U.S. compliance for accounting firms

Title: U.S. compliance for accounting firms Slug: us-compliance-for-accounting-firms Meta description: Expert guidance on Accounting: U.S. compliance for accounting firms. Get professional compliance support for your US business. Meta keywords: compliance | accounting Excerpt: U.S. compliance for accounting firms Introduction - Quick overview of why compliance matters: regulatory risk, client trust, ability to perform attest services, and avoidance of civil/criminal penalties. Note that obligations come from federal regulators (IRS, PCAOB, SEC, FinCEN), professional bodies (AICPA, state boards via NASBA), and state-level statutes and rules. Section 1 — Core federal regulatory obligations every accounting firm should know 1.1 PCAOB and SEC (audits of public companies) - Firms that audit public companies must register with the PCAOB and follow PCAOB auditing standards; PCAOB inspects registered firms and can impose sanctions. - Firms auditing SEC-reporting entities must follow independence rules and SEC engagement requirements. 1.2 IRS and tax practitioner rules - Tax practitioners must adhere to IRS rules including obtaining and renewing PTINs where required, following Circular 230 when representing clients before the IRS, and complying with federal tax filing and reporting obligations. - Tax preparer registration and electronic filing standards (EFIN) for e-file providers. 1.3 FinCEN and the Corporate Transparency Act (Beneficial Ownership Information) - Many clients (and some firms’ entities) are subject to BOI reporting under the CTA; accounting firms must advise clients, collect required ownership information, and may be subject to AML/KYC expectations when onboarding clients. 1.4 OFAC and sanctions screening - Firms handling international transactions or advising clients on cross-border matters should screen counterparties/clients for sanctions and maintain records of due diligence. 1.5 Data security and privacy - Federal laws such as GLBA may apply to financial institutions; HIPAA applies when firms handle protected health information for healthcare clients. State privacy laws (e.g., California CPRA, Virginia CDPA) and security requirements such as New York’s SHIELD Act can impose additional obligations. Firms must implement reasonable administrative, technical, and physical safeguards. Section 2 — Professional standards and continuing obligations 2.1 AICPA standards, ethics, and peer review - AICPA sets ethical standards and professional standards for many non-public engagements. Member firms often are subject to peer review programs; some states require peer review or proof of quality control. 2.2 State boards of accountancy: CPA licensure and firm registration - Each state board sets licensure, mobility, CPE, and firm registration requirements. Common firm requirements include registering the firm (sometimes triennially), attest competency certifications, peer review reporting, and ownership rules (some states require majority-CPA ownership or CPA officers for professional entities). - Example: New York requires registration for firms that provide attest or compilation services and has triennial renewals and annual updates (NYSED guidance). Washington, Texas, Michigan and other states maintain similar but distinct firm registration rules. 2.3 Continuing Professional Education (CPE) and ethics - States vary on CPE hour requirements and ethics credit mandates. Firms should maintain a matrix of CPE requirements per state for licensed practitioners and track completions. Section 3 — Practical compliance program for accounting firms (implementation-focused) 3.1 Governance and policies - Adopt written policies: independence/conflict of interest, ethics, data security/privacy, client acceptance and continuance, AML/KYC (as appropriate), retention/recordkeeping, advertising and solicitation rules. 3.2 Client onboarding and client-acceptance checklist - Confirm identity and beneficial ownership (collect BOI info), perform sanctions and adverse-media screening, assess conflicts, document engagement letter with scope, fees, deliverables, retention schedule. 3.3 Quality control and peer review readiness - Maintain workpaper organization, independence documentation, staff training logs, and a peer review binder containing sample engagements, quality-control documentation, and corrective-action plans. 3.4 Data security and incident response - Implement access controls, MFA, encryption in transit and at rest, backup and disaster recovery, vendor due diligence, and an incident response plan with notification flow for clients and regulators. 3.5 Recordkeeping and retention - Establish retention schedules for tax returns, workpapers, engagement letters, payroll and employment records, and client communications. Follow state rules where they prescribe minimum periods for specific documents. Section 4 — State-specific guidance and practical notes (how to approach states) - Firms should: (1) check their home state board of accountancy and any states where they provide attest services for firm registration rules; (2) confirm licensure/CPA mobility rules for staff practicing across state lines; (3) track state-specific CPE and ethics rules. Representative state examples - New York: firm registration required for attest/compilation services; triennial registration and annual updates; ownership and naming restrictions apply. - Washington: active CPA firm registration online, state board firm licensing page details application steps. - Texas: firm registration requirement for entities practicing public accountancy in Texas. - Michigan: firm licensing guidance and documentation requirements on state LARA site. Section 5 — Compliance checklist for small and mid-sized firms (actionable) Pre-engagement - Verify state licensure and firm registration requirements. - Perform BOI / beneficial owner collection (if relevant) and sanctions screening. - Obtain signed engagement letter and fee arrangement. Operational - Implement information security controls, update privacy notices, train staff on ethics and data handling, maintain PTINs/EINs and EFIN where applicable. - Maintain CPE logs, peer review documentation, firm's quality control policies. Reporting & Ongoing - Renew firm registrations, file any required BOI reports for firm entities, maintain disclosures for conflicts of interest, and respond to any regulatory inquiries promptly. Section 6 — Common pitfalls & red flags - Failure to register the firm for attest work in state(s) where required. - Lax client onboarding — lack of BOI or sanctions screening. - Poor data security and unmanaged third-party vendors. - Missing or inconsistent CPE and peer review documentation. Section 7 — Resources & next steps (links and templates) - Primary regulators and standards bodies to bookmark: AICPA, PCAOB, SEC (auditor rules), IRS (Circular 230, PTIN/E-filing), FinCEN (BOI/CTA), NASBA (state boards/CPE resources). - State board links: NYSED public accountancy firm registration page; Washington State Board firm registration; Texas State Board; Michigan LARA guidance. (See citations below.) Appendix — Suggested templates and sample language (engagement letter clauses, data security checklist, client KYC/BOI request form, peer review readiness checklist) - Engagement letter clause sample: scope, deliverables, limitation of liability, retention period, fees, and client responsibilities for providing accurate records. - Client KYC/BOI request form fields: legal name, EIN, jurisdiction of formation, list of beneficial owners with ownership percentages and identification, company applicant info, and date of formation.