CPAs and Comfort Letters: The New Chocolate

By Edward S. Karl, CPA

For years, CPAs have been asked by third parties for verification, confirmation, certification, corroboration, authentication, or substantiation of their clients’ financial information. Negative connotations have often been associated with these requests—liability concerns, client alienation, confidentiality breaches, ethical issues, possible Gramm-Leach-Bliley Act violations, professional standard prohibitions, and Internal Revenue Code penalties.

To me, though, the news is not all bad. The AICPA is doing its part to help members manage these risks, most recently by developing guidance for providing the U.S. Department of Agriculture’s Farm Service Agency (FSA) with certifications associated with persons who receive certain farming program payments.

In part, the AICPA Tax Section’s mission statement indicates “[t]he Tax Section serves the public interest by assisting AICPA members to be the most trusted professional providers of tax services. . . .” From a tax perspective, these requests for “comfort letters” seem to validate the notion that CPAs are “the most trusted providers.” In a fun sense, CPAs are the financial world’s comfort food—the new chocolate!

How great is it that the financial world looks to CPAs for help in various forms:

  • Mortgage companies and other lenders’ requests for clients’ tax and financial information;
  • State administrative agency requests associated with contractors;
  • FedEx’s inquiries into its franchisees’ payroll tax practices; and
  • Credit Suisse Group AG’s U.S. tax return preparer notifications and certifications regarding Form TD F 90-22.1, Report of Foreign Bank and Financial Accounts (FBAR).

Even adoption agencies and health insurance providers have jumped on the bandwagon—the list goes on and is growing.

But the concerns regarding these types of requests are real. Sue Coffey, AICPA senior vice president–Public Practice & Global Alliances, gives a good snapshot of these risks in an AICPA Insights blog post from March 15 titled “The Dangers of Providing Client Comfort Letters.”

From the AICPA’s perspective, though, helping members not only manage risks but also take advantage of opportunities is critical. When the Institute first became aware of the FSA issue last year, I spoke to a CPA in the Midwest who had received a number of the FSA’s certification requests. I conveyed my concerns about certifying tax return data. Certification goes way beyond the AICPA Statements on Standards for Tax Services (SSTSs) requirements for tax return compliance or planning. It also goes beyond the similar standards in Circular 230, Regulations Governing Practice Before the Internal Revenue Service (31 C.F.R. Part 10), which governs practice before the IRS. In addition, I raised the usual, and real, liability concerns. But the CPA responded, “How can I not sign these certifications? My clients would be at risk of losing thousands of dollars, and I would lose my clients! What’s the alternative?”

So the Institute gathered a group of members to work on a viable alternative—not just from members’ perspective but also from the government’s. Indeed, if the solution did not work from the FSA’s standpoint, the AICPA would not be helping members very much. In fact, the FSA was limited by statutory language that used the term “certification.” The working group was able to define “certification” to meet the FSA’s requirements but in a way consistent with the SSTSs and Circular 230. The AICPA encourages persons who receive the FSA letter to provide their last three years of federal income tax returns for compliance purposes. However, in some situations those tax returns provide insufficient information to meet the compliance initiative, so the only remaining option would be to provide the agreed-upon letter from a CPA or attorney.

The working group of members did not stop there. From a best-practices perspective, and with due regard for the potential liability risks, the working group also developed a sample engagement letter and disclosure consent, which can be used in providing the required FSA information. The engagement and disclosure letters should be signed by the client before the member signs the certification. (See the AICPA’s FSA Certificate Letter Guidance page for a full list of resources.)

Coffey’s blog post said,

Should you provide your clients with comfort letters? I don’t recommend it, and in some cases, standards actually prohibit it. Not only does it put you and your practice in a very risky liability situation, you may face sanctions or loss of license if you sign any solvency-related comfort letters or certifications. For non-solvency comfort letters, your liability insurance may also forbid it; make sure to check with them before you sign any comfort letter or similar third party certification or verification letter.

Are we encouraging you, discouraging you, or just what? I do not think we are being inconsistent, as I will explain in a moment, but first, a few more questions:

  • Do you have liability insurance?
  • Are you in contact with your liability carrier, and do you use the carrier as a resource? Have you read its material on comfort letters? Have you also read the AICPA material?
  • Do you use engagement letters?
  • Are you familiar with the SSTSs, Circular 230, and the appropriate levels of due diligence to apply in tax engagements?
  • Are you aware of the prohibitions on providing assurance with regard to matters involving solvency?

If your answer is “no” to any of these questions, then I completely agree with Coffey when she says she does not recommend providing clients with comfort letters.

But any practice that can answer “yes” to all of these questions potentially has a wonderful opportunity to help its clients. Let your client, and the third party, know when a request is inappropriate but, more importantly, talk to them about an alternative way to validate or acknowledge facts and convince them the alternative is just as good. Take a look at the FSA situation, for example, with regard to appropriate ways to acknowledge historical tax return information. Remember, also, that a formal projection or forecast that would be done under appropriate accounting standards is a smart alternative.

So, no, I do not think we are being inconsistent; we want you to move forward in this area smartly, avoid the pitfalls, and take advantage of the opportunities. And we will do our part to support you!


Edward Karl is AICPA vice president–Taxation in Washington, D.C. For more information about this column, contact Mr. Karl at


Tax Insider Articles


Business meal deductions after the TCJA

This article discusses the history of the deduction of business meal expenses and the new rules under the TCJA and the regulations and provides a framework for documenting and substantiating the deduction.


Quirks spurred by COVID-19 tax relief

This article discusses some procedural and administrative quirks that have emerged with the new tax legislative, regulatory, and procedural guidance related to COVID-19.