In recent times we have seen a lack of proper identification processes in tax practitioners’ practices resulting in tax and identity fraud. It is increasingly important that as a tax practitioner, you are vigilant in undertaking adequate client identification processes. This will help minimise risks of identity fraud affecting yourself, your practice, taxpayers and the government.
We have released our finalised guidance to help you verify your client’s (including their representatives, if any) identity.
We are aware that most of you would already be undertaking client verification checks. Our guidance are aimed to make these processes contemporary, consistent and streamlined for all tax practitioners.
POI checks and Tax Agent Services Act 2009
If you fail to properly verify a new or ongoing client’s and/or their representative’s identity, you may breach an ongoing registration requirement, the Code of Professional Conduct (in particular, Code items 1, 7 and 9) or the civil penalty provisions in the Tax Agent Services Act 2009 (TASA).
ATO's Agent client verification methods and TPB's guidance - a comparison
We’ve worked closely with the Australian Taxation Office (ATO) in developing this guidance and ensuring both the ATO's methods for client verification and our guidance are aligned to minimise any burden on you.
They are similar in most aspects including the types of documents to use, how to deal with situations where clients do not have standard identity documents and record keeping.
While the ATO’s methods for client verification are primarily for tax and BAS agents who use the ATO’s Online services for agents, our guidance applies to all tax practitioners regardless of whether they use the ATO’s online services or not.
Tax and BAS agents using the ATO’s online services and following the ATO’s methods will also meet our requirements.
To find out more about the ATO’s methods for client verification, refer to the ATO website.
We have summarised our minimum requirements in the following sections. To read our full guidance, refer to TPB(PN) 5/2022 Proof of identity requirements for client verification.
Our minimum requirements
You must undertake POI before providing tax agent or BAS services to new clients and on an ongoing basis to existing clients, as appropriate.
The following tables provide an overview of what information you should verify with a client and the types of documents you can use to verify their identity.
Information to be verified
Individual clients | Individual clients using a representative | Non-individual clients |
---|---|---|
|
|
|
Evidence you should sight
Individual clients (including individual representatives where applicable) |
|
---|---|
Non-individual clients |
Examples of identification documents
You can use either an original or certified copy of the original documents for identification purposes.
When sighting documents, make sure the name, address and date of birth all match the details provided by the client or their representative. You should also check to ensure that the photo in an ID appears to match the details of the client and/or their representative, such as their age.
We also recommend that you do not ask for these documents to be sent to you via email as it is not considered a secure form of transmission. If you are not able to undertake POI checks in person, you can use alternate methods such as a secure website, online mailbox or messaging; encrypted or password protected attachment to an email or another secure electronic solution that minimises risk of interception of sensitive information.
Required evidence to be sighted | Examples |
---|---|
Primary photographic identification document |
|
Primary non-photographic identification document |
|
Secondary identification document |
|
Documentation or data that verifies the existence of non-individual clients |
|
Legal document demonstrating the authority of an individual representative to engage a registered tax practitioner on behalf of an individual client |
|
Legal document demonstrating the authority of an individual representative to engage a registered tax practitioner on behalf of a non-individual client |
|
Factsheet providing information for your clients POI checks
We've developed a handy factsheet summarising our requirements that you can share with your clients, so they know what you could ask them to verify their identity.
Getting certified documents
If your client is using a certified copy of an original document for identification purposes, your client must ensure that it has been certified as true and correct from an authorised person. For example, the following persons can certify copies of an original document:
- Accountant who is a fellow of the National Tax Accountants' Association or a member of the following:
- Chartered Accountants Australia and New Zealand
- Association of Taxation and Management Accountants
- CPA Australia
- Institute of Public Accountants
- Financial adviser or financial planner
- Legal practitioner (such as a barrister or solicitor)
- Medical practitioner
- Judge
- Justice of the Peace
- Magistrate
- Minister of religion (who has the authority to celebrate marriage)
- Pharmacist
- Police officer
- Bank, building society or credit union officer with at least 2 years of service
- Sheriff's officer
- Commissioner of Declarations.
For more information about who can certify a copy of an original document, see the Australian Transaction Reports and Analysis Centre’s website.
Identifying discrepancies
When undertaking POI checks, if you identify any discrepancies with the information provided or claimed by clients or their representatives, you should:
- ask additional questions, or request additional documentation or evidence; or
- see if you can independently verify the information provided, where possible.
If you are still unable to verify or are not satisfied with the information provided to ensure the identity is correct, you should decline the engagement.
You should also consider notifying us at the TPB, the ATO, ASIC or other relevant authorities, if you are lawfully permitted to do so.
Clients without conventional identity documents
Some clients, such as some Aboriginal or Torres Strait Islanders, those who came as refugees or affected by a natural disaster, may not be able to provide conventional forms of ID. In these situations, you should take a flexible approach. We recognise the POI steps you undertake in these situations may be different to or less than our minimum requirements. You should maintain detailed records to outline the client’s situation and the steps you have taken to establish their identity.
Well-established clients
We expect you to undertake POI checks for your existing clients throughout your engagement with them.
Where you have a well-established relationship with a client, we recommend you first make an assessment of whether or not to conduct POI checks on them. You can consider a range of factors to make this assessment – for example, extent of your relationship with the client, any change of contact or bank account details, any amendment requests to tax returns resulting in higher refunds, and change in relationship between the client and their representative.
If you make an assessment not to undertake POI for an existing client at that point in time, you must keep a record of the factors you considered to make the decision.
Remote verification
If you are engaging with clients remotely and using a webcam or videoconferencing to sight IDs, make sure to record a note of the identity checks done.
If you use non-visual methods to engage with clients and therefore unable to verify and compare the client’s identity with the IDs provided, refer to the ATO’s Agent client verification methods if you use their online services.
Record keeping
We do not require you to keep copies or originals of IDs you used to identify a client or their representative. However, you should maintain a record, such as a checklist, with sufficient details as soon as POI checks are undertaken. For example, records should contain date and time when POI checks were done, types of IDs used, how the documents were sighted and who in the practice performed the checks including their position.
The records must also include confirmation that the IDs were clear and legible, identified the client and their representative (if any) and there was no apparent reason to question the IDs provided.
The records must be kept for up to at least 5 years after the engagement with your client and/or their representative ceases.
Transferring a tax practice or client list
If there is a change in ownership of a tax or BAS practice and/or client list from one registered tax practitioner to another, we would expect that copies of the contemporaneous POI records relating to affected clients are transferred, along with other relevant client records.
In these circumstances, you must also be mindful of your Code obligations about maintaining confidentiality of client information when you are selling your practice or client list. You must not disclose any client information to a third party, including the practitioner that is buying your practice, without the client’s consent or a legal duty to do so.
Where you are acquiring another practice or some clients from another practitioner, you do not have to perform POI checks for each client that you are acquiring. But it is important that you undertake these checks as appropriate throughout your engagement with these clients.
Engaged by or client referred by another registered tax practitioner
If you are engaged by another registered tax practitioner to provide services to them, you must obtain written confirmation from the referring tax practitioner that they have undertaken POI on the client and confirmed the client’s identity.
If another tax practitioner refers a client to you to provide services directly to the client or if the client wants to engage you independently, you must undertake POI checks on the client.
Failure to undertake POI
If you fail to undertake appropriate POI steps to verify a client and/or their representative’s identity, we may find that you have breached the Code, ceased to be fit or proper to be registered or breached the civil penalty provision in the TASA.
As a result, we may impose a sanction, terminate your registration or apply to the Federal Court for a civil penalty to be imposed on you.
Further information
Last modified: 3 August 2023