Australian accountants and tax agents operate in one of the most regulated professional environments in the country. Beyond their AUSTRAC obligations under the expanded AML/CTF regime, accountants must also satisfy the Tax Practitioners Board's (TPB) proof of identity requirements, which form part of the Code of Professional Conduct. Understanding the intersection of these obligations is essential for running a compliant practice. This guide explains the TPB's proof of identity requirements in detail and how they align with your broader compliance obligations.
What Are the TPB Proof of Identity Requirements?
The Tax Practitioners Board requires all registered tax practitioners, including tax agents, BAS agents, and tax (financial) advisers, to verify the identity of their clients before providing tax agent services. This requirement is established under the Tax Agent Services Act 2009 (TASA) and the Code of Professional Conduct at section 30-10 of the TASA.
The TPB's proof of identity requirement exists independently of the AML/CTF obligations administered by AUSTRAC. However, with the introduction of Tranche 2, many accountants now have dual obligations: TPB proof of identity requirements and AUSTRAC customer due diligence requirements. Understanding both is critical to ensuring your practice is fully compliant.
Under the TPB Code of Professional Conduct, a registered tax practitioner must take reasonable steps to verify the identity of clients and must not knowingly provide services to a client whose identity has not been established. The TPB has published Practice Note TPB(PN) 5/2022, which provides detailed guidance on how practitioners should satisfy these requirements.
The proof of identity process serves multiple purposes: it protects practitioners from unknowingly facilitating tax fraud or identity theft, it supports the integrity of the tax system, and it helps practitioners meet their obligation to act lawfully and in the best interests of their clients.
What Documents Do Accountants Need to Collect?
The TPB requires practitioners to collect sufficient proof of identity to establish that the client is who they claim to be. The TPB does not prescribe a single mandatory list of documents but instead requires that the practitioner's verification process be reasonable in the circumstances.
In practice, the TPB guidance aligns closely with the 2+2 identification standard used under the AML/CTF regime. A reasonable approach involves collecting at least two forms of identification from different categories.
Acceptable Primary Documents
- Australian passport (current)
- Foreign passport with Australian visa (current)
- Australian driver licence or learner permit with photograph
- Proof of age card issued by a state or territory
- ImmiCard
Acceptable Secondary Documents
- Medicare card
- Australian birth certificate or extract
- Australian citizenship certificate
- Department of Veterans' Affairs card
- Centrelink Pensioner Concession Card or Health Care Card
- Australian tax file number notification letter
- Financial institution statement (less than 12 months old)
Entity Identification
For clients that are entities (companies, trusts, partnerships, superannuation funds, or associations), the TPB requires practitioners to verify:
- The entity itself: Confirm the entity's registration details through ASIC searches (for companies), review of trust deeds (for trusts), or other reliable sources
- The authorised representative: Verify the identity of the person instructing you to act on behalf of the entity, and confirm their authority to do so (e.g., through a company directorship, trustee appointment, or power of attorney)
- Beneficial owners: Identify individuals who ultimately own or control the entity, particularly those holding 25 percent or more of ownership or exercising significant control
The overlap between TPB and AUSTRAC requirements means that if you design your client identification process to satisfy the AML/CTF 2+2 standard, you will generally also satisfy the TPB's proof of identity requirements. This is a significant efficiency opportunity for practices implementing new systems.
Can Accountants Verify Identity Electronically?
Yes. The TPB explicitly recognises electronic verification as an acceptable method for satisfying proof of identity requirements, provided the electronic method used is reliable and the practitioner retains appropriate records.
Electronic verification through the Document Verification Service (DVS) is the most reliable method available to Australian accountants. DVS checks identity documents against the records held by issuing government agencies and returns a real-time verification result.
The TPB's guidance acknowledges that electronic verification methods such as DVS offer advantages over traditional in-person document sighting, including:
- Higher accuracy: DVS checks against the issuing agency's actual records, detecting expired, cancelled, or fraudulently altered documents that might pass visual inspection
- Convenience: Clients do not need to attend your office in person to present documents, enabling remote client onboarding
- Better records: Electronic verification creates a timestamped digital record of the verification, which is easier to store, retrieve, and present during compliance reviews
- Consistency: Every verification follows the same process, reducing the risk of human error or inconsistent application of standards across your practice
Australian Identity Solutions provides DVS-connected electronic verification specifically designed for accounting practices. Our platform supports the verification of individual clients, company directors, trust beneficiaries, and other entity-related identities through a single, streamlined interface.
In-Person Verification
If you verify identity in person rather than electronically, you should:
- Sight the original documents (not copies)
- Confirm the documents appear genuine and have not been altered
- Record the document type, document number, issuing body, and expiry date
- Retain certified copies or clear scans of the documents in your client files
- Note the date of verification and the name of the staff member who conducted it
In-person verification remains acceptable under both the TPB and AUSTRAC frameworks, but it is increasingly impractical for practices with remote clients, multi-office operations, or high client volumes.
How Do TPB Requirements Align with AUSTRAC Obligations?
With the introduction of AUSTRAC Tranche 2, accountants and tax agents who provide designated services now have parallel obligations under both the TPB Code of Professional Conduct and the AML/CTF Act 2006.
The key areas of overlap include:
| Requirement | TPB | AUSTRAC |
|---|---|---|
| Verify client identity | Yes (TASA s30-10) | Yes (AML/CTF Act Part 2) |
| Identification standard | Reasonable steps (aligns with 2+2) | 2+2 minimum |
| Electronic verification | Permitted (DVS) | Permitted (DVS) |
| Entity identification | Required (company, trust, etc.) | Required (beneficial owners) |
| Record retention | As per professional obligations | Minimum 7 years |
| Ongoing monitoring | Client review obligations | Ongoing CDD required |
| Reporting suspicious activity | Obligation to report to TPB | Suspicious matter reports to AUSTRAC |
The practical implication is that a well-designed client identification process can satisfy both sets of requirements simultaneously. If your process meets AUSTRAC's 2+2 standard with DVS verification, retains records for seven years, and includes procedures for identifying beneficial owners, it will also satisfy the TPB's proof of identity requirements.
However, there are some differences. The TPB's requirements apply to all tax agent services, while AUSTRAC's requirements apply specifically to designated services under the AML/CTF Act. Some services may trigger one obligation but not the other. It is important to design your processes to capture all scenarios.
What About Beneficial Owner Identification?
Identifying beneficial owners is a critical component of both TPB and AUSTRAC compliance, and it is an area where many accounting practices need to strengthen their processes.
A beneficial owner is an individual who ultimately owns or controls a client entity. Under the AML/CTF Act, you must take reasonable steps to identify every individual who:
- Owns 25 percent or more (directly or indirectly) of the entity
- Controls the entity, regardless of ownership percentage (e.g., through voting rights, veto powers, or de facto control)
- Benefits from the entity (particularly relevant for trusts)
For companies, this means looking through the share register to identify individuals holding 25 percent or more, and identifying individuals who exercise control through directorships, shareholder agreements, or other mechanisms.
For trusts, you must identify the trustee, appointor (if any), settlor, and beneficiaries (or classes of beneficiaries). Discretionary trusts present particular challenges because the beneficiaries may be described as a class rather than named individually. In these cases, you should identify the class of beneficiaries and obtain sufficient information to verify the identity of any beneficiary who receives a distribution or exercises significant control.
For partnerships, identify all partners holding 25 percent or more of the partnership, plus any partners who exercise effective control.
For superannuation funds, identify the trustees (individual or corporate) and any members who exercise significant control over the fund.
Australian Identity Solutions supports entity verification workflows that guide your staff through the beneficial owner identification process for each entity type, ensuring no required steps are missed.
How Should Accountants Handle Existing Clients?
A common question from accounting practices implementing new verification processes is whether they need to re-verify the identity of existing clients.
The TPB's position is that practitioners should have proof of identity on file for all current clients. If your existing client files do not contain adequate proof of identity documentation, you should take steps to collect it at the next client interaction.
Under AUSTRAC's transitional arrangements for Tranche 2, existing clients of newly captured reporting entities are generally subject to verification requirements on a risk-prioritised basis. This means you should:
- Prioritise higher-risk clients for immediate verification, including clients with complex structures, clients in higher-risk jurisdictions, clients with unusual transaction patterns, and clients where you hold limited identification information
- Verify remaining clients progressively as they engage with your practice for new services, at annual review meetings, or according to a documented remediation schedule
- Document your approach so that you can demonstrate to AUSTRAC or the TPB that you have a reasonable, risk-based plan for bringing your entire client base into compliance
This is an area where electronic verification provides substantial efficiency gains. Rather than requesting clients to attend your office with physical documents, you can send them a verification request through a platform like AIS that allows them to complete the process remotely at their convenience.
What Records Must Accountants Keep?
Record-keeping is a critical compliance requirement under both the TPB and AUSTRAC frameworks.
Under the AML/CTF Act, you must retain:
- Customer identification information and verification records for a minimum of seven years from the date the designated service is completed
- Transaction records for seven years from the date of the transaction
- Your AML/CTF program and any amendments for seven years from the date they cease to be in effect
- Suspicious matter reports and supporting documentation for seven years from the date the report is filed
Under the TPB's Code of Professional Conduct, you must maintain adequate records in accordance with your professional obligations. While the TPB does not prescribe a specific retention period for proof of identity records, aligning with the seven-year AML/CTF requirement is prudent and ensures you meet the more stringent standard.
Records must be stored securely, be readily retrievable, and be protected against unauthorised access, modification, or destruction. Electronic records are acceptable and, in many cases, preferable to paper records for these purposes.
Australian Identity Solutions automatically retains all verification records with full audit trails, making compliance with record-keeping obligations straightforward. Records are stored securely in Australian data centres and can be retrieved instantly for compliance reviews, TPB audits, or AUSTRAC examinations.
How Can Australian Identity Solutions Help Accountants?
Australian Identity Solutions provides a comprehensive identity verification platform designed specifically for Australian accounting practices.
Our platform helps you meet both TPB and AUSTRAC requirements through:
- DVS-connected electronic verification for instant verification of driver licences, passports, Medicare cards, and other government-issued documents
- Entity verification workflows that guide your team through the identification of companies, trusts, partnerships, and superannuation funds, including beneficial owner identification
- Automated record keeping with secure storage and instant retrieval for compliance reviews and audits
- Batch verification capabilities for practices needing to verify large numbers of existing clients during the Tranche 2 transition
- Simple, affordable pricing with no lock-in contracts. Visit our pricing page for details
- Dedicated support to help your practice design and implement compliant verification processes. Contact us for a consultation
Key Takeaways
- The TPB requires all registered tax practitioners to verify client identity under the Code of Professional Conduct, independent of AUSTRAC obligations
- Tranche 2 creates parallel obligations under both the TPB and AUSTRAC frameworks, but a well-designed process can satisfy both simultaneously
- The 2+2 identification standard applies, requiring at least two documents from two different categories for individual clients
- Electronic verification through DVS is explicitly recognised by both the TPB and AUSTRAC as a reliable and acceptable verification method
- Beneficial owner identification is required for entity clients, including companies, trusts, partnerships, and superannuation funds
- Existing clients should be verified on a risk-prioritised basis during the Tranche 2 transition, with higher-risk clients addressed first
- Records must be retained for a minimum of seven years under the AML/CTF Act, and practices should apply the same standard to TPB proof of identity records
- Technology streamlines compliance by enabling electronic verification, automated record keeping, and consistent processes across your practice. Australian Identity Solutions is purpose-built for Australian accounting practices navigating these requirements
Meeting your proof of identity obligations protects your practice, your clients, and the integrity of the tax system. With the right tools and processes in place, compliance becomes a natural part of your client onboarding workflow rather than a burdensome additional task.