What ASIC + TPB Actually Let Accountants Say Online (2026)

Most Australian accountants are too conservative on their websites and the reason is usually misplaced fear of the regulators. The compliance framework is real, but the actual rules — when you read them — leave significantly more room than the typical accounting firm website uses.

This post is a plain-English read on what ASIC, the Tax Practitioners Board, the Privacy Act 1988, CA ANZ, and CPA Australia actually let you put on your website. It is not legal advice. It's a working understanding of the rules from the point of view of the website itself.

The bottom line up front: you can talk about your client outcomes in general terms, you can publish indicative fees, you can name client industries, you can use testimonials (with consent), you can describe your process specifically, and you can have a personality. What you cannot do is make misleading representations, imply specialist accreditation you don't hold, or describe yourself in ways that suggest licences you don't carry.

Most firms are leaving 70% of the available room unused.

The four bodies of rules that actually apply

There are four regulatory frameworks that touch the website of a typical Australian accounting practice.

1. The Tax Practitioners Board (TPB)

The TPB regulates registered tax agents, BAS agents, and tax (financial) advice providers. The Code of Professional Conduct under the Tax Agent Services Act 2009 sets the rules, and the 2024 Determination added Code item 17 obligations on top.

What this means for the website:

• If you charge a fee for tax agent services, you must be a registered tax agent, and you cannot advertise tax agent services if you are not registered. Same for BAS services. There are civil penalties and criminal offences for unregistered advertising.
• Your registration number must be reasonably accessible — most firms put it in the footer or on an "About" page.
• You cannot make claims that mislead about your registration, your competence, or your services.

What this does NOT prohibit:

• Describing the kinds of clients you work with
• Naming the industries you focus on
• Publishing fees, including fixed fees
• Saying you've worked on something for ten years if you have
• Having opinions about how to run a business

2. ASIC (if you give any financial product or service advice)

Regulatory Guide 234 covers advertising for financial products and services. It applies to your website if you offer financial advice, hold an Australian Financial Services Licence (AFSL), or are an authorised representative under someone else's licence.

For a pure accounting practice that doesn't advise on financial products, RG 234 mostly doesn't apply directly. Where it bites is when an accounting firm crosses into things like advising on SMSF investments, recommending insurance, or providing financial planning. The Corporations Act 2001 also restricts the use of certain terms (Section 923A restricts words like "independent" in some contexts).

What this means for the website:

• If you have an AFSL or are authorised, your name, licence number, and licensee details need to appear on the site
• Claims about returns, performance, or specific financial outcomes need to be balanced, accurate, and supported
• Comparisons with other providers need to be fair

What this does NOT prohibit:

• Describing your accounting and tax services normally
• Talking about why you think a particular approach (say, structuring through a discretionary trust) suits a particular kind of client

3. The Privacy Act 1988

Currently, the Privacy Act 1988 exempts most businesses with annual turnover under $3 million. There are exceptions — health service providers, businesses that trade in personal information, contractors to government — and most accounting firms fall outside those exceptions.

But this is changing. The Privacy and Other Legislation Amendment Act 2024 was the first tranche of major reforms. The second tranche, expected during 2026 or 2027, is widely flagged to remove the small business exemption entirely. Many accounting firms will need to comply by 2027 even if they don't today.

What this means for the website now:

• If your firm exceeds $3M turnover (or you opt in), you need a clearly expressed and up-to-date privacy policy on your website per APP 1
• The privacy policy must describe what personal information you collect, why, how it's used, and how visitors can access or correct it
• If you use analytics, marketing cookies, or third-party tracking (Google Analytics 4, Meta Pixel, LinkedIn Insight Tag), the policy must say so

What this does NOT prohibit:

• Having a contact form
• Using marketing automation
• Sending emails to people who opted in
• Asking what kind of business someone runs in your enquiry form

The practical recommendation for any firm above $1M turnover: build the privacy infrastructure now, even if you're technically exempt today. The 2027 timeline is going to come fast.

4. CA ANZ and CPA Australia brand rules

If your firm is a member firm of CA ANZ or CPA Australia, you can use the relevant designations on the website under specific rules.

CA ANZ Regulation CR9 sets the terms for the "Chartered Accountants" descriptor and CA logo. CA ANZ requires a specific disclaimer in size 8 Times New Roman font on all firm communications including websites — yes, that's a real rule, and yes, it's in the regulations. Liability disclaimers and proper logo placement are not optional.

CPA Australia has equivalent rules under their public practice marketing guide.

What this means for the website:

• You can absolutely use the CA or CPA logo if you're a member firm
• The disclaimer requirements must be followed (usually in the footer)
• You cannot use the descriptor or logo if you've ceased to be a member or if your firm structure doesn't qualify

What this does NOT prohibit:

• Strong claims about expertise in specific areas
• Personality, opinion, or distinctive design
• Naming the partners and what they're known for

What the rules together actually allow

Let me work through the everyday claims most accounting firms wrongly think they can't make.

"We're specialists in healthcare practices"

Allowed, as long as it's true and you can defend the description in terms of your actual client base and experience. The word "specialist" doesn't have the same restricted meaning in accounting that it does under ASCR Rule 36 for solicitors (where it requires formal accreditation). What you can't do is use a CA ANZ or CPA Australia accreditation badge that you don't hold.

"Our typical engagement starts at $4,800 + GST and most ongoing clients pay between $8,000 and $25,000 a year"

Allowed and recommended. Indicative pricing is a transparency benefit and there's no rule against publishing ranges. The Australian Consumer Law requires that you not mislead — meaning if you publish a range, your actual fees should be defensibly within or near that range most of the time.

"We saved a client $48,000 in tax last year"

Borderline and usually a bad idea. Specific outcome claims need to be defensible, contextualised, and not misleading. A safer phrasing: "We restructured a healthcare practice's income earlier this year and the resulting tax position was materially more efficient. Specific savings depend on individual circumstances." Useful, accurate, defensible.

"Sarah is a Chartered Accountant with 12 years' experience in not-for-profit audits"

Allowed if both halves are true. The CA descriptor is fine if Sarah is a CA ANZ member. The 12 years is defensible if she's been doing audits for 12 years. Be specific.

A client testimonial

Allowed under all four frameworks, but with conditions. You need the client's consent (preferably written). The testimonial must be genuine and current. You cannot edit it in ways that change its meaning. You cannot represent atypical results as typical.

"We use Xero and we won't work with you if you don't"

Completely fine. This is a legitimate operational position. Naming the tech stack is a useful qualifying signal.

"We don't do crypto tax returns"

Fine. Naming what you don't do is good practice and reduces wasted intake calls.

Personality, opinion, and voice

Completely allowed. There's no rule against an accounting firm website having a voice. The defensive-letterhead style most firms adopt is a cultural choice, not a regulatory one.

What the rules actually don't allow

For balance, the things you can't do on the website.

Imply a registration or licence you don't hold. "Tax specialists" if you're not registered tax agents. "Financial advisors" if you don't have an AFSL or authorisation. CA or CPA logo if you're not a member firm.

Make misleading or deceptive claims. Either in fact, or in the implication. Specific financial outcomes that are unusual for your client base presented as typical. "Save thousands on tax" without supporting context. Before/after comparisons that aren't fair representations.

Compromise client confidentiality. Naming clients, naming amounts, naming specific tax positions without consent. Describing matters in enough detail that a reader could identify the client.

Run a contact form without addressing privacy. Even if you're under the small business threshold today, the form needs at least a basic privacy notice and a link to a privacy policy. The 2024 reforms have raised the cost of getting this wrong.

Use the Tax Practitioners Board Registered Agent symbol if you're not registered. It's restricted to current registered agents.

Where the cautious culture comes from (and why it persists)

Two structural reasons accounting websites are overly cautious.

The partners are personally on the hook. Unlike a tech startup where a junior employee writes the website copy, the partners' name and registration are on the marketing material. If something goes wrong, it's their problem. The instinct to under-claim is rational risk management.

The website supplier rarely understands the rules. Most agencies building accounting firm websites are not specialists in the legal/regulatory framework. They default to generic, defensible copy because they don't have the expertise to push the partner to be braver. The partner doesn't push back because they don't have a clear sense of what's actually allowed.

The fix is to bring someone in who understands both. Either a marketing-experienced partner, or a supplier who has built accounting websites before and read the actual rules. The cost of getting it right is small relative to the upside of a website that converts.

A working template for compliant-but-specific copy

A homepage opening that threads the needle:

"Brierley & Cohen is a Chartered Accountants firm in Hawthorn. We work mostly with medical practices, allied health businesses, and professional consultancies generating $500K to $8M in revenue. About three-quarters of our clients came to us through referrals from their previous accountant or a peer in their industry. Most engagements start with a fixed-fee scoping call, run between $9,000 and $35,000 a year, and include quarterly advisory meetings alongside the compliance work. We do not handle SMSF audits or estate matters and we don't take on clients we can't see at least quarterly."

That paragraph is doing serious qualifying work, contains zero misleading claims, names a specific client profile, publishes indicative pricing, names what the firm doesn't do, and is well inside TPB, CA ANZ, and Australian Consumer Law expectations.

Most firms could write something equivalent. Most haven't, because nobody asked them to.

The honest bottom line

The compliance framework around Australian accounting websites is real and worth understanding, but it leaves much more room than the typical firm uses. The defensive-letterhead style most firms adopt is a cultural choice driven by misplaced fear, not a regulatory requirement.

The firms that read the actual rules — TPB Code of Professional Conduct, ASIC RG 234 where relevant, Privacy Act APPs, CA ANZ CR9 or CPA brand rules, and the Australian Consumer Law — and write specifically within them end up with websites that convert measurably better than firms that hide behind "we can't say that."

If you want a read on how your current site actually performs alongside the compliance question — load times, the SEO surface around your service areas, the trust signals search can see — run a free audit on the URL. The report won't tell you what TPB will let you say. It will tell you whether the page where you'd say it is even doing its job in the first place.