Website Notifications

Get notifications in real-time for staying up to date with content that matters to you.

Unauthorised portal access sees agent terminated

The Administrative Appeals Tribunal has confirmed the registration termination of a Sydney tax agent who improperly accessed a former client’s records on the ATO tax agent portal.

Business Jotham Lian 17 June 2021
— 2 minute read

Tax agent Sam Rizkallah, the sole director and supervising agent of Le’Sam Accounting Pty Ltd, has now had his registration cancelled and has been barred from re-registration for a three-and-a-half-year period.


The AAT heard that Mr Rizkallah had asked an employee to access the records of a former long-standing client on the tax agent portal in March 2019, even though she had not been a client since 2013.

This was done despite the fact that the former client had commenced legal proceedings against Mr Rizkallah for a separate dispute over property.

Mr Rizkallah said he had been contacted by the former client’s ex-husband — a client of his — to ascertain whether she was still a client of his practice, and he saw no reason to withhold that information.

He then handed the former client’s tax file number to an employee who was new to the job, who subsequently logged into the portal on two occasions to access the former client’s details.

The new tax agent for the former client was alerted to the unauthorised access, triggering a complaint to the Tax Practitioners Board.

The tribunal heard that Mr Rizkallah failed to respond to requests for information from the TPB in a timely and reasonable manner and had instead made “extravagant” attacks on the integrity of the TPB’s investigation and processes, including accusing the regulator of behaving like a star chamber.

AAT deputy president Bernard McCabe said it was hard to believe that the unauthorised access was made merely for client confirmation purposes and that Mr Rizkallah’s “scandalous attacks” on the TPB was a strategy to evade responsibility for his improper conduct.

“It is difficult to credit Mr Rizkallah’s central claim that he had to check the portal to see if Mrs B was still a client. He plainly knew she had ceased being a client some time before, even if Mr Rizkallah was not aware of the identity of her new agent,” Mr McCabe said.

“I note Mr Rizkallah conceded in cross-examination it would be complete nonsense to think he might retain a professional relationship with a former client who was in the process of suing him.

“It is not clear what else he was hoping to achieve by accessing the portal, but I am not persuaded he was simply checking the status of Mrs B.”

However, the tribunal was unable to confirm who had actually accessed the portal, with Mr Rizkallah’s employee testifying that she had done so, despite portals logs revealing that Mr Rizkallah’s AusKey password had been used.

Mr Rizkallah explained that his office used four different AusKey credentials across several different computers, and staff were able to access the portal using a general office password that was known to them.

The AAT’s Mr McCabe noted the seriousness of the issue, pointing out that Mr Rizkallah’s lax approach to data security had put clients’ privacy at risk.

In determining the three-and-a-half-year banning order, Mr McCabe found that Mr Rizkallah was not a fit and proper person and that a significant banning period would act as a warning to other tax agents.

“Mr Rizkallah knew the complaint was legitimate, yet he resisted the investigation, made scandalous attacks on the Board and refused to comply with the s 60-100 notice,” said Mr McCabe.

“He also demonstrated a lax approach to data security, and failed to anticipate the obvious concerns that would arise when the portal was used to access information about somebody he must have known was a former client — an individual who was involved in legal proceedings against Mr Rizkallah at the time.

“Importantly, a significant exclusion period also sends a signal of general deterrence: it reminds other tax agents of the importance of data security, of the need to avoid conflicts of interest when handling information about former clients, and — in particular — the need to respond appropriately and honestly to the Board as it carries out its functions.”

Unauthorised portal access sees agent terminated
image intro
accountantsdaily logo

The not-to-be-missed Accountants Daily Strategy Day will travel through Melbourne and Sydney to equip accounting professionals with the latest industry updates and tips for modern practice management as well as the latest cutting-edge technology, processes, strategies and trends shaping the future of accounting.

Limited tickets left. To secure your place today, visit accountantsdailystrategyday.com.au/.

Jotham Lian

Jotham Lian

Jotham Lian is the editor of Accountants Daily, the leading source of breaking news, analysis and insight for Australian accounting professionals.

Before joining the team in 2017, Jotham wrote for a range of national mastheads including the Sydney Morning Herald, and Channel NewsAsia.

You can email Jotham at: This email address is being protected from spambots. You need JavaScript enabled to view it.