5 Best Practices for Addressing CPA Firm Professional Liability Risks

With today’s expanding technology and issues surrounding audits, cybersecurity, regulatory and tax reform challenges as well as COVID-19-connected realities, accounting and CPA firms are up against several emerging professional liability risks during their daily operations. And while it is impossible to avoid every hazard, there are ways to mitigate potential risks. 

In this article, we will look at key trends driving the increase in professional liability risks that can impact your CPA clients. By paying close attention to these matters, your clients can identify areas where they may have risk exposures and, as a result, focus on mitigating potential losses. 

Emerging Trends in Professional Liability Exposures

Cybersecurity Liability Exposures 

Over the past eight years, CPA firms have reported an 80% increase in data breaches. Among these breaches, firms reported a 40% rise in ransomware and extortion attacks. Today, data breaches and incidents involving ransomware or extortion have become the top cybersecurity issues for CPA firms. 

CPA firms are treasure troves of sensitive financial and other personal client data for hackers, impacting both large and small businesses. In fact, according to the Journal of Accountancy, small and medium-sized accounting firms are often targets for data theft, primarily because the sensitive client data they store can be gateways to the servers of larger businesses and financial firms. In addition, hackers know that smaller firms may not have the resources to safeguard against a cyberattack.  

According to the Journal of Accountancy, damage claims are the most common type of cyber-related liability exposure. These claims are the direct result of when a client or third party brings both direct and cross-claims for indemnification against the firm for damages incurred.  

• Direct claims relate to costs incurred to investigate and mitigate damages that are attributed to the breach. Damages for lost business directly or indirectly related to the breach could also be sought (e.g., a disclosure of trade secrets). 
• Cross-claims involve the indemnification from individual or class-action lawsuits filed against the firm by employees or customers who allege that the firm failed to secure confidential data that resulted in identity theft or loss of business. Your CPA clients may also face civil and criminal enforcement proceedings if regulators deem that the firm was responsible for the breach.

Wire Transfer Fraud 

Another emerging cybersecurity liability trend for CPA firms stems from wire transfer fraud. Over the past year, the industry has experienced a significant increase in the frequency of wire transfer scam attacks against accounting firms.  

Today’s hackers are actively seeking opportunities to initiate wire transfers for their own benefit. As a result, millions of dollars can be lost through fraudulent wire transfers. According to Deloitte, wire transfer or social engineering fraud comes in many forms, but typically involves email impersonation, phishing, fake caller IDs, email spoofing (often including embedded code to make fake email accounts look like internal email accounts), and other related email hacking and account compromise.

Wire transfer liability fraud claims against a CPA firm typically result in costs associated with:

• Litigation and remediation expenses
• Direct monetary losses
• Increased auditing, monitoring and investigation efforts

Pandemic-Related Professional Liability Exposures 

As a result of COVID-19, we’re seeing more employees continuing to work remotely from home. Hackers are now targeting home office systems to gain access to the firm’s data because it is easier to infiltrate a home router system compared to a firm’s protected network.  

Tax filing is another pandemic-related issue with employees working remotely. For example, if a firm located in New York has staff who live and are now working remotely from home in New Jersey, employees and the firm could mistakenly be filing taxes in the wrong state.    

Conservation Easement Exposures

A professional liability exposure that is unique to CPA firms has to do with conservation easement exposures. 

Landowners with substantial acreage sometimes opt to deem undeveloped land as a wildlife refuge. In return for their charitable contribution to improve conservation efforts, the U.S. government provides them with a substantial tax break. The problem with this scenario, however, lies with landowners who aren’t truly using their land for a wildlife refuge but instead are simply holding onto land they aren’t currently using. 

Given recent updates to IRS enforcement actions, it’s critical for CPA firms to understand the potential for liability claims arising from the sale of these alternative investment products. The new tax reform updates made under the Trump administration have prompted the IRS to look at conservation easement transactions with greater scrutiny and flag potential abusers. 

CPAs who are providing consultative services to landowners without knowing all the facts regarding these types of transactions could be putting themselves and their firms at risk for a malpractice lawsuit. 

Paycheck Protection Program Loan Exposures

At the start of the pandemic, Congress passed the Paycheck Protection Program (PPP) to provide direct economic assistance for small businesses and to preserve jobs for Americans. The program provided small businesses with funds to pay for up to eight weeks of payroll, benefit costs and interest on mortgages, rent and utilities. Provided the recipient uses the loan for the specified intended purposes and that at least 60% is used for payroll expenses, the loan would not have to be paid back.   

Today, carriers are anticipating the potential for new claim trends arising from consultative services provided by CPAs to their business owner clients in relation to PPP loans. Because the loan program is so new and rules surrounding eligibility have been updated, business owners are still learning how to navigate the particulars of the program to get the most benefits while staying compliant. 

Potential liability claim issues that could arise are likely to involve business owners who, based on the counsel of their accountant, did not think they had to repay their loan but are now being billed. For example, an owner could allege that the accountant encouraged the business to take advantage of the PPP loan but failed to explain contingencies relating to furloughed workers and rules regarding the rehire of some, but not all, of the business’ employees.    

Audit Preparation Exposures

It is not unusual for a business owner who is seeking a commercial business loan from a financial institution to request that his or her CPA prepare a detailed profit, loss and balance statement to submit with the application. But what happens if, after being approved for the loan, the business goes bankrupt a year later? 

Accounting insurance carriers are beginning to see institutional investors suing CPA firms that prepared audits for business loans, alleging that the firm misrepresented the financial position of the business. This type of emerging exposure has only been exacerbated by the pandemic, and we are just now seeing accounting professionals being subject to large and costly errors and omissions liability claims. 

5 Best Practices for Mitigating Risks

Risk mitigation for CPAs starts with identifying where all potential emerging liabilities may exist and following best practices. The following are the top five best practices that can help your CPA clients better safeguard themselves against costly professional liability claims.  

1. Have an iron-clad engagement letter. An engagement letter is a must. A critical component of creating an engagement letter includes the full scope of the services that the firm performs, and in which the boundaries of said services are clearly defined. When the scope of services changes, engagement letters must be immediately created and re-distributed. 

2. Be diligently aware of possible conflicts of interest. It is not unusual for firms to represent individuals who have ownership interests in other companies. Firms can avoid costly lawsuits by investigating possible conflicts of interest and, when necessary, passing on deals where multiple entities are represented in a transaction or by simply notifying all parties who are involved by way of a disclosure. 

3. Examine current IT infrastructure. To ensure files are protected, firms should consider performing regular security audits to identify vulnerabilities in their IT infrastructure. The results from the security audit can help establish a plan to close any security gaps that make the organization vulnerable to ransomware.

4. Take advantage of carrier risk-management tools. Many carriers offer a broad array of risk-management tools within their professional lines policies that often include training modules, best-practice tutorials and education seminars for firms and their employees. It is in the firm’s advantage to know what is available and how to access these valuable resources. 

5. Stay on top of deadlines and federal tax and IRS laws and regulations. While it may seem obvious, it’s worth mentioning that financial professionals must stay current on constantly evolving regulatory issues and amendments to various government orders to avoid potential missteps that could lead to costly legal claims. 

Bonus! Top 3 Coverages to Include on Every CPA Firm Professional Liability Policy

Many professional lines carriers are beginning to create policies that consider many of today’s new and emerging liability exposures. That’s why it has become so important for brokers to work with a wholesaler that has the carrier market reach and industry expertise to secure coverage that meets the specific needs of their financial firm clients. 

The three main coverages that should be on every professional line policy are: 

1. A very broad description of professional services. Because accounting firms perform and consult on a wide variety of financial services, it is vital that their insurance policy clearly spells out what types of services are covered and how they apply to the firm. 

2. Subpoena or disciplinary proceeding coverage. Often overlooked by CPA firms, this type of coverage helps pay expenses required to defend against disciplinary proceedings that are brought against the accounting firm. 

3. Specifics as to the handling of claims. It is important for firms to closely examine policy language regarding how the carrier handles claims. For example, policies that will allow claims to be settled out of court by mediation can save the firm from incurring costly legal expenses. In addition, carriers are more apt to waive policy deductibles when claims are settled via a moderator.  

Takeaway

It doesn’t matter whether a CPA firm is large or small, or whether it serves corporate clients or only prepares personal tax returns, the risk of lawsuits is real. Even longtime clients with whom the firm has had a good working relationship may not hesitate to take legal action if they feel a firm has failed to meet their expectations. 

Diligently staying informed regarding emerging risk exposures and applying best practices are important tactics for limiting risk exposures, but it’s impossible to safeguard against every potential lawsuit. Your CPA clients can better mitigate the financial and reputational impact of a claims event with the right professional liability policy. 

At Amwins, we have access to a wide market of A+ rated carriers and underwriters who specialize in professional liability coverage and related risk management services for financial and accounting firms. To learn more about how we are helping our retail broker partners find their CPA clients the right professional lines policy, contact us today.