Identity Verification Protocol Template for Perth Private Client Accountants: A Reusable APP-Aligned Onboarding Check

A new high-net-worth client wants you to act on their tax file number, set up a trust structure, and field a payment to a personal account this week. The introduction came by email from someone you know — but you’ve never met the client in person. You need a verification protocol that is consistent, documented, and defensible if the client turns out to be impersonated. The Identity Verification Protocol Template gives you that one artefact, ready to use on the next file.

Why it matters now

Private client accountants in Perth handle exactly the personal information that identity thieves want: full name, date of birth, tax file number, address history, signature samples, bank account details, and copies of identity documents. The Privacy Act 1988 (Cth) regulates how this personal information is collected, stored, and disclosed, and applies to most Australian Government agencies and to private sector organisations with an annual turnover of more than $3 million — and to some smaller organisations as well. The Act is built around 13 Australian Privacy Principles (APPs) governing collection, use, disclosure, security, and access, and is administered by the Office of the Australian Information Commissioner (OAIC). The Notifiable Data Breaches scheme requires APP entities to notify affected individuals and the OAIC of eligible data breaches. An onboarding identity-verification step that fails — accepting a doctored licence, processing a tax file number without confirming the person — is the first link in most identity-theft chains targeting accounting firms.

The 5-minute view

• The Privacy Act 1988 (Cth) sets the legal framework for handling personal information in Australia and is administered by the OAIC
• The Act applies to most Australian Government agencies and to private sector organisations with annual turnover over $3 million; some smaller organisations are also covered
• The 13 Australian Privacy Principles (APPs) govern collection, security, and disclosure of personal information held by APP entities
• The Notifiable Data Breaches scheme requires eligible data breaches to be reported to the OAIC and affected individuals
• Tax file numbers are separately regulated under the Privacy (Tax File Number) Rule 2015, with stricter handling requirements
• Identity-theft attacks on accountants commonly begin with impersonated email introductions, doctored identity documents, or “new banking details” requests against an existing client
• A documented, consistent identity-verification protocol — applied to every new client and every payment-detail change — is the single highest-leverage control an accounting practice can implement at onboarding
• The OAIC publishes guidance for organisations on personal information handling at https://www.oaic.gov.au/

What DRMO does about it

The Identity Verification Protocol Template is a productised L1 deliverable: a reusable PDF template plus a written walkthrough, designed for a small private client accounting practice to drop into its onboarding workflow without bespoke consulting. The template structures identity verification around three checkpoints — document verification, liveness/face-match step, and out-of-band confirmation of any banking or instruction change — and is aligned to the structure of the Australian Privacy Principles around collection (APP 3), data quality (APP 10), and security (APP 11) as set out in the Privacy Act. The walkthrough explains how to adapt each checkpoint to a single-partner practice, a multi-partner firm, or a remote-onboarded client. This is a template, not legal advice; it is operational support for the practice’s own Privacy Act obligations.

The deliverable

• PDF Identity Verification Protocol Template (editable fields, A4, branded for your firm on request)
• Written walkthrough (PDF, approximately 12 pages) covering each checkpoint, the rationale, and a sample completed template
• Decision tree for “what to do when a verification step fails”
• Banking-instruction-change verification sub-protocol (out-of-band callback script)
• Suggested record-retention note aligned to APP 11 security obligations
• Delivered via email within 1 business day of payment

CTA

Buy the Identity Verification Protocol Template — AUD $149

A single-purchase productised template. No discovery call required. Suitable for any Perth private client accounting practice that onboards clients remotely, handles tax file numbers, or processes banking-detail changes on existing files.

For a tailored verification protocol covering multiple service lines, multiple offices, or integration with a specific practice management system, see the DRMO Retainer (consultative; book a discovery call separately).

Sources

1. Office of the Australian Information Commissioner — The Privacy Act: https://www.oaic.gov.au/privacy/the-privacy-act
2. Office of the Australian Information Commissioner — general guidance for organisations and notifiable data breaches scheme, published at: https://www.oaic.gov.au/
3. Federal Register of Legislation — Privacy Act 1988 (Cth), available at: https://www.legislation.gov.au/

DRMO capability references:

• Identity Verification Protocol Template (L1 service shape, productised)