Business Grants Hub - Small Business Cyber Resilience Service Program (Treasury) Delegations 2024

This instrument is a notifiable instrument made by the Secretary to the Department of the Treasury. It delegates certain Treasury powers and functions for the Small Business Cyber Resilience Service Program to specified officials in the Department of Industry, Science and Resources, or DISR.

In practical terms, it tells you which DISR officers can make, vary or administer arrangements and funding agreements for the program, and which officers can deal with certain Commonwealth debt recovery and payment modification functions connected to the program. It also imposes directions that those officials must follow when using those delegated powers.

For businesses, the instrument is mainly about process, authority and control. It helps determine whether the person dealing with your grant has the legal authority to approve the agreement, approve a variation, or deal with certain payment or recovery issues. It also builds in controls around funding limits, written records, compliance with the Grant Opportunity Guidelines and Treasury agreement for some higher risk changes.

The instrument sits alongside, not instead of, the Grant Opportunity Guidelines and the underlying program instrument. If you are looking for applicant eligibility, assessment criteria or detailed program rules, this instrument is not the main source for those points. Its focus is who can act for the Commonwealth in administering this program and on what conditions.

The instrument is relevant to businesses that apply for or receive support under the Small Business Cyber Resilience Service Program. It is also relevant to advisers helping those businesses prepare applications, manage grant agreements or request changes after approval.

The delegated powers relate to arrangements and agreements made for the purposes of the program. The instrument refers to powers under the Industry Research and Development Act 1986 to make, vary or administer an arrangement on behalf of the Commonwealth, and to enter into an agreement with a State or Territory or a corporation to which paragraph 51(xx) of the Constitution applies, on behalf of the Commonwealth, setting out the terms and conditions of financial assistance for the program.

Businesses that are not dealing with this specific program are usually outside the practical scope of this page. The instrument also does not itself set the broader public-facing eligibility rules for applicants. Those are dealt with through the Grant Opportunity Guidelines and the program framework referred to in the instrument.

The instrument delegates powers under two main legal frameworks.

First, under the Industry Research and Development Act 1986, delegated DISR officials can exercise the Secretary to the Treasury's power to make, vary or administer an arrangement on behalf of the Commonwealth, and the power to enter into an agreement with a State or Territory or a relevant corporation setting out the terms and conditions of financial assistance for the program.

Second, under the Public Governance, Performance and Accountability Act 2013 and the Public Governance, Performance and Accountability Rule 2014, delegated DISR officials can exercise the Secretary's delegated power to modify the terms and conditions on which an amount owing to the Commonwealth is to be paid, and can perform functions relating to recovery of a debt owing to the Commonwealth that relates to the program.

These powers are not open-ended. The instrument says they are delegated only to officials holding, occupying or performing the duties of specified DISR positions, and only where they have responsibility for administering the program. That qualifier is important. A person at the right classification level is not enough by itself. They must also have responsibility for administering the program.

The financial limits in Schedule 1 apply in relation to a single grant agreement. For the IR&D Act delegation, if the exercise of the power involves the commitment or expenditure of money by the Commonwealth, the relevant amount must not exceed the amount specified for the delegate's position. For the PGPA Act delegation, the relevant amount owing to the Commonwealth must not exceed the amount specified for that position.

For a business, this means the approval pathway may depend on the size of the grant agreement or the amount involved in a debt or repayment issue. If your matter is above a delegate's limit, it will need to be handled by someone with the necessary authority. It also means that if you are dealing with a program officer, the final approval may still need to come from a different official depending on the amount and the type of decision.

Schedule 2 sets out mandatory directions that apply to the exercise of delegated powers. These directions are central to how the program is administered in practice.

Officials must make a written record of each exercise of a delegated power under the instrument and retain the records on a corporate file. They must not take action or exercise a power if doing so would commit funds exceeding the available funding for the program. A grant amount can only be approved in accordance with the Grant Opportunity Guidelines, and a grant agreement may only be executed where it has been approved in accordance with those Guidelines.

The instrument also creates extra controls for certain changes after approval. An application for an extension of time, or a change in project milestones, that is likely to result in a need to vary annual capped amounts for an arrangement must not be approved until agreed with a relevant official of the Treasury. Likewise, a request to terminate or novate an arrangement must not be approved until agreed with a relevant official of the Treasury.

Officials must only exercise the delegated powers consistently with their duties. In addition, the power under paragraph 63(1)(b) of the PGPA Act can only be exercised in accordance with relevant directions in the Finance Minister's Delegation, or any superseding delegation.

For businesses, these directions matter because they shape the process you will experience. If a request falls into one of the categories that needs Treasury agreement, it may take longer and require clearer supporting material. If a grant has not been approved in accordance with the Grant Opportunity Guidelines, the agreement cannot simply be executed anyway. The written record requirement also means there should be a formal internal record of each delegated decision.

Businesses usually encounter this instrument at a few practical points in the life of a grant.

The first trigger point is the initial application and approval stage. The instrument requires grant amounts to be approved in accordance with the Grant Opportunity Guidelines, and grant agreements can only be executed where they have been approved in accordance with those Guidelines. If your application does not fit the Guidelines, the delegated official cannot lawfully approve it under this instrument.

The second trigger point is when your business wants to change the timing or structure of the project. If you seek an extension of time or a change in project milestones, and that change is likely to require variation of annual capped amounts for the arrangement, the request cannot be approved until a relevant Treasury official agrees.

The third trigger point is where the arrangement itself may need to end or move to another entity. Termination and novation requests also need agreement from a relevant Treasury official before approval.

The fourth trigger point is where money becomes owing to the Commonwealth, for example if there is a repayment or debt recovery issue under the program. The instrument delegates certain PGPA Act and PGPA Rule powers and functions for those situations, again subject to financial limits and directions.

A fifth practical trigger point is where the amount involved is close to or above a delegate's financial limit. In that case, the matter may need to be escalated to a more senior authorised official. That can affect timing, internal review steps and the level of supporting documentation expected.

The written record requirement is one of the clearest operational rules in the instrument. Each exercise of a delegated power must be recorded in writing and retained on a corporate file. This is a direction to officials, but it has practical consequences for businesses because it supports traceability of approvals, variations and debt-related decisions.

If your business is applying for funding or requesting a change, it is sensible to keep your own matching records as well. That can include the application, supporting documents, approval notices, variation requests, milestone correspondence and any communications about Treasury agreement. While the instrument does not impose a direct record-keeping duty on applicants, good records make it easier to confirm what was requested, what was approved and when a decision took effect.

The instrument does not spell out a public penalty or separate enforcement mechanism for a failure by officials to comply with these directions. Even so, the directions are mandatory within the delegation framework. A business should expect decisions to be documented and handled through formal channels rather than informal assurances alone.

If you are applying for funding, this instrument is best read as an administration and authority document. It does not replace the Grant Opportunity Guidelines. Instead, it works alongside them. The Guidelines remain critical because the instrument expressly says grant amounts can only be approved in accordance with them, and grant agreements can only be executed where approval has occurred in accordance with them.

If you already have a grant agreement, the instrument matters most when you want to change something. Not every variation is described in detail here, but the instrument clearly identifies some changes that need Treasury agreement before approval, especially where annual capped amounts may need to change, or where the arrangement may be terminated or novated.

It is also sensible to check whether the person handling your matter appears to be acting within the right authority level. The instrument does not require businesses to audit internal government delegations, but it does make clear that only specified DISR officials with responsibility for administering the program can exercise the powers, and only within the stated financial limits.

Finally, businesses should not rely on old delegation arrangements for this program. This instrument expressly revokes previous delegations of the Secretary to the Treasury's relevant powers and functions for the purposes of the program. From commencement, this is the operative delegation instrument for those powers and functions.

The instrument is titled the Business Grants Hub - Small Business Cyber Resilience Service Program (Treasury) Delegations 2024. It was made on 3 June 2024 and registered on 4 June 2024. Under its commencement provision, the whole instrument commenced on the day after registration, which is 5 June 2024.

It is in force. The instrument also states that any previous delegations of the Secretary to the Treasury's powers or functions under subsection 36(3) of the Industry Research and Development Act 1986 and subsection 110(1) of the Public Governance, Performance and Accountability Act 2013, for the purposes of the program, are revoked.

That revocation point matters if your business has older correspondence, templates or assumptions about who can approve a step in the process. The current instrument is the one to check from commencement onward.

This page summarises the delegation instrument itself. Businesses should still review the current program guidelines and any grant agreement terms that apply to their specific funding arrangement.

A common misunderstanding is that this instrument decides whether a business qualifies for funding. It does not. It decides who can exercise certain powers for the Commonwealth in administering the program and what directions those officials must follow.

Another common question is whether every change to a grant needs Treasury agreement. The instrument only identifies certain categories that must not be approved until agreed with a relevant Treasury official, including some extensions of time and milestone changes that are likely to require variation of annual capped amounts, and requests to terminate or novate an arrangement.

Businesses also often want to know whether older delegations still matter. The answer is no for this program once this instrument commenced, because previous delegations of the relevant Treasury powers and functions for the purposes of the program were revoked.

This page is based on the Federal Register of Legislation entry for the Business Grants Hub - Small Business Cyber Resilience Service Program (Treasury) Delegations 2024, notifiable instrument F2024N00478, as in force. The instrument is made under the Industry Research and Development Act 1986 and the Public Governance, Performance and Accountability Act 2013.