Claims Archives - CAMICO

Claims Chronicles 127-B

Amber — Thu, 18 Dec 2025 17:15:59 +0000

The post Claims Chronicles 127-B appeared first on CAMICO.

Claim Chronicles 126-A

Amber — Thu, 26 Jun 2025 21:01:17 +0000

First-party damages: refers to losses directly suffered by the policyholder (or insured) firm in response to a firm’s data breach or other covered cyber event.

Topic: First-Party Cyber Attack

CAMICO policyholder Mary Davis had just signed on to her computer one morning when she received an email from a “potential client” named “Tim,” who was requesting her services. In the email, “Tim” stated that he would pay Mary $7,500 upfront and an additional $300 for processing fees. “The client” asked Mary to invoice him via QuickBooks and so she did. QuickBooks fronted the $7,800 prior to any verification that there were funds in “Tim’s” account to cover the invoice. Four days later, “Tim” sent another email stating that he included an additional $11,000 because he wanted Mary to purchase computers for his daughters and ship them to him. The next day, Mary noticed a credit to her account for $20,000. Later that evening, she received another email from “Tim” saying that he had changed his mind about the computers and asked her to issue him a refund for $11,000 and so she did. “Tim,” (the fraudster) then cancelled the original transaction, causing Mary to lose $11,000 plus the $7,500 that QuickBooks fronted. This is because it turned out that there wasn’t any money in “Tim’s” account to cover the thousands of dollars. Mary contacted the police and her bank to notify them of the fraud and on the same day, she received a notification from Intuit (QuickBooks) that the initial transaction for $20,000 had been charged back. The police came to Mary’s residence and took a report but the damage was done. Mary was now a victim of fraud through her own business and the funds were not recovered.

Select the answer that is the correct response:

1. What kind of cyber attack occurred in this claim?
a. Ransomware
b. Phishing
c. Password attack

2. Was this first-party claim covered by the policyholder’s coverage with CAMICO?
a. Yes
b. No

3. Does CAMICO’s claims department see more first-party or third-party claims?
a. First-party claims
b. Third-party claims

Correct Answers:

1. b. Phishing is a variation of spoofing, which occurs when an attacker attempts to obtain personal or financial information from the victim using fraudulent means, most often by impersonating as another user or organization.

2. b. No. It was not covered because it was financial loss by the policyholder, which is not included in the CyberCPA endorsement, the Accountants Professional Liability policy, a Business Owner’s Policy (BOP) or theft policy. For a higher level of coverage, such as a stand-alone cyber policy, contact CAMICO for more information at 1.800.652.1772.

3. a and b. Both, and this is why: For every first-party claim that is reported, there is the risk of a third-party claim developing due to stolen information. CAMICO’s claims department investigates every claim with both first-party and third-party damages in mind. Third-party damages, if discovered, are handled under the Accountants Professional Liability (APL) policy. Therefore, if a first-party claim is reported, a third-party potential claim is also opened to lock in coverage should third-party damages occur. But in most cases, a third-party claim doesn’t arise because most policyholders become aware of their system being attacked prior to damages being able to occur. Many policyholders have their own IT team who can shut down the system and start a forensic investigation on what was taken and to notify people as soon as possible.

The “Claim Chronicles” are drawn from CAMICO claims files and illustrate some of the dangers and pitfalls in the accounting profession. All names were changed.

The post Claim Chronicles 126-A appeared first on CAMICO.

Claim Chronicles 126-B

Amber — Thu, 26 Jun 2025 20:53:03 +0000

Third-party damages: refers to damages alleged by clients or other third parties that the negligence of the CPA firm contributed in whole or in part to the third party’s cyber-related loss.

Topic: Third-Party Cyber Attack

CAMICO policyholders Michael Jones and Tom Smith of Jones & Smith Accounting Services were out of the office during the week of May 19-23. On May 20, their office received a call from a fraudster who claimed to work for Wells Fargo. Leslie Johnson, a current employee of the accounting firm, was the individual who answered the call and shared the requested information with the attacker. A day later, the scammer initiated multiple fraudulent transactions. While Jones was traveling back to the office on May 26, he received a call from Matthew Patterson, a client relationship manager with Wells Fargo. Patterson advised that a transaction for $224,528 was requested, along with a $175,000 ACH (Automated Clearing House) electronic payment. Jones explained that they were fraudulent transactions, and both were stopped and deleted. Alarmed by the fraud, Jones called the fraud department later that evening to discuss his concerns. He learned that three transactions for $153,000, $193,000, and $175,000 were moved into a fraudulent account and were deleted and reversed on May 23. Four days later, a lump sum for $525,000 was transferred out of the client’s account into a different fraudulent account, however, the funds were not reversed. Wells Fargo was able to stop three transactions, but not the largest one of $525,000. Fortunately for Jones, some of the money was recovered through Wells Fargo’s cyber carrier (after a forensic investigation was conducted).

Select the answer that is the correct response:

1. What was the accounting firm’s breach/ key mistake?
a. Not implementing multiple security tools to detect and block cyber threats
b. Not installing robust security software and maintaining it with the latest security updates
c. Human error; lack of proper training and strict adherence to firm-wide protocols

2. Was this third-party claim covered by the policyholder’s coverage with CAMICO?
a. Yes
b. No

3. Are most third-party claims covered under a policy with CAMICO?
a. Yes
b. No

Correct Answers:

1. c. Leslie Johnson, an employee at the accounting firm, gave the attacker sensitive information without proper verification and company protocol. Firms can and should consider their people as the first line of defense against cyber threats. Human error remains a significant threat to cybersecurity, with a wide range of activities such as weak password practices, falling for phishing attacks, and the mishandling of sensitive information contributing to security breaches. Refer to The Cyber Saga Continues… Protect Your Firm from First-Party and Third-Party Cyber Exposures article in this IMPACT for risk management tips on this topic.

2. a. Yes. It was fully covered under the policyholder’s Accountants Professional Liability (APL) policy because they engaged to do a professional service and their office gave the attacker information that resulted in the fraudulent transactions, so the insuring agreement was met. CAMICO’s APL insurance is designed to cover losses by third parties that CAMICO’s policyholder is responsible for due to negligence. This claim is an example of a vishing cyber attack, or voice phishing, where fraudulent phone calls are made to trick individuals into revealing personal information or money. These scams often involve attackers impersonating trusted entities like banks, government agencies, or tech support to gain the victim’s trust and exploit them.

3. a. Yes. As long as a claim fits the insuring agreement and no exclusions apply, most third-party cyber damages that are a result of the professional services that the policyholder engaged to do are covered. How liability is assessed: Was the policyholder liable for allowing the fraudulent activity to occur? What duties did the policyholder owe? What duties did the policyholder breach? What damages were sustained and are those damages a result of the breached duties?

The “Claim Chronicles” are drawn from CAMICO claims files and illustrate some of the dangers and pitfalls in the accounting profession. All names were changed.

The post Claim Chronicles 126-B appeared first on CAMICO.

Top 10 Loss Prevention and Claims Trends

Amber — Wed, 09 Oct 2024 19:59:50 +0000

CAMICO’s Loss Prevention and Claims departments work with CPA policyholder firms every day on difficult risk management issues. The following Q&A covers 10 questions and trends that our specialists hear about most frequently from our policyholders.

Top Loss Prevention Trends

Q: What are some of the risks and general guidelines for our firm if we choose to use generative artificial intelligence (“AI”)?

A: Let’s face it: Generative AI is no longer just a buzzword. Before ChatGPT, CAMICO didn’t receive many inquiries about AI. However, after the release of ChatGPT, inquiries have steadily increased, and with good reason. The technological advancement generative AI promises to provide in the near term is significant. It has the potential to reshape how you provide professional services, communicate with clients, and even how you manage your firm. Most of the changes should improve efficiency and other important metrics; however, AI adoption comes with significant risks. CAMICO recommends addressing the risks sooner rather than later with a clear and concise firm policy and communicating the policy to all your employees.

A crucial thing to know about generative AI is that it is not infallible. Whether you’re thinking about using it for automating calculations, crafting emails, or explaining the tax code, be on alert for its inaccuracies. Often, AI-generated information is outdated, misleading, or even fabricated (technically called “hallucinations” in AI-speak). Therefore, all AI-generated outputs must be reviewed to ensure accuracy and reliability. A proper review will also help mitigate the risk of inappropriate, discriminatory, or otherwise harmful content leaving your firm.

Another source of risk is inadvertently compromising the confidentiality of data. Before using a generative AI provider, we recommend performing due diligence on the AI provider to ensure their system complies with professional standards and regulations. When doing your due diligence, we also recommend researching the AI provider’s reputation to see if they have a history of inappropriately training their AI models on unauthorized data.

Along the lines of maintaining confidentiality is ensuring data privacy and mitigating security risks. Firms should prioritize data encryption, implement access controls, and adhere to data protection regulations. Please remember that it may be necessary to consult with qualified legal counsel and update, if needed, the firm’s Privacy Policy to ensure transparency about the categories of sensitive information collected, the sources of that information, the purposes for the collection, and how the firm stores and shares such information.

As you explore the opportunities afforded by generative AI, CAMICO recommends considering the risks and countervailing safeguards. Successful integration of generative AI requires a well-crafted implementation plan which should include, among other things, appropriate education and training to ensure responsible use. CAMICO believes a clear and concise generative AI policy to document your firm’s authorized usage is paramount in achieving your goals using AI. Please see CAMICO’s generative AI policy template available on CAMICO’s Members-Only Site, which you can modify to fit your firm’s requirements. As always, we recommend working with your firm’s legal counsel and IT specialists, as appropriate, as you develop and implement your generative AI strategy and related usage policy.

— Jason “Zev” Jankovic, Loss Prevention Specialist II

Q: My client has asked our firm to initiate wire transfers. What risks are associated with agreeing to initiate wire transfers and what protocols should our firm consider?

A: CPA firms continue to be at high risk of social engineering attempts due to the type of information firms gather and store. If the firm and/or a client’s email is hacked, a wire transfer request could come from a fraudster/hacker. As fraudulent wire transfers frequently cause large dollar losses, firms need to be hyper-vigilant in their efforts to protect the firm and clients against wire transfer fraud.

If the fraudster controls the client’s and the firm’s email, commonly referred to as a “man in the middle” attack, the fraudulent request may mimic previous legitimate requests, which can make it very difficult for a firm to identify the request as illegitimate. When the fraud is discovered after the transfer, the funds are usually not recoverable. Domestic banks are often not helpful in preventing fraudulent transfers, as laws tend to limit their risk exposure and enable them to deny responsibility.

Given the increasingly sophisticated phishing and spoofing scams, CAMICO strongly encourages firms to have written protocols in place with clients who need such services that outline the protocols to be followed when executing wire transfer requests. Certainly, best practice would be to verbally verify the authenticity of all wire transfer requests that are received by the firm via email correspondence, but for those clients who may wish to limit the requirement for your firm to verbally verify each wire transfer, the client should specify in writing those limits (e.g., by dollar threshold, business purpose, etc.) as well as acknowledge their responsibility for the added risks associated with this limited verbal verification process. We recommend including as part of the verification process specific questions to which only your client would know the answer.

CAMICO has developed an Addendum for illustrative purposes that can be used in conjunction with an engagement letter to highlight best practices for such a communication. You can access CAMICO’s “Addendum to Engagement Letter – Protocols for Executing Wire Transfers” on the CAMICO Members-Only Site under the Cyber/Data Security Resource Center.

– June Thornton, Senior Loss Prevention Specialist/Team Lead

Q: My firm has a Written Information Security Plan (“WISP”), but it hasn’t been updated since early 2023. How often should we be reviewing/updating our WISP? And have there been any significant changes to the regulatory guidance related to physical, technical, and/or administrative safeguards a CPA firm is required to have in place to protect its confidential client data from potential breaches and cyberattacks?

A: CAMICO strongly encourages firms to keep their Written Information Security Plan (“WISP”) relevant and updated to showcase the firm’s ongoing efforts to ensure compliance with the spirit and intent of Gramm-Leach-Bliley Act’s (“GLBA”) Safeguards Rule. To that end, CPA firms should periodically review the effectiveness of their security program as detailed in their WISP and reassess the risk factors as well as any material changes to the firm’s operations and make changes to the plan as necessary. Firms need to consider the appropriate frequency of this review based on the firm’s size, complexity, identified risk factors, and any updated guidance promulgated by the Internal Revenue Service (“IRS”) or other regulatory bodies. Refer to CAMICO’s article Compliance with the Federal Trade Commission “Safeguards Rule,” published in CAMICO’s July 2023 IMPACT 123 newsletter.

Now would be a good time to consider reviewing and updating the firm’s WISP given the IRS’s August 13, 2024 announcement regarding the availability of an updated WISP template to help tax professionals, especially smaller practices, protect against continuing threats from identity thieves and data risks. (IR-2024-208). The updated WISP, contained in IRS Publication 5708, Creating a Written Information Security Plan for Your Tax & Accounting Practice, is available at: www.irs.gov/pub/irs-pdf/p5708.pdf.

The IRS’s guidance includes best practices for implementing multi-factor authentication for any individual accessing any information system (refer to: Multi-factor authentication: Key protection to tax professionals’ security arsenal now required | Internal Revenue Service (irs.gov), as well as a new requirement to report a security event affecting 500 or more people to the Federal Trade Commission (FTC) as soon as possible, but no later than 30 days from the date of discovery.

Remember that maintaining an information security program is not a one-size-fits-all approach as every firm will need to ensure that they have the required safeguards in place for their size, complexity, and the nature and scope of the services they render. As such, a CPA firm’s efforts to comply with the Safeguards Rule is organization-specific and CAMICO recommends that each firm work with their IT/cyber specialists and legal counsel to modify and tailor their WISP to ensure the firm’s compliance with the GLBA’s Safeguards Rule and other applicable laws.

For more risk management guidance and information on cyber and data security issues, which includes CAMICO’s illustrative Written Information Security Plan template, access CAMICO’s Cyber/Data Security Resource Center on our Members-Only Site.

– Anthony Cooper, J.D., MBT, Tax Analyst, Loss Prevention

Q: We are having difficulty managing one of our top performers who is frequently short and rude to his coworkers to the point where now they no longer want to work with him. If he is not violating any firm policies such as Anti-Harassment or Anti-Bullying, do we have to counsel him? He is such an asset to the firm, and we are concerned about losing him.

A: Behavior does not have to rise to the level of violating firm policy to negatively impact the firm by creating a toxic work environment. An employee who is chronically rude, brash, and short can singlehandedly disrupt the work environment. Toxicity in the workplace will spread and lead to low morale, decreased productivity, increased disruption and employee stress.

Toxicity can flourish when those firm rainmakers with poor interpersonal skills demonstrate entitlement and belittle others without consequence; or when those in the office who demonstrate microaggression, or what we call death by a thousand small cuts, are ignored. There are also those employees who enjoy gossiping and spreading rumors which creates its own toxicity.

Oftentimes the firm will turn a blind eye to the behavior because it might not necessarily rise to the level of violating firm policy, but first and foremost, firms should follow their own policy language and ensure that the firm’s values and mission statement are also being reflected in the workplace. Core values should drive organizational behavior and when core values and organizational behavior are misaligned, employees lose their trust in management.

Firm management can support employees by responding timely to any display of toxic work behavior; broaden policy language to focus on the bigger picture, and not narrowly define harassment and bullying; and most importantly, walk the talk themselves. Studies have shown that employees who feel surrounded by psychological safety in the workplace will be more productive and engaged, and the firm will recognize a lower turnover rate due to a more positive work environment.

As it relates specifically to counseling an employee for unacceptable behaviors that are creating a toxic work environment for others, CAMICO recommends reaching out to your employment practices risk advisor and/or legal counsel to discuss appropriate steps to take to minimize the potential risks of a claim or lawsuit.

For additional information on how to create a more positive workplace, refer to CAMICO’s article Create a Workplace Where Your Employees Will Thrive, published in CAMICO’s IMPACT 124 newsletter issued in February 2024.

-Emily Franchi, Loss Prevention Supervisor, Employment Practices

Q: Our firm is starting to prepare for the new Quality Management Standards, which become effective December 15, 2025, and we were wondering if CAMICO has any risk management tips for us as we begin the process?

A: CAMICO encourages firms to not over-complicate the transition process or try to address every potential risk as they seek to adopt the new Statements on Quality Management Standards (“SQMS”). Instead, focus on the quality risks that are material, relevant, or of higher risk to your firm; the types of industries, businesses, and organizations you serve; and the services you offer. A system of quality management is an evolving, iterative, dynamic process. Don’t let “perfect be the enemy of good.” If unchecked, this aphorism can create crippling inertia in the development of your quality management process.

As the SQMS’s risk-based approach requires custom-fitting to your firm’s conditions and circumstances, you may wish to seek your peer reviewer’s guidance regarding the transition. Your peer reviewer’s familiarity with your quality control system and understanding of the new standards can be instrumental in assisting your firm with designing your system of quality management. Ideally, you can obtain your peer reviewer’s insight and tips specific to your unique needs. However, be cautious not to rely too heavily on your peer reviewer (unless willing to secure the services of another reviewer) as doing so could threaten your peer reviewer’s independence.

As the SQMS are risk-based, requiring firm leadership to proactively manage quality by designing, implementing, and operating a customized system of quality management scalable to fit your firm’s accounting and auditing practice, it is important to give the person(s) agreeing to assume the system of quality management leadership role(s) in your firm sufficient time and resources to implement the standard.

Consider adopting a two-phased approach to brainstorming sessions led by a senior member of your system of quality management development team. During the initial phase, the discussion leader should encourage and reinforce that this phase is exclusively for the generation of ideas, and should not include evaluation or criticism of ideas raised (to avoid squelching voices). Care should be taken to record every suggestion. Only during the second phase should the team evaluate or constructively critique aspects of the initial brainstorming phase. This two-phase approach will encourage team members to offer more and nuanced suggestions which might otherwise not be captured and considered in the development of your system of quality management. Each system of quality management must address the eight components and the SQMS prescribes specific quality objectives for each of the components. While your firm may establish additional quality objectives, be certain that each of the prescribed component-specific quality objectives are addressed.

As with the extant quality control standards, the SQMS requires you to document your system of quality management. As with its predecessor, this documentation may be used by your peer reviewer to assess whether your firm has complied with the standards. If documentation indicates your firm will perform procedures exceeding those required by professional standards, those elevated requirements will be the benchmark used to assess your compliance. Be diligent in documenting your firm’s quality objectives, quality risks, your responses to those risks, and ultimately your system of quality management to identify those responsible and accountable for your system.

And lastly, CAMICO strongly encourages firms to take advantage of resources developed and shared by the AICPA. Explore the following list and pay particular attention to the two practice aids and sample risk assessment Microsoft Excel template. Each is extremely helpful with focusing attention on the development and enhancement of your firm’s system of quality management.

AICPA Resources

Quality Management Resource Center
Quality Management Practice Aids [One for Sole Practitioners, another for Small and Medium-Sized Firms, and an illustrative risk assessment MS Excel Template]
Crosswalk from SQCS to SQMS
QM Standards Checklist
Journal of Accountancy Content
- Podcast: Tips for firms implementing quality management standards – June 7, 2022
- Quality management standards: How to perform a root cause analysis – August 31, 2023
- Quiz: Test your knowledge of the new quality management standards – September 22, 2022
- QM standards: Overview of the monitoring and remediation process – September 28, 2023
- How to implement the risk-based quality management standards – October 1, 2023
- QM is approaching faster than you think — get ready – November 1, 2023
- QM standards: How to perform a root cause analysis – December 1, 2023

– Duncan B. Will, CPA/ABV/CFF, CFE, Loss Prevention Director/ Accounting & Auditing Specialist

Top Claims Trends

Q: With most tax returns being e-filed, has CAMICO seen any trends in e-filings that don’t go through? If so, what advice do you have for policyholders to prevent or mitigate these situations?

A: We have seen a trend of e-returns not going through or being fraudulently e-filed. A few tips we can give policyholders would be to consider having an internal process in place, along with certain checks and balances to ensure that the e-filings go through. As the IRS provides an online tool to check the status of returns, it is helpful if the policyholder advises their clients to follow up on the status of their returns after they have been e-filed, to ensure that they have been accepted and processed. Rather than waiting for months to receive an update on the return, it is helpful if the client checks on the status after a couple of weeks to ensure that there aren’t any errors. Also, following up with clients to ensure that they received their refunds could help mitigate any potential damages early on. Another helpful tip is to review the returns one final time before submitting, to ensure that all the information on the return is correct, including the social security number and the firm’s Taxpayer Identification Number (TIN).

– Ines Adams, Claims Specialist

Q: Do CPAs often get brought into family disputes related to inheritance?

A: When dealing with family disputes, especially when it comes to money, emotions will run high, and these matters can become very contentious with CPAs getting pulled in and stuck in the middle. While these situations may be unavoidable, there are steps that can be taken for policyholders to protect themselves from exposure. Documentation and communication are key. Everything pertaining to the CPA’s work should be memorialized in writing and the CPA should ensure that both they and the client understand the decisions and actions that will be taken. If a CPA advises a client to take a specific course of action, written proof of the advice should be preserved. Engagement letters can also be a vital tool in protecting the CPA’s interests. The letter should spell out precisely the work that will be performed for the client and should be updated as the engagement changes. Finally, if the appearance of a conflict arises, the CPA should consider whether disengagement is the appropriate action. If the CPA decides to disengage, the disengagement should be clear (and in writing), and a copy should be preserved.

– Jill Cavenaile, Claims Executive

Q: What are the liability issues if clients withhold information about large sums of cash that they have?

A: In situations where the accountant has been made aware of clients hoarding large amounts of cash, we advise the accountant that there are several reasons to disengage from this type of client. Historically a reason for this action by the client relates to the 1929 stock market crash where the money was forever lost to the client. However, hoarding thousands of dollars is seen as a way of hiding taxable income from the government. In this situation, there are several issues with going forward with this client. 1) When the client informs the policyholder that they have decided to use this money for an investment or make a high-cost purchase, we cannot expect that they have receipts and can properly account for when and where the money came into their possession; 2) The client’s prior tax returns for as long as they have been hoarding the cash are wrong and need to be amended; 3) It is very likely that there will be a tax investigation and possibly a criminal investigation; 4) the CPA will be subpoenaed and will likely be questioned about how they advised the client after learning of the hoarding; and 5) in the investigation, the authorities will be looking at the accountant to determine if based on the information in their possession they should have known that the client was hoarding large amounts of cash. Something to remember in most situations where there is an accountant providing assistance to a taxpayer, if there is anyway a “bad situation” can be blamed on advice (or lacking advice) provided by the accountant, it will be blamed on the accountant.

– Gerard Mack, Claims Specialist

Q: Has CAMICO seen Employment Practices Liability claims related to accounting professionals being mandated to return to work (post-pandemic)?

A: The biggest issue with return-to-office claims, after COVID-19 restrictions were lifted, involves employees who are permitted to work from home and those who are being called to return to the office. Many professionals (bookkeepers, CPAs and even executive assistants who bill for their time) have been allowed to continue their remote roles as they are able to work within their role remotely. These employees have a desktop phone, laptops, and can perform their job duties via email, phone, or video conference. Allegations have emerged from staff who were hired specifically for in-office roles, such as firms’ administrative staff. Their job description typically includes some sort of client facing role, such as a receptionist, or duties that include maintaining the office, checking and ordering office supplies or copying client files. Employees who were allowed to work remotely, either due to COVID-19 or another medical accommodation, have challenged the call to return to the office. When the employee was moved to a temporary remote role, policyholders usually needed to shift the administrative employee’s duties to someone who was present at the office or reduce the administrative employee’s duties. There have been instances in which the remote employee was given the opportunity to learn new skills, such as payroll or bookkeeping, which can be completed remotely. In those instances, where the remote administrative employee was unable to learn new skills or completed those skills at an unsatisfactory level, the policyholder has made the decision to terminate the employee due to the lack of work that the administrative employee can complete away from the office. A termination of this nature has led to allegations of discrimination or wrongful termination.

– Katjana Roelz, Claims Specialist

Q: What does CAMICO recommend when a client passes away and there is a new point of contact for the engagement?

A: We recently had a situation where an accountant prepared tax returns and did bookkeeping for the matriarch of a family for many years. Upon her passing, the client’s daughter became the point of contact. The daughter said she was going to engage a new CPA to prepare taxes and was going to take over the bookkeeping duties herself. The policyholder did not confirm the conversation in writing and did nothing further. A couple years later, the daughter was surprised to find that the tax returns had not been prepared and filed. A claim was brought against the CPA for the penalties that were imposed by the IRS.

An engagement with a client is fundamentally a relationship. As with all relationships, there should be an understanding between the parties as to what they should expect. Many times, people make assumptions about what the other person will do or not do. These assumptions are often different than what the other person expects will happen in the relationship. An engagement letter is the best way to develop an understanding with the client about what they should expect from the accountant and what the accountant expects of them. There may be conversations between the parties about what they expect to happen, but perceptions may differ, and memories will fade. When an accountant uses a well-drafted engagement letter or disengagement letter, both parties know exactly what to expect of the other. If the client were to later make an unwarranted assertion about the relationship, the accountant can refer to the letter to justify his or her action or inaction. This is especially important in the confusion surrounding the death of a client. Engagement letters also enhance the accountant’s professionalism and make it easier for their actions to be defended in any later dispute.

Engagement letter templates can be found in the Engagement Letter Resource Center, located on CAMICO’s Members-Only Site.

-Mark Rooks, Claims Specialist

The post Top 10 Loss Prevention and Claims Trends appeared first on CAMICO.

Why It’s Important to Maintain Prior Acts Coverage

ssAdmin — Thu, 25 Jul 2024 17:29:24 +0000

Do Not Lose Coverage for Your Prior Acts!

Most Accountants Professional Liability insurance policies are “claims made and reported” policies. Two important features of claims made and reported policies include:

The insurance applies only to claims that are first made and reported to the insurance company during the policy period.
The insurance provides coverage for professional services performed from the Retroactive Date (or “Prior Acts Date” or “Initial Effective Date”) to the expiration date of the policy as stated in the Declarations.

The Retroactive Date is the earliest date from which the policy provides coverage for an act, error or omission from which a claim for damages arises. Claims arising from professional services performed prior to the policy’s Retroactive Date are not covered. The Retroactive Date is normally first established at the onset of the firm’s first policy and continues to follow the renewal of that policy for as long as the policy is continuously renewed without any lapses in coverage.

A firm that is changing from one insurance carrier to another must make the change seamlessly to avoid losing the Retroactive Date. If a lapse occurs and that continuity is broken (i.e., the policy not renewed continuously), the initial Retroactive Date is lost, and a new policy will most likely have a new Retroactive Date that is advanced to the inception date of the new policy.

The advancement of the Retroactive Date causes the firm to lose the coverage that it had with an older Retroactive Date, and past professional services that were previously covered would no longer be covered. Firms should always maintain “seamless” coverage, with no lapses in the policy along the way, to ensure coverage for professional services performed back to the original Retroactive Date.

We encourage you to return your application(s) as early as possible to avoid any gaps in coverage. In any event, return your application(s) before your current coverage expires.

Do not assume that insurers will ignore a late-returned application(s) and backdate coverage to allow you to maintain your Prior Acts Coverage, as they are in no obligation to do so. Please contact your underwriter or agent with any questions or requests for additional information.

Disclaimer: This information is provided as a general overview and is not intended to be a complete description of all applicable terms and conditions of coverage. The precise coverage afforded by any insurer is subject to the actual terms and conditions of the policies as issued.

The post Why It’s Important to Maintain Prior Acts Coverage appeared first on CAMICO.

Claim Chronicles 124

Amber — Thu, 01 Feb 2024 21:49:27 +0000

Claim Chronicles 124-A

Topic: Trustee Role, Services

Seth Johnson was married multiple times and had eight children from previous marriages. He married Lindsey Johnson in 2012 and was married to her until his death in 2018. In 1991, Mr. Johnson established the Seth Michael Johnson Living Trust. Upon his death, the Trust was to be distributed and administered for Mrs. Johnson’s benefit: cash in the amount of $2.5 million. The trustee was to pay to or for the benefit of Mrs. Johnson the entire net income of the Trust (at least $20,000 per quarter). She had the right to sell and replace the current property with another of equal or lesser value of her choosing (Mrs. Johnson had a life estate in the Trust property).

After her husband’s death, Mrs. Johnson wanted to move to Connecticut to be near her family. She wanted her son to be responsible for building the replacement property pursuant to the Trust provisions. The original home that she occupied was sold (netting approximately $1.7 million); a lot in Connecticut was purchased with funds from the Trust. In 2020, CPA and trustee James Sutton took the position that the Trust would not pay any costs for the replacement residence that exceeded the sale proceeds from the original property. He stated that Mrs. Johnson did not have the discretion to use any portion of the $2.5 million in Trust assets for the construction of the residence, as Mrs. Johnson only had a life estate in the Trust assets. Consequently, Mr. Sutton refused to pay the property taxes for the Connecticut lot.

In the meantime, Mrs. Johnson requested accountings from Mr. Sutton, which complied with his obligations under the California Probate Code. Nonetheless, he did not provide such accountings, which were compliant with the Code. He also allegedly failed to administer the Trust for the benefit of Mrs. Johnson and failed to distribute income to her as required under the Trust provisions.

Select the answer that is the correct response.

1. What is at stake for Mr. Sutton if Mrs. Johnson’s claims are ruled in her favor?
a. He could be suspended or removed from the trustee role.
b. He could be charged with financial elder abuse.
c. He may have to pay for damages pursuant to the California Probate Code.
d. All the above.

2. Are there restrictions with a life estate?
a. True
b. False

3. What best practices can CPAs instill before agreeing to render trustee work? (Answers below)

Correct Answers:

1. d. All the above. If a CPA underestimates trusteeship risk, what may appear to be a safe and simple role can become a complex situation of competing interests, disruptive lawsuits, and financial losses. The result can cause emotional stress and become a sink hole of wasted time and money, especially if clients and beneficiaries are dysfunctional. CAMICO claims experience shows that one of the most common sources of risk in trusteeships is a lack of understanding by the trustee or co-trustee regarding their fiduciary duties and responsibilities. Trustees must adhere to laws and regulations governing their role as a fiduciary.

2. a. True. A life estate is a legally binding family transaction that entails certain terms and restrictions on the assets. Depending on the contract and state, often a life tenant needs certain approvals to sell or lease the home and is still responsible for making property tax payments and maintaining insurance as if they still own the property outright.

3. To address the common and unique risk threats associated with trustee services, CPAs can apply appropriate safeguards such as:

Prior to accepting a trustee role, examine the underlying trust document thoroughly and have it reviewed by a qualified trust attorney. There may be opportunities to edit the trust agreement to minimize risk if the trust document is not yet finalized or if the settlor of the trust is still alive. In addition, there may be some ambiguity within the trust document that should be clarified in an engagement letter.
Defensive documentation is critical to minimize potential risks, to prove that you have fulfilled your duties of care, and to keep interested parties informed.
CPAs can complete a client screening evaluation form. Such forms help trustee candidates and their firms assess whether the opportunities fall within their risk appetite and are a good fit.

Claim Chronicles 124-B

Topic: Trustee Role, Services

After battling a terminal illness, renowned painter and philanthropist Rob Smith passed away on January 2, 2017. RST held Rob’s assets and the Smith Art Trust (a sub-trust of the RST) was established to own the rights of and collect royalties from the use of Rob’s name, likeness, and artwork. The trustees of the Art Trust were CPA Keith Jones, Rhonda Sanders and Eric Smith (Mr. Smith’s son from his first marriage with wife Emma Williams). When Mr. Smith passed away, he was in the process of divorcing his third wife, Melanie Smith.

In 2018, litigation emerged over the terms of the RST and the case was settled in 2019, with Ms. Smith receiving a share of the proceeds. Mr. Jones resigned as a trustee in 2020, and the other trustees signed off on his resignation. He confirmed via email (with Ms. Sanders) that the beneficiaries had been notified; she verified that they were informed. Unfortunately, there was no record of Mr. Jones informing the beneficiaries. So in 2021, Ms. Smith filed suit in Probate Court to compel accountings and instruct the trustees to deliver Trust property to her, and to surcharge the trustees. The Petition did not include any allegations specific to Mr. Jones – generally, they were against the co-trustees as a group. The Court ordered the other trustees to prepare the accountings and in 2022, Ms. Smith filed a brief seeking to keep Mr. Jones in the case. She alleged that he was jointly and severally liable for breaches of trust revealed by co-trustee Mr. (Eric) Smith’s accounting. She claimed that Mr. Jones was aware that the other trustees were misappropriating trust assets and that he failed to take any action either because of greed or gross negligence. She also alleged that Mr. Jones’s resignation in 2020 was ineffective, as he failed to notify the beneficiaries required by the trust. There was a hearing held that dealt with who would be the beneficiary of Mr. Smith’s life insurance policy – which listed his wife – however, the couple was in the process of finalizing their divorce. Despite Ms. Smith’s stance to be named the sole beneficiary of Mr. Smith’s policy, the judge ruled against her and limited her claim to one-quarter of the policy and that the remaining amount go to his estate. Mr. Jones’s records indicated that the proceeds from the sales of artwork were correctly allocated to each trust, contrary to the plaintiff’s (Ms. Smith) allegations. His argument was that she was not a beneficiary (so no notice was owed to her) and that he notified all adult beneficiaries of his resignation.

Select the answer that is the correct response.

1. What are the biggest risks / mistakes that CPAs can encounter in a trustee role?
a. Not having a thorough understanding of the trust agreement and abiding by it.
b. Failing to disseminate required accounting.
c. Actual or perceived trustee conflicts of interest.
d. All the above

2. Most CAMICO trustee claims involve dysfunctional family relationships.
a. True.
b. False.

3. Was it Mr. Jones’s responsibility to notify beneficiaries of his resignation as trustee?
a. Yes.
b. No.

Correct Answers:

1. d. All the above. CAMICO claims experience shows that one of the most common sources of risk in trusteeships is a lack of understanding of, or appreciation for, the duties and responsibilities of a trustee. CPAs should be sure to become educated, informed, and competent in the skills needed to render trustee services before attempting to provide them. Fee and billing issues are also a source of risk as well.

2. a. True. In trustee work, it is easy to think you are merely an innocent bystander dragged into a family dispute. Prospective trustees should take long, hard and objective looks at the relationships among the interested parties, especially in family situations, and decide whether the relationship risks can be managed and minimized. Given the frequency of such scenarios, CAMICO strongly encourages CPAs to identify and evaluate potential family risk attributes such as, “What is the potential for dispute among beneficiaries and the settlor? Have there been multiple marriages, with offspring from each? Have there been recent changes to the planned distributions or status of beneficiaries? Or, is there a beneficiary committee that meets regularly and can help mitigate some of these risks?”

3. a. Yes. Mr. Jones was responsible for giving notice (of his resignation as trustee) to “adult” beneficiaries. However, Mr. Jones’s counterargument was that the couple’s 11-year-old daughter was not an adult, and that Ms. Smith was not a beneficiary. Although the Smiths’ divorce wasn’t finalized before Mr. Smith passed away, he had changed his life insurance beneficiary designation and didn’t list Ms. Smith’s name in his will or trust as a beneficiary.

The “Claim Chronicles” are drawn from CAMICO claims files and illustrate some of the dangers and pitfalls in the accounting profession. All names were changed.

The post Claim Chronicles 124 appeared first on CAMICO.