Subcontracting Security Operators in Australia Legally

The Australian security industry relies heavily on subcontracting arrangements. Whether you are a close protection firm scaling up for a major event or a corporate security provider covering interstate assignments, bringing in subcontracted operators is often the most practical way to meet demand. However, getting it wrong can expose your business to serious legal, financial, and reputational consequences.

This guide walks through the legal framework, compliance risks, and best practices for subcontracting security operators in Australia — so you can scale your workforce confidently and lawfully.

Legal Framework for Subcontracting Security in Australia

Security licensing in Australia is governed at the state and territory level. Each jurisdiction has its own legislation that regulates who can perform security work, including subcontractors. The key acts include:

• New South Wales: Security Industry Act 1997
• Victoria: Private Security Act 2004
• Queensland: Security Providers Act 1993
• Western Australia: Security and Related Activities (Control) Act 1996
• South Australia: Security and Investigation Industry Act 1995

Across all jurisdictions, the fundamental requirement is the same: anyone performing a security activity must hold the appropriate licence class for that activity. This applies equally to employees and subcontractors. A subcontracted operator providing close protection services needs a valid close protection (or equivalent class) licence in the state or territory where they are working.

Critically, the responsibility for verifying that subcontractors are appropriately licensed does not rest solely with the subcontractor. The engaging business — known as the master licensee or principal contractor — carries a duty of care to ensure compliance. In several jurisdictions, engaging an unlicensed person to perform security work is itself an offence, with penalties that can include substantial fines and loss of your own licence.

Beyond licensing, you must also consider the employment law distinction between contractors and employees. The Australian Taxation Office (ATO) and the Fair Work Commission use multi-factor tests to determine whether a worker is genuinely a contractor or is, in substance, an employee. Misclassifying an employee as a subcontractor — commonly called "sham contracting" — carries penalties under the Fair Work Act 2009, including fines exceeding $90,000 per contravention for companies.

US operators face parallel challenges. The IRS and US Department of Labor also use multi-factor tests to distinguish independent contractors from employees. Misclassification penalties in the US can include back taxes, penalties, and liability under the Fair Labor Standards Act. Several US states, including California (under AB5), have enacted strict independent contractor classification laws that directly affect how security companies engage subcontracted operators. The licensing obligation is equally clear: a subcontracted operator must hold a valid licence in the US state where the work is performed, just as in Australia.

Compliance Risks of Using Unlicensed Subcontractors

The risks of deploying unlicensed or improperly vetted subcontractors extend well beyond regulatory fines. Understanding these risks is essential for any security business that relies on subcontracting.

Criminal liability. In most Australian states, knowingly or recklessly engaging an unlicensed person to perform security work is a criminal offence. Penalties vary, but in New South Wales, for example, offences under the Security Industry Act can attract fines of up to $55,000 and imprisonment for up to two years.

Insurance invalidation. Professional indemnity and public liability insurance policies for security firms typically contain conditions requiring all personnel to hold valid licences. If an incident occurs involving an unlicensed subcontractor, your insurer may deny the claim entirely, leaving your business exposed to the full cost of litigation and damages.

Client contract breach. Most commercial security contracts include warranties that all deployed personnel will be properly licensed, vetted, and insured. Deploying a non-compliant subcontractor constitutes a breach of contract, potentially triggering termination clauses, liquidated damages, and loss of the client relationship.

Reputational damage. In a relationship-driven industry like executive protection and close protection, reputation is everything. A single compliance failure involving a subcontractor can spread rapidly through client networks, making it significantly harder to win future contracts.

Vicarious liability. Even where a subcontractor is genuinely independent, the principal contractor may still face vicarious liability for the subcontractor's actions on assignment. Courts examine the degree of control exercised over the subcontractor, the nature of the work, and the representation made to clients.

Best Practices for Vetting and Onboarding Subcontractors

A robust subcontractor management process protects your business and ensures that every operator you deploy meets the same standards as your in-house team. Here are the essential steps.

1. Verify licensing before engagement. Request a copy of the subcontractor's security licence and independently verify it with the relevant state or territory licensing authority. Do not rely on photocopies alone — licences can be expired, suspended, or fraudulent. In most jurisdictions, online verification tools are available through the licensing body's website.

2. Check licence class and jurisdiction. Confirm that the licence class covers the specific security activity the subcontractor will perform. A crowd control licence does not authorise close protection work. Similarly, a licence issued in Victoria does not automatically permit work in Queensland. Interstate assignments require careful attention to mutual recognition provisions and, where applicable, separate licence applications.

3. Conduct background checks. Beyond licensing, best practice includes verifying the subcontractor's identity, conducting a national police check (no older than 12 months), and checking references from previous engagements. For close protection and executive protection work, additional vetting — such as confirming relevant training qualifications and first aid certification — is standard.

4. Establish written contracts. Every subcontracting arrangement should be documented in a written agreement that clearly defines the scope of work, performance standards, compliance obligations, insurance requirements, confidentiality clauses, and termination provisions. The contract should explicitly state that the subcontractor is responsible for maintaining their own licence and insurance and must notify you immediately of any changes to their licensing status.

5. Confirm insurance coverage. Request and verify current certificates of currency for the subcontractor's public liability insurance and professional indemnity insurance. Ensure the coverage limits meet both your company's minimum requirements and the client's contractual requirements.

6. Set up ongoing monitoring. Vetting is not a one-off task. Licences expire, insurance lapses, and circumstances change. Implement a system for tracking expiry dates and triggering re-verification at regular intervals — quarterly at a minimum for frequently engaged subcontractors.

7. Provide operational briefings. Subcontractors should receive the same pre-assignment briefing as your own team, including threat assessments, standard operating procedures, reporting requirements, and escalation protocols. This ensures consistent service delivery and reduces liability exposure.

How EP-CP Manages Subcontractor Compliance at Scale

Managing subcontractor compliance manually becomes increasingly difficult as your business grows. Spreadsheets and email chains are prone to errors, and a single missed licence expiry can have serious consequences.

EP-CP was built to address exactly this challenge. As Australia's command platform for executive protection and close protection operations, EP-CP provides a centralised system for managing your entire workforce — including subcontracted operators.

Within EP-CP, you can store and track operator credentials, including licence numbers, expiry dates, insurance certificates, and training qualifications. The platform sends automated alerts when documents are approaching expiry, giving you time to follow up before a compliance gap occurs. When assigning operators to missions, EP-CP's workflow ensures that only operators with valid, verified credentials can be deployed.

For businesses that work with a large pool of subcontractors across multiple states and territories, this level of automation is not a luxury — it is a necessity. EP-CP eliminates the manual tracking burden and gives you a verifiable compliance record that you can present to clients, regulators, and insurers with confidence.

Subcontracting is a legitimate and often essential part of running a security business in Australia. The key is to do it properly — with robust vetting, clear contracts, and a technology platform that keeps compliance visible and current.