Identity Verification Protocol Template for Perth Family Offices: A Privacy Act-Aligned Process for High-Net-Worth Client Onboarding

You manage the affairs of a small number of families. Each one is a high-value target. An email arrives from “the principal” asking your team to move funds, update payment details, or release documents to a new advisor. The voice on a follow-up call sounds right. The instruction is plausible. The Identity Verification Protocol Template gives your team a written, repeatable process for confirming who is actually on the other end of the request — calibrated for the small-team, high-trust environment a family office operates in.

Why it matters now

Identity theft directed at high-net-worth individuals and the small advisory teams around them is a recognised threat class in Australia. The Office of the Australian Information Commissioner administers the Privacy Act 1988 (Cth), which regulates how organisations with annual turnover above $3 million — a threshold most multi-family offices and many single-family offices exceed once professional services revenue and trust administration are counted — handle personal information. The Privacy Act includes 13 Australian Privacy Principles (APPs) that govern collection, use, disclosure, and security of personal information, and the Notifiable Data Breaches scheme requires APP entities to notify the OAIC and affected individuals of eligible data breaches. Identity theft against a principal typically involves the misuse of personal information your office already holds — date of birth, signature samples, trust deeds, passport scans — making your verification process the operational control that determines whether an impersonator succeeds.

The 5-minute view

• The Privacy Act 1988 (Cth) applies to organisations with annual turnover above $3 million, and to some smaller organisations including those that handle health information or trade in personal information (OAIC).
• The Australian Privacy Principles (APPs) are the 13 binding principles at the core of the Privacy Act, covering the full lifecycle of personal information from collection through to destruction.
• APP 11 requires APP entities to take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure.
• The Notifiable Data Breaches scheme, administered by the OAIC, requires notification of eligible data breaches likely to result in serious harm to affected individuals.
• Identity theft against a principal commonly exploits the small-team trust environment of a family office: few staff, direct lines to the principal, and instruction patterns that are intentionally informal.
• A written verification protocol — applied consistently to every instruction above a defined threshold — removes the judgement call from the moment of pressure and creates a defensible audit trail.
• The OAIC publishes general guidance for entities on personal information security at https://www.oaic.gov.au/.

What DRMO does about it

The Identity Verification Protocol Template is a self-serve productised offer. It is a written protocol document, scoped to the operating reality of a small family office team, that defines: which instruction types trigger verification, the verification steps applied to each type, the out-of-band channels permitted (and the channels expressly prohibited), the records the team must retain to evidence verification, and the escalation path when a verification step fails. The protocol is calibrated to the Australian Privacy Principles — particularly APP 11 (security of personal information) — and references the OAIC’s guidance framework. It is the L1 productised counterpart to the verification workstream inside the DRMO Family Office Protection retainer, made available without a discovery call for offices that need a documented baseline now.

The deliverable

• PDF template (approximately 18 pages) — the Identity Verification Protocol, ready to adopt or adapt to your office’s specific instruction types
• Editable instruction-classification matrix mapping common request types to required verification steps
• Verification logbook template for evidencing each verification event
• 20-minute recorded walkthrough explaining how to deploy the protocol with a small team and how it maps to APP 11 obligations
• Quick-reference one-page summary for principals and trusted staff
• Delivered via email within 1 business day of payment

CTA

Get the Identity Verification Protocol Template — AUD $149

A self-serve productised offer. No discovery call required. Suitable for any Perth family office that wants a documented, Privacy Act-aligned verification process in place before the next high-stakes instruction arrives. This is an operational support deliverable; it is not legal advice on Privacy Act compliance.

Sources

1. Office of the Australian Information Commissioner — The Privacy Act: https://www.oaic.gov.au/privacy/the-privacy-act
2. Office of the Australian Information Commissioner (domain root, general guidance on personal information security and the Notifiable Data Breaches scheme): https://www.oaic.gov.au/

DRMO capability references:

• Identity Verification Protocol Template (L1 service shape, productised)
• Family Office Protection retainer (consultative, L3 — verification workstream)