Policy alone will not close the $3.5 billion gap, the plumbing has to change too.
Long before I moved into fintech infrastructure, I was a physiotherapist. My focus was entirely on patient outcomes, helping people regain mobility and independence. But there was always an invisible friction running in the background: the administrative burden of being paid. Back then, the paperwork was a nuisance. In 2026, that nuisance has become a systemic risk within the NDIS ecosystem.
In his National Press Club address in April, Minister Mark Butler described the NDIS as having become an “ATM for shonks, grifters, fraudsters and crooks,” pointing to a lack of “visibility at the point of disbursement.” Having sat on both sides of the table, first as a provider and now as a payments specialist, I think the diagnosis is right but the conversation is missing a piece. Australia’s NDIS payments infrastructure is no longer fit for purpose, and no amount of policy will fix that on its own.
The statistics are sobering. The Australian National Audit Office found that the National Disability Insurance Agency’s (NDIA) current systems auto‑approve 98 per cent of claims, moving funds before legislative or risk‑based checks can be applied. Paired with the government’s own estimate of up to $3.5 billion in annual leakage, identified in the Securing the NDIS reform package, the case for infrastructure change shifts from theoretical to urgent.
The mechanism enabling this is the legacy ABA file, a batch payment format that is a relic of 20th‑century banking. It moves money, but you cannot conclusively prove a claim in 2026 using a 1980s file that only contains a BSB, account number and a 16‑character reference field. It cannot verify service necessity, provider registration or line‑item detail. It is, in effect, a “pay-and-pray” model: funds move first and the data is hunted down later.
A new precedent for NDIS payments compliance
The 2026–27 Budget has drawn a line under that model. The government has allocated $358.5 million to a new NDIS digital enrolment and payment system, with a 1 July 2026 start date, designed to replace pay‑and‑pray with evidence‑based validation before funds are released. The Integrity and Safeguarding Act 2026 goes further, giving the NDIA the power to mandate electronic‑only claiming. The message is unambiguous: the ABA file effectively has a best-before date, and the era of moving money within the NDIS without rich metadata may soon be ending.
For businesses in the NDIS space, the compliance reality is that visibility now flows in both directions. Providers and intermediaries are expected to carry the evidence with the payment. If your infrastructure cannot transmit the “why” alongside the funds, you risk being invisible to the new system, or worse, exposed to a compliance breach.
Plan managers are also facing a particular squeeze. From a 30 per cent reduction in intermediary spending and a shift to a commissioned panel model from October 2027, to a higher bar for integrity and fraud‑reduction technology to retain market access – the transition from ‘theoretical reform’ to ‘legislated mandate’ has landed with a bang in the Budget. So, how can both participants get ahead?
Practical steps businesses can take now
I believe the solution shouldn’t wait for a government portal to be finished in 2027. The tools to bridge this gap exist today and three capabilities are emerging as the baseline.
The first is pre‑payment validation, using real‑time Confirmation of Payee checks to match the bank account details to those of a legitimate provider before funds are released, rather than chasing this after the fact.
The second is the ISO 20022 messaging standard, which allows data‑rich payments to carry up to 280 characters of remittance information, so the evidence the government now requires travels with the transaction itself.
The third is programmable, mandate‑based payment controls that keep recurring supports within the guardrails of a participant’s plan and produce a digital audit trail. Australia’s real-time rails, the New Payments Platform, already offers this mechanism via secure payment methods like PayTo.
Waiting for the NDIA to publish its final technical specifications is itself a risk. This is because integrating a new payment architecture, testing reconciliation, redesigning workflows and moving away from bank‑intermediated batch files takes months, not weeks. When faced with potential compliance breaches down the track, making the transition now is the smarter move.
We cannot fix the NDIS with policy alone. We have to bridge the infrastructure gap between the legacy systems of the past and the real‑time, data‑rich requirements of the future. As a former clinician, I want every dollar to reach the participant it was intended for. As a technologist, I know the only way to get there is to stop “paying-and-praying”, and start validating in real time.
