In recent times we have seen a lack of proper identification processes in tax practitioners’ practices resulting in tax and identity fraud. It is increasingly important that as a tax practitioner, you are vigilant in undertaking adequate client identification processes. This will help minimise risks of identity fraud affecting yourself, your practice, taxpayers and the government.

We have released our finalised guidance to help you verify your client’s (including their representatives, if any) identity.  

We are aware that most of you would already be undertaking client verification checks. Our guidance are aimed to make these processes contemporary, consistent and streamlined for all tax practitioners. 

POI checks and Tax Agent Services Act 2009

If you fail to properly verify a new or ongoing client’s and/or their representative’s identity, you may breach an ongoing registration requirement, the Code of Professional Conduct (in particular, Code items 1, 7 and 9) or the civil penalty provisions in the Tax Agent Services Act 2009 (TASA).

ATO's Agent client verification methods and TPB's guidance - a comparison

We’ve worked closely with the Australian Taxation Office (ATO) in developing this guidance and ensuring both the ATO's methods for client verification and our guidance are aligned to minimise any burden on you.

They are similar in most aspects including the types of documents to use, how to deal with situations where clients do not have standard identity documents and record keeping.

While the ATO’s methods for client verification are primarily for tax and BAS agents who use the ATO’s Online services for agents, our guidance applies to all tax practitioners regardless of whether they use the ATO’s online services or not. 

Tax and BAS agents using the ATO’s online services and following the ATO’s methods will also meet our requirements. 

To find out more about the ATO’s methods for client verification, refer to the ATO website.

We have summarised our minimum requirements in the following sections. To read our full guidance, refer to TPB(PN) 5/2022 Proof of identity requirements for client verification.

Our minimum requirements

You must undertake POI before providing tax agent or BAS services to new clients and on an ongoing basis to existing clients, as appropriate.

The following tables provide an overview of what information you should verify with a client and the types of documents you can use to verify their identity.

Information to be verified 

Individual clients	Individual clients using a representative	Non-individual clients
Full name Date of birth or residential address	Full name of client and representative Dates of birth or their residential addresses  Authority of the representative to engage you on the client’s behalf	Full name of the individual representing the non-individual client Individual representative’s date of birth or residential address Non-individual client’s full name and one of the following: Australian Business Number (ABN) Australian Company Number (ACN) Any other additional detail to confirm the legitimacy of the non-individual identity Authority of the individual representative to engage you on the non-individual client’s behalf.

Evidence you should sight

Individual clients (including individual representatives where applicable)	One primary photographic identification document (ID)  Where no photo ID is not available, both of the following: A primary non-photographic ID A secondary ID  A legal document showing the authority of the individual representative to engage you on the client’s behalf (where applicable).
Non-individual clients	A document or data that verifies the existence of the non-individual client, and A legal document showing the authority of the individual representative to engage you on the client’s behalf.

Examples of identification documents

You can use either an original or certified copy of the original documents for identification purposes. 

When sighting documents, make sure the name, address and date of birth all match the details provided by the client or their representative. You should also check to ensure that the photo in an ID appears to match the details of the client and/or their representative, such as their age.

We also recommend that you do not ask for these documents to be sent to you via email as it is not considered a secure form of transmission. If you are not able to undertake POI checks in person, you can use alternate methods such as a secure website, online mailbox or messaging; encrypted or password protected attachment to an email or another secure electronic solution that minimises risk of interception of sensitive information.

Required evidence to be sighted	Examples
Primary photographic identification document	A driver’s licence or permit from Australia or overseas, including a digital driver licence An Australian passport or a foreign passport A government proof of age card issued in Australia International travel documents issued by a foreign government or the United Nations A national identity card issued by a foreign government or the United Nations An ImmiCard provided by the Department of Home Affairs
Primary non-photographic identification document	An Australian birth certificate, birth extract or citizenship certificate A foreign birth certificate or citizenship certificate A government issued concession card, such as a pensioner concession card, a health care card, or a senior’s health care card
Secondary identification document	A notice from the ATO or other government agency, such as Centrelink, that contains the individual’s name and residential address, issued in the past 12 months A municipal council rates notice or a utilities bill (such as a water, gas or electricity bill) that contains the individual’s name and residential address, issued in the past 3 months A Medicare card For an individual aged under 18, a letter from a school principal issued in the past 3 months that details the individual’s name, residential address and when they attended the school, or a student card if available Electoral roll details (checked against www.aec.gov.au).
Documentation or data that verifies the existence of non-individual clients	Extracts issued by the Australian Securities and Investments Commission (ASIC) or other Australian Government body Constituting or governing documentation (for example, trust deed or partnership agreement)  Proof of the non-individual client’s business address  Invoices issued/received in the non-individual client’s name.
Legal document demonstrating the authority of an individual representative to engage a registered tax practitioner on behalf of an individual client	Official or legal documents demonstrating parental, guardianship or power of attorney representation, for example:  enduring power of attorney or similar document birth certificate adoption paper court order letter of authority (you may need to take additional steps to confirm the authorisation with the client by telephone, video or face-to-face conversation) signed doctor’s letter with explanation of circumstances.
Legal document demonstrating the authority of an individual representative to engage a registered tax practitioner on behalf of a non-individual client	An Annual Company Statement or current company extract from ASIC, identifying the individual as an officeholder Confirmation from ASIC that the individual is an officeholder – for example, through the ASIC registered agent portal if you are also an ASIC registered agent A trust deed  A partnership agreement  The constitution   The constitution of a registered cooperative Copies of board meeting minutes documenting the appointment Verbal authority from an existing authorised representative or officeholder (after verifying that person) ABR details employment contract indicating position – for example, tax manager the representative is clearly identified on the business's website as holding a relevant role to the management of the business's taxation, superannuation or finance functions.

Factsheet providing information for your clients POI checks

We've developed a handy factsheet summarising our requirements that you can share with your clients, so they know what you could ask them to verify their identity.

Getting certified documents

If your client is using a certified copy of an original document for identification purposes, your client must ensure that it has been certified as true and correct from an authorised person. For example, the following persons can certify copies of an original document:

For more information about who can certify a copy of an original document, see the Australian Transaction Reports and Analysis Centre’s website. 

Identifying discrepancies

When undertaking POI checks, if you identify any discrepancies with the information provided or claimed by clients or their representatives, you should:

• ask additional questions, or request additional documentation or evidence; or

• see if you can independently verify the information provided, where possible.

If you are still unable to verify or are not satisfied with the information provided to ensure the identity is correct, you should decline the engagement.

You should also consider notifying us at the TPB, the ATO, ASIC or other relevant authorities, if you are lawfully permitted to do so. 

Clients without conventional identity documents

Some clients, such as some Aboriginal or Torres Strait Islanders, those who came as refugees or affected by a natural disaster, may not be able to provide conventional forms of ID. In these situations, you should take a flexible approach. We recognise the POI steps you undertake in these situations may be different to or less than our minimum requirements. You should maintain detailed records to outline the client’s situation and the steps you have taken to establish their identity.

Well-established clients

We expect you to undertake POI checks for your existing clients throughout your engagement with them. 

Where you have a well-established relationship with a client, we recommend you first make an assessment of whether or not to conduct POI checks on them. You can consider a range of factors to make this assessment – for example, extent of your relationship with the client, any change of contact or bank account details, any amendment requests to tax returns resulting in higher refunds, and change in relationship between the client and their representative.

If you make an assessment not to undertake POI for an existing client at that point in time, you must keep a record of the factors you considered to make the decision.

Remote verification

If you are engaging with clients remotely and using a webcam or videoconferencing to sight IDs, make sure to record a note of the identity checks done. 

If you use non-visual methods to engage with clients and therefore unable to verify and compare the client’s identity with the IDs provided, refer to the ATO’s Agent client verification methods if you use their online services. 

Record keeping

We do not require you to keep copies or originals of IDs you used to identify a client or their representative. However, you should maintain a record, such as a checklist, with sufficient details as soon as POI checks are undertaken. For example, records should contain date and time when POI checks were done, types of IDs used, how the documents were sighted and who in the practice performed the checks including their position. 

The records must also include confirmation that the IDs were clear and legible, identified the client and their representative (if any) and there was no apparent reason to question the IDs provided.

The records must be kept for up to at least 5 years after the engagement with your client and/or their representative ceases.

Transferring a tax practice or client list

If there is a change in ownership of a tax or BAS practice and/or client list from one registered tax practitioner to another, we would expect that copies of the contemporaneous POI records relating to affected clients are transferred, along with other relevant client records.

In these circumstances, you must also be mindful of your Code obligations about maintaining confidentiality of client information when you are selling your practice or client list. You must not disclose any client information to a third party, including the practitioner that is buying your practice, without the client’s consent or a legal duty to do so.

Where you are acquiring another practice or some clients from another practitioner, you do not have to perform POI checks for each client that you are acquiring. But it is important that you undertake these checks as appropriate throughout your engagement with these clients. 

Engaged by or client referred by another registered tax practitioner

If you are engaged by another registered tax practitioner to provide services to them, you must obtain written confirmation from the referring tax practitioner that they have undertaken POI on the client and confirmed the client’s identity.

If another tax practitioner refers a client to you to provide services directly to the client or if the client wants to engage you independently, you must undertake POI checks on the client.

Failure to undertake POI

If you fail to undertake appropriate POI steps to verify a client and/or their representative’s identity, we may find that you have breached the Code, ceased to be fit or proper to be registered or breached the civil penalty provision in the TASA.   

As a result, we may impose a sanction, terminate your registration or apply to the Federal Court for a civil penalty to be imposed on you.

Further information

• TPB(PN) 5/2022 Proof of identity requirements for client verification

• ATO website: Agent client verification methods

• ATO website: ATO Online services for agents terms and conditions

• TPB webinar recording: Proof of identity requirements