How should tax agents be authorised? ICAS issues a strategy paper
HMRC’s new digital processes for authorising tax agents are causing problems for many agents and their clients. Susan Cattell outlines the ICAS strategy for getting authorisation right.
Agents and taxpayers who have used HMRC’s 30-day CGT reporting system or the new version of the Trust Registration Service will have experienced the new digital handshake process required for authorising an agent. It seems that HMRC wants to roll out a separate, cumbersome digital authorisation process for each new service it launches.
Both systems have caused problems for many agents and their clients, particularly for clients who are digitally challenged or digitally excluded. Clients who want to delegate any contact with HMRC to their agent will have discovered that they can no longer do so – the digital handshake process requires them to set up a Government Gateway account. The systems were not fully functional when launched and HMRC’s guidance on the processes was completely inadequate, leading some agents to develop their own guidance for staff.
None of this seems to sit comfortably with the commitment in HMRC’s Charter that HMRC will “respect your wish to have someone else deal with us on your behalf”. Security is obviously important – but making the authorisation process too difficult will lead some to seek insecure workarounds.
ICAS has published a strategy paper on agent authorisation to highlight the key features of a good process – and how to get there.
What would a good authorisation process look like?
The system should be designed to address the needs of all parties as far as is practicable, given the constraints imposed by finite resources. Minimum standards should include:
- The system must enable all taxpayers to appoint a tax agent in a manner which best suits their personal needs and aspirations. This must allow for choice and make provision for disability and digital exclusion. Taxpayers should not be forced to jump through digital hoops to achieve their desired objective. The system must reflect the Charter commitment that HMRC will respect the taxpayer’s wish for someone else to deal with HMRC on their behalf.
- The system must be secure. There need to be adequate safeguards to protect taxpayers, agents and HMRC from criminal use of the system. HMRC needs assurance that the taxpayer has consented to provide agent access to their confidential information.
- The system should maximise the potential benefits of digitalisation. It should streamline access; be efficient and easy to use; and put taxpayers in charge of the process.
- The impact on taxpayer behaviour and compliance must be positive.
How to achieve a good process for all parties - general requirements
- Cost: digital authorisation of any kind must be fully tested before rollout. Failure to do this will will directly affect costs for taxpayers and agents – and indirectly (increased contact, system failures) for HMRC.
- There may be difficult choices arising from the need to balance the demands of security, simplicity and convenience.
How to achieve a good process for all parties - taxpayers
- Require an easy to use, efficient and secure process.
- Ideally the process should be ‘once and done’- and should not involve multiple complex steps spread over time.
- The system must have the functionality to accommodate multiple authorisations – for a variety of reasons taxpayers may use more than one agent.
- Taxpayers should not be required to use digital channels to authorise an agent; the digitally excluded or challenged should be able to retain control of the process through provision of suitable non-digital alternatives.
- The system must meet minimum standards for facilitating inclusion - including the right to delegate digital contact with HMRC to the agent.
How to achieve a good process for all parties - agents
- A single approach to authorisation for all taxes is needed. Current digital roll-out is introducing multiple authorisation channels and different processes for different tasks.
- Agent access and the authorisation process need to be designed into digital systems from the outset.
- There needs to be a detailed road map for how the transition to HMRC Enterprise Tax Management Platform is to be achieved.
- The ability to manage and restrict access within individual agent firms is vital. Authorisation needs to be viewed in context and cannot be separated from firms’ protocols on who can access client data.
- Some members carry out pro-bono work or support family and friends. Appropriate authorisation procedures are needed for this type of activity.
How to achieve a good process for all parties - HMRC
- HMRC needs a system which complies with GDPR requirements.
- The system must allow HMRC to see that the taxpayer has consented to the agent having access to their confidential information.
- Security considerations:
- Is the agent who they say they are?
- Is the system safe from those who might want to hack into it?
- Have safety and ease of use been balanced effectively? I.e. will it be a ‘want to use’ system?
- How and when should alternative non-digital routes be provided?
- How can vulnerable and digitally excluded taxpayers be directed to appropriate HMRC support?