Key Takeaways
- Banning orders are routine enforcement, not rare headline events. In the January to March 2025 quarter alone, the NDIS Quality and Safeguards Commission made 5 banning orders against providers and 55 against individuals.
- Almost every ban traces to one of five recurring failures: worker screening, restrictive practices, abuse or misconduct, financial misconduct, and key-personnel fitness.
- The 2026 Fraud Fusion Taskforce actions (Operation Honeycomb, the Millennium Disability Care bans, Operation Benz, and the NDIA insider charge) show enforcement moving faster and reaching insiders, not just providers.
- Each ground maps to a control an ordinary provider is already meant to have. The difference between a banned provider and a compliant one is whether that control exists and can be evidenced.
- Banning orders are public, searchable on the Commission's register, and can be issued before any criminal proceeding concludes.
NDIS banning orders are not rare events reserved for the worst headline cases. The NDIS Quality and Safeguards Commission issues them steadily: in the January to March 2025 quarter alone it made 5 banning orders against providers and 55 against individuals, and the totals have risen year on year. Through 2026 the pace has picked up again as the Fraud Fusion Taskforce moves from investigation to charges and permanent bans.
Almost every ban traces back to one of five recurring failures. None of them is exotic, and each maps to a control an ordinary provider is already meant to have. Here are the five grounds, the 2026 cases that show the pattern, and what compliant providers do differently.
1. Worker screening failures
The most preventable ground of all. Providers get banned for engaging a support worker without a valid NDIS Worker Screening Check, letting a clearance lapse without noticing, or engaging someone who is already on the banned register. The Commission treats an unscreened worker followed by an incident as an aggravating combination, because the screening gap is what let the harm happen.
The trap is rarely a deliberate decision to skip a check. It is a clearance that expired without anyone noticing while the worker kept turning up, a contractor who was never screened because "they only cover the odd shift", or a new hire who started before the check cleared.
What compliant providers do differently. They verify the check before the first shift, not after it, and they track every clearance expiry so renewals happen ahead of the lapse. This is an ongoing duty, not a one-off at hiring, as our guide to NDIS worker screening obligations sets out.
2. Restrictive practice breaches
Using a regulated restrictive practice (physical, mechanical, chemical, or environmental restraint, or seclusion) without the two things the rules require: an authorised behaviour support plan, and the state or territory authorisation that sits behind it. Implementing restraint outside an authorised plan, or using it and failing to report it, is a direct route to a compliance action.
Restrictive practices are one of the most scrutinised areas in NDIS regulation because they involve a person's rights and liberty. See our explainer on the five regulated restrictive practices and the behaviour support rules for the detail.
What compliant providers do differently. They only implement a restrictive practice under a current, authorised behaviour support plan, and they report every use of a regulated restrictive practice to the Commission as required. If a practice is happening without a plan, the fix is to stop and get the plan, not to keep going and hope.
3. Abuse or misconduct causing participant harm
Sexual or physical harm to a participant, assault, or grooming. This is the ground the public associates with banning orders, and it is the one where the Commission acts fastest. It increasingly issues interim banning orders before criminal proceedings conclude, so a provider or worker does not need a conviction to be removed from the sector. The civil standard and the risk to participants are enough.
What compliant providers do differently. They run incident management that actually works: staff know what a reportable incident is, complaints are acted on rather than filed, and concerns about a worker are investigated instead of smoothed over. A strong incident and complaints process is also the evidence that the provider took its duty of care seriously when the Commission asks.
4. Financial misconduct and fraud
Billing for supports that were never delivered, claiming against a participant's plan for services not provided, misusing participant funds or plan-management trust accounts, and invoicing through phoenix entities. This is where the 2026 enforcement wave has been most visible, and where the Fraud Fusion Taskforce (a joint effort of the AFP, NDIA, the Australian Criminal Intelligence Commission, and the Commission) has done its loudest work.
The 2026 cases show the range:
- Operation Honeycomb (NSW, 18 March 2026): taskforce officers executed search warrants over an alleged $3.5 million fraud and money-laundering scheme run through an NDIS provider.
- Millennium Disability Care (VIC, 23 April 2026): the Commission permanently banned two Victorian entities and issued banning orders against five associated individuals after finding falsified and inappropriate claims that had a serious adverse effect on participants' wellbeing. The provider's registration was revoked.
- Operation Benz (QLD, April 2026): the taskforce seized $176,000 in cash, gold, and silver after a participant allegedly submitted claims through an illegitimate provider business under their own control.
- NDIA insider (SA, 10 June 2026): an NDIA employee was charged over an alleged plot to defraud more than $5 million, having accessed more than 40 participant records and allegedly claimed against family members' plans for supports that were not provided.
The lesson is not that fraud is newly illegal. It is that detection now reaches insiders as well as providers, and it crosses agencies and states. Our NDIS fraud crackdown guide covers the enforcement statistics behind these cases, and the new criminal penalties and banning powers introduced by the NDIS Amendment (Integrity and Safeguarding) Act sit behind them.
What compliant providers do differently. They can tie every claim to a service record: who delivered the support, when, and to whom. They never claim ahead of delivery, and they treat the billing system as an audit trail, not just an invoicing tool. If a claim cannot be evidenced, it does not go out.
5. Key-personnel and fitness failures
Before it registers a provider, and on an ongoing basis, the Commission assesses whether the provider and its key personnel are suitable. Bans on this ground come from phoenixing (a previously banned person setting up a new entity), undisclosed prior bans, false declarations on a registration application, and undisclosed relevant convictions. The Commission checks, so a gap between what was declared and what is true becomes its own ground for action.
What compliant providers do differently. They keep key-personnel records current, disclose history rather than hoping it stays buried, and notify the Commission when key personnel change. Honesty on the application is cheaper than a ban for the omission.
What the 2026 enforcement direction tells you
The five grounds have not changed, but the environment around them has. The NDIS Amendment (Integrity and Safeguarding) Act, passed on 31 March 2026, added new criminal penalties and expanded banning powers, and the Fraud Fusion Taskforce has moved from setting up to charging. Banning orders are issued more often, resolved faster, and published on the Commission's register for anyone to search. A provider cannot assume a small corner of the sector is beneath notice.
What compliant providers do differently
Read the five grounds together and a shape appears. Each one is a control that either exists and can be evidenced, or does not. The banned provider and the compliant one are often running the same kind of service; the difference is whether the screening check was verified, the restraint was authorised, the incident was reported, the claim was backed by a record, and the history was disclosed.
None of this requires a compliance team. It requires knowing where your controls stand before an auditor or the Commission does. Our free NDIS Provider Compliance Health Check walks you through the same grounds an assessor looks at and shows where the gaps are, and the wider NDIS provider compliance knowledge base has the underlying obligations in full.
Frequently Asked Questions
Can an NDIS provider be banned without a criminal conviction?
Yes. The NDIS Commission can issue a banning order on the civil standard of proof, and it often acts before any criminal proceeding concludes, particularly where there is a risk to participants. It can also issue an interim banning order while an investigation is still underway.
Are NDIS banning orders public?
Yes. Banning orders are recorded on the Commission's compliance and enforcement register, part of the NDIS Provider Register, which anyone can search. Prospective employers, participants, and other providers can and do check it.
Do banning orders apply to unregistered providers and individual workers?
Yes. The Commission can ban registered providers, unregistered providers, and individual workers. Individuals make up most banning orders: in the January to March 2025 quarter, 55 of the 60 orders were against individuals rather than provider entities.
How long does an NDIS banning order last?
It ranges from a fixed period of months or years to permanent, depending on the severity of the conduct and the risk to participants. In the April 2026 Victorian action, two entities were banned permanently and the associated individuals were banned for five years or more.
What happens to participants when their provider is banned?
The Commission and the NDIA coordinate to maintain continuity of supports for affected participants. Providers are expected to have a continuity of supports plan so that a sudden loss of registration or a ban does not leave participants without care.
Part of
NDIS Provider Compliance