Scams, identity theft and fraud are an increasing threat and the ATO is pressuring practitioners to review their cyber-security arrangements this year.
ATO assistant commissioner Darryl Richardson said accountants are already involved in system and process changes with new client verification guidelines developed by the ATO and TPB.
Speaking in a recent webcast, Mr Richardson said it was important for accountants to continually review the processes in place, both across the firm and for clients.
“It is worthwhile having to think about the controls that are in place, in your practice, and when you are interacting with clients. What does it actually look like, how does it feel,” he said.
“Unfortunately, we do see circumstances such as where the client is dismissive of the client verification process, or whether they are not forthcoming with information that is asked of them, or even things like applying pressure or documents that appear to be fake, or otherwise unusual.
“I think agents understand, and they apply at least the minimum guidance, or the minimum action, but it is worthwhile reflecting on the sorts of things that we do see.”
Debra Anderson, board member for the Tax Practitioner Board, said she had already seen a number of identity theft cases.
“They vary in degree, but the other thing we are seeing is tax agents’ identities as well,” she said. “I think it is important that we don’t just think about our clients, but also our own practices, because your practice holds so much information.”
“I agree that for a number of agents that it will not be a big change. If there is a push-back on these things, it is important to just ask that additional question. You know, it is so easy to falsify documents these days online, we just need to be hyper-vigilant in those areas.
“What concerns us is that if you are not as vigilant as you should be, you can accidentally, inadvertently breach the code of conduct, and that means that sanctions can apply. We do not want to see you there. So, take a proactive approach, and protect yourself, protect your clients.”
ATO senior director Ben Lurje said while strengthening client verification was important for preventing identity fraud, there were other precautions accountants should be aware of that could better mitigate the risk of cyber-security attacks.
“Simple things like ensuring your software is up-to-date so that if there is an attack, issues can be resolved really quickly,” he said.
“Using multifactor authentication provides that extra layer of security when you or your staff are accessing client accounts or systems. Also, another practical thing is to secure and back up your information, if you are the victim of a cyber security attack, at least you know you can retrieve and access that sensitive client information.
“Make sure you have good policies in place within your practice so that your staff can safely handle customer information and make sure they have access and permission to do so.”
