ATO guidelines on client identity verification

With remote work becoming increasingly common, there are important security considerations for registered tax practitioners in the client identity verification process. Without strong verification, perpetrators may attempt to steal taxpayer identities and use them to commit fraud.

The Australian Taxation Office (ATO) has developed new guidelines on client identity verification in consultation with the Tax Practitioners Board (TPB), which should be read in conjunction with the TPB’s Practice Note.

The ATO’s guidelines are intended for registered tax practitioners using Online services for agents or practitioner lodgment services through software.

 

Who needs to be verified?

Verification must be performed for:

  • All new clients including representatives of new clients.
  • New representatives of existing clients.
  • Existing clients where you are concerned the client may not be who they say they are.

 

Recording client verification

Retaining identification documents may increase the risk of being targeted by criminals engaged in identity theft. Instead, the ATO recommends maintaining contemporaneous records (for example, a checklist) to demonstrate that proof of identity steps were undertaken.

 

Verification methods

You must verify two separate proof of identity documents using one or a combination of the methods in the table below. The exception is when a primary photographic proof of identity document such as a driver’s licence can be verified using the visual method.

 

Method Description
Visual Visually checking a client’s identification documents.

Suitable when you are interacting with the client in person or by video. For most clients, a visual check of a driver’s licence will be all that is needed.

Can be used to prove the identity of an individual representative of your client.

Source ATO Comparing data provided by the client against data on ATO systems.

Suitable for in person (including video) interactions and remote interactions and digital interactions through software, (for example, online customer portals).

Cannot be used to prove the identity of an individual representative of your client unless the authorised representative is also your client.

Source DVS (Document Verification Service) Comparing a client’s details on government issued identity documents against details held by a DVS provider.

This method is suitable for in-person (including video) and remote interactions.

Can be used to prove the identity of an individual representative of your client.

 

The ATO provides step-by-step instructions for each method which can be accessed by clicking on the hyperlinks above.

For clients who act on behalf of other people or entities, you must verify both:

  • The representatives’ identity using the above methods.
  • That the representative is authorised through relationship verification.

Further instructions are provided on the ATO website.

 

Clients without conventional identity documents

Some clients may not be able to provide identity documents to pass client verification. As outlined by the TPB, you should take a flexible approach to verify the identity of these clients.

 

Reviewing verification and authorisation

It may be appropriate to undertake reviews of client verification and relationship authorisation for ongoing clients and individual representatives depending on the circumstances, including:

  • Risks associated with the request – e.g. changing contact or bank account details.
  • Risks associated with a representative – e.g. claiming to represent many people.
  • Irregularities in the client’s engagement of the practitioner.
  • Any discrepancies that arise in relation to the client’s identity or other affairs.

 

Online agents

Online agents who provide services through a web, cloud- or software-based customer portal must adopt even more robust client verification processes, meeting the following:

  • Step 1 – Ensure that client details match ATO records (full name, TFN, DOB).
  • Step 2 – Verify any two additional pieces of information using a combination of verification methods. You should limit using data that could easily be identifiable through social media, such as residential address, email address, phone number or employer ABN.

If you are creating an online portal or software, there are additional requirements that you will need to meet. You can seek further advice from the Digital Partnership Office.

 

What to do if you suspect fraud

If you are unable to verify a client or the information they provided and suspect potential fraud:

  • Do not confirm the specific incorrect information or provide the correct information. Instead, ask for additional information that you can use to verify their identity.
  • Do not give the client any private information, and do not share or confirm pre-fill information.
  • Contact the ATO so that they can stop any other attempts to use that identity.

 

Key takeaways

The ATO has released new guidelines on client identity verification for tax practitioners. Tax practitioners need to ensure that they adhere to the guidelines and use the verification methods and procedures stipulated by the ATO to prevent criminals from stealing taxpayer identities and using them to commit fraud. The ATO’s guidelines should be read in conjunction with new guidance from the Tax Practitioner’s Board.

Nyman Gibson Miralis provides expert advice and representation in matters involving compliance with regulatory guidelines.

Contact us if you require assistance.