the actual method in real time, and the entries accumulate across the April–March FBT year. At year-end the output is a complete, defensible FBT register rather than a reconstruction exercise.
Three risk areas converging in 2025–26
Three conditions have come together that make proactive monitoring more important than at any previous point.
First, ATO data matching coverage of corporate card programmes is broader than most businesses assume. The assumption that your card data is not visible to the ATO is not a safe one.
Second, the policy breach patterns that indicate weak financial controls — personal spend on business cards, split transactions to avoid approval thresholds, unapproved vendor use — are increasingly treated as governance failures rather than administrative errors. Finance teams need to be able to demonstrate that controls are working, not just that they exist.
Third, the FBT actual method savings are real and meaningful for businesses running active entertainment and client relationship programmes. Capturing those savings requires infrastructure that most businesses do not currently have. The difference between a defensible actual method claim and a poorly documented 50/50 position is, in many cases, worth tens of thousands of dollars.
The ATO has identified corporate card FBT compliance as an active focus area for 2025–26. Businesses with entertainment spend on corporate cards that have not reviewed their FBT position are at heightened risk of a data-matching-triggered review.
Frequently asked questions
Does the ATO really receive corporate card data from banks?
Yes. The ATO operates data matching programmes under which major Australian banks provide corporate card transaction data. This is used to cross-reference FBT lodgements and identify discrepancies before any direct audit contact. Businesses should not assume their card data is invisible to the ATO.
What is the difference between the FBT actual method and the 50/50 split method?
The 50/50 split method treats half of all meal entertainment spend as FBT-liable regardless of who attended or the business purpose. The actual method calculates FBT only on the proportion that genuinely constitutes a benefit to employees — which can significantly reduce liability. The actual method requires contemporaneous records; the 50/50 method does not. Most businesses default to 50/50 because they lack the documentation infrastructure to support the actual method.
How does SpendGuard capture FBT data at point of expense?
When a cardholder submits an entertainment or meal expense, SpendGuard prompts them to capture the number of attendees and business purpose at that point — not two weeks later when nobody remembers. The engine calculates the FBT liability per transaction under the actual method and accumulates these across the April–March FBT year. At year-end you have a complete, defensible FBT register.
What does the SpendGuard FBT health check show?
Send us three months of corporate card exports as a CSV and we return a report showing your FBT exposure estimate — how much liability is sitting in your entertainment and meal spend — and what the actual method would save versus your current approach. The health check also shows policy breach counts, fraud risk flags, and new vendor exposure. No software to install, no commitment required.
Is SpendGuard a software product or a managed service?
Managed service. SecureLoop operates SpendGuard — you do not manage the infrastructure, tune the detection rules, or maintain the integrations. You get the dashboards, alerts, and monthly review calls. Setup from $3,500 fixed price, running from $599 per month for up to 20 cardholders.
See your FBT exposure before the ATO does
SpendGuard captures FBT data at point of expense and generates a complete FBT register across the April–March year. Start with a free health check — send us three months of card exports and we will show you your FBT exposure estimate before you commit to anything.