Do NDIS providers have to hold participant money in a separate bank account?

The NDIS Practice Standards require that participant funds are kept separate from organisational funds, but they do not prescribe a specific account structure for every situation. In SIL settings, providers commonly use individual petty cash ledgers or designated float envelopes per participant rather than separate bank accounts. What matters is that the money is clearly attributed to each individual and that reconciliation records demonstrate no commingling.

What records does an NDIS auditor expect to see for petty cash?

Auditors look for a transaction log showing date, amount, purpose, and staff name for every transaction; receipts matched to each entry; a regular reconciliation record (at minimum monthly, weekly for SIL); and evidence of supervisory sign-off on the reconciliation. A running balance that matches physical cash on hand at reconciliation time is the core evidence.

Is it a reportable incident if a participant's money goes missing?

Yes. Under the NDIS (Incident Management and Reportable Incidents) Rules 2018, financial abuse of an NDIS participant — including theft or misappropriation of their money or property — is a reportable incident that must be notified to the NDIS Commission. Your money handling policy should explicitly state this obligation and the reporting timeframes.

How often should a SIL provider review its money handling policy?

Best practice and the NDIS Commission's governance expectations point to at least an annual review, or sooner if there has been a material change — such as a new support model, a staff restructure, or following a money handling incident. The review date and approving manager should be documented on the policy itself.

Can a participant choose to manage their own money without provider involvement?

Yes, and this is the default position. Participants have the right to manage their own funds. Provider involvement in a participant's personal finances should only occur when the participant has given informed consent, and the arrangement should be as limited in scope as necessary. Auditors look for evidence that involvement was participant-initiated, not provider-driven.

What happens if an auditor finds non-conformances in our money handling records?

Minor non-conformances (such as isolated missing receipts) typically result in a corrective action request with a specified timeframe to demonstrate remediation. Major non-conformances — for example, no consent process or evidence of commingling — can delay registration or trigger conditions on your registration. Patterns of non-conformance relating to participant financial harm may be referred for compliance investigation by the NDIS Commission.

NDIS Money Handling Policy: What Auditors Look For in 2026

Why Money Handling Is a High-Risk Area for NDIS Auditors

Handling a participant's personal funds sits at the intersection of dignity, autonomy, and financial integrity. The NDIS Practice Standards explicitly identify financial intermediary functions as requiring rigorous governance because the power imbalance between a provider and a participant with limited capacity can create conditions for financial harm — whether intentional or not.

Under the strengthened NDIS Practice Standards framework taking effect in 2026, approved quality auditors pay close attention to money handling as part of the Rights and Responsibilities and Governance and Operational Management core modules. Providers who register under the higher-intensity registration groups — including SIL (Supported Independent Living) — face a certification audit, not merely a verification audit, which means auditors conduct file reviews, staff interviews, and participant consultations.

Getting your money handling policy right before audit day is not optional. It is a registration requirement.

The Core Requirements Your Policy Must Address

The NDIS Commission does not publish a single prescriptive money handling template, but the Practice Standards and the NDIS Code of Conduct together create a clear framework of what must be covered. Auditors map your written policy and your operational evidence against these requirements.

1. Participant Consent and Choice

Every arrangement in which your organisation holds, accesses, or manages money on behalf of a participant must be based on documented, informed, and voluntary consent. The participant (or their nominee or guardian) must understand what money is being held, for what purpose, and how they can access it or withdraw consent at any time. Auditors look for signed consent forms linked to individual support plans, not a generic blanket agreement buried in an intake pack.

2. Separation of Participant Funds from Organisational Accounts

Participant money must never be commingled with your organisation's operating funds. This is a bright-line requirement. Auditors will ask to see bank account structures or petty cash ledger arrangements that demonstrate clear segregation. If you hold a small float for day-to-day participant expenses, that float must be attributed to the specific participant it relates to, not pooled.

3. Individual Transaction Records

For every financial transaction involving a participant's money, your records must show: the date, the amount, the purpose, the authorisation (who approved the spend), and the receipt or supporting evidence. Auditors pull sample files and cross-check the transaction log against receipts and participant plans. Missing receipts for even routine purchases — a coffee, a bus ticket, a haircut — are among the most common minor non-conformances raised in NDIS certification audits.

4. Regular Reconciliation

Your policy must specify how frequently accounts or petty cash floats are reconciled (weekly is considered best practice for SIL settings), who is responsible, and who reviews and approves the reconciliation. Auditors want to see the reconciliation records themselves, not just the policy saying it will happen. A policy statement without supporting records is treated as unimplemented.

5. Staff Roles, Limits, and Segregation of Duties

Your policy must define which staff roles are authorised to handle participant money, any individual spending limits requiring secondary approval, and how duties are separated so that no single staff member can both authorise a transaction and reconcile the account. In smaller SIL houses this can be challenging, and auditors accept proportionate controls — but they expect you to have documented how you manage the risk.

6. Incident Reporting for Financial Harm

Under the NDIS (Incident Management and Reportable Incidents) Rules 2018, financial abuse of a participant is a reportable incident. Your money handling policy must explicitly link to your incident management system and make clear that suspected or actual misuse of participant funds is reportable to the NDIS Commission within the required timeframes. Auditors check that staff know this pathway exists and that there is a culture of reporting rather than internal resolution only.

What Auditors Actually Check — the Audit Trail

Understanding the auditor's methodology helps you prepare evidence in the right format. In a certification audit for a SIL registration group, the auditor will typically:

Review your written policy — Does it exist? Is it current (reviewed within the last 12 months or after any material change)? Does it cover all the elements above?
Sample participant files — For a selection of participants living in your SIL properties, the auditor will look for consent forms, individual transaction logs, receipts, and reconciliation records.
Interview support workers and house managers — Can staff explain what the policy requires of them? Do they know the spending limits? Do they know how to report a concern?
Interview participants where safe and appropriate — Do participants feel they have control over their own money? Have they ever felt pressured? Do they know who to speak to if something seems wrong?
Review your incident log — Has any money handling concern been logged? If so, how was it managed and reported?
Check your governance documents — Is money handling addressed in your board or management reporting? Is there an internal audit or spot-check process?

Common Non-Conformances Raised by NDIS Auditors

Non-Conformance	What Auditors See	How to Fix It
Missing or unsigned consent	Money handled without a signed agreement linking to the participant's plan	Require signed consent before any money is held; refresh consent annually or on plan review
No receipt for transactions	Transaction log shows a purchase but no receipt is in the file	Implement a same-day receipt capture rule; digital photos of receipts are acceptable if stored securely
Commingled funds	Petty cash shared across multiple participants or mixed with organisation funds	Create per-participant envelopes or ledger lines; never pool participant money
Policy not reviewed	Policy is dated more than two years ago with no record of review	Schedule annual review; document who approved the review and what changed
Staff unaware of policy	Support workers cannot describe the spending limit or approval process	Include money handling in induction and annual refresher training; keep attendance records
No link to incident reporting	Policy does not mention financial abuse as a reportable incident	Add an explicit cross-reference to your incident management procedure and the NDIS Commission reporting pathway

A Practical Policy Structure for SIL Providers

Your money handling policy does not need to be lengthy, but it does need to be complete. A well-structured document typically includes the following sections:

Purpose and scope — who the policy applies to and what types of money handling it covers (participant funds held by staff, petty cash floats, purchasing on behalf of participants)
Guiding principles — participant choice and control, dignity, transparency, and zero tolerance for financial abuse
Consent process — how consent is obtained, documented, stored, and withdrawn
Transaction process — step-by-step instructions for making a purchase, obtaining a receipt, and recording the transaction
Petty cash management — float amounts, who holds the float, reconciliation frequency, and escalation if a discrepancy is found
Roles and authorisation limits — which roles can approve which spend levels, and what requires a second signatory
Record keeping — where records are stored, how long they are retained (at minimum, the period required under your registration obligations), and who can access them
Incident reporting — what constitutes a financial incident, how it is reported internally, and the obligation to notify the NDIS Commission for reportable incidents
Review schedule — who owns the policy, how often it is reviewed, and how updates are communicated to staff

Preparing for the 2026 Strengthened Standards

The strengthened NDIS Practice Standards introduced from 2026 place greater emphasis on provider governance and the lived experience of participants. For money handling specifically, this means auditors are more likely to weight participant interviews heavily and to probe whether your written policy matches what actually happens day-to-day in your SIL homes.

Providers should conduct an internal pre-audit review at least three months before their certification audit is due. Walk through your policy against a real participant file and ask: could an auditor follow the paper trail from consent to reconciliation without a single gap? If not, close the gap now.

If you are building your compliance document suite from scratch or need to pressure-test what you have, the 74-document audit-ready SIL compliance kit available at ndiscompliant.com.au covers money handling alongside the full range of Practice Standards requirements — a practical starting point for providers who need to move quickly ahead of 2026 registration deadlines.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.