USB tokens & passwords for temporary staff (temps)
AICWA has worked with KylieD to produce the following guide to assist with questions and concerns on how temps can transact in PEXA when on assignment (especially when they are covering a sole operator).
Section 4.1(d) requires the Subscriber to comply and continue to comply with the Participation Rules;
Section 4.1(g) includes an obligation to comply, and continue to comply, with the Security Policy
Section 7 of the Participation Rules issued by Landgate details Subscriber’s obligations regarding system security and integrity.
Section 3.7 of the Security Policy sets out Subscriber’s obligations regarding control of Passwords & Digital Certificates.
The bottom line is Digital Certificates (on USB tokens) & Passwords should not be shared!
So what’s a girl to do?
Some sole trader licensees are loath to provide temps a Digital Certificate in the temp’s name because they have to be added to the Trust A/C operating authority with the Bank. This is certainly the case if you want them to be able to authorise debits from the trust account (i.e. a source in PEXA).
However, there are 3 different permissions a Subscriber can grant a User:
1) Signer – Documents
2) Signer – Financial Settlement
3) Signer – Trust A/c Authorisation
PEXA advise that the User is only requires to be a signatory on the Trust A/c for #3.
So if you’re a sole trader, want to take some holidays, but don’t feel comfortable adding a temp as signatory to your Trust A/C them consider issuing them with their own Digital Certificate / USB Token with permissions # 1 & 2. You would need to take your USB Token with you on holidays and sign the odd settlement that requires authorisation for funds to be sourced from your Trust A/C, but it’s better than placing your license & business at risk by “sharing” your Token thus contravening PEXA’s Participation Rules & Security Policy.