Most directors I talk to think "wage theft" means someone deliberately underpaid a worker. They picture a payroll manager cooking the books.
That's not what section 327A says.
The criminal wage theft provisions carry penalties up to 10 years imprisonment for individuals and $7.825 million for bodies corporate. The criminal threshold is intent, proved beyond reasonable doubt. Most directors hear that and relax. They'd never deliberately underpay someone. But there's a second path to intent that most people don't see: wilful blindness. If you knew your governance processes were broken and you didn't act, a prosecutor can argue that's not negligence. That's choosing not to know. And choosing not to know is how courts establish intent.
Think about what that means.
Somewhere in your organisation there's an email thread where someone flagged a payroll concern. Maybe an internal audit that noted error rates above target. Maybe a board paper that listed "payroll compliance" as a risk item. Maybe a Slack message from a payroll officer asking whether the casual loading was configured correctly after the last rate change, a message that sat in a channel for three days before anyone replied. Under the old civil penalty regime, those were internal documents. Under s327A, they're evidence that you knew. And knowing is how wilful blindness is established.
The question has shifted. It used to be: did you underpay someone? Now it's: did you know your systems weren't checking, and what did you do about it?
I've seen organisations where the WFM system hasn't been audited against the award in three years. Where the person who set up the pay rules left 18 months ago and nobody documented the configuration logic. Where a rate change went through payroll but not rostering, and the variance wasn't caught because nothing compares the two systems. Every one of those is a governance gap. Under the new provisions, every one of those is potentially evidence that you chose not to look.
The FWO's Voluntary Compliance Cooperation Policy does give credit for self-reporting and prompt remediation. That's real. It matters. But the bar for "reasonable steps" is higher now. Self-reporting after you discover a problem is mitigation. Proving you had systems in place to detect the problem before it compounded, and keeping evidence that those systems ran, is defence. There's a difference.
Most organisations haven't closed the gap between "we take compliance seriously," which is a statement, and "here is the evidence we take compliance seriously," which is a system. A policy on the intranet is a statement. A process that cross-checks your award interpretation against your payroll configuration every pay cycle and keeps a record that it did? That's a system.
The directors who think this doesn't apply to them because they would never intentionally underpay someone are the ones most exposed. They're right. They'd never do it deliberately. But wilful blindness doesn't require deliberate. It requires knowledge. And that email from 2024 where someone raised a concern about overtime calculations?
That's knowledge.
"Intentional" isn't about what you did. It's about what you knew and didn't fix.