The objective of the audit was to assess the effectiveness of the Australian Communications and Media Authority’s regulation of unsolicited communications.

To form a conclusion against this audit objective, the ANAO adopted the following high-level criteria:

• an appropriate framework for assessing and mitigating risks and an effective strategy for monitoring compliance have been established;
• an effective risk-based program to communicate regulatory requirements and to monitor compliance with the Do Not Call Register Act 2006 and the Spam Act 2003 has been implemented; and
• non-compliance has been effectively addressed and resolved in accordance with established requirements.

The ACMA has been subject to ANAO audit coverage over recent years, including an audit in 2009–10 that assessed the Authority’s effectiveness in operating, managing and monitoring the Do Not Call Register. The audit made three recommendations, including one relating to the escalation of regulatory action. This recommendation was followed up as part of this audit’s examination of the ACMA’s monitoring of compliance with the DNCR Act.

Overall conclusion

The Australian Communications and Media Authority (the ACMA) is Australia's regulator for broadcasting, the internet, radiocommunications and telecommunications. The ACMA is responsible for handling complaints from the Australian community about unsolicited communications, including potential breaches of the DNCR Act and the Spam Act, and for monitoring and addressing non‑compliance with these acts. The ACMA’s graduated model for addressing non‑compliance includes responses ranging from encouraging voluntary compliance and informal resolution to administrative action and, where necessary, civil action. In 2013–14, the ACMA received almost 22 000 complaints relating to unsolicited communications, issued approximately 6000 advisory and informal warning letters and conducted 16 investigations.

Overall, the ACMA has established appropriate arrangements to underpin its effective regulation of unsolicited communications. In particular, the ACMA has implemented: processes to help ensure that risks are identified and managed; generally sound policies, processes and practices to support its communication of regulatory requirements and its compliance monitoring activities; and a graduated approach to addressing and resolving non‑compliance identified through its regulatory activities. There was, however, scope to improve the following aspects of the ACMA’s regulation of unsolicited communications:

• written investigation plans and risk assessments were not prepared for any of the 16 investigations finalised in 2013–14 and, in general, complainants were not notified when investigations had been completed. The preparation of written investigation plans, the assessment of investigation risks and the timely notification to complainants of the closure of each investigation would help to improve the delivery and oversight of investigations and achieve compliance with established requirements; and
• the current performance measures and reporting arrangements have not provided stakeholders with a clear indication of the impact and effectiveness of regulatory activities. Reviewing the measures for the regulation of unsolicited communications and monitoring and accurately reporting against them would better position the Authority to demonstrate the extent to which it is achieving its regulatory objectives.

The ANAO has made two recommendations, which are designed to strengthen the ACMA’s regulation of unsolicited communications by improving the planning, monitoring and closure of investigations and the monitoring and reporting of performance.