Show download pdf controls
  • Tax Profession Digital Implementation Group key messages 30 May 2019

    ATO Online services for agents

    ATO Assistant Commissioner Andrew Watson provided an update on the progress of the transition from the tax and BAS agent portals to the ATO Online services for agents.

    Online services are now the default service for BAS agents with the public Beta finishing on 29 May 2019. BAS agents can still access the BAS agent portal via a link on the landing page.

    To date approximately half of registered tax and BAS agents have used the new platform, with a large number of those staying with the new services. BAS agent feedback being received by the professional associations is overwhelmingly positive with most finding it to be a much better environment overall. The current need to go back to the portals to access some services is an irritant for agents.

    Members discussed various feedback received from users. The ATO will prioritise irritants and enhancements and continue to upgrade functionality to maintain the contemporary services.

    There is currently no date set to decommission the agent portals. It was noted that portal functionality will start to become degraded following the Activity Statement Financial Processing (ASFP) account changes in December 2019, and the portals will not support myGovID following the decommissioning of AUSkey in March 2020.

    The ATO recognise that there will be a group of agents who will not transition to the online services until the portals are decommissioned. The ATO will continue with change management activities for both BAS and tax agents during the transition with a date to be determined to make online services the default service for tax agents.

    Members discussed agents not having access to deceased taxpayer information in the new online services. The application of the legislation was reviewed in the development of the new online services. At the time the ATO is notified of the death of a taxpayer the relationship with the tax agent ceases and therefore access to records ceases. The ATO is looking at possible administrable options to work around this and considering if legislation requires to be changed to allow agent access to deceased taxpayer records.

    For more information, refer to Online services for agents.

    Digital identity program and AUSkey transition

    ATO Director Claire Miller provided members with an update on the release plan timelines for the AUSkey replacement solution.

    • myGovID and Relationship Authorisation Manager (RAM) will be enabled within the business portal early in June 2019. The myGovID app will be available in the Apple Store in preparation for the public beta release.
    • A commencement date for the private beta for Online services for agents is still to be determined as the RAM solution for access manager is finalised.

    Members were provided with an overview of the business portal public beta. It was noted that users will have the choice of using either AUSkey or the myGovID/RAM solution until March 2020. Members raised concerns regarding the date of the desktop solution development and it being too close to the AUSkey de-commission date.

    Professional association representatives suggested that having the list of agents participating in the private beta for online services for agents would assist them to utilise these agents for educational and communication activities closer to the transition. The ATO will ask participants for their permission to disclose these contact details.

    Professional association representatives also requested that any materials provided to beta participants also be shared with professional associations to provide them with context for developing communications for association members.

    Members were provided with a demonstration, using a test environment, of the processes to:

    • set up myGovID
    • set up and link a business in RAM
    • add authorised contacts for the business
    • authorised employees accept their access.

    Key points noted from the demonstration include:

    • Additional identity documentation will be added in coming months to assist Australian citizens that may not have the current documents required.
    • For the AUSkey transition the IP2 level of identification will be required. IP3 will be included in a later release.
    • Business records must be maintained and kept updated in the Australian Business Register (ABR). Communications during the transition will highlight this.
    • Authorisation, access levels and access end dates can be set individually for each user.
    • Employees can provide an email address of choice to their employer for the authorisation process – it does not need to be the same email used to set up their own myGovID.

    Members noted that a bulk process to refresh accesses for groups or across the business is required, for example when new functions are released by the ATO that updates are required for. There is no current solution and the ATO are working on support for this.

    Concerns were raised regarding the potential situation where an identity is stolen without a myGovID being previously set up. This would allow the ability to set up fraudulent identities until IP3 is released.

    Key impacts for tax and BAS agents

    Members were shown a draft document outlining the key impacts of the transition. The context and structure of the document was explained. Members will be provided with a copy of the draft document post session for their feedback on the content and to provide any further impacts that are not currently identified.

    It was noted that there may need to be changes in internal practice policies/guidelines regarding appropriate access as a result of this transition. The ATO will not dictate these as they are seen as a condition of employment and area of internal security policies of the individual business. The ATO, Tax Practitioners Board (TPB) and professional associations will need to work in conjunction to provide support on this. This will be tabled for discussion at the next working group meeting.

    Business transition approach

    Members were shown a draft document outlining the key components of the overarching AUSkey transition program as it applies to tax professionals.

    Members will be provided with a copy of the draft document post session and asked for their feedback on the content.

    It was noted that:

    • from September to December 2019 there will be a significant ramping up of the communication and engagement activities
    • early in 2020 there will be more forceful activities recognising that an associate for each business and all practice representatives requiring access to Online services for agents will need to have set up their myGovID
    • post AUSkey decommissioning in March 2020 the focus will be on providing support.

    As the majority of the transition work will fall on the administrator who is managing current authorisations within the practice, members agreed that information regarding the change should be targeted to these contacts.

    Members raised concerns that potentially the extent of the change has not been realised by some practice administrators. This is especially so for those practitioners who are not digitally savvy, and they may be overwhelmed if they leave change preparation until close to the AUSkey end date.

    Members highlighted that identifying who needs to act and when is the key to targeting communication.

    Tax Time 2019: ATO system readiness

    Members discussed the readiness of the ATO, digital service providers and tax professional associations for Tax Time 2019.

    It was acknowledged that Tax Time 2019 may be challenging and differ to previous years with the implementation of single touch payroll, granular data, the expansion of the taxable payment reporting system and the transition to ATO Online services.

    Members discussed the increase to the low and middle income tax offset (LMITO) becoming law and how amendments would be processed depending on when the legislation was passed.

    The recommendation for tax agents is to wait for income statements to show as ‘tax ready’ and delay lodgment until later in July to allow for pre-fill information to be completed.

    Cyber security

    Assistant Commissioner Jamie Norton provided an overview of the types of security concerns currently being seen in the community.

    • Phishing emails and links to fraudulent web pages are the largest portion of scams attempts, and sophisticated targeted emails are being used.
    • Same passwords are being used on multiple sites (credential stuffing) and if one site is compromised the credentials for multiple sites can also be compromised.
    • 2-factor authentication is being used more often, but some sophisticated attacks will also target an individual’s mobile device and therefore the contact seems genuine.
    • Temporary employee access provided to business systems that is not revoked when no longer required.
    • Criminal groups impersonating agents are contacting the ATO and obtaining information or lodging returns using stolen credentials.

    AUSkey is still a relatively secure channel. The ATO are not seeing compromising transactions between practices and the ATO, more of a concern are interactions between practices and the end users.

    Members agreed that there needs to be more regulation across the profession and enforcement by the TPB to comply with mandatory cyber security requirements. Having cyber risk insurance is considered ‘best practice’ by the TPB and many accounting bodies require their members to have a cyber risk strategy.

    Members felt there was a lack of knowledge in the community on the potential risks and damage to practices and clients, and of strategies that practices can employ to mitigate their risks. The transition to myGovID provides an opportunity to communicate cyber security techniques and better inform both tax practitioners and clients as part of this process.

    For more information, refer to Online security.

      Last modified: 26 Sep 2019QC 60199