Information sheets

Issued: 4 August 2014

Last modified: 1 July 2024

TOC (auto-generated)
Disclaimer

This is a Tax Practitioners Board (TPB) Information sheet (TPB(I)). It is intended to be for information only. It provides information regarding the TPB’s position on the application of subsection 30-10(6) of the Tax Agent Services Act 2009 (TASA), containing one of the obligations of registered agents under the Code of Professional Conduct (Code).

While it seeks to provide practical assistance and explanation, it does not exhaust, prescribe or limit the scope of the TPB’s powers in the TASA.

In addition, please note that the principles, explanations and examples in this TPB(I) do not constitute legal advice and do not create additional rights or legal obligations beyond those that are contained in the TASA or which may exist at law. Please refer to the TASA for the precise content of the legislative requirements.

Document History

The TPB released this document as a draft information sheet in the form of an Exposure draft on 17 March 2014. The TPB invited comments and submissions in relation to the information in it. The closing date for submissions was 16 April 2014. The TPB considered the submissions made and published the TPB(I) on 4 August 2014

The document was document was subsequently reviewed and updated to align with the separate information sheet for tax (financial) advisers (on subsection 30-10(6) of the TASA) that was published on 5 May 2017.

This TPB(I) was further reviewed and updated to include guidance on how the confidentiality obligations apply to tax practitioners when they disclose information under the tax whistleblowing laws and non-compliance with laws and regulations (NoCLAR) framework. The TPB invited comments and submissions in relation to the additional guidance on 1 August 2022. The closing date for submissions was 12 September 2022. The TPB considered the submissions made and published the updated TPB(I) on 31 January 2023.

On 6 December 2023 the TPB made further changes to this TPB(I) to include specific requirements for tax agents with a tax (financial) advice services condition on their registration.

On 1 July 2024 the TPB further updated this TPB(I) to include information about the whistleblower protection laws and breach reporting requirements that take effect on 1 July 2024 and how the confidentiality obligations apply under these new laws.

Issued: 4 August 2014

Last modified: 1 July 2024

Introduction

  1. The Tax Practitioners Board (TPB) has prepared this Information sheet (TPB(I)) to assist registered tax agents and BAS agents (collectively referred to as ‘tax practitioners’) to understand their obligations under subsection 30-10(6) of the Tax Agent Services Act 2009 (TASA) – Code of Professional Conduct (Code) item 6. 
  2. Code item 6 states that:
    'Unless you have a legal duty to do so, you must not disclose any information relating to a client’s affairs to a third party without your client’s permission.’
  3. In this TPB(I), you will find the following information:
    • what is Code item 6 (paragraphs 5 to 6)
    • how to comply with Code item 6 (paragraphs 7 to 29)
    • other considerations including privacy and tax whistleblowing (paragraphs 30 to 46)
    • consequences for failing to comply with Code item 6 (paragraphs 47 to 52)
    • comparison with the Corporations Act 2001 (Corporations Act) for tax agents with a tax (financial) advice services condition (paragraph 53)
    • practical examples involving Code item 6 (paragraph 54).
  4. The TPB has previously published an explanatory paper that sets out its view on the application of the Code, including Code item 6.[1]

What is Code item 6?

  1. As per paragraph 2 above, Code item 6 provides that, unless there is a legal duty to do so, tax practitioners must not disclose any information relating to a client’s affairs to a third party without the client’s permission.
  2. Therefore, any disclosure of information relating to a client’s affairs to a third party without the client’s permission will be a breach of Code item 6, unless there is a legal duty on the tax practitioner to disclose the information.

How to comply with Code item 6

What is ‘information’?

  1. Information refers to the acquiring or deriving of knowledge and includes, but is not limited to, capturing information known about a client. This information could be acquired directly or indirectly from the client or other sources.

What is ‘information relating to a client’s affairs’?

  1. It is only necessary that the information relates to the affairs of a client. The information does not have to belong to the client, or have been directly provided by the client to a tax practitioner.

What is a ‘third party’?

  1. For the purposes of Code item 6 and the TASA, a third party means any entity other than the client and the tax practitioner.
  2. In relation to a tax practitioner that outsources a component of the tax agent services to another entity (for example, another tax practitioner, a legal practitioner, a contractor or an overseas or offshore entity), the third party would include that other entity.
  3. Disclosure to a third party would also include disclosure of information relating to one entity within a service trust structure to another entity within the same service trust structure, unless the client is defined, for example in the engagement letter, as the whole structure.[2]
  4. Further, a third party may also include entities that maintain offsite data storage systems (including ‘cloud storage’).
  5. In the case of a tax agent with a tax (financial) advice services condition that is an authorised representative of an Australian financial services (AFS) licensee, a third party includes the AFS licensee, and vice versa. However, the following is also recognised:
    • In the context of an AFS licensee/authorised representative relationship, it is understood that authorised representatives (who are registered practitioners) often use ‘fact finds’ or other documents to obtain consent from clients and therefore facilitate the flow of client information to the AFS licensee from the authorised representative (see also paragraph 17 below).
    • A provider of personal advice who is an authorised representative of an AFS licensee is required to provide information to the AFS licensee pursuant to s912G of the Corporations Act, as inserted by Australian Securities and Investments Commission (ASIC) Class Order [CO 14/923] Record-keeping obligations for Australian financial services licensees when giving personal advice. Under this section, an authorised representative of an AFS licensee is required to give records to the AFS licensee if requested by the AFS licensee, provided the request is made:
      • in connection with the obligations imposed on the AFS licensee under Chapter 7 of the Corporations Act, and
      • within seven years after the day on which the personal advice was provided to the client (see also paragraph 26 below).
  6. Subject to the the relevant contractual arrangements, a third party may also include other AFS licensees, authorised representatives, para-planners, product providers and advisers, insurance brokers, and technical teams and advisers.  

In what circumstances can a tax practitioner disclose information relating to a client’s affairs (or a former client’s affairs) to a third party?

  1. A tax practitioner may only disclose information relating to a client’s affairs (or a former client’s affairs) to a third party if:
    • the tax practitioner has the client’s (or former client’s) permission, or
    • there is a legal duty to do so.
  2. The TPB recognises that there are obligations associated with being a member of an ASIC approved external dispute resolution (EDR) scheme[3] and also where financial services are covered by the Superannuation Complaints Tribunal (SCT).[4] Further, it is recognised that an AFS licensee may need to obtain legal advice in respect of dealing with a complaint and defending a claim.

(i) Client’s permission

  1. Where information relating to a client’s affairs is to be disclosed by a tax practitioner to a third party, the tax practitioner should, prior to any disclosure, clearly inform the client that there will be such disclosure and obtain the client’s permission. This permission may be by way of a signed letter of engagement, signed consent or other communication with the client.[5] In all cases, the relevant communication should outline the disclosures to be provided, as well as information about the entity/entities that will have access to the client information.
  2. A letter of engagement will typically outline services to be provided by the tax practitioner to their client, as well as information about entities that will provide those services. For further information on engagement letters, refer to TPB Practice Note TPB(PN) 3/2019 Letters of engagement.
  3. A tax practitioner must ensure that they inform their clients about any client information[6] that may be disclosed. In this regard, it is recommended that a tax practitioner include information in relation to whom and where the disclosure will be made. A general authority consenting to disclosure to third parties may also be acceptable.
  4. However, even in the context of a general disclosure, a tax practitioner should require a positive step from their client to authorise the requisite disclosure. This may include an appropriate ‘opt-in’ type approach,[7] including in conjunction with reviewing an engagement letter. Further, a tax practitioner is not excused from taking steps to protect information just because it would be inconvenient, time-consuming or costly to do so.[8]
  5. While there is no set formula or methodology used to obtain client permission, the TPB suggests that tax practitioners be clear in explaining to their client where information may be disclosed (including, among other things, where a component of work or add-on activity will be completed). For example, to avoid any likelihood of your practices being seen as misleading, we suggest that you do not imply or state that all your work is completed in Australia, if that is not the case.
  6. In relation to outsourcing arrangements and cloud storage arrangements, the TASA does not specifically prohibit these activities. However, tax practitioners must consider their obligations under Code item 6 in relation to these arrangements to ensure confidentiality of client information, including appropriate disclosure in regard to where data is being sent and stored.[9]
  7. While not binding on all registered tax agents, further useful guidance on what steps an agent may take when providing or utilising outsourced services may be found in specific Accounting Professional and Ethical Standards Board (APESB) guidance.[10] It is also noted that TPB accredited recognised professional associations may be able to assist in providing practical guidance, while recognising that there is not a default one-size-fits-all template and that arrangements will need to be mindful of the particular circumstances.[11]
  8. Ultimately, the onus is on the tax practitioner to exercise appropriate due diligence when outsourcing work, including ensuring appropriate disclosure. Outsourcing may also give rise to other obligations under the TASA, including ensuring that tax agent services are provided to a competent standard, and that there are adequate supervision and control arrangements.

(ii) Legal duty to do so

  1. A tax practitioner may disclose information relating to a client’s affairs to a third party without the client’s permission if the tax practitioner has a legal duty to disclose the information.
  2. Examples of circumstances where a tax practitioner may have a legal duty to disclose client information to a third party include:
    • providing information requested by the TPB in undertaking enquiries about your conduct, including information requested under a notice issued pursuant to section 60-100 of the TASA
    • providing information to a court or tribunal pursuant to a direction, order, or other court process to provide that information
    • providing information to AUSTRAC in accordance with reporting obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act)[12]
    • providing information or documents to the Australian Taxation Office (ATO) under a notice pursuant to section 353-10 in Schedule 1 to the Taxation Administration Act 1953 concerning taxation laws
    • providing information to an AFS licensee pursuant to s912G of the Corporations Act, as inserted by ASIC Class Order [CO 14/923] Record-keeping obligations for Australian financial services licensees when giving personal advice, which requires an authorised representative of an AFS licensee to give records to the AFS licensee if requested by the AFS licensee, provided the request is made:
      • in connection with the obligations imposed on the AFS licensee under Chapter 7 of the Corporations Act; and
      • within seven years after the day on which the personal advice was provided to the client.
  3. The TASA, including Code item 6, does not affect the law relating to legal professional privilege (LPP).[13] LPP protects confidential communications between a lawyer and their client from compulsory production. At times, a tax practitioner may be in possession of client documents or information that may be subject to LPP, such as legal advice about a client’s tax affairs which has been provided on a confidential basis. Before disclosing client documents or information to a third party, a tax practitioner should consider whether any of the documents may be subject to LPP. Where a tax practitioner considers that LPP may apply, they should seek legal advice as to the application of LPP. Accordingly, in the practical examples given in paragraph 54 below, a tax practitioner would need to consider any additional LPP obligations.
  4. If a tax practitioner is concerned as to whether there is a legal duty to disclose client information to a third party, the tax practitioner should consider seeking independent legal advice.

Inadvertent disclosure

  1. Tax practitioners also need to ensure that they have appropriate arrangements[14] to prevent inadvertent disclosure. In this regard, the following are some examples of where tax practitioners need to be particularly mindful of their obligations:
    • the use of mobile temporary booths in shopping centres, ensuring there are appropriate controls to prevent third parties from viewing client information
    • the use of recycled paper which includes personal details concerning other clients
    • leaving client information in unsecured locations which may be accessed by third parties
    • disposing (such as trading in or selling to a second-hand market) of IT equipment that contains / stores data that may be accessible by third parties
    • the use of shredding and data disposal services
    • the use of external service providers which may include, for example, IT consultants and cleaners
    • disclosing a client’s TFN in correspondence to a financial institution (e.g. an ATO income tax assessment notice provided in support of a loan application)
    • the use of virtual meetings to discuss client information when third parties may be in attendance
    • the use of public Wi-Fi when providing services for a client.[15]

Other considerations

Privacy

  1. In addition to a tax practitioner’s obligations under Code item 6, the Privacy Act 1988 (Cth) sets out a number of Privacy Principles which govern the use of, storage and disclosure of personal information and other conduct by organisations.[16] Some of these privacy principles may have a direct impact on the requirement to obtain consent (express or implied) from clients.
  2. Tax practitioners should seek their own advice about whether the provisions of the Privacy Act 1988 apply to them. Information about obligations under the Privacy Act 1988 is accessible from the Office of the Australian Information Commissioner’s website at oaic.gov.au.[17]

Tax whistleblowing

  1. Whistleblower laws[18] legally protect people who ‘blow the whistle’ about an entity that is not complying with the TASA or the tax laws. 

Qualifying for tax whistleblower protection

  1. To qualify for tax whistleblower protection, a disclosure of information about a client's affairs must meet certain conditions which are outlined below.
    • A disclosure of information by an individual qualifies for protection if the:
      • discloser is an ‘eligible whistleblower’ in relation to an entity (within the meaning of the Income Tax Assessment Act 1997),
      • disclosure is made to the Commissioner of Taxation
      • discloser considers that the information may assist the Commissioner to perform their functions or duties under a taxation law in relation to the entity or an associate of the entity.[19] 
    • A disclosure of information by an individual qualifies for protection if the:
      • discloser is an ‘eligible whistleblower’ in relation to an entity (within the meaning of the Income Tax Assessment Act 1997),
      • disclosure is made to the TPB or Commissioner of Taxation
      • discloser considers that the information may assist the TPB to perform their functions or duties under the TASA in relation to the entity or an associate of the entity.[20]
  2. Prior to making a disclosure of information, a tax practitioner may wish to consider seeking independent legal advice to confirm whether they meet the definition of an eligible whistleblower and can qualify for whistleblower protection.

Eligible whistleblowers

  1. To be eligible for whistleblower protection, the whistleblowing individual must be, or have been, in a relationship with the entity it is reporting about.[21] This includes:
    • an officer of the entity
    • an employee of the entity
    • an individual who supplies services or goods to the entity (such as a registered tax agent or BAS agent)
    • an employee of a person that supplies services or goods to the entity
    • an associate[22] of the entity
    • a spouse, child or dependent of an individual referred to above, or a dependent of an individual’s spouse
    • an individual prescribed by the regulations in relation to the entity.

Information that can be disclosed

  1. If an individual is an eligible whistleblower, they can make a disclosure of information to:
    • the Commissioner of Taxation if the discloser considers that the information may assist the Commissioner to perform their functions or duties under a taxation law in relation to the entity or an associate of the entity[23] 
    • the Commissioner of Taxation if the discloser considers that the information may assist the TPB to perform its functions or duties under the TASA in relation to the entity or an associate of the entity[24] 
    • the TPB if the discloser considers that the information may assist the TPB to perform its functions or duties under the TASA in relation to the entity or an associate of the entity[25]
    • an eligible recipient[26] in relation to the entity (such as, a registered tax agent or BAS agent) if the discloser:
      • has reasonable grounds to suspect that the information indicates misconduct, or an improper state of affairs or circumstances, in relation to the tax affairs of the entity or an associate of the entity, and 
      • considers that the information may assist the eligible recipient to perform functions or duties in relation to the tax affairs of the entity or an associate of the entity.[27] 
  2. If an individual is not an eligible whistleblower, they may still qualify for protection if they make a disclosure to:
    • a legal practitioner (for the purpose of obtaining legal advice or legal representation in relation to the operation of the whistleblower laws)[28]
    • a medical practitioner or psychologist (for the purpose of obtaining medical or psychiatric care, treatment or counselling, including psychological counselling)[29]
    • an entity prescribed by the regulations.[30]  
       

Whistleblower protections

Identity protection
  1. It is illegal for someone to disclose the identity, or information that may lead to the identity, of a whistleblower who has made a disclosure under the whistleblower laws, unless the disclosure is:
    • made to an authorised body (such as the Commissioner of Taxation)
    • made with the whistleblower’s consent, or
    • not of the whistleblower’s identity and is reasonably necessary for the purposes of investigating misconduct, or an improper state of affairs or circumstances, to which the whistleblower disclosure relates and all reasonable steps have been taken to reduce the risk that the whistleblower’s identity will be identified as a result of the disclosure.[31]
Civil, criminal and administrative liability protection
  1. Whistleblowers are not subject to civil, criminal or administrative liability (including disciplinary action) for making a disclosure. For example, a whistleblower cannot be sued for a breach of a confidentiality clause in a contract, or have their contract terminated on the basis that the disclosure constitutes a breach of contract. For tax practitioners, this means that a tax practitioner who is an eligible whistleblower is immune from disciplinary action if they disclose information about a client pursuant to the whistleblower laws.[32]
  2. Further, if a disclosure is made to the TPB or Commissioner of Taxation, then the information would not be admissible in evidence against the eligible whistleblower in criminal proceedings or in proceedings for the imposition of a penalty, other than proceedings in respect of the falsity of the information. However, this does not prevent an eligible whistleblower being subject to any civil, criminal or administrative liability for their conduct that is revealed by the disclosure.[33] 
  3. Further information on making a disclosure to the TPB is available on our website and making a disclosure to the Commissioner of Taxation can be found on the ATO’s website.

Responding to non-compliance with laws and regulations (NoCLAR)

  1. The Accounting Professional & Ethical Standards Board’s (APESB) APES 110: Code of Ethics for Professional Accountants include the Non-compliance with laws and regulations (NoCLAR) framework. This framework provides standards for APESB members on how best to act in the public interest when they become aware of NoCLAR.
  2. This framework applies to all members of Chartered Accountants Australia & New Zealand, CPA Australia, and Institute of Public Accountants.
  3. NoCLAR is any intentional or unintentional act of omission or commission, that is committed by a client or employer[34] which is contrary to prevailing laws or regulations.
  4. Under the NoCLAR framework, APESB members are expected to consider whether disclosure to an appropriate authority about NoCLAR or suspected NoCLAR is an appropriate course of action in the circumstances. However, a disclosure that is contrary to a law or regulation, such as Code item 6, is not required or permitted under the NoCLAR framework.
  5. This means that, in complying with the NoCLAR framework, APESB members[35] that are also tax practitioners must ensure that they continue to comply with the Code and the TASA, and in particular Code item 6 (noting the whistleblower protections that may be applicable – see paragraphs 32 to 41 above). 

Consequences for failing to comply with Code item 6

  1. If a tax practitioner discloses information relating to a client’s affairs to a third party without the client’s permission or without a legal duty to do so, the TPB may find that the tax practitioner has breached the Code and may impose sanctions for that breach.
  2. Ultimately, determining whether a tax practitioner has complied with their obligations under Code Item 6 will be a question of fact. This means that each situation will need to be considered on a case-by-case basis having regard to the particular facts and circumstances.
  3. From 1 July 2024, registered tax practitioners will be required to notify: 
    • the TPB if they have reasonable grounds to believe that they have breached the Code and that breach is significant, and
    • the TPB and the relevant recognised professional association (if applicable) if they have reasonable grounds to believe that another registered tax practitioner has breached the Code and that breach is significant.[36] 
  4. In relation to the reporting of a significant breach relating to another registered tax practitioner’s conduct, particularly in the context of disclosing the details of another person’s or entity’s conflict of interest in undertaking the same or different activity for an Australian government agency, the TPB will assess the information provided and make further enquiries (as appropriate) to ensure the reporting of a significant breach is not frivolous, vexatious or malicious.
  5. The TPB may take action against the notifying registered tax practitioner if the TPB considers that a breach report is frivolous, vexatious or malicious, for example, if the claim involves the making of a false or misleading statement. Such situations may raise issues about the notifying registered tax practitioner’s compliance with other requirements of the TASA, including:
    • the fit and proper person requirement, which registered tax practitioners must meet to maintain their registration, and
    • other Code items, including the requirement to act with honesty and integrity (Code item 1), which may lead to the imposition of administrative sanctions. 
  6. If a tax practitioner breaches the Code, the TPB may impose one or more of the following sanctions:
    • a written caution
    • an order requiring the tax practitioner to do something specified in the order
    • suspension of the tax practitioner’s registration
    • termination of the tax practitioner’s registration.

Comparison with the Corporations Act for tax agents with a tax (financial) advice services condition

  1. While no similar obligation exists in the Corporations Act, it is noted that Australian Privacy Principle (APP) 6.1 in the Privacy Act 1988 (Cth) requires that you do not use personal information about an individual that was collected for a particular purpose (primary purpose) for another purpose (secondary purpose) unless:
    •  the individual has consented to the use or disclosure of the information, or
    • one of the exceptions in APP 6.2 applies.[37]

Practical examples involving Code item 6

  1. The following are indicative examples which illustrate the general application of Code iem 6. In all cases, consideration will need to be given to the specific facts and circumstances.

Situation

Lilly & Co is a large accounting firm and a registered tax agent. To minimise its operating costs, Lilly & Co. enters into an agreement with a bookkeeping/data processing firm in Hong Kong, Zheng & Co, that Zheng & Co will perform the bookkeeping and data processing work for Lilly & Co’s clients.

Obtaining client permission

In order to send the clients’ information to Zheng & Co for processing, Lilly & Co discloses its arrangement with Zheng & Co in its letter of engagement with clients and obtains its clients’ explicit permission by way of a signed client engagement letter to disclose the information to Zheng & Co.

Subject to the terms in the letter of engagement, Lilly & Co will have primary responsibility for the provision of the relevant tax agent services, including the bookkeeping and data processing work undertaken by Zheng & Co.

Situation

The ATO is conducting an audit on Patricia’s income tax return from the previous financial year, but Patricia does not have all of her receipts and payment summaries. As her registered tax agent, Edward prepared and lodged her income tax return for the previous financial year.  The ATO requests Edward to provide it with all relevant information regarding Patricia’s income tax return from the previous financial year.

Obtaining client permission in response to a general request

Where the request Edward has received is a general request, Edward will not have a legal duty to disclose the information to the ATO. Edward should advise Patricia about her rights and obligations in relation to the request from the ATO and obtain Patricia’s instructions and consent before providing the ATO with the requested information. It is also noted that the requirement under Code item 6 is subject to a client’s right to claim LPP as noted in paragraph 27.

Legal duty to disclose in response to a section 353-10 request

Where the request Edward has received is a notice under section 353-10 in Schedule 1 to the Taxation Administration Act 1953, the notice creates an overriding legal obligation to disclose the information. Practitioners should note that this obligation is subject to a client’s right to claim LPP as noted in paragraph 27. Subject to any LPP obligations, Edward has a legal duty to disclose the information requested in the notice to the ATO.[38]

Situation

Jackie runs a local coffee shop in Melbourne. Jackie engages Tony’s Tax Services, a registered tax agent, to prepare and lodge her outstanding business activity statements and to provide tax advice regarding the proposed sale of her coffee shop. Tony’s Tax Services separately engages Bella, a registered BAS agent, to prepare the outstanding business activity statements.

Obtaining client permission

In order to send Jackie’s information to Bella to enable Bella to prepare the outstanding business activity statements, Tony’s Tax Services discloses its arrangement with Bella in its letter of engagement with Jackie. Tony’s Tax Services obtains Jackie’s explicit permission by way of a signed client engagement letter to disclose the information to Bella.

Situation

Victor & Paulson is a mid-sized registered tax agent partnership that provides tax agent services to various large corporations and other sophisticated clients. Victor & Paulson enters client data into its accounting software programs using cloud computing hosted by an external IT provider.

Obtaining client permission

In order to enter client data into its accounting software programs, Victor & Paulson discloses its cloud computing arrangements in its client engagement letters. Victor & Paulson obtains a signed client engagement letter from each client to disclose the information to the external IT provider.

Situation

Olivia is a registered BAS agent. Olivia is contacted by the International Bank, a financial institution, requesting certain financial information relating to Greg, who is one of her clients. The International Bank explains that the information is required to support Greg’s finance application for a new car.

Obtaining client permission

Before providing Greg’s financial information to the International Bank, Olivia contacts Greg and seeks his permission to disclose the information to the International Bank.

Situation

Adam is a registered tax agent. Adam is contracted by Sunny Services Pty Ltd to provide tax agent services. Sunny Services Pty Ltd is a related entity to Sunny Asset Co Pty Ltd as they are both entities within the same service trust structure. However, the engagement letter defines Sunny Services Pty Ltd as the client rather than the whole structure. Sunny Asset Co Pty Ltd requests financial information on Sunny Services Pty Ltd.

Obtaining client permission

Before providing Sunny Services Pty Ltd’s information to Sunny Asset Co Pty Ltd, Adam contacts Sunny Services Pty Ltd and seeks permission to disclose the information to Sunny Asset Co Pty Ltd.

Situation

Jessica is a registered BAS agent who receives a phone call from Noelene, another registered BAS agent, advising that she has been approached to take over one of Jessica’s clients and is seeking a transfer of the client’s files.

Obtaining client permission

Before transferring the client’s files over to Noelene, Jessica obtains permission from her client.

Situation

Caroline is a registered tax agent. Caroline becomes aware that one of her clients, Montana Pty Ltd, is pursuing a special tax structure which does not meet the tax laws, even though she had provided advice against this approach.

Disclosure without client permission or legal duty to disclose

Caroline is unsure whether the whistleblower laws apply to protect her from disciplinary action, so she seeks legal advice from a legal practitioner in relation to the operation of the whistleblower laws. In doing so, Caroline discloses information relating to the affairs of Montana Pty Ltd and their involvement in a tax avoidance scheme to her legal practitioner.

While Caroline has disclosed information relating to her client’s affairs to a third party (the legal practitioner), Caroline will not be subjected to any findings or sanctions under the TASA for disclosing confidential information about her client since she qualifies for whistleblower protection.

Situation

Sharon is a registered tax agent and an APESB member subject to the NoCLAR framework in APES 110: Code of Ethics for Professional Accountants. She identifies a client’s non-compliance with a taxation law. Sharon applies the NoCLAR framework and concludes that disclosure to the Commissioner of Taxation is the appropriate course of action. NoCLAR does not create a legal duty to disclose this information to the Commissioner of Taxation and Sharon has not received her client’s permission to disclose the information.

Disclosure without client permission or legal duty to disclose

After considering her position under the NoCLAR framework and seeking legal advice to confirm that she is an eligible whistleblower and she qualifies for whistleblower protection, Sharon decides to disclose her client’s non-compliance of tax liabilities to the Commissioner of Taxation under the whistleblower laws. As an eligible whistleblower, Sharon will not be subjected to any findings or sanctions under the TASA for disclosing confidential information about her client to the Commissioner of Taxation.

Situation

Andrew is a registered BAS agent. His long-time client, Claire runs a gardening business and has requested assistance in seeking cashflow boost entitlements. Claire asks Andrew to lodge an amended business activity statement (BAS) for her business to report false amounts of salary and wages and pay as you go withholding. When Andrew queries the legitimacy of the amounts that Claire is seeking to have included in the amended BAS, Claire advises that if Andrew is not willing to lodge an amended BAS for her business as instructed, she will find another BAS agent who will.  

Disclosure without client permission or legal duty to disclose

Andrew declines Claire’s engagement. Whilst Andrew has not received Claire’s consent to disclose this information to the Commissioner of Taxation, he decides to do so under the whistleblowing laws. Given Andrew is an eligible whistleblower and he qualifies for whistleblower protection from the Commissioner of Taxation, Andrew will not be subjected to any findings or sanctions under the TASA for disclosing confidential information about Claire to the Commissioner of Taxation.

Situation

Drew approaches Kylie, a registered tax agent with a tax (financial) advice services condition, to provide tax (financial) advice services. As part of the tax (financial) advice services provided, Kylie advises Drew to participate in an upcoming float, which is only available through a particular online broker.

Drew confirms that he wishes to participate in the upcoming float and instructs Kylie to organise a $50,000 investment.

Obtaining client permission

Before organising the $50,000 investment in the float, Kylie sends Drew an email confirming among other things, the nature of the investment and the potential risks. Further, in her email, Kylie requests Drew’s permission (via return email) to disclose his information to the online broker to complete the application for the float.[39]

Situation

Betty approaches Stephen, a registered tax agent with a tax (financial) advice services condition, to provide tax (financial) advice services. As part of the initial scaled engagement, Betty seeks a recommended product in relation to life risk advice and provides her adviser with key relevant information (including her finances and circumstances).

Stephen assesses Betty’s situation and liaises with various insurers that he interacts with on a regular basis.

Stephen will also receive an ongoing benefit from the relevant chosen insurer in the event that Betty proceeds to purchase a particular product.

Obtaining client permission

As Stephen already knows of the insurers that he will be liaising with, he requests Betty’s permission (via signed disclosure statement) to disclose specific information (relating to Betty’s circumstances and needs) to the particular insurers for the purpose of providing recommendations on what will work best for Betty in meeting her needs. This permission is obtained prior to Stephen disclosing information to the insurers.

Stephen also discloses that he will receive an ongoing benefit from the relevant chosen insurer in the event that Betty proceeds to purchase a particular product.

Situation

Zincorppe is a mid-sized registered tax agent with a tax (financial) advice services condition company that provides tax (financial) advice services to various clients. Zincorppe enters client data into its software programs using cloud computing hosted by an external IT provider.

Obtaining client permission

In order to enter client data into its software programs, Zincorppe discloses its cloud computing arrangements in an email. Further, Zincorppe obtains a confirmation email from each client to disclose the information to the external IT provider.

Situation

Patricia engages Manu, a registered tax agent with a tax (financial) advice services condition, to provide tax (financial) advice services. As part of the tax (financial) advice services provided, Manu advises Patricia to set up an investment structure including a unit trust. To establish the unit trust, Manu engages a legal firm to prepare the necessary documentation.

Failing to obtain client permission

Manu confirms with Patricia in writing that she wishes to proceed with the unit trust structure and merely advises Patricia that he will arrange to prepare all the necessary documentation. However, Manu does not obtain Patricia’s permission to disclose her information to the legal firm to prepare the necessary documentation.

Manu is considered to have breached Code item 6 by failing to obtain Patricia’s permission to disclose her information to a third party (being the legal firm).


References

[2] Paragraph 3.38 of the Explanatory Memorandum to the Tax Agent Services Bill 2008.

[3] The two ASIC-approved EDR schemes that currently operate in the Australian financial and credit industries are the Financial Ombudsman Service Limited (FOS) and the Credit and Investments Ombudsman (CIO) (formerly the Credit Ombudsman Service Limited). In particular, it is recognised that when a consumer lodges a dispute with FOS, they are permitting both FOS and the relevant financial services provider to collect, use and disclose relevant information for the purposes of resolving their dispute. For further information, refer to ASIC Regulatory Guide 165 – Licensing: Internal and external dispute resolution, ASIC Regulatory Guide 139 – Approval and oversight of external dispute resolution schemes, and the FOS and CIO websites available at www.fos.org.au and www.cio.org.au respectively.

[4] It is recognised that there is not a requirement to join an approved EDR scheme if all of the financial services provided are covered by the SCT (which must act in accordance with the Superannuation (Resolution of Complaints) Act 1993. For further information, refer to the SCT website at www.sct.gov.au.

[5] In relation to tax agents with a tax (financial) advice services condition, other communication with the client may include, in certain circumstances: a relevant ‘fact find’ and consent, a relevant Financial Services Guide (FSG) and consent, a relevant Statement of Advice (incorporating an ‘authority to proceed’) signed by the client, a privacy declaration and consent form, a privacy acknowledgment and consent, a relevant product disclosure statement and consent, or an appropriately authorised confirmation email.

[6] For the purposes of this TPB(I), ‘client information’ means information relating to a client’s affairs under Code Item 6.

[7] The Macquarie Dictionary (2022) defines opt in as ‘to elect to participate’.

[8] See also, e.g., Office of the Australian Information Commissioner Guide to securing personal information.

[9] See also TPB Practice Note TPB(PN) 1/2017 Cloud computing and the Code of Professional Conduct.

[10] See, in particular, APES Guidance Note GN 30 - Outsourced Services. This guidance note applies to members of relevant professional bodies that have adopted it.

[11] See also TPB Practice Note TPB(PN) 2/2018 Outsourcing and offshoring of tax services – Code of Professional Conduct considerations.

[12] The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) imposes transaction and compliance reporting obligations on reporting entities when they provide designated services; the requirements set rules with respect to customer due diligence, identification, record keeping and reporting. For further information on complying with obligations under the AML/CTF Act, refer to the AUSTRAC compliance  guide (Chapter 7 provides an overview of the AML/CTF Act reporting obligations) available at austrac.gov.au

[13]See section 70-50 of the Tax Agent Services Act 2009.

[14] The term ‘appropriate arrangements’ is consistent with the OAIC’s APP 11 which states that an entity must take reasonable steps to protect personal information from unauthorised disclosure: see Chapter 11: APP 11 — Security of personal information - Home (oaic.gov.au).

[15] For further information on digital services, refer to TPB (I) 09/2011 Digital service providers and the Tax Agent Services Act 2009.

[16] ‘Organisation’ is defined in section 6C of the Privacy Act 1988 and excludes certain small business and small business operations; see further section 6D of the Privacy Act 1988.

[17] If tax practitioners are providing services to clients who are overseas, tax practitioners should also ensure they are complying with relevant applicable laws that apply in that jurisdiction.

[18] Whistleblower protections and remedies are provided in Part IVD of the Taxation Administration Act 1953 (TAA 1953).

[19] See subsection 14ZZT(1) of the TAA 1953.

[20] See subsection 14ZZT(1A) of the TAA 1953.

[21] For further information on ‘eligible whistleblowers’ refer to section 14ZZU of the TAA 1953.

[22] For further information on the meaning of an ‘associate’ refer to section 318 of the Income Tax Assessment Act 1936.

[23]See subsection 14ZZT(1) of the TAA 1953.

[24] See subsection 14ZZT(1) of the TAA 1953.

[25] See subsection 14ZZT(1A) of the TAA 1953.

[26] For further information on ‘eligible recipients’ refer to section 14ZZV of the TAA 1953. An eligible recipient is usually a person who is in a position to take appropriate internal action, such as, an auditor, or a member of an audit team, conducting an audit of the financial or tax affairs of an entity.

[27] See subsection 14ZZT(2) of the TAA 1953.

[28] See subsection 14ZZT(3) of the TAA 1953.

[29] See subsections 14ZZT(3B) and (4) of the TAA 1953.

[30] See subsection 14ZZT(3A) of the TAA 1953.

[31] See section 14ZZW of the TAA 1953.

[32] See section 14ZZX of the TAA 1953.

[33] See paragraph 14ZZX(1)(c) of the TAA 1953.

[34] Including by management or by others working for or under the direction of the client or employer.

[35] APESB members are members of Chartered Accountants Australia & New Zealand, CPA Australia and Institute of Public Accountants.

[36] For more information on the new breach reporting obligations, including consequences for failing to comply, see draft TPB Information Sheet TPB(I) D53/2024 Breach reporting under the Tax Agent Services Act 2009.

[37] Refer to Part 3 of Schedule 1 to the Privacy Act 1988 (Cth).

[38] Note: It is also observed that subsection 30-10(11) of the Tax Agent Services Act 2009 states that tax practitioners must not knowingly obstruct the proper administration of the taxation laws.

[39] For the purposes of this example, the TPB has used ‘email communication’ as the relevant mode of communication to illustrate how the tax (financial) adviser satisfies their obligations under Code Item 6. This does not mean that other modes of communication cannot be used to satisfy the obligation under Code Item 6.