Buying an Existing NDIS Registered Business: What to Check

/ NDIS Compliance / By

Buying an Existing NDIS Registered Business: What to Check

Buying an NDIS registered business can offer a faster path to market than starting from scratch — you acquire an existing participant base, trained staff, operational systems, and an established registration. However, the disability sector carries compliance obligations that make NDIS business acquisition significantly more complex than purchasing a standard small business. Skipping NDIS-specific due diligence can expose you to inherited liabilities, compliance breaches, or a registration that does not transfer as expected. This guide covers everything you need to examine before signing a purchase agreement, from registration status and compliance history through to financial analysis, legal considerations, and your obligations as the incoming provider.

What Is NDIS Business Due Diligence?

NDIS business due diligence is a structured investigation into a registered provider’s regulatory standing, financial health, operational practices, and legal obligations before a business sale is completed. It goes beyond standard commercial due diligence by examining NDIS-specific records — including audit reports, incident histories, worker screening compliance, and registration group scope — that directly affect whether the business can continue operating after the transaction.

Purchasing a registered provider without completing thorough NDIS due diligence risks inheriting conditions on registration, unresolved non-conformities, worker screening gaps, or a participant base experiencing service disruptions. Understanding these risks before settlement protects your investment and your regulatory standing with the NDIS Commission.

NDIS-Specific Due Diligence: The Essential Checks

General business due diligence covers financials, legal structure, and operations. NDIS business acquisition requires an additional layer of sector-specific investigation that most general business advisors are not equipped to conduct without disability sector expertise.

Registration Status and Registration Groups

Start by verifying the current registration status of the provider on the NDIS Quality and Safeguards Commission provider register. Confirm:

  • The registration is current and not expired, suspended, or subject to conditions
  • The registration groups match the services the business is actually delivering
  • The registration expiry date and when the next renewal audit is due
  • Whether the provider is on the verification or certification pathway
  • Any banning orders, compliance notices, or enforceable undertakings currently in place

Registration groups are critical. If the seller is delivering services that fall outside their registered groups — even informally — you are acquiring an unlicensed service that must either be registered or ceased after purchase. Additionally, if you intend to expand services, check whether new registration groups would require a certification audit rather than verification. Our NDIS provider registration checklist outlines the specific requirements for each pathway.

Compliance History and Audit Reports

Request all audit reports from the current registration period and, ideally, from the previous registration cycle. These documents reveal:

  • All non-conformities identified — both minor and major
  • Whether corrective action plans were completed on time and accepted
  • Patterns of recurring findings that suggest systemic compliance weaknesses
  • The auditor’s assessment of the provider’s quality management maturity

A business with a history of major non-conformities or repeated minor findings in the same areas is signalling an underlying governance or operational problem. These patterns do not disappear when ownership changes unless the new owner specifically addresses the root causes. Reviewing past audit reports against the NDIS Practice Standards helps you understand which operational areas carry the most inherited risk.

Incident History and Complaints Register

Request the provider’s full incident register and complaints register for at least the previous two years. Under the NDIS Commission’s reportable incidents framework, registered providers must report certain incidents to the Commission within strict timeframes. Assess:

  • The volume and nature of reportable incidents reported to the Commission
  • Whether incidents were reported within the required timeframes
  • How incidents were investigated and what corrective actions followed
  • The complaints volume, resolution times, and whether any complaints were escalated to the Commission
  • Any open or unresolved incidents at the time of sale

High incident volumes are not necessarily disqualifying — larger providers naturally see more incidents. However, high volumes with poor investigation quality or late reporting indicate a systemic problem. Our NDIS reportable incidents guide explains what constitutes a reportable incident and the Commission’s investigation process, which will help you assess the severity of what you find.

Key Personnel Suitability

The NDIS Commission assesses the suitability of key personnel — those who hold executive decision-making authority or have influence over planning, directing, and controlling the provider’s activities. When you acquire a business, you are likely to become key personnel yourself, and you will need to undergo a suitability assessment.

During due diligence, determine:

  • Who the current key personnel are and whether they will remain post-acquisition
  • Whether any current key personnel have been the subject of Commission concerns or compliance actions
  • Whether key personnel changes were properly reported to the Commission within the required 14-day window
  • Whether any key personnel have pending suitability matters under review

If the seller has failed to notify the Commission of previous key personnel changes, this is an existing compliance gap that transfers with the business. You will need to rectify it promptly after acquisition. Review the Commission’s requirements on this matter as part of your broader NDIS compliance checklist.

Worker Screening Compliance

Every worker in a risk-assessed role must hold a current NDIS Worker Screening Check. This is one of the most consistently problematic areas in NDIS business acquisitions because sellers sometimes allow checks to lapse or fail to maintain a centralised register.

Request a complete current worker screening register and verify:

  • All workers in risk-assessed roles hold current clearances
  • No clearances are expired or pending renewal
  • The screening check type matches the role (NDIS Worker Screening Check, not just a police check)
  • Volunteers and contractors in risk-assessed roles are also covered

Workers with lapsed screening cannot deliver NDIS supports — if this is widespread, it represents an immediate operational risk after settlement. Our NDIS worker screening guide covers the complete requirements including who needs checking, the application process, and state and territory variations.

Financial Due Diligence for NDIS Business Acquisition

NDIS providers have unique financial characteristics that require sector-specific analysis. Standard profit-and-loss review will not capture the full picture without understanding how NDIS funding streams work.

NDIS Funding Streams and Revenue Quality

Examine the breakdown of revenue by funding management type:

  • Agency-managed: Payments claimed directly through the NDIS portal — the most reliable and verifiable
  • Plan-managed: Payments processed through a plan manager — verify the provider’s invoicing practices and payment lag
  • Self-managed: Invoices sent directly to participants — carries higher credit risk and requires verified payment history

A healthy NDIS business typically has a mix of funding types, with agency-managed revenue providing the most stable base. Be cautious if the business relies heavily on self-managed participants with limited documentation of payment histories. Review service agreements to confirm that billing practices align with the NDIS price guide and that no supports have been billed above the legislated price limits.

Profit, Loss, and Cash Flow

Request at least three years of financial statements, including profit and loss accounts, balance sheets, and cash flow statements. In NDIS businesses, pay particular attention to:

  • Participant churn rates and the stability of the ongoing participant base
  • Whether revenue reflects actual support hours delivered or includes unbilled capacity
  • Accounts receivable ageing — slow payment from plan managers can mask cash flow issues
  • Staff costs as a percentage of revenue, and whether SCHADS Award pay rates are correctly applied
  • Any debts owed to or by the NDIA, including unspent funds that may need to be returned

SCHADS Award compliance is a significant financial risk area. The Social, Community, Home Care and Disability Services Industry Award 2010 governs most NDIS support workers, and non-compliance with pay rates, allowances, and broken shift provisions can result in significant back-pay liability. Review our SCHADS Award 2025 pay rates guide and confirm whether the business has correctly classified and paid staff across all categories.

Contracts and Forward Revenue

Examine all current service agreements to understand forward revenue visibility. Assess:

  • Whether service agreements are current, signed, and compliant with NDIS requirements
  • How many participants have active plans versus plans near expiry or review
  • Whether any support coordination or plan management contracts will be affected by mandatory registration changes
  • Whether the business has any SIL or SDA contracts with long-term revenue implications

Our NDIS service agreement template outlines what a compliant agreement must include — use it to quickly audit the quality of existing agreements in the business you are considering purchasing.

Legal Due Diligence for Purchasing a Registered Provider

Legal due diligence for NDIS business acquisition covers the standard commercial areas but requires additional investigation of sector-specific obligations and regulatory standing.

Business Structure and Regulatory Licences

Determine whether you are purchasing the business as a share purchase (acquiring the company entity and all its obligations) or an asset purchase (acquiring specific assets and contracts). The structure has significant implications:

  • Share purchase: You acquire all existing liabilities — including any undetected compliance breaches, outstanding Commission matters, or historical employment claims
  • Asset purchase: You acquire specific assets but must re-register with the Commission in your own entity, re-enter service agreements, and manage the transition of employees

In most NDIS acquisitions, an asset purchase is preferable because it allows a clean regulatory start. However, it also means the NDIS registration does not automatically transfer — the new entity must apply for its own registration. Confirm this with a solicitor experienced in NDIS transactions before committing to a structure.

Insurance and Indemnity

Verify the current insurance policies including:

  • Public liability (minimum $20 million is standard for most providers)
  • Professional indemnity
  • Workers’ compensation in all operating states and territories
  • Any claims history that may affect future premium calculations

Check whether any incidents from the incident register resulted in insurance claims and whether those claims are still open at the time of acquisition.

Employment Contracts and Industrial Obligations

Review all employment contracts, contractor agreements, and any enterprise agreements in place. Specifically check:

  • Whether contractor arrangements may actually be employment relationships under Fair Work Act provisions
  • Whether any enterprise agreements create obligations above the SCHADS Award minimum rates
  • Annual leave, long-service leave, and personal leave liabilities that transfer with the business
  • Any non-compete or restraint clauses in senior staff contracts that could affect service continuity post-acquisition

The Fair Work Ombudsman publishes guidance on employer obligations when a business changes hands, including which entitlements transfer to the new employer under the National Employment Standards.

Operational Due Diligence

Operational due diligence examines whether the business functions as effectively in practice as it appears on paper. This area is particularly important in NDIS businesses because service quality depends heavily on systems, staff, and relationships that are not visible in financial statements.

Systems and Technology

Assess the quality of the provider’s operational systems:

  • Case management and participant file system — is it cloud-based, current, and compliant with privacy requirements?
  • Rostering and scheduling software — does it manage SCHADS compliance, availability, and participant preferences?
  • Billing and claiming system — are NDIS portal claims processed accurately and efficiently?
  • Incident management system — does it meet Commission requirements for recording, tracking, and escalating incidents?

If the business relies on manual spreadsheets or fragmented systems, factor in the cost and disruption of a system transition as part of your acquisition price negotiation. Our NDIS rostering software and NDIS billing software pages can help you understand what modern NDIS operational technology should include.

Staffing and Key Person Risk

Identify whether the business’s operational success depends heavily on one or two key individuals — often the owner, a lead support coordinator, or a key clinical practitioner. If those people are leaving with the sale, assess:

  • Whether participant relationships are transferable or tied to specific workers
  • Whether operational knowledge is documented in policies and procedures or held in someone’s head
  • What retention strategies are in place or can be implemented during the transition period

High staff turnover in disability services is common, but review the current turnover rate as a baseline. Elevated turnover before a sale sometimes signals staff dissatisfaction or instability that will require management attention immediately after settlement.

Policies, Procedures, and Training Records

Request a complete list of current policies and procedures and verify:

  • All policies are current and reference the correct version of the NDIS Practice Standards
  • Mandatory training records are complete for all staff (first aid, infection control, manual handling, abuse and neglect awareness)
  • Policies have been reviewed within the required timeframes and signed off by management
  • Staff have been trained on current policies and acknowledgement records exist

Outdated policies referencing previous legislation or superseded NDIS guidelines are a common source of audit non-conformities. If the business is due for audit shortly after your acquisition, factor in the time and cost of updating the policy suite as part of your transition planning.

Registration Transfer: What Actually Happens

One of the most important and most misunderstood aspects of NDIS business acquisition is what happens to the registration itself. Unlike some other licences, an NDIS registration is held by a specific legal entity — it does not automatically transfer to a new owner when the business changes hands.

Asset Purchase Scenario

If you are purchasing as an asset acquisition, your new entity must apply for NDIS registration from scratch. This means completing the full application process — self-assessment, documentation, key personnel suitability assessment, and an audit — before you can claim NDIA payments or present as a registered provider. Plan for a transition period of several months and arrange interim service continuation agreements with the seller if possible.

Share Purchase Scenario

If you are acquiring the company entity via share purchase, the registration remains with the entity and technically continues. However, you must notify the Commission of any changes to key personnel within 14 days of the change. If you are taking on a directorship or executive role, you will need to undergo a suitability assessment. Failing to notify the Commission of ownership and key personnel changes is a compliance breach that can result in significant penalties.

Regardless of structure, engage your solicitor and an NDIS registration consultant to map the exact notification and re-application obligations for your specific transaction before settlement.

Mandatory Training and Transition Obligations

When you take ownership of an NDIS registered business, you take on the full obligations of a registered provider from day one. This includes understanding and complying with the NDIS Code of Conduct, the Practice Standards, and all Commission reporting requirements.

As an incoming provider or new key personnel member, you should complete:

  • The NDIS Commission’s free online orientation module for new providers
  • A thorough review of the NDIS Code of Conduct and your obligations under it
  • Training on your incident management and reporting obligations under the SIRS framework
  • Familiarisation with the SCHADS Award and your workforce obligations under the complete SCHADS Award guide

You also inherit any open corrective action plans from the previous audit cycle. Confirm the status of all outstanding CAPs before settlement and agree with the seller on who is responsible for implementing any actions that are not yet complete.

Common Questions About Buying an NDIS Registered Business

Does buying an NDIS registered business mean you get the registration automatically?

No. An NDIS registration belongs to the legal entity that holds it. In an asset purchase, the new owner must apply for registration from scratch. In a share purchase, the existing registration continues, but you must notify the Commission of key personnel changes within 14 days. Always confirm the structure with an NDIS-experienced solicitor before settlement.

This distinction matters enormously for planning purposes. An asset purchase gives you a clean regulatory start, but means operating as an unregistered provider during the application period — which can take three to six months. Many buyers negotiate a transition arrangement where the seller continues delivering services under their registration while the new entity’s application is processed. Understanding the difference between the verification and certification pathways will help you estimate the timeline and audit requirements for your specific services.

What is the biggest financial risk when purchasing a registered NDIS provider?

SCHADS Award non-compliance is typically the largest hidden financial risk. If the seller has misclassified workers, underpaid allowances, or miscalculated broken shift penalties, the back-pay liability transfers with the business. A thorough payroll audit covering at least two years of records is essential before settlement.

Beyond payroll, watch for accounts receivable ageing that disguises poor cash flow, self-managed participant revenue with limited payment documentation, and unbilled capacity that inflates apparent revenue. Additionally, check whether any NDIA payments have been claimed for supports not delivered — this creates repayment obligations and potential Commission investigation exposure that a new owner would inherit in a share purchase scenario.

How do I assess whether the participant base is stable before buying?

Review service agreements to determine how many participants have active NDIS plans versus plans approaching review, and ask the seller for participant retention data over the past two years. High churn rates or a concentration of revenue in a small number of participants indicates fragility in the business model.

Participant relationships in the disability sector are often built on trust with specific workers rather than the provider brand. If key support workers are leaving with the sale, assess whether participant contracts are genuinely portable or whether you may face participant departures shortly after settlement. Our support coordination best practices guide outlines how well-run providers document and transfer participant relationships in a way that minimises disruption during transitions.

How Inficurex Helps New NDIS Business Owners

Taking over an NDIS business means stepping into a complex compliance environment from day one. Inficurex’s NDIS software for providers is designed to give incoming providers immediate visibility across all the operational areas that matter most — participant files, worker screening status, incident records, billing, and compliance tracking.

Rather than inheriting paper-based systems or disconnected spreadsheets, you can migrate existing data into a single platform that generates the reports and audit evidence you need to demonstrate compliance from your first Commission interaction. Whether you are preparing for a registration application after an asset purchase, managing the transition of staff records, or establishing a new rostering system aligned with SCHADS obligations, Inficurex gives you the operational foundation a new NDIS business owner needs. Reach out to the team to discuss how the platform can be configured for your specific transition needs.

Frequently Asked Questions

Does an NDIS registration transfer when you buy a business?

No, an NDIS registration is held by the specific legal entity that applied for it. In an asset purchase, the new owner must apply for their own registration. In a share purchase, the entity’s registration continues, but any changes to key personnel must be notified to the Commission within 14 days. Always confirm the transfer implications with an NDIS-experienced solicitor before settlement.

What NDIS-specific documents should I request during due diligence?

Request all audit reports from the current and previous registration periods, the incident register for the past two years, the complaints register, the current worker screening register, all current service agreements, the policy and procedure suite with review dates, key personnel documentation, and any Commission correspondence including compliance notices or enforceable undertakings.

What is SCHADS and why does it matter when buying an NDIS business?

SCHADS stands for the Social, Community, Home Care and Disability Services Industry Award 2010. It governs pay rates, allowances, shift conditions, and leave entitlements for most NDIS support workers. Non-compliance with SCHADS can create significant back-pay liability that transfers to the new owner. Review all staff classifications and payroll records carefully before settlement, and check the current pay rates in our SCHADS guide.

How long does it take to get NDIS registration for a new entity after an asset purchase?

The NDIS registration process typically takes three to six months from application submission to receiving an outcome, depending on audit availability and the complexity of your registration groups. Some applicants experience longer wait times during peak periods. Plan for this timeline when negotiating settlement conditions and consider whether the seller can continue delivering services under their registration during the transition.

What happens to existing participant service agreements when a business is sold?

In a share purchase, existing agreements technically remain with the entity. In an asset purchase, agreements are with the selling entity and must be novated — transferred with participant consent — to the new entity. Participants must always consent to any change in their service provider. Build participant transition communications and consent processes into your acquisition timeline, particularly for participants who require supported decision-making assistance.

How do I check if an NDIS provider has compliance issues before buying?

Search the public NDIS provider register on the Commission website to check current registration status and any banning orders. Request the seller’s audit reports and Commission correspondence directly. You can also ask the seller to provide a statutory declaration confirming full disclosure of any compliance matters. Engage an NDIS compliance consultant to conduct an independent review of the evidence provided.

Are worker screening checks transferable to a new employer?

NDIS Worker Screening Checks are held by the individual worker, not the employer. They are portable across employers and states in most circumstances, meaning workers do not need to reapply when they change jobs within the NDIS sector. However, the new employer must verify the clearance is current and link the worker to their organisation in the relevant state or territory screening database.

What mandatory training must a new NDIS business owner complete?

New registered providers must ensure key personnel complete the NDIS Commission’s orientation module. Beyond this, all staff require training in the NDIS Code of Conduct, incident management procedures, and mandatory reporting obligations. Additional training requirements depend on the registration groups held. Providers delivering behaviour support, specialist disability accommodation, or supported independent living have further specific training obligations.


Scroll to Top