Accountants' malpractice liability: Fewer claims, but more risks
There is currently a slowdown in claims brought against accountants that is largely due to the strong economy, according to CPA-attorney Richard Witkowski, who specializes in professional liability defense.
At the same time, there are a number of exposures on the horizon that need to be fully understood at the accounting firm level. Professional liability insurance executives see potential risks ahead tied to information security, detecting fraud, providing cannabis services, the Wayfair decision and the Tax Cuts and Jobs Act.
“The economy has been raging the past few years, and when that happens claims go down,” said Witkowski, a member at professional liability defense law firm Nicola, Gudbranson and Cooper LLC. “I’ve been doing more legal defenses than accounting defenses recently. Accountants’ clients are more interested in making money than in arguing about the past.”
“History dictates that liability claims come in a period of economic contraction,” said Ron Parisi, CPA, Esq., a former insurance executive and owner of Fremont, Ohio-based Orchard Accounting Inc. “By the time the economy downturns, it is too late to institute the needed risk management processes. The best time to protect your firm and educate your firm personnel — and your clients — is now.”
“Whenever there’s a downturn in the economy, the frequency and severity of claims increase,” agreed Stan Sterna, vice president at Aon Insurance Services and former director of the accountants professional liability claims unit at CNA. Aon is the manager and CNA is the underwriter of the professional liability program of the American Institute of CPAs.
“We’re watching tax reform and Wayfair in terms of their impact on claims,” he said. “The effects don’t come out in the wash right away — they might take a couple of years,” he added. “Cyber liability is evolving, with more and more CPAs falling within regulations. The EU’s [General Data Protection Regulation] can apply to U.S. companies, and states like California are creating their own regs similar to the GDPR.”
“Many underwriters and risk managers are monitoring the current changes in the legal environment impacting data protection,” agreed Rickard Jorgensen, president and chief underwriting officer of CPAGold, citing GDPR as a major issue. “And on Jan. 1, 2020, the nation’s most far-reaching data privacy law, the California Consumer Privacy Act, will take effect,” he said. “This will apply to a broad range of data, and few cyber insurers or professional liability policies have included affirmative coverage. This law is predicted to be a big game-changer. ... This California law will also establish a precedent for other states and additional local state statutes and regulations will follow. There may even be a federal standard established.”
Not ready for the risk?
“From a risk management perspective, information security is one of the issues that I’m constantly speaking about with accounting firms,” noted Stephen Vono, senior vice president of McGowan Pro. “Three cloud providers had issues with malware, and all three house accounting firm client data. We have had to put notices out to our clients that they might have a potential professional liability claim. We’re currently in a ‘wait and see’ mode as to how insurance companies will respond.”
“There are still a lot of smaller firms that are not particularly sophisticated about the potential risk,” Vono said. “We did a recent webinar for 75 midsized firms ... [and] 50 percent said they had no cyber liability policy.”
Failure to detect fraud is still a leading issue, he indicated. “Here, accountants need to mitigate their exposure through communication with their business clients, and help them understand the pool they swim in by educating them about fraud; they want to be constantly in front of the issue so that if fraud is discovered, the clients can’t point their finger at the accountant and say, ‘Why didn’t you find it out?’” he said.
“The accounting firm is helped by the fact that they were always ahead of the issue by talking to the client about the possibility of fraud,” he said. “The accounting firm can offer a ‘surprise’ bank reconciliation audit. It keeps everyone on their toes if they know that the accounting firm might come in and do that. Also, the accounting firm can sit down with the client and go through internal controls. Both of these are services that the accountant can charge for, so it’s a win-win.”
Vono cited the provision of services by accounting firms to the cannabis industry as a huge potential risk. ”The dance is between the fact that states have legalized cannabis and the federal government has not,” he said. “Accounting firms need to ask if they will go all-in to learn what’s at stake, and not just dabble. They could potentially be accused of collusion in money laundering, for example, if a vendor is paid by check that crosses state lines. There are a lot of laws and regulations that need to be understood and dealt with.”
“And many professional liability policies exclude what could be construed as criminal activity,” he said. “To my knowledge there are no policies that offer affirmative coverage for cannabis industry services.”
Jorgensen agreed. ”We have seen no claims arising from services to this industry, but there is no predicting what will happen in Washington, so this may change. And most insurers’ policies contain a criminal acts exclusion which will be cited in the event of a claim. No standard market insurer provides affirmative coverage regardless of representations from agents. Silence in an insurer’s policy does not necessarily mean coverage. Accountants should talk to the underwriter.”
Trends in risks
There has been an increase in the number of trustee-related claims, according to Suzanne Holl, CPA, senior vice president of loss prevention services for Camico.
“We’ve identified some common scenarios that pose significant liability exposure if not managed properly,” she said. “Most of these claims involve dysfunctional family relationships, so we advise CPAs who are considering whether to accept a trustee role to take long, hard and objective looks at the relationships among the interested parties, especially in family situations, before deciding whether the relationship risks can be managed and minimized,” she said. “Given the frequency of such scenarios, we strongly encourage CPAs to identify and evaluate potential family risk attributes.”
It is vital to make a clear distinction between the trustee services provided by the firm member and any non-trustee services, such as accounting or tax, she emphasized. “The best practice is to use engagement letters to define the scope, limits and responsibilities for non-trustee services,” she said.
Holt also noted an increase in calls from policyholders reporting social engineering cyber breaches.
“Some social engineering scams are incredibly simple and effective,” she said. “They can happen to any CPA firm, such as the CEO scams that began occurring a couple of years ago. A crook pretends to be an employee with what appears to be a relatively straightforward request. Once funds have been wired to an unknown bank account, they are almost impossible to recover.”
“Avoid getting lulled into a sense of comfort with email and other communications — be suspicious,” Holl advised. “If asked to do anything out of the ordinary, or routine, be skeptical!”