There’s a lot of noise in the accounting community right now, and for good reason. The upcoming changes under TASA (Tax Agent Services Act) have left many accountants wondering: Do I really need to re-identify every single client I’ve ever worked with?
The short answer: not quite.
The longer answer: you do need a plan, and soon.
The Tax Practitioners Board (TPB) is moving from guidance to law, and from July next year, verifying your clients’ identities becomes mandatory. But the confusion lies in how far-reaching this requirement is, and what practical steps firms should actually take between now and then.
Let’s break it down clearly.
What’s actually changing
From 1 July 2025, identity verification becomes a legislated requirement under TASA. If you’re preparing or lodging a return or BAS on behalf of a client, you’ll need to have verified their identity using reliable, documented methods.
Previously, this was a best practice recommendation. Now, it’s law. The aim is to reduce fraud, stop impersonation scams, and ensure tax agents are working with who they say they’re working with.
But here’s where most of the panic is misplaced: the law doesn’t say you must re-verify every single client you’ve ever dealt with. It says you need to verify new clients and use judgement for existing ones.
So who actually needs to be identified?
Here’s the breakdown:
• New clients from this point forward: yes. You must verify their identity before any lodgement work begins.
• Existing clients: only if there’s a change in circumstance.
That might look like:
• A new business entity or structure
• Updated contact or banking details
• A change in relationship status (such as a split between directors or spouses)
• Large or suspicious refund claims
• Anything that causes concern about impersonation or accuracy
If you’ve worked with a client for 10+ years, nothing’s changed, and there’s no red flag — there’s likely no need to verify again. That said, professional judgement is key. And if in doubt, it’s better to verify.
What tools are people using to handle this?
The community’s been vocal about what’s working and what isn’t. From a recent post in the Small Business Accountants & Advisers Brain Trust group, here are some of the most popular options:
• Annature – easy to use, integrates with onboarding, secure
• Scantek – robust digital ID checks, good client experience
• Seamless – combines engagement letters with ID checks and pushes data into Xero
• Ignition – being updated to include POI workflows on top of its engagement features
Most of these tools let you tick both compliance and admin boxes in one step. If you’re already using one of them, great. If not, now’s a good time to test.
The bigger problem: legacy clients
This is where most firms are hesitating. If you’ve got 300, 500, or even 1,000 clients on the books, manually verifying all of them sounds like a nightmare. But you don’t need to.
The TPB has said clearly — existing clients only need to be re-verified if there’s a change. What you do need is a system to flag those changes and decide when to act.
You also need to document your reasoning.
If you choose not to verify a client, you should have a clear explanation why. That’s where tools like meeting note recorders come in. For example, platforms like
Vinyl
let you record client calls, capture transcripts, and store summaries of those conversations as part of your client record. If you discussed a change and made a professional judgement to verify or not verify, keeping that evidence could protect you if ever questioned.
It’s not just about ticking a box. It’s about creating a traceable decision that supports your compliance.
Looking ahead: more compliance is coming
It’s not just TASA. There’s increasing talk of AML-style requirements rolling out to the accounting sector by 1 July 2026. That would bring additional obligations around verifying clients, identifying beneficial ownership, and documenting service risks.
In short — this identity requirement is likely just the start. Firms that build repeatable, streamlined workflows now will be in a much stronger position later.
What you should do this week
Here’s a simple list to get on the front foot:
• Choose and set up an ID verification tool
• Review your onboarding and engagement process
• Update engagement letter templates to include reference to ID checks
• Segment your client base to flag high-risk or changed circumstances
• Train your team on when to verify and what to look for
• Start documenting decisions with a paper trail — consider using a tool like Vinyl to store meeting notes and decisions for compliance audits
This doesn’t have to be complicated. Just get the system in place now, and start using it as new clients come through or existing ones trigger a change.
Final word
This isn’t just another checkbox or ATO update. This is a shift in how accountants manage risk, trust, and compliance with their clients.
Some will wait until June 2025 and scramble. Others will start quietly, confidently now — getting ahead of the curve without disrupting their client base.
If you’re overwhelmed or just need help mapping this out, let’s chat. We’re already working with firms to simplify the onboarding, ID, and record-keeping processes so they can stay focused on delivering value — not worrying about regulation.