CPAs that are not familiar with third party verification requests should count themselves lucky. While they are far from the most complex issue facing the profession, they can be an unexpected annoyance and involve an unnecessary drain on valuable time
Sometimes referred to informally as “comfort letters,” a typical verification request relates to a client’s pending loan or refinance, but may also involve employee medical insurance, child adoption applications or use-tax certification. In most cases, CPAs are asked to provide written confirmation containing language specified by the requester. It is flattering to realize that not only clients, but their business vendors, hold CPAs in such high regard that the third party would make important decisions based upon a letter signed by a CPA without engaging a CPA to deliver any related services to them. However flattering such requests may be, CPAs should exercise caution upon receiving third party verification requests to ensure an appropriate response.
Requests from Lenders
The most common request involves mortgage loan applications of self-employed tax return preparation clients. Examples of information requested by lenders and loan brokers include:
- Confirmation of a client’s self-employment status;
- Verification of income from self-employment;
- Verification of a self-employed borrower’s business ownership percentage;
- Profitability or sustainability of a self-employed client’s business; and
- Possible impact on a self-employed client’s business if money is withdrawn to fund the down payment on a real estate purchase.
A self-employed borrower often uses a distribution of business assets from a sole proprietorship, partnership, or corporation to fund a down payment and closing costs for a home mortgage. Lenders or brokers are required to assess the borrower’s creditworthiness and verify the accuracy of information provided by the borrower. This may not be easy in the case of a self-employed borrower. By obtaining a verifying letter from a CPA, lenders or brokers may attempt to shortcut their credit due diligence responsibilities and shift the burden to the CPA.
A client may see a third party verification letter as a request for a simple favor from their CPA. However, the CPA must take into account numerous factors, including professional liability risk, to ensure an appropriate response, if one is to be given. How will CPAs encounter professional liability risk related to a verification letter?
Consider again the client that is self-employed, using business assets to fund a down payment. The CPA’s letter will be retained in the loan file and will be noticed if the loan later defaults. The lender may then take the position that the representations made in the letter were a substantial factor in its decision to extend credit.
As a result, the lender may attempt to recover its loss by suing the CPA, alleging that it detrimentally relied on the negligent misrepresentation(s) made in the letter. The letter also may be used to establish the lender’s legal standing to sue the CPA where such standing may not otherwise exist.
Other risks when responding to third party verification requests include:
- Violation of professional standards – If the request asks the CPA to verify, opine, review, compile or any other term that could be misconstrued as a service subject to professional standards, there is a potential that the letter will not comply with professional standards. CPAs should be particularly wary of requests to comment on a client’s solvency, as this is specifically prohibited in the professional standards. Violations could be subject to discipline from the appropriate state board of accountancy. Additionally, the CPA will be in a precarious position to defend any professional liability claim later brought by the client or a third party.
- Private information – The CPA profession has a long tradition of maintaining the confidentiality of client information. This tradition is supported through the requirements of various legal, professional and ethical standards, including Internal Revenue Code (IRC) § 7216. Sending confidential client information in response to a verification request without appropriate client consent could lead to significant professional and legal problems for the CPA. See Appendix B for additional guidance relating to transmittal letter language.
- State and Federal laws – Commenting on certain information may be subject to legal interpretation and, therefore, would be a matter better suited for an attorney. For example, solvency is a legal term under the Federal Bankruptcy Code and various state statutes.
Options for Responding
The best response, from a risk control perspective, is no response. Avoid confirming any client information to a third party. If your client persists even after being told why a response from you is not permitted, determine if refusing to provide any information may alienate the client. While CPAs may not always be able to respond exactly as requested, there are strategies that can be implemented to either satisfy or eliminate the need for a response. Consider the following options:
- Ask the client to provide a copy of the CPA’s end deliverable to the requesting third party. If a client asks the CPA to send information directly to a third party, the CPA must obtain the client’s signed written consent prior to doing so. If the request is for tax return information, the consent must be in compliance with IRC § 7216. See the AICPA’s IRC § 7216 Guidance and Resource page for sample consent forms.
- Send a letter to the third party confirming only that the firm prepared the applicable income tax return(s) for the client to meet the client’s tax-filing obligations. The letter should also include a reminder to the third party of their responsibility to perform their own assessment of the information for their purposes, usually assessing the credit worthiness of a borrower. If the individual income tax returns were filed electronically on the client’s behalf, the letter also could state that the client provided the CPA with a signed copy of IRS Form 8879, which includes a declaration that the taxpayer examined a copy of his or her electronic individual income tax return and accompanying schedules and statements for that tax year and declared that it is true, correct and complete to the best of his or her knowledge. See the example provided in Appendix A.
- Preemptively address the issue by including an engagement letter provision indicating the CPA firm does not respond to third-party verification requests, such as the following:
“We do not communicate with third parties or provide them with copies of tax returns. We will not respond to any request from banks, mortgage brokers or others for verification of any information reported on these tax returns. ”
- Consider discussing the issue in depth with the client. After an explanation of the limitations of existing services and professional responsibilities, many clients will understand the CPA’s inability to comply with a verification request. See the AICPA’s Third-party Verification Toolkit for CPAs to obtain resources and talking points on the issue.
- The most serious roadblocks of verification request relate to non-compliance with the appropriate professional standards. Certain requests could be completed, if performed as an engagement under the Statements on Standards for Attestation Engagements. A CPA could offer this as an option to a client. Unfortunately, clients and third parties are typically not accepting of the fees, timframe and other requirements of resolving the issue through a new engagement. Many CPAs are also unwilling to perform such an engagement, as it could cause their practice to be subject to peer review.
Even after offering one of these practical solutions, clients may continue to implore you to provide the specific representation that a lender, broker or other third party is seeking. The third party may assert that the client will not be approved for a loan or may otherwise fail to meet their requirements if the CPA does not provide the requested information. When this occurs, the CPA may wish to remind the client about the limited nature of the scope of services provided, and why the request is inconsistent with such services. In many cases, the requesting third party has other options available to fulfill their needs, but sees the CPA as a path of least resistance.
Recently, other types of verification requests have emerged. Examples include:
- Adoption agencies and foreign countries have requested CPAs confirm the client’s self-employment, citizenship status and the financial stability of the client’s business;
- Health insurance providers for a business have requested a CPA, Certified Management Accountant (CMA), licensed tax consultant or attorney attest that the listed, eligible employees worked minimum hour requirements under state law, and that the business is a bona fide business qualifying as a small employer under state law and health plan underwriting guidelines; and
- State taxing authorities have requested a CPA, enrolled agent or attorney certify that the taxpayer and the “authorized representative” have reviewed the books and records of the taxpayer and determined that there is no use tax due or reportable.
Although none of the requesting third parties above is a bank, the underlying issues are the same as those discussed throughout this article. Thus, CPAs should use the methods of response discussed above as a guide when responding to any requests to verify information not identified in the original engagement scope, regardless of the client’s reason for the request.
Third parties are responsible for performing their own due diligence rather than relying on a representation or verification of information by a CPA. This is especially true when the requested representations are outside the scope of the CPA’s engagement and the requested verification relates to information that comes from the client, for which the CPA has no first-hand knowledge. Additionally, while clients desire the flexibility to obtain credit in the marketplace, the responsibility for underwriting a loan and determining the creditworthiness of the borrower lies with the lender — not the client’s CPA.
Appendix A – Sample Response Letter to Lender or Broker
City, State ZIP
I am writing to you at the request of [Client Name].
The purpose of this letter is to confirm that I prepared the 20XX federal individual income tax return of [Client Name] and delivered this return to them for review and approval before filing it electronically with the Internal Revenue Service (IRS) and [state tax authority].
[Client Name] provided the firm with a signed and dated copy of IRS Form 8879, which includes a declaration that they examined a copy of their electronic individual income tax return and accompanying schedules and statements for that tax year and declared that it is true, correct and complete to the best of their knowledge.
This return was prepared from information furnished to me by [Client Name]. This information was neither audited nor verified by me, and I make no representation nor provide any assurance regarding the accuracy and completeness of this information, or the sufficiency of this tax return, as it relates to your decision to extend credit to, or make any other determination regarding, [Client Name] or any other persons or entities.
I prepared [Client Name] tax return in accordance with applicable tax law and regulations, and guidance by IRS and [state tax authority], solely for filing with the tax authorities. As a result, the tax return does not represent any assessment on my part as to their creditworthiness, and does not include any statement of their financial position or income and expense for the year 20XX in accordance with generally accepted accounting principles, and should not be construed to do so.
As you know, a credit decision, or any other determination for which this information might be used, should be based upon the exercise of due diligence in obtaining and considering multiple factors and information. Any use by you of [Client Name] 20XX federal individual income tax return and this letter is solely a matter of your responsibility and judgment. This letter is not intended to establish a client relationship with you, nor is it intended to establish any obligation on my part to provide any future information to you regarding [Client Name].
cc: [Client Name] (Client)
Appendix B – Sample Tax Return Transmittal Letter Language
In addition, if a CPA is aware that the purpose of a client’s request for copies of tax returns is to provide them to third parties, the CPA should consider adding the following language in the transmittal letter that accompanies the copies of tax returns:
“We prepared the tax returns solely for filing with the Internal Revenue Service (IRS) and state and local tax authorities. Our work is not intended to benefit or influence any third party, either to obtain credit or for any other purpose.
As a result, you agree to indemnify and hold us harmless from any and all claims with respect to the use of the tax returns for any purpose other than filing with the IRS and state and local tax authorities, regardless of the nature of the claim, including the negligence of any party.”
Continental Casualty Co., one of the CNA insurance companies, is the underwriter of the AICPA Professional Liability Insurance Program. Aon Insurance Services, the National Program Administrator for the AICPA Professional Liability Program, is available at 800-221-3023 or visit cpai.com.
This article provides information, rather than advice or opinion. It is accurate to the best of the authors’ knowledge as of the article date. This article should not be viewed as a substitute for recommendations of a retained professional. Such consultation is recommended in applying this material in any particular factual situations.
Examples are for illustrative purposes only and not intended to establish any standards of care, serve as legal advice, or acknowledge any given factual situation is covered under any CNA insurance policy. The relevant insurance policy provides actual terms, coverages, amounts, conditions, and exclusions for an insured. All products and services may not be available in all states and may be subject to change without notice. “CNA" is a registered trademark of CNA Financial Corporation. Certain CNA Financial Corporation subsidiaries use the "CNA" trademark in connection with insurance underwriting and claims activities. Copyright © 2018 CNA. All rights reserved.
Updated May 2021