As tax practice leaders navigate 2024's complex landscape, three major liability challenges demand immediate attention: the new Corporate Transparency Act (CTA), artificial intelligence integration, and evolving cybersecurity threats. Understanding and addressing these risks is crucial for protecting your practice and serving clients effectively.
The Corporate Transparency Act Challenge
The CTA's beneficial ownership reporting requirements, which took effect January 1, 2024, present perhaps the most pressing immediate concern for tax practices. Most small businesses remain unprepared for compliance, and they're turning to their trusted tax advisors for guidance. This creates both opportunity and risk for your practice.
The key concern centers around whether providing CTA-BOI advisory services could be considered unauthorized practice of law (UPL). Since UPL definitions vary by state, you'll need to carefully evaluate your exposure in every jurisdiction where you serve clients. To protect your practice, implement a systematic approach to CTA services. This should start with written notifications to all clients about the new requirements, coupled with recommendations to seek legal guidance when appropriate.
Your engagement letters need immediate attention. Either modify your standard tax and financial statement engagement letters to explicitly disclaim CTA services, or create standalone engagement letters for CTA-related work that clearly define the limited scope of services. Don't forget to evaluate whether your own firm qualifies as a "reporting company" under current CTA guidance.
Artificial Intelligence: Opportunity Meets Risk
Generative AI has moved beyond buzzword status to become a practical tool for tax practices. While it offers significant benefits for improving efficiency and service delivery, it also introduces new risks that require careful management. Primary concerns include accuracy, quality control, confidentiality, privacy, and security.
Success with AI requires a well-structured implementation plan. Develop clear policies documenting authorized usage within your firm. These policies should address how AI tools can be used, what data can be input, and what verification procedures must be followed for AI-generated work. Staff training on responsible AI use is essential – don't assume your team knows how to use these tools appropriately.
Cybersecurity: The Persistent Threat
Cyber criminals increasingly target tax practices due to the sensitive financial and personal information we maintain. One particularly troubling trend is the "man in the middle" attack, where fraudsters gain control of both client and firm email communications to facilitate fraudulent wire transfers. These attacks can be sophisticated enough to mimic legitimate historical requests, making detection challenging.
To protect your practice, establish and document strict wire transfer protocols with clients who require these services. Consider implementing multi-factor authentication and requiring verbal confirmation for all transfer requests. Your cyber insurance coverage should be reviewed regularly to ensure it adequately protects against current threats.
The Engagement Letter Imperative
Insurance data tells a compelling story about engagement letter importance: approximately 75% of tax-related claims in 2023 lacked engagement letters, and over half of disputed tax services had no documented scope. This simple tool remains your first line of defense against liability claims, yet many practitioners still resist using them, particularly with long-term clients.
Consider this perspective from Alvin Fennell, vice president at Aon: "CPAs are extremely customer-sensitive. Where they have a longtime client, they hate to request an engagement letter." His advice? "Blame it on your insurance carrier. They require me to get an engagement letter!"
Critical Next Steps for Your Practice
To address these challenges effectively, consider this action checklist:
Review and update all engagement letter templates to address current risks
Document your firm's AI usage policies and procedures
Implement and document wire transfer verification protocols
Send CTA notification letters to all affected clients
Review and update client acceptance criteria
Evaluate professional liability coverage adequacy
Develop staff training programs for new risk areas
Create clear procedures for reporting potential liability issues
Review UPL regulations in all states where you have clients
Document your firm's cybersecurity procedures
Create an incident response plan for potential data breaches
Most importantly, remember that successful risk management requires ongoing attention and adaptation. Regular review of these procedures with your team and professional liability carrier will help protect your practice as new challenges emerge.
Christine Gervais is a licensed CPA, using her skills to help businesses grow and achieve their fullest potential. Christine has a Master’s degree in accounting from Southern New Hampshire University in addition to holding her CPA license for over a decade. Notably, Christine is a nationally recognized speaker providing education to other CPAs on how to best serve clients as well as instruction on a wide variety of topics for business owners on how to maximize success. Christine prides herself on the value she can bring to clients with her extensive tax knowledge and provides strategic, forward-thinking financial strategies to help clients grow. When not behind her desk, you can find Christine spending quality time with her daughter and stepson or tending to the family’s excessively loved farm animals.
Subscribe to the TPN Newsletter!
Like what you're reading?
Subscribe to our FREE newsletter and we'll deliver content like this directly to your inbox.