Go to top of page

Exposure Draft TPB Practice Note TPB(PN) D45/2021 Proof of identity requirements for client verification

Exposure Draft
TPB Practice Note TPB(PN) D45/2021

Proof of identity requirements for client verification

This exposure draft is also available as a PDF, download TPB(EP) D45/2021 Proof of identity requirements for client verification (PDF, 230 KB)

Contents

Introduction

Relevant provisions of the TASA including the Code of Professional Conduct

The TPB’s minimum requirements

Consequences for non-compliance under the TASA

Case studies

Further information    

 

The Tax Practitioners Board (TPB) has released this draft Practice Note to provide practical guidance and assistance to registered tax practitioners in relation to verifying client identities.


Comments invited

The TPB invites comments and submissions in relation to this draft Practice Note. The comment period is open for 42 days with the closing date for submissions being 10 June 2021. The TPB will then consider any submissions before settling its position, undertaking any further consultation required and finalising the Practice Note. 

Written submissions can be made via email at tpbsubmissions [at] tpb.gov.au or by mail to: 

Tax Practitioners Board 
GPO Box 1620 
SYDNEY NSW 2001

 

Disclaimer

This document is in draft form, and when finalised, will be intended as information only. While it seeks to provide practical assistance and explanation, it does not exhaust, prescribe or limit the scope of the TPB’s powers in the Tax Agent Services Act 2009 (TASA) or the Tax Agent Services Regulations 2009 (TASR).

In addition, please note that the principles and examples in this draft TPB(PN) do not constitute legal advice and do not create additional rights or legal obligations beyond those that are contained in the TASA or which may exist at law. They are also at a preliminary stage only. The TPB’s conclusions and views may change as a result of the comments the TPB receives or as other circumstances change.


Document history

This draft Practice Note was issued on 29 April 2021 and based on the TASA as at 17 February 2021.
 

Back to Contents ↑

Introduction

  1. Registered tax practitioners (registered tax agents, BAS agents and tax (financial) advisers), like many professionals are working in an environment which requires an increasing reliance on technology, remote work practices, and changing methods to engage with new and existing clients. As such, it is increasingly important that registered tax practitioners manage their practices in a way that minimises the risk of their practice being the target of fraudulent activities against themselves, their business, clients, taxpayers and/or the government. 
  2. In this Practice Note, registered tax practitioners will find the following information:
    • relevant provisions of the Tax Agent Services Act 2009 (TASA) including the Code of Professional Conduct (Code) (paragraphs 5 to 6)
    • the Tax Practitioners Board’s (TPB) minimum requirements (paragraphs 7 and 29)
    • identifying discrepancies (paragraph 30)
    • consequences of non-compliance under the TASA (paragraphs 31 to 35)
    • case studies (paragraphs 36 to 49)
    • further information (paragraph 50).
  3. In developing the TPB’s proof of identity (POI) requirements for clients and representatives of clients, the TPB has been informed by a number of relevant considerations, including:
    • the relevant provisions under the TASA, including the Code, and caselaw
    • the Australian Taxation Office’s (ATO) recommendations in relation to establishing a client’s identity, particularly when accessing the ATO’s online channels
    • the Accounting Professional Ethics and Standards Body’s (APESB)[1] guidelines that broadly require accounting firms to consider the integrity of a client upon accepting or continuing an engagement. The client’s identity must be established and understood to meet this requirement
    • the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, and the Anti-Money Laundering and Counter-Terrorism Financing Rules (collectively referred to as AML/CTF legislation).[2] While most registered tax practitioners are not governed by AML/CTF legislation, it outlines a structured and consistent customer verification process
    • the State-based requirements for legal practitioners and conveyancers to undertake identity verification in certain circumstances.
  4. This Practice Note addresses the TPB’s POI requirements for registered tax practitioners. However, registered tax practitioners need to also recognise that they may be subject to other related regulatory requirements as required by other organisations, such as the ATO or a professional association.

 
Relevant provisions of the TASA including the Code of Professional Conduct

  1. While there are no specific POI requirements in the TASA, there are a number of provisions that a registered tax practitioner may breach if they fail to take appropriate POI steps to verify a new or ongoing client’s identity, any representative of new or ongoing clients, and the representative’s authority to represent the client (if applicable). These include:[3]
Code item 1 You must act honestly and with integrity.
Code item 7 You must ensure that a tax agent service that you provide, or that is provided on your behalf, is provided competently.
Code item 9 You must take reasonable care in ascertaining a client’s state of affairs, to the extent that ascertaining the state of those affairs is relevant to a statement you are making or a thing you are doing on behalf of the client.
Fit and proper requirement

It is an ongoing registered tax practitioner registration requirement that: 

  • individual registered tax practitioners are fit and proper
  • all directors of registered tax practitioner companies are fit and proper
  • all individual partners in a registered tax practitioner partnership are fit and proper 
  • all directors of company partners in a registered tax practitioner partnership are fit and proper.
Section 50-20 You contravene this civil penalty provision if you are a registered tax agent or BAS agent and you make or prepare a statement to the Commissioner of Taxation that you know or are reckless as to whether the statement is false, incorrect or misleading in a material particular or omits any matter or thing without which the statement is misleading in a material respect.

 

  1. Examples of cases where the TPB, Administrative Appeals Tribunal (Tribunal) and/or Federal Court have found that registered tax practitioners have breached the above provisions by, amongst other matters, failing to undertake appropriate POI identity measures are provided at paragraphs 36 to 49. 

Back to Contents ↑

The TPB’s minimum requirements

  1. The TPB requires that all registered tax practitioners take appropriate POI steps prior to providing tax agent services, BAS services and tax (financial) advice services, and on an ongoing basis, as appropriate. Similarly, in circumstances where an individual is representing a client (including individual and non-individual clients) in engaging the registered tax practitioner (an individual representative), the registered tax practitioner must also take steps to ascertain and verify the individual representative’s identity, and the authority for the individual representative to engage the registered tax practitioner on behalf of the client.
  2. The TPB understands that for tax (financial) advisers the point in time for undertaking POI steps will often more appropriately take place after financial advice is provided to the client but before implementation of that advice. This process will meet the TPB’s requirements.
  3. In determining what steps are appropriate in any given circumstances, the TPB requires that, at a minimum, registered tax practitioners comply with the requirements contained in Table 2 below.

Back to Contents ↑

Table 2 – Minimum requirements for verifying a client’s identity

Scenario Required information Required evidence to be sighted
Individual seeking to engage the registered tax practitioner in their own right
  • The individual's:
    • full name; and
    • either residential address or date of birth.
  • An original or certified copy of a primary photographic identification document, or both of the following:
    • an original or certified copy of a primary non-photographic identification document; and
    • an original or certified copy of a secondary identification document.
Individual representative seeking to engage the registered tax practitioner on behalf of an individual client
  • Both the individual representative and individual client’s:
    • full names; and
    • either residential addresses or dates of birth;

and

  • Authority of the individual representative to engage the registered tax practitioner on behalf of the individual client.
  • For both the individual representative and the individual client:
    • an original or certified copy of a primary photographic identification document, or both of the following:
      • an original or certified copy of a primary non-photographic identification document; and
      • an original or certified copy of a secondary identification document;

and

  • a legal document demonstrating the authority of the individual representative to engage the registered tax practitioner on behalf of the individual client, including in relation to parental, guardianship or power of attorney representation. 
Individual representative seeking to engage the registered tax practitioner on behalf of a non-individual client 
  • The individual representative’s:
    • full name; and
    • either residential address or date of birth;

 and

  • The non-individual client’s:
    • full name and
    • either:
      • Australian Business Number (ABN);
      • Australian Company Number (ACN); or
      • any other additional detail in order to make a reasonable assessment[4] of the legitimacy of the non-individual’s identity;

 and

  • Authority of the individual representative to engage the registered tax practitioner on behalf of the non-individual client.
  • For the individual representative, an original or certified copy of a primary photographic identification document, or both of the following: 
    • an original or certified copy of a primary non-photographic identification document; and 
    • an original or certified copy of a secondary identification document.
  • For the non-individual client, documentation or data that verifies the existence of the non-individual client; and 
    • a legal document demonstrating the authority of the individual representative to engage the registered tax practitioner on behalf of the non-individual client.

Back to Contents ↑

  1. Examples of the types of evidence that need to be sighted to satisfy the above requirements are contained in Table 3 below.

Table 3 - Examples of required evidence

Required evidence to be sighted Examples

Primary photographic identification document

  • A driver licence or permit from Australia or overseas, including a digital driver licence
  • An Australian passport
  • A government proof of age card issued in Australia
  • A foreign passport issued by a foreign government or the United Nations
  • International travel documents issued by a foreign government or the United Nations
  • A national identity card issued by a foreign government or the United Nations
  • An ImmiCard provided by the Department of Home Affairs. 

Primary non-photographic identification document

  • An Australian birth certificate, birth extract or citizenship certificate
  • A foreign birth certificate or citizenship certificate[5] 
  • A government issued concession card, such as a pensioner concession card, a health care card, or a senior’s health care card.
Secondary identification document
  • A notice from the ATO or other government agency, such as Centrelink, that contains the individual’s name and residential address, issued in the past 12 months
  • A municipal council rates notice or a utilities bill (such as a water, gas or electricity bill) that contains the individual’s name and residential address, issued in the past three months
  • A Medicare card
  • For an individual aged under 18, a letter from a school principal issued in the past three months that details the individual’s name, residential address and when they attended the school, or a student card if available
  • Electoral roll details (checked against www.aec.gov.au).
Documentation or data that verifies the existence of non-individual clients
  • Extracts issued by the Australian Securities and Investments Commission (ASIC) or other Australian Government body
  • Constituting or governing documentation (for example, trust deed or partnership agreement) 
  • Proof of the non-individual client’s business address 
  • Invoices issued/received in the non-individual client’s name.
Legal document demonstrating the authority of an individual representative to engage a registered tax practitioner on behalf of an individual client
  • Official or legal documents demonstrating parental, guardianship or power of attorney representation, for example: 
    • enduring power of attorney or similar document
    • birth certificate
    • adoption paper
    • court order
    • letter of authority[6]  
    • signed doctor’s letter with explanation of circumstances. 
Legal document demonstrating the authority of an individual representative to engage a registered tax practitioner on behalf of a non-individual client
  • A certificate of incorporation of a company or current company extract from ASIC, identifying the individual as a public officer 
  • A trust deed 
  • A partnership agreement 
  • The constitution and/or certificate of incorporation for an incorporated association 
  • The constitution of a registered cooperative.

Back to Contents ↑

  1. When sighting verification documents to confirm the identity of a client and/or individual representative, registered tax practitioners must have regard to the following considerations:
    • whether the photo in any identification document appears to match the details that have been provided by the individual (for example, age and gender)
    • whether the name, address and date of birth match when comparing documentation.
  2. The requirements contained in Table 2 and Table 3 are consistent with the POI requirements that may also apply to registered tax practitioners under various regimes, including the requirements of the ATO and AUSTRAC (in relation to the AML/CTF legislation). In situations where a registered tax practitioner undertakes POI steps that vary from the requirements contained in Table 2 and Table 3, however comply with the requirements of the ATO and/or AUSTRAC, including by using any electronic/technological solutions accepted by the ATO and/or AUSTRAC, the TPB will generally consider these POI steps to also meet the TPB’s requirements. 
  3. If a registered tax practitioner is engaged by multiple related clients (or an individual representative of multiple related clients), the TPB requires the registered tax practitioner to undertake the verification steps outlined in Table 2 and Table 3 in respect of each of the clients and individual representative/s (for example, husband and wife, a partnership and individual partners, a company and its directors, trustees of a trust and its beneficiaries).
     

Clients without conventional identity documents

  1. Some clients may not be able to provide the identity documents listed in Table 3, including:
    • some Aboriginal or Torres Strait Islander clients
    • clients living in remote areas
    • clients who have been affected by a natural disaster
    • clients who have come to Australia as refugees
    • clients who have limited access to identity documents (for example, due to experiencing family or domestic violence or homelessness).
  2. In these circumstances, the TPB would expect registered tax practitioners to take a flexible approach to undertaking POI steps in relation to such clients, which may be different to, and sometimes less than, the minimum requirements outlined in Table 2 and Table 3 above. Registered tax practitioners in these circumstances would be expected to complete detailed contemporaneous records to outline their client’s circumstances and details of the steps taken to establish the client’s identity (refer to paragraph 20).[7] 

Back to Contents ↑

Well-established clients

  1. It may not be practical or necessary for a registered tax practitioner to undertake the POI steps outlined in Table 2 and Table 3 for clients and/or individual representatives whose identity the registered tax practitioner considers to be well-established. In order to protect themselves, their business and the government from fraud occurring in connection to identity theft, registered tax practitioners are required to exercise their professional judgement when making an assessment about whether a client or individual representative is a well-established client and whether or not it remains appropriate to undertake the POI steps outlined in this Practice Note. 
  2. If a registered tax practitioner makes an assessment that it is not appropriate or necessary to undertake the POI steps outlined in this Practice Note in relation to a well-established client, the TPB still requires that the registered tax practitioner retains a record of their assessment about the appropriateness of undertaking the steps outlined in Table 2 and Table 3, which should, at a minimum, address the matters listed at paragraph 20 below.
  3. If a registered tax practitioner makes an assessment that it is not appropriate to undertake the POI steps outlined in Table 2 and Table 3 in relation to an individual representative of a client, the TPB still requires that the registered tax practitioner sights evidence that demonstrates the authority of the individual representative to engage the registered tax practitioner on behalf of the client, before providing tax agent services, BAS services or tax (financial) advice services. 
  4. Furthermore, if a registered tax practitioner has made an assessment that a client is a well-established client, the TPB requires that the registered tax practitioner adheres to the TPB’s requirements in relation to frequency and record-keeping. 

Back to Contents ↑

Frequency

  1. The TPB requires registered tax practitioners to undertake the POI steps outlined in Table 2 and Table 3 in respect of all new and ongoing clients and individual representatives throughout their engagement (subject to paragraphs 16 to 19 above). However, it is a matter for registered tax practitioners to determine the frequency of undertaking these checks, depending on the circumstances of the client, individual representative (if applicable) and the registered tax practitioner’s engagement, including but not limited to:
    • the registered tax practitioner’s relationship and familiarity with the client, including whether the client was transferred to the registered tax practitioner through a transfer of business or practice (see paragraph 28)
    • the scope of the services provided to the client
    • whether the engagement and interactions with the client takes place online, in-person or a combination of both
    • whether there has been a change in the circumstances of the client
    • any discrepancies that arise in relation to the client’s identity or other affairs
    • any changes that arise in relation to an individual representative (if applicable)
    • any changes that arise in relation to the relationship between the client and individual representative, or the authority for the individual representative to act on behalf of the client (if applicable)
    • whether there has been continuity in the client’s engagement of the practitioner, or whether there has been a break in the engagement
    • any requirements of the registered tax practitioner’s professional association or Australian Financial Services licensee (if applicable).

Back to Contents ↑

Record keeping

  1. The TPB does not require or recommend that registered tax practitioners retain copies or originals of identification documents (listed in Table 3) used as evidence to establish the identity of a client or their individual representative. This recognises that the retention of identification documents may increase the risk of registered tax practitioners being targeted by criminals undertaking identity theft. Accordingly, what the TPB requires is a contemporaneous record (for example, a checklist) to demonstrate that proof of identity steps were undertaken by registered tax practitioners. This record would include the following information:
    • the date and time that proof of identity checks were undertaken
    • the name and title of the person undertaking the proof of identity checks on behalf of the registered tax practitioner (if someone other than the registered tax practitioner)
    • the identification documents that were sighted, and whether they were originals or certified copies
    • how the identification documents were sighted (for example, in person, or electronically)
    • certification that: 
      • the identification documents are clear and legible and identify the client or individual representative
      • there does not appear to be reason to question the identification documents provided
    • if the registered tax practitioner has made an assessment that the client is a well-established client in accordance with paragraphs 16 to 19 of the Practice Note, the reasons and basis for making this assessment (which should address any relevant matters, including those listed at paragraph 20). 
  2. The TPB requires that registered tax practitioners keep a record of the POI checks that they undertake in relation to each client and/or individual representative of a client for a minimum of five years after the engagement with the client has ceased. 

Back to Contents ↑

Receiving identity documents electronically 

  1. The TPB does not recommend sending and receiving sensitive information or copies of identity documentation and/or evidence by email as this is not considered to be a secure method of transmission. As such, the TPB strongly recommends that registered tax practitioners arrange that any such information or copies of documents or evidence are provided to them by the client:
    • via a secure website, secure online mailbox or secure messaging
    • as an encrypted or password protected attachment to an email
    • using another secure electronic solution that minimises the risk of interception of the sensitive information, identity document and/or evidence.
  2. If a registered tax practitioner intends to receive sensitive information or copies of identity documentation and/or evidence electronically, the TPB recommends that the registered practitioner seek independent professional advice from an ICT security provider about what controls are appropriate for their business and risk circumstances.
     

Remote verification

  1. In circumstances where a registered tax practitioner is engaging with a client and/or their individual representative remotely through the use of videoconferencing, the TPB’s requirements remain the same as for registered tax practitioners who engage with clients face-to-face. If a registered tax practitioner sights original or certified identification documents through videoconferencing or with the use of a webcam, the TPB requires that the tax practitioner makes a note of this in the registered tax practitioner’s contemporaneous record of the POI checks undertaken. If certified copies of identification documents are sent electronically or by mail to the registered tax practitioner, the TPB strongly recommends that the registered tax practitioner destroy the copies after the POI checks and contemporaneous record have been completed and recorded.
  2. However, if a registered tax practitioner engages a client and/or their individual representative through non-visual electronic communication (for example, using teleconferencing or email only) and is therefore unable to verify and compare the client’s identity with the certified copies of identification documents that have been provided, the registered tax practitioner should have regard to the ATO’s requirements for verifying the client’s and/or representative’s identity, if they use the ATO’s online services to make a claim, lodgement or access any information in relation to the client.
  3. Further information in relation to the ATO’s requirements can be accessed on the ATO website.

Back to Contents ↑

Transferring a tax practice or client list

  1. If there is a change in ownership of a tax practice and/or client list from one registered tax practitioner (seller tax practitioner) to another (buyer tax practitioner), the TPB would expect that copies of the contemporaneous POI records relating to affected clients of the seller tax practitioner are transferred to the buying tax practitioner as part of the transfer, along with other relevant client records. In this circumstance, the buyer tax practitioner would not be required, but may do so if they prefer, to undertake the POI checks  outlined in Table 2 and Table 3 in respect of each new client upon the transfer taking effect. However the requirements in relation to ongoing POI checks at paragraph 20 of this Practice Note would still apply and the buyer tax practitioner would be expected to consider undertaking POI checks as appropriate throughout the engagement with relevant clients.
  2. The seller tax practitioner would also be expected to ensure that Code item 6 is complied with. Under Code item 6 the seller tax practitioner cannot disclose any information relating to a client’s affairs to a third party (including the buyer tax practitioner) without the client’s consent or a legal duty to do so.

Identifying discrepancies

  1. If after satisfying the requirements in Table 2, a registered tax practitioner identifies discrepancies with the information provided and claims made by the client or individual representative (if applicable), the registered tax practitioner should:
    • ask additional probing questions of the client or individual representative, and/or seek additional documentation or evidence
    • take steps to independently verify the information provided (if possible) 
    • decline the engagement if they are not satisfied that the information about the client’s or individual representative’s identity is correct
    • consider notifying the TPB, the ATO, ASIC or other relevant authorities.

Back to Contents ↑

Consequences for non-compliance under the TASA

  1. If a registered tax practitioner fails to take appropriate POI steps to verify a client’s or individual representative’s identity, the TPB may find that they have breached the TASA, in particular:
    • the Code, for example:
      • Code item 1: you must act honestly and with integrity
      • Code item 7: you must ensure that a tax agent services that you provide, or that is provided on your behalf, is provided competently
      • Code item 9: you must take reasonable care in ascertaining a client’s state of affairs, to the extent that ascertaining the state of those affairs is relevant to a statement you are making or a thing you are doing on behalf of the client 
    • by failing to meet an ongoing tax practitioner registration requirement (for example, the fit and proper person requirement)
    • the civil penalty provision relating to making a false or misleading statement to the ATO (section 50-20).
  2. If a registered tax practitioner breaches the Code, the TPB may impose one or more administrative sanctions, as follows:
    • issuing a written caution; 
    • imposing an order requiring the registered tax practitioner to take one or more actions (for example, undertaking a course of education or providing tax agent services (including BAS and tax (financial) advice services) under the supervision of another registered tax practitioner;
    • suspension of registration; or 
    • termination of registration. 
  3. If the TPB finds that a registered tax practitioner has failed to meet an ongoing tax practitioner registration requirement (for example, by no longer being a fit and proper person), the TPB may terminate the tax practitioner’s registration.
  4. If an individual or entity is found by the TPB to have contravened a civil penalty provision of the TASA (for example, section 50-20), the TPB may apply to the Federal Court of Australia for a civil penalty to be imposed on that individual or entity.
  5. Ultimately, determining whether a registered tax practitioner has contravened the TASA will be a question of fact. This means that each situation will need to be considered on a case-by-case basis having regard to the particular facts and circumstances of that case. 

Back to Contents ↑

Case studies

  1. The following cases highlight the importance of registered tax practitioners taking appropriate POI steps, and in circumstances where discrepancies arise in relation to the information provided by clients or individual representatives, to take appropriate steps to address these discrepancies.

TPB decision - John[8]

  1. John provided tax agent services to an individual purporting to be a taxpayer, with whom he engaged solely through an online platform. John did not ask for any POI documentation to verify the identity of the individual prior to providing the services to the individual, which included the lodgement of income tax returns. Upon lodging income tax returns with the ATO, the ATO advised John that the identity of the taxpayer who the individual purported to be had been compromised. Despite the advice of the ATO, John re-added the taxpayer to his client list to enable him to continue to make lodgements on the taxpayer’s behalf. The TPB found that John had breached:
    • Code item 1: John lacked honesty and integrity by re-adding the taxpayer to his client list despite being advised by the ATO that the taxpayer’s identity had been compromised.
    • Code item 7: John did not provide services competently by failing to verify the identity of the individual prior to providing services.
  2. The TPB suspended John’s registration for six months and ordered him to:
    • undertake a review of his procedures for completing and lodging client tax returns by an accredited cyber security expert, with a focus on verifying client identity and dealing with potential identity compromise
    • provide the TPB with a report by the cybersecurity expert
    • advise the TPB of any changes he made to his process as a result of the cybersecurity review. 

Back to Contents ↑

TPB decision confirmed by the Administrative Appeals Tribunal - Nei Tung

  1. Mr Tung accepted details of 346 taxpayers from six individuals (that he had never met before) that purported to be the individual representatives of those taxpayers and was asked to prepare tax returns for the taxpayers by the individual representatives. He did not ask for any POI information in relation to the 346 taxpayers or the six individual representatives and charged up-front cash payments in excess of his normal fees. Where details in the ATO tax portal indicated discrepancies, he ignored these and continued to lodge returns for those 346 taxpayers without further enquiries. 
  2. The lodgements made by Mr Tung were cancelled by the ATO as the associated tax file numbers (TFNs) were compromised. Mr Tung submitted that he considered the arrangement he had with the individual representatives was “fine” because he was provided with bank details for all the taxpayers, and he had no reason to doubt the legitimacy of the taxpayers’ bank accounts. However, 17 bank account numbers were used on four or more occasions and as many as eight occasions.
  3. The TPB found that Mr Tung had breached:
    • Code item 1: for lodging income tax returns notwithstanding there being a serious issue with the credibility of the taxpayers’ supporting documentation provided to him by the individual representatives
    • Code item 7: by not undertaking adequate, if any, enquiries with the 346 taxpayers in order to ascertain if the information provided by the individual representatives was accurate, or accurately represented those taxpayers’ state of affairs
    • Code item 8: by, amongst other matters, incorrectly claiming the spouse offset and deductions for work related expenses in income tax returns he lodged with the ATO
    • Code item 9: by relying upon the documentation (payment summaries, signed taxpayer substantiation declarations and handwritten taxpayer details) provided by the individual representatives and not taking any steps to verify the accuracy of the documentation provided, prior to lodging the returns with the ATO.
  4. Additionally, the TPB found that Mr Tung was no longer a fit and proper person and terminated Mr Tung’s registration as a tax agent, and applied a three-year period during which Mr Tung could not reapply for registration.
  5. Mr Tung appealed the TPB’s decision to the Tribunal. The Tribunal upheld the TPB’s decision to terminate Mr Tung’s registration and impose a three-year period within which he cannot reapply for registration.

Back to Contents ↑

TPB and Federal Court decision - Hansig Kim

  1. Mr Kim was visited by individual representatives whom he had not met before, and was asked to prepare 79 income tax returns on the basis of information which the individual representatives provided to Mr Kim on behalf of taxpayers. For the purpose of allowing him to prepare the returns the individual representatives provided Mr Kim with:
    • PAYG (‘Pay as You Go’) payment summaries
    • bank account details.
  2. The summaries which the individual representatives provided to Mr Kim were false documents and had resulted from an exercise in identity theft. Real identities and TFNs were used to submit false tax returns which would then result in the ATO paying refunds into the bank account details provided which were maintained by the individual representatives.
  3. Many of the returns lodged by Mr Kim included a number of instances of irregular claiming of a spouse tax offset as well as returns filed for persons who had left Australia. These matters would have given rise to discrepancies on the ATO’s Portal, if Mr Kim had utilised the Portal’s pre-filling function. 
  4. The TPB found that Mr Kim had breached:
    • Code item 1: by misleading the ATO and the TPB in his responses regarding the circumstances under which he lodged income tax returns 
    • Code item 7: by failing to obtain correct information from taxpayers regarding their eligibility to claim the spouse tax offset as he did not make any enquiries with these taxpayers 
    • Code item 9: by failing to take reasonable care to ascertain the state of affairs of taxpayers who said that they did not see Mr Kim, and that there were grounds to question the information that he received 
    • Subsection 50-20 of the TASA: by being reckless as to whether statements in the relevant income tax returns that he prepared and lodged were false, incorrect or misleading in a material particular. 
  5. The TPB decided to terminate Mr Kim’s registration as a tax agent on the basis that he had ceased to meet the ongoing tax practitioner registration requirement that he is a fit and proper person. The TPB also imposed a period of three years within which Mr Kim may not reapply for registration as a registered tax practitioner, and applied to the Federal Court for a civil penalty in respect of the breaches of section 50-20 of the TASA.
  6. The Federal Court found that Mr Kim had contravened section 50-20 of the TASA 158 times and ordered Mr Kim to pay a civil penalty of $4,000 in addition to the TPB’s costs.

Back to Contents ↑

Further information   

  1. Outlined below is a listing of reference material that may provide further guidance in relation to issues to consider in relation to verifying a client’s identity:
     
Agency Information product Purpose of document
Tax Practitioners Board

TPB(EP) 01/2010: Code of professional conduct

Further information regarding the Code of Professional Conduct in the TASA 
TPB(EP) 02/2010: Fit and proper person Further information regarding the fit and proper person requirement in the TASA
TPB(I) 28/2016: Code of Professional Conduct - Reasonable care to ascertain a client's state of affairs for tax (financial) advisers Provides guidance for tax (financial) advisers in relation to the requirement to take reasonable care to ascertain a client’s state of affairs
TPB(I) 17/2013: Code of Professional Conduct – Reasonable care to ascertain a client’s state of affairs Provides guidance for tax and BAS agents in relation to the requirement to take reasonable care to ascertain a client’s state of affairs
Australian Taxation Office  Security advice for tax professionals Provides security information and guidance for tax professionals.
ATO online services for agents terms and conditions Provides the ATO’s terms and conditions for using the online services for agents
AUSTRAC AML/CTF programs Information on the requirements of the AML/CTF legislation
Customer identification and verification Provides guidance on the customer identification and verification requirements under the AML/CTF legislation.
Australian Securities and Investments Commission  Regulatory Guide 244: Giving information, general advice and scaled advice Provides ASIC’s requirements in relation to giving information, general advice and scaled advice, including requirements regarding identifying a client’s relevant circumstances.

Back to Contents ↑

[1] APESB is an independent standard-setting body, with the primary objective of developing and issuing, in the public interest, professional and ethical pronouncements. These pronouncements apply to the members of the following Australian professional accounting bodies: CPA Australia (CPA), Chartered Accountants Australia and New Zealand (CA ANZ) and the Institute of Public Accountants (IPA).

[2] The AML/CTF Legislation aim to prevent money laundering and the financing of terrorism by imposing a number of obligations on the financial sector, gambling sector, remittance (money transfer) services, bullion dealers and other professionals or businesses that provide particular services, including the collection and verification of certain ‘know your customer’ (KYC) information about customer identities.

[3] See TPB(EP) 01/2010: Code of professional conduct, TPB(EP) 02/2010: Fit and proper person, TPB(I) 28/2016: Code of Professional Conduct - Reasonable care to ascertain a client's state of affairs for tax (financial) advisers and TPB(I) 17/2013: Code of Professional Conduct – Reasonable care to ascertain a client’s state of affairs.

[4] A reasonable assessment means an assessment made by a registered tax practitioner exercising their own professional judgment taking into account relevant factors, including those listed at paragraph 20 of this Practice Note, in relation to the legitimacy of an identity.

[5] If a foreign birth certificate or citizenship certificate is in a foreign language, the registered tax practitioner must require that the client (or individual representative of the client) provides an accredited English translation if the registered tax practitioner, or person verifying the documents on behalf of the registered tax practitioner, does not understand the foreign language used.

[6] A letter of authority is a legal letter authorising a third party (agent) to act on an individual’s (principal) behalf in respect of discrete matters that are listed in the letter. The letter must be signed by the principal. Registered tax practitioners may wish to seek legal advice or make additional enquiries if they are unsure whether to accept a letter purporting to authorise an individual representative to act on behalf of a client or potential client.

[7] Additional guidance that may be of assistance to registered tax practitioners dealing with clients without conventional identity documents can be found at Identifying customers who don’t have conventional forms of ID.

[8] This case study has been anonymised due to the prohibition on disclosing official information under section 70-35 of the TASA.

Back to Contents ↑