CPA firms continue to face unique challenges as they navigate some of the current liability issues and trends facing the profession, including beneficial ownership information filing under the Corporate Transparency Act, artificial intelligence, and cyberthreats.
“We strongly encourage firms to proactively prepare for risk by following some basic best practices,” advised Suzanne Holl, a CPA and executive vice president at insurance company Camico.
These best practices include:
Set the right “tone from the top.” Encourage and reward a culture of transparency within the firm hierarchy to identify and communicate risk issues to help minimize potential exposures and enable the firm to early report liability concerns to their professional liability carrier and benefit from any proactive risk management guidance and support that may be available.
Prioritize performing the right services for the right clients, as not every client is a good fit for every firm. Evaluating the firm’s client base has become even more important as firms face staffing constraints.
Close the expectation gap. Proactively manage and document client expectations to minimize the risks associated with potential gaps between what they expect and what you’re offering.
Corporate Transparency Act risks
The new beneficial ownership reporting requirements under the CTA took effect on Jan. 1, 2024, and months later, the small-business community remains woefully unprepared for compliance with this complex reporting regime. As many small businesses look to their CPA for guidance and assistance, this poses potential added risks to firms.
One of the overarching concerns is whether CTA-BOI advisory services would be deemed the unauthorized practice of law for CPAs and nonattorney tax professionals. Given that each state has its own definitions of what services are considered UPL, this is a complex and nuanced risk requiring firms to stay current on the UPL issue in the states where they are licensed, as well as the states in which clients reside.
John Raspante, director of risk management at McGowanPro, sees the CTA as a source of controversy.
“It hasn’t caused a claim yet, but we’ve received more than 1,000 calls regarding beneficial ownership reporting requirements,” he said. “The forms have to be filed by the end of the year for existing entities, with FinCEN. The questions revolve around whether CPAs are allowed to do this work, and if they do it, will they be covered under their policy. It’s more than likely that claims will be forthcoming on this issue. Once the form is filed, there has to be continual monitoring since modifications to the form have to be filed as well. If the accounting firm is sold, if the filer or a beneficial owner changes their residence, or the business adds an additional owner, it all has to be reported.”
Camico continues to advise CPAs to be vigilant and prepared to minimize the potential of additional liability exposures by following risk management best practices, which at a minimum should include:
Informing and advising clients in writing regarding the new beneficial ownership reporting requirements under the CTA, and recommending that they seek legal guidance.
Modifying traditional tax and financial statement engagement letters to include language that specifically disclaims the firm’s involvement in assisting clients with CTA compliance under the terms of that agreement.
Using standalone engagement letters if the firm is rendering CTA-related services to clients that specify the limited nature of the services the firm is providing, such as the filing of the initial BOI report or the filing of a corrected or updated BOI report, and that contain appropriate disclaimer language for such limited services.
Preparing your own firm for compliance if you are deemed to be a “reporting company” under current CTA guidance.
Generative AI
“Generative AI is no longer just a buzzword,” said Holl. “The technological advancements that generative AI promises have the potential to reshape how firms provide professional services, communicate with clients, and even how leaders manage their firm.”
Although generative AI solutions can provide benefits for CPA firms, she said, “From a liability perspective, there are critical risks associated with generative AI that should be vetted by firms and mitigation strategies implemented to minimize potential exposures.”
Among those risks are concerns with accuracy and quality control, confidentiality, privacy, security, and ethical issues. Successful integration of generative AI requires a well-crafted implementation plan that should include, among other things, appropriate education and training to ensure responsible use.
“We believe a clear and concise generative AI policy to document a firm’s authorized usage is paramount in minimizing risk and achieving firm goals using AI,” Holl said.
Cyber exposures
Cyber exposures have become increasingly problematic as cyber criminals are targeting CPA firms and tax professionals due to the type of information they gather and store. If the criminals are successful in gaining access to the firm’s information, costly measures may need to be taken including, but not limited to, hiring IT forensic experts to determine the extent of a potential breach, consulting with attorneys specializing in data breach laws and notification obligations, and providing credit monitoring to those impacted by a breach.
A far-too-common scenario is when a fraudster controls the client’s and the firm’s email, commonly referred to as a “man in the middle” attack. In these situations, the fraudulent request may mimic previous legitimate requests, which can make it very difficult for a firm to identify the request as illegitimate. As fraudulent wire transfers frequently cause large dollar losses, firms need to be hypervigilant in their efforts to protect the firm and clients against wire transfer fraud.
Insurance experts strongly recommend that firms have written protocols in place with clients who need such services that outline the protocols to be followed when executing wire transfer requests.
Preparing defenses
It’s important to have a “meeting of the minds” at the outset of a client relationship, according to Sarah Ference, risk control director for the Accountants Professional Liability Program at CNA, the underwriter for the AICPA Professional Liability Insurance Program. An engagement letter is the tool that not only helps achieve this, but is also a first line of defense if a relationship sours.
“An engagement letter helps set the stage for success throughout the engagement. That kind of understanding really aids in mitigating risk and resolving issues that might arise, or may even prevent them from arising. Yet CPAs tend to shy away from using engagement letters,” she said.
“We continue to see areas of practice like tax which lack engagement letters,” Ference noted. “Of the claims asserted in 2023 against CPA firms in the AICPA Professional Liability Insurance Program, about 75% stemmed from tax services. Of those, over 50% didn’t have an engagement letter, which puts the CPA in a difficult position to defend the claim. We have seen similar percentages in prior years. Intuitively, if there was an engagement letter that spelled out what you’ve agreed to do, what a client’s responsibility was, and limitations of your responsibility, a claim may never arise. In that case, a client disagreement wouldn’t appear on our radar because the disagreement would have already been resolved before it turned into a claim.”
Anytime a CPA is delivering a service, they should consider an engagement letter, according to Ference: “Engagement letters are critical when doing any kind of consulting. The more specific, the better. Make sure that the letter is structured in such a way that there is no ambiguity. Ambiguity opens the door to broad interpretations and makes it difficult to align expectations between the CPA and the client.”
“It’s all about relationships,” according to Alvin Fennell, vice president and senior risk advisor at Aon, manager of the AICPA Professional Liability program. “CPAs are extremely customer-sensitive. Where they have a longtime client, they hate to request an engagement letter. I tell them: ‘Blame it on your insurance carrier. They require me to get an engagement letter!'”
“The most prevalent current risk is changes in regulations and accounting standards,” he said.
The lack of talent coming into the profession is a problem. “A lot of individuals are coming out of college and going into industry rather than accounting firms, causing more competition for talent in firms now. Big firms are acquiring smaller firms just to get at the talent they need,” Fennell said.
Finally, Raspante noted that, while accountants may not have handled a lot of Employee Retention Credits, many were confronted with the need to amend the business tax return to include the proceeds of an ERC.
“If the underpinnings of the ERC were incorrect, it can cause issues with us,” he said. “The voluntary disclosure program will create more claims. If an accountant didn’t tell us about the voluntary disclosure, it can cause a lot of damage.”
In a case involving phony documents and unpaid taxes, a prominent Washington, D.C.-based accountant pleaded guilty last week for making false statements on a mortgage application after failing to file IRS returns.
A certified public accountant with expertise on tax compliance and due diligence matters, Timothy Trifilo has held partner or managing director positions at several firms for over four decades. He also taught courses in taxation and real estate as an adjunct professor, the original Department of Justice indictment said. Trifilo was hired as a managing director with consulting firm Alvarez & Marsal earlier this year.
The fraud allegations resulted from a 2023 purchase, when Trifilo applied for a $1.4 million mortgage on a Washington property. When the unidentified issuing bank advised that they could not locate recent tax returns nor approve his application without them, Trifilo submitted copies of 2021 and 2022 IRS filings to the lender, who then originated the loan.
Investigators later discovered that, in reality, Trifilo had neither filed returns nor paid taxes for any year beginning in 2012 despite income over the subsequent decade totaling more than $7.7 million. His annual earnings ranged between $636,051 and $948,252 during that time, amounts that required him to file individual tax returns each year.
On documentation delivered to the lender in support of the mortgage application, a former colleague of Trifilo was identified as responsible for preparing, reviewing and signing the falsified returns purportedly submitted to the Internal Revenue Service.
“This individual did not prepare the returns, has never prepared tax returns for Trifilo and did not authorize Trifilo to use his name on the returns and other documents that Trifilo submitted,” a DOJ press release said.
A grand jury originally indicted Trifilo in September on seven counts, including bank fraud and failure to file tax returns, as well as aggravated identity theft. His actions led to a tax loss for the IRS of $2.1 million.
He faces a maximum sentence of three decades in prison for defrauding the lender, as well as one year for failure to file tax returns. Sentencing is scheduled for May 19.
In addition to potential prison time, Trifilo may be required to forfeit the original loan amount and property acquired through bank fraud, the original indictment stated. He also faces a period of supervised release, monetary penalties and restitution.
Attorneys from the DOJ’s tax division prosecuted the case, with evidence based on findings from the IRS criminal investigation unit.
Submission of phony forms and documents have played a role in multiple fraud cases this year, pointing to a pain point in the mortgage process that could end up costing lenders. Problems in income and employment data specifically had a defect rate of 37.01% to lead all underwriting categories between March and June this year, according to Aces Quality Management. The number surged from 23.42% in the first quarter.
The American Institute of CPAs is asking the Securities and Exchange Commission to reject the Public Company Accounting Oversight Board’s recently adopted standard on firm and engagement metrics, arguing they would drive smaller firms out of the auditing business and affect companies large and small.
The PCAOB voted to adopt the standard last month, along with a related standard on firm reporting, but the new rules still need to be approved by the SEC before they become official and take effect. Under the new rules, PCAOB-registered public accounting firms that audit one or more issuers that qualify as an accelerated filer or large accelerated filer would be required to publicly report specified metrics relating to such audits and their audit practices. The PCAOB made some changes from the originally proposed rules to accommodate some of the objections from the audit industry and public companies, but they remain far reaching in scope. The AICPA argues that the rules would affect more than just accelerated filers and large accelerated filers and could harm smaller companies and their auditors as well. Under SEC rules, accelerated filers are companies that have a public float of between $75 million and $700 million, annual revenues of $100 million or more, and have filed periodic reports and an annual report within the past year. Larger accelerated filers have a public float of $700 million or more. The AICPA expressed caution soon after the PCAOB voted to approve the new standards, but said it was still studying it. Now it is coming out firmly against the new rules and urging the SEC to reject them.
“Alternative approaches that better balance transparency, cost, and the needs of audit committees, while continuing to support the quality of audit services and choice of audit providers available to perform public company audits and serve the public interest should be pursued, rather than introducing potentially detrimental unproven regulations,” the AICPA said in a comment letter to the SEC.
The AICPA argues the new rules would hurt U.S. capital markets as well as the investing public, in addition to auditing firms of all sizes.
“We believe these rules will have unintended negative consequences, including driving small and medium-sized firms out of the public company auditing practice,” said AICPA comment letter. “This would result in fewer firms performing audits which are critically important for smaller and medium size companies seeking to access the U.S. capital markets. Consequently, companies will face greater challenges and higher costs in meeting necessary audit requirements to access to the U.S. capital markets. The PCAOB acknowledges that mid-sized and smaller accounting firms serving small to mid-sized public companies will incur substantial, if not prohibitive, costs in complying with the proposed amendments. The final rules reaffirm the PCAOB’s belief that the rules will disproportionately affect smaller firms.”
The AICPA contends it’s overly simplistic to believe the impact of the rules would mostly fall within the market for large accelerated filers.“Smaller audit firms often serve clients of varying sizes, and their departure from the broader public company audit market could result in a substantial loss of audit firm options, particularly for smaller, less complex accelerated filers,” said the AICPA. “The loss of competition and the reduction in available audit firms could lead to higher costs and less favorable engagement terms for these smaller issuers. A landscape in which smaller issuers have fewer options contradicts the PCAOB’s goal of promoting fair competition.”
The AICPA disputes the claim by proponents of the new rules that competition may increase in the non-accelerated filer audit market as firms exit the accelerated filer and large accelerated filer markets. “This fails to account for the fact that non-accelerated filers often rely on firms with specific expertise and resources,” said the AICPA comment letter. “Further, the firms exiting the accelerated filer space may not be able to effectively redeploy their capacity to the non-accelerated filer market. In fact, their exit could lead to a loss of specialized services and a further concentration of resources in the larger end of audit firms, making it harder for non-accelerated filers to secure high-quality, affordable audits.”
The AICPA disagrees with predictions that profitable firms in the larger audit markets could expand their market share against the Big Four. “The resources required to absorb and integrate such capacity are substantial, and many firms may not have the operational flexibility to do so without significant strain on their existing clients and resources,” said the AICPA comment letter. “This further risks driving up audit costs for smaller and mid-sized issuers, which are often less agile and unable to absorb such change without significant disruption.”
The Institute is also concerned about the use of performance metrics within the PCAOB’s inspection and enforcement program, and how they might drive up the risk of enforcement for minor, unintentional reporting errors. It said the PCAOB rejected calls for a threshold based on the severity of reporting errors. The PCAOB declined a request for comment.
Aiwyn, a provider of technology solutions for accountants and CPA firms, has closed a $113 million funding round.
The money will help the company continue its evolution from its original focus on payments and collections for accounting firms into a more comprehensive tool for practice management.
Among other things, that will include building a universal client experience portal, where accountants can access all of their engagements in one place.
The funding will also be used to accelerate product development on both the company’s practice management platform, and on a tax solution that it is working on.
“Aiwyn is committed to empowering CPA firms to elevate their operations and client relationships,” said chairman and CEO Justin Adams, in a statement. “With this investment, we are poised to redefine how firms manage their operations from the CRM to the general ledger, while setting a new benchmark for client experiences. For too long, firms have had to decide between a legacy vendor or modern point solutions. We are proud that Aiwyn is a trusted platform for CPA firms.”
The round was led by global investment firm KKR and Bessemer Venture Partners. KKR is funding this investment primarily from its Next Generation Technology III Fund.
“The accounting industry represents a large market that has long been served by legacy players. Aiwyn is solving a clear functionality gap in the market with a solution that is easily adopted and rapidly delivers tangible enhancements to the customer experience, most noticeably through significant reductions in days sales outstanding,” said Jackson Hart, a principal on KKR’s technology growth team, in a statement.
“Aiwyn’s product suite is already quite impressive, but the company is really just getting started on its quest to deliver compelling technology to the accounting industry,” added Bessemer partner Jeremy Levine, in a statement.
Cooley LLP served as legal advisor to Aiwyn; Latham & Watkins LLP served as legal advisor to KKR; and Arnold & Porter Kaye Scholer LLP served as legal advisor to Bessemer.