HMRC trials access controls for Agents Services Accountby
The tax authority has begun testing functionality in the Agents Services Account that will allow agents to control who can access client records from within their practice.
A new feature, which HMRC is calling “granular permissions” or “access groups”, allows Agents Services Account (ASA) administrators within a firm the ability to create groups into which they can add clients and internal team members who need to work on their tax files. Only team members added to a specific group will have access to the clients in it.
HMRC is currently trialling the access control functionality with a small number of tax agents of varying sizes as part of a private beta test. The feature will then be rolled out to the wider agent community – although HMRC has not given a timeframe for this.
Problems with multiple sign-ins have dogged the ASA for several years, in part due to Verify, the government’s previously preferred identity control, being unable to cope with different users logged in using the same agent identity.
There is currently no functionality in the ASA that allows agents to control who in their firm can access client information, and if they know the correct client identifiers all staff within a practice can access all client records and tax services.
Access group features
As shown in a screenshot below, group members can search for clients and filter them by name, tax reference or tax service.
While functionality allows agents to control who in their agency can make changes, save and submit client information, it does not allow them to restrict permissions any further – for example, giving employees read-only, edit-only or submit-only access.
When rolled out to the wider agent community, the feature will need to be actively turned on in the ASA. If practices do not want to use this functionality, they can leave it switched off. Once activated, the feature can be switched off again.
If the feature is accidentally turned off and the ASA administrator(s) have created access groups, they will be able to turn the feature back on and any groups created will still be available.
HMRC has stated the controls won’t be available to larger agencies – which it defines as those with more than 1,000 clients – in the near future, citing user interface issues and potential problems retrieving client data. The tax authority is “exploring what could be possible” for practices with more than 1,000 clients, but did not commit to a timeline as it is “juggling lots of constraints (mainly financial and time)”.
Once access groups are available to the agent community, guidance on the control functionality will be available in the help and guidance pages on the ASA homepage. To prepare for the roll-out, HMRC encouraged agents to identify who the administrators are in their firms.
Only administrators will have access to the new feature from the Manage Account section on the ASA homepage, and firms will need to have appointed one or more administrators with the ability to control access in order to make the system work.
More details of the access controls and screenshots of the feature are available in the following briefing from HMRC: Granular Permissions or Access Groups.