Contemplating Outsourcing ?
income tax return information . IRS FAQs to help tax practitioners understand and apply IRC 7216 and the regulations thereunder can found at irs . gov / tax-professionals / section- 7216-frequently-asked-questions .
Keep in mind IRC 7216 is a federal criminal provision . As such , if a firm is investigated by the IRS for failing to follow applicable IRC 7216 disclosure and consent requirements , it will likely be considered a criminal matter . Therefore , it is important that a firm understands and addresses IRC 7216 implications when modifying the firm ’ s policies and procedures for outsourcing tax services .
Federal Trade Commission ( FTC )/ Gramm Leach Bliley Act ( GLBA ): FTC rules require providers of financial services or financial institutions ( e . g ., CPAs ) to oversee third-party provider use of information and ensure compliance with the GLBA . Under these rules , CPAs must :
• Take reasonable steps to select and retain providers that can maintain appropriate safeguards for client information ; and
• Have contractual agreements with providers mandating they implement and maintain appropriate safeguards . State Boards of Accountancy : CPAs should consult with their respective state boards of accountancy to determine applicable client disclosure requirements as there may be states ( California , for example ) that prohibit outsourcing without the client ’ s written permission and require written disclosure and client permission when the outsourcing is outside of the U . S .
Other : Firms may have executed nondisclosure / confidentiality agreements in place with existing clients that may need to be reviewed to ensure the firm does not breach any contractual terms of those agreements . Based on the specific industries and / or services the firm specializes in , there may be other regulatory bodies ( e . g ., SEC , DOL , etc .) that may have disclosure and consent guidance that should be reviewed for compliance .
Risk Management Tips
• Stay current on the rules and risks associated with outsourcing .
• Before signing an agreement / contract with a third-party service provider , ensure your firm has considered and provided for potential liability risks . Specific attention should be given to the details to ensure outsourcing relationships do not jeopardize the firm ’ s ability to meet and satisfy standards of care . Be sure your agreements do not violate any of your applicable insurance policies .
• Engage experts ( legal counsel , IT professionals , etc .) as needed to assist you with your due diligence efforts .
• Follow best practices regarding client disclosure and client consent requirements . CAMICO has long recommended CPAs disclose to clients the use of third-party service providers to clarify the nature of contemplated services ; correct any false expectations clients may have about their confidential information remaining inside of their CPAs ’ offices ; and help forestall negative client reactions if there should be an issue with the outsourced services . CAMICO also recommends CPAs always include a disclosure regarding third-party service providers in their engagement letters , which protects against and helps reduce potential liability exposure should damages arise relating to a CPA ’ s use of a third-party provider . CAMICO policyholders with questions regarding this or other risk management questions may contact the Loss Prevention department at lp @ camico . com or call the advice hotline at ( 800 ) 652-1772 .
Suzanne M . Holl , CPA , is senior vice president of loss prevention services with CAMICO . You can reach her at camico . com .