Increasingly, CPAs are receiving requests from clients, lenders, loan brokers, health insurance providers, adoption agencies, regulators and various other agencies to confirm or verify client information. The requested information may relate to a pending loan, employee medical insurance, child adoption applications or use-tax certification. In most cases, CPAs are asked to provide a confirmation or comfort letter containing specific language or a statement or certification verifying certain information.
While our profession exists to serve its clients in part by certifying and reporting on the accuracy of financial information, we must follow an established set of professional standards when providing written assurance on any information. These standards often make it difficult to provide a necessary service in an efficient and cost effective manner.
The most common type of verification request is associated with mortgage loan applications of self-employed tax return preparation but also include:
• confirmation of a client’s self-employment status;
• Verification of income from self-employment;
• Verification of a self-employed borrower’s business ownership percentage;
• Profitability or sustainability of a self-employed client’s business; and
• The impact on a self-employed client’s business if money is withdrawn to fund the down payment on a real estate purchase.
A common example of these requests is when a self-employed borrower uses business assets from a sole proprietorship, partnership or corporation to fund a down payment and closing costs for a home mortgage. Lenders are required to assess the borrower’s creditworthiness and verify the accuracy of information provided by the borrower. Nevertheless, in the case of a self-employed borrower, the means to obtain available financial information may be limited. By obtaining a comfort letter from a CPA, lenders or brokers seek to confirm the accuracy of the information to assess the risk of non-repayment of the loan. If the self-employed borrower later defaults on the loan, the lender may raise the comfort letter received from the CPA was a substantial factor in its decision to extend credit even though this was not the intent of the letter.
Other verification requests have also emerged in recent years, such as:
• Requests from adoption agencies and foreign countries for a Verification Document confirming the client’s self-employment or the financial stability of the client’s business;
• Requests from health insurance providers for a business Verification Document from a CPA, Certified Management Accountant (CMA), licensed tax consultant or attorney attesting that the listed, eligible employees worked the minimum hours required under state law, and that the business is a bona fide business qualifying as a small employer under state law and health plan underwriting guidelines; and
• Requests from state taxing authorities for a Verification Document from a CPA, enrolled agent or attorney certifying that the taxpayer and the “authorized representative” have reviewed the books and records of the taxpayer and determined that there is no use tax due or reportable.
Regardless of the nature of such requests, there is one basic principle that must be followed — CPAs providing written assurance must comply with the AICPA Statements on Standards for Attestation Engagements (SSAE). An engagement performed under these standards requires the CPA to perform and document procedures to support the subject matter being reported. These procedures can be significant and extensive.
An alternative to performing and reporting as an attestation engagement under the SSAE’s would be the CPA issuing a letter that clearly states the services they performed, the responsibility for the information used in the service and the limitations on the service. We have found this type of letter is often, but not always, satisfactory for the third party.
Furthermore, a CPA must obtain the client’s signed written consent prior to providing any information to a third party. Protecting the confidentiality of client information is required under professional ethics standards, the Gramm-Leach-Bliley Act, the Internal Revenue Code, state board of accountancy regulations, and federal and state privacy statutes and regulations.
As we continually progress in a regulatory and litigious business climate it is unfortunately necessary and often required to formalize more of our communications with you and others you work with.