In consultation with the Tax Practitioners Board, the ATO has developed client verification guidelines for registered tax practitioners and BAS agents using Online services for agents or practitioner lodgement services through software.
ATO releases new guidelines to combat identity theft
The ATO and the Tax Practitioners Board have developed new client verification guidelines for tax practitioners, with criminals using increasingly sophisticated attempts to steal taxpayer identities.
The guideline is to be read in conjunction with the TPB’s Practice Note TPB(PN) 5/2022 – Proof of identity requirements for client verification.
By following the guideline, the ATO said tax practitioners would have met the requirements prescribed by the TPB.
The ATO explained that the guideline is part of the TPB’s and ATO’s transition towards mandating minimum standards of client verification.
“We will continue to consult with the TPB and the tax profession before mandating these minimum requirements. You are encouraged to adopt these standards on a voluntary basis between now and then,” the Tax Office stated.
“These guidelines should be read as minimum requirements. You are encouraged to go beyond these requirements if you still have concerns about a person’s identity, even if the minimum requirements are met.”
The guideline states that while the ATO does not expect tax practitioners to go back and verify their entire client base, it is asking tax practitioners to perform identity checks on all new clients, including representatives of new clients and new representatives of existing clients.
Tax practitioners should also perform identity checks where they have concerns that existing clients may not be who they say they are, it said.
The guidelines advise against retaining identification documents as this may increase the risk of being targeted by criminals.
“Instead, you should maintain contemporaneous records to demonstrate that proof of identity steps were undertaken,” it stated.
Under the guideline, tax practitioners must verify two separate proofs of identity using one or a combination of methods. The exception is when a primary photographic proof of identity document, such as a drivers licence, can be verified using the visual method.
The guidelines provide details on each of the methods. The visual method involves visually checking a client’s identification documents, which is suitable when interacting with the client in person or by video.
Another method is comparing data provided by the client against data of ATO systems. While this can be used for remote interactions and digital interactions through software, it cannot be used to prove the identity of an individual representative of a client unless the authorised representative is also the client, the guideline cautioned.
The third method is comparing a client’s details on government-issued identity documents against details held by a document verification service (DVS) provider. This method can be used to prove the identity of an individual representative of a client, the guideline stated.
The ATO said it recognises that more registered tax practitioners are adopting online practices with minimal agent-client face-to-face or physical contact.
“Online agents who provide services through a web, cloud- or software-based customer portal must adopt stronger and more stringent client verification processes,” it said.
The ATO also warned that where accounting firms are creating an online portal or software, there are additional requirements that they will need to meet to ensure storage, transmission of the data maintains a high level of security.
“For example, you need to ensure that ATO data you access is not open to cybercrime,” the Tax Office said.
The ATO said that strong client verification helps protect tax practitioners, their clients and Australia’s tax and superannuation systems from misuse and abuse due to identity theft and related issues.
“With an ever-increasing reliance on technology and remote work practices, the risks presented by this continue to rise. There are increasingly widespread and sophisticated attempts by criminals to commit refund fraud by stealing taxpayer identities,” the ATO warned.
“This has devastating financial consequences to affected individuals and a flow-on effect to the Australian community. Our experience with tax practitioners affected by identity breaches has highlighted varying levels of discrepancies in client verification practices.”
Miranda Brownlee is the deputy editor of SMSF Adviser, which is the leading source of news, strategy and educational content for professionals working in the SMSF sector.
Since joining the team in 2014, Miranda has been responsible for breaking some of the biggest superannuation stories in Australia, and has reported extensively on technical strategy and legislative updates.
Miranda also has broad business and financial services reporting experience, having written for titles including Investor Daily, ifa and Accountants Daily.