Liability insurance for accountants: New times, new risks

CPA firms continue to face unique challenges as they navigate some of the current liability issues and trends facing the profession, including beneficial ownership information filing under the Corporate Transparency Act, artificial intelligence, and cyberthreats.

"We strongly encourage firms to proactively prepare for risk by following some basic best practices," advised Suzanne Holl, a CPA and executive vice president at insurance company Camico.

These best practices include:

  • Set the right "tone from the top." Encourage and reward a culture of transparency within the firm hierarchy to identify and communicate risk issues to help minimize potential exposures and enable the firm to early report liability concerns to their professional liability carrier and benefit from any proactive risk management guidance and support that may be available.
  • Prioritize performing the right services for the right clients, as not every client is a good fit for every firm. Evaluating the firm's client base has become even more important as firms face staffing constraints.
  • Close the expectation gap. Proactively manage and document client expectations to minimize the risks associated with potential gaps between what they expect and what you're offering.

Corporate Transparency Act risks

The new beneficial ownership reporting requirements under the CTA took effect on Jan. 1, 2024, and months later, the small-business community remains woefully unprepared for compliance with this complex reporting regime. As many small businesses look to their CPA for guidance and assistance, this poses potential added risks to firms.

One of the overarching concerns is whether CTA-BOI advisory services would be deemed the unauthorized practice of law for CPAs and nonattorney tax professionals. Given that each state has its own definitions of what services are considered UPL, this is a complex and nuanced risk requiring firms to stay current on the UPL issue in the states where they are licensed, as well as the states in which clients reside.

John Raspante, director of risk management at McGowanPro, sees the CTA as a source of controversy.

Umbrella insurance risk concept
Pixelbliss - stock.adobe.com

"It hasn't caused a claim yet, but we've received more than 1,000 calls regarding beneficial ownership reporting requirements," he said. "The forms have to be filed by the end of the year for existing entities, with FinCEN. The questions revolve around whether CPAs are allowed to do this work, and if they do it, will they be covered under their policy. It's more than likely that claims will be forthcoming on this issue. Once the form is filed, there has to be continual monitoring since modifications to the form have to be filed as well. If the accounting firm is sold, if the filer or a beneficial owner changes their residence, or the business adds an additional owner, it all has to be reported."

Camico continues to advise CPAs to be vigilant and prepared to minimize the potential of additional liability exposures by following risk management best practices, which at a minimum should include:

Informing and advising clients in writing regarding the new beneficial ownership reporting requirements under the CTA, and recommending that they seek legal guidance.

Modifying traditional tax and financial statement engagement letters to include language that specifically disclaims the firm's involvement in assisting clients with CTA compliance under the terms of that agreement.

Using standalone engagement letters if the firm is rendering CTA-related services to clients that specify the limited nature of the services the firm is providing, such as the filing of the initial BOI report or the filing of a corrected or updated BOI report, and that contain appropriate disclaimer language for such limited services.

Preparing your own firm for compliance if you are deemed to be a "reporting company" under current CTA guidance.

Generative AI

"Generative AI is no longer just a buzzword," said Holl. "The technological advancements that generative AI promises have the potential to reshape how firms provide professional services, communicate with clients, and even how leaders manage their firm."

Although generative AI solutions can provide benefits for CPA firms, she said, "From a liability perspective, there are critical risks associated with generative AI that should be vetted by firms and mitigation strategies implemented to minimize potential exposures."

Among those risks are concerns with accuracy and quality control, confidentiality, privacy, security, and ethical issues. Successful integration of generative AI requires a well-crafted implementation plan that should include, among other things, appropriate education and training to ensure responsible use.

"We believe a clear and concise generative AI policy to document a firm's authorized usage is paramount in minimizing risk and achieving firm goals using AI," Holl said.

Cyber exposures

Cyber exposures have become increasingly problematic as cyber criminals are targeting CPA firms and tax professionals due to the type of information they gather and store. If the criminals are successful in gaining access to the firm's information, costly measures may need to be taken including, but not limited to, hiring IT forensic experts to determine the extent of a potential breach, consulting with attorneys specializing in data breach laws and notification obligations, and providing credit monitoring to those impacted by a breach.

A far-too-common scenario is when a fraudster controls the client's and the firm's email, commonly referred to as a "man in the middle" attack. In these situations, the fraudulent request may mimic previous legitimate requests, which can make it very difficult for a firm to identify the request as illegitimate. As fraudulent wire transfers frequently cause large dollar losses, firms need to be hypervigilant in their efforts to protect the firm and clients against wire transfer fraud.

Insurance experts strongly recommend that firms have written protocols in place with clients who need such services that outline the protocols to be followed when executing wire transfer requests.

Preparing defenses

It's important to have a "meeting of the minds" at the outset of a client relationship, according to Sarah Ference, risk control director for the Accountants Professional Liability Program at CNA, the underwriter for the AICPA Professional Liability Insurance Program. An engagement letter is the tool that not only helps achieve this, but is also a first line of defense if a relationship sours.

"An engagement letter helps set the stage for success throughout the engagement. That kind of understanding really aids in mitigating risk and resolving issues that might arise, or may even prevent them from arising. Yet CPAs tend to shy away from using engagement letters," she said.

"We continue to see areas of practice like tax which lack engagement letters," Ference noted. "Of the claims asserted in 2023 against CPA firms in the AICPA Professional Liability Insurance Program, about 75% stemmed from tax services. Of those, over 50% didn't have an engagement letter, which puts the CPA in a difficult position to defend the claim. We have seen similar percentages in prior years. Intuitively, if there was an engagement letter that spelled out what you've agreed to do, what a client's responsibility was, and limitations of your responsibility, a claim may never arise. In that case, a client disagreement wouldn't appear on our radar because the disagreement would have already been resolved before it turned into a claim."

Anytime a CPA is delivering a service, they should consider an engagement letter, according to Ference: "Engagement letters are critical when doing any kind of consulting. The more specific, the better. Make sure that the letter is structured in such a way that there is no ambiguity. Ambiguity opens the door to broad interpretations and makes it difficult to align expectations between the CPA and the client."

"It's all about relationships," according to Alvin Fennell, vice president and senior risk advisor at Aon, manager of the AICPA Professional Liability program. "CPAs are extremely customer-sensitive. Where they have a longtime client, they hate to request an engagement letter. I tell them: 'Blame it on your insurance carrier. They require me to get an engagement letter!'"

"The most prevalent current risk is changes in regulations and accounting standards," he said.

The lack of talent coming into the profession is a problem. "A lot of individuals are coming out of college and going into industry rather than accounting firms, causing more competition for talent in firms now. Big firms are acquiring smaller firms just to get at the talent they need," Fennell said.

Finally, Raspante noted that, while accountants may not have handled a lot of Employee Retention Credits, many were confronted with the need to amend the business tax return to include the proceeds of an ERC.

"If the underpinnings of the ERC were incorrect, it can cause issues with us," he said. "The voluntary disclosure program will create more claims. If an accountant didn't tell us about the voluntary disclosure, it can cause a lot of damage."

For reprint and licensing requests for this article, click here.
Practice management Insurance Risk Risk management
MORE FROM ACCOUNTING TODAY