With more and more frequency, accountants are asked to provide information, verify their work product or confirm information about their clients to non-client third-parties, such as loan brokers, lenders, insurers and investors. Some of these third-parties also request that accountants acknowledge reliance on the information provided in what is referred to as "privity letters", "reliance letters", or "comfort letters". These requests direct the accountant to verify the accountant's work and are used to put the accountant on notice of the third-party's intended reliance. While an accountant owes a duty of due care to the client, a verification request may create a duty, and expose the accountant to potential liability, to nonclient third-parties who claim detrimental reliance on the accountant's work product. When receiving these requests, accounting practitioners should proceed with extreme caution.

Common Scenarios

Potentially problematic requests can come up in connection with a client's pending borrowing or refinancing application, insurance placement, transaction due diligence, or any number of other scenarios. Stricter lending practices have resulted in more lending institutions requesting a borrower's accountant to affirmatively grant privity to the third-party or verify the borrower's income tax returns or financial statements directly to that third-party. Lending institutions sometimes add provisions in loan agreements that require the borrower to "direct" their accountant to provide certain types of information upon request from the lender and accompany that information with a statement confirming the accountant's understanding that the lender will rely on the information to make a credit decision. One example is that insurers sometimes send letters to policyholders' accountants stating that the insurer relied on the accountants' work product in placing the insurance and ask the accountant to acknowledge the insurer's reliance.

The task of assessing an applicant's creditworthiness and verifying the accuracy of the financial information submitted by an applicant should be the exclusive responsibility of the lender, insurer or other thirdparty assessing whether to take action on the request. The financial institutions making these assessments may find this a difficult task, particularly when the applicant is self-employed or plans to use a distribution of business assets to fund the down payment or closing costs on the loan. To shift the burden of verifying the borrower's financial information, and also as an attempt to shift some of the risk to the accountants, brokers, lenders, insurers and others try to build a basis for asserting they are in privity with the accountants so they have standing to sue the accountant if things turn out poorly (e.g., the borrower defaults or the business fails). If a borrower later defaults on the loan, the broker or lender often takes the position that it detrimentally relied on the accountant's verification and representations when extending the loan, so they have a basis to sue the accountant to recover their loss on the transaction. Accountants who prepared or audited the financial records are attractive targets when the lender or broker's business relationship with the borrower sours because the accountant usually has professional liability insurance coverage whereas the borrower may be judgement proof or bankrupt.

An accountant's exposure to non-client third-party liability varies from state to state. It is important that accounting professionals are well-versed in identifying this risk and are aware of the legal implications as these requests as they become more common. Privity is generally defined as the connection or relationship existing between two or more contracting parties. Accountants are in privity with their clients because the accountant agrees to provide professional services in return for the client's agreement to pay for those services, thereby creating a contract. The lack of privity is a defense used to bar claims for economic losses in the absence of a contractual relationship between the parties. In the context of professional liability claims, however, the lack of privity defense has eroded and a professional's exposure to liability to third-parties has gained traction in many jurisdictions.

To the extent states have taken a position an accountants exposure to a third-party, there essentially are five approaches used to determine third-party liability. Each state has developed its own interpretation of these approaches either through case law or enactment of statutes, or a combination of both. Accountants should consult with an attorney to understand how the laws of the jurisdictions where they practice are applied. The five approaches are as follows:

Approach 1: Strict Privity (small minority view)

Some states require actual privity of contract in order to hold an accountant liable for malpractice, so third-parties do not have standing to sue accountants they did not directly engage. In these jurisdictions, the accountant cannot be liable in contract or tort to a third-party in the absence of a written agreement or acknowledgment that the accountant can be held liable by the third-party

Approach 2: Near Privity

States that follow the "near privity" approach" will find an accountant liable to third-parties if the accountant had actual knowledge that the work product was to be used for a particular purpose and the accountant intended that a known third-party will rely on the work product. The third-party must be the intended beneficiary of the engagement by the client of the accountant. For instance, the client hired the accountant to prepare financial statements or opinions specifically for the third-party. Additionally, there must some linking conduct between the accountant and the third-party, such as meetings to discuss the subject transaction, the accountant sending information directly to the third-party, or some other meaningful contact that demonstrates the accountant's understanding that the third-party may rely on the work product. For example, an accountant receiving a telephone call initiated by the bank that is short and not particularly substantive in nature would not be sufficient to establish the required linking conduct.

Approach 3: Restatement (2d) of Torts §522 (Majority view)

A majority of states follow the approach set forth in Section 522 of the Restatement (2d) of Torts. Under this approach, an accountant's liability is limited to losses incurred by classes of intended users who the accountant knows will receive and potentially rely on the work product. The first inquiry is whether the person or the class of persons were actually foreseeable or intended users of the information, then courts look to whether reliance by the person or class of persons was justifiable. The person or class of persons is foreseeable if the accountant supplies the information directly to the third-party or the accountant is aware of the client's intent to supply the information to a third-party. In making these inquiries, different jurisdictions look at different factors and may vary in the analysis, but in all instances the Restatement is a somewhat broader approach than the "near privity" approach.

Approach 4: Foreseeability (Minority view)

The broadest approach, which creates greater risk of accountant liability for third-party reliance, is the foreseeability approach. Only a few states follow the foreseeability approach. In those states, the accountant may be liable to anyone whose reliance on the professional services was reasonably foreseeable (as opposed to the actually foreseeable standard under the Restatement (2d) of Torts §522 approach).

Approach 5: Statutory Approach

Several states have statutes that define when an accountant may be liable to a third-party. Although some states have statutes that basically enact as law the Restatement approach, the other states that have statutes have somewhat more narrowly drawn requirements for an accountant to be held liable to a third-party. In some of these states, the accountant can limit exposure to third-parties by sending a notice to the client identifying, and thereby limiting, the third-parties who can rely on the work product. In one state, third-party liability to financial institutions is cut off unless the accountant specifically provides written authorization to the institution agreeing to be held liable to that particular third-party.


Accountants should consult with an attorney or risk management professional to help navigate the applicable laws, and to determine the best of course of action when confronted with these types of requests and the inherent risks they present. Here are a few other precautions of which accountants should be aware:

No good deed goes unpunished. Being your client's trusted advisor does not mean you need to put yourself in harm's way. The client should get financing or place insurance or achieve whatever desired results based on the merit of the client's application and not based on the fact that the client has an accountant who responds to questions on the accountant's letterhead. Similarly, the lender, insurer or other relevant third-party must make its business decisions based on its analysis of the application and the merit of the transaction and not based on the fact that the applicant's accountant has professional liability insurance. Accordingly, here are some best practice to keep in mind:

  • Keep contact with these third-parties to a minimum;
  • Do not agree to meetings, calls or direct submissions to third-parties unless there is a compelling business reason and it is made clear in advance that you are only responding to questions based on the limited work performed;
  • Always point out in any encounter with a third-party that the services you provided were limited and that the services were not undertaken to influence or replace the third-party's own assessment or judgment;
  • Never agree to sign a privity letter or similar acknowledgment;
  • Spell out in engagement letters and other communications that your services are performed only for the benefit of the client and not for any third-parties; and
  • Discuss all of the foregoing with knowledgeable legal counsel or risk management professionals whenever these issues come up.

Know the professional standards. Accountants should be familiar with applicable professional standards. The professional standards may prohibit certain activity. For instance, the professional standards prohibit an accountant from providing assurance on solvency.

Be mindful of confidential information. Accountants should be cautious of disclosing any confidential client information. Internal Revenue Code 7216 prohibits disclosure of tax information and returns, as well as any information obtained from a taxpayer, unless the taxpayer consents in writing or the disclosure fits within a specified exception under the Internal Revenue Code. Confidential information and client communications are further protected by the accountant-client privilege in some states and by professional ethics guidance in all situations, so the necessary written waivers must be obtained prior to disclosing such information to third-parties.

Control exposure by limiting the scope of the engagement with the client. Accountant should always review the terms of the engagement with the client and pay close attention to any provisions that create potential exposure for third-party liability. Language referencing reliance by a third-party on the accountant's work product should raise red flags. Accountants should be particularly cautious when asked to verify the information on tax returns to third parties given that the accountant does not independently verify the underlying information provided by the client.

Accountants should make note at the beginning of each engagement of the end user of the professional services and the work product. Accountants can then consider the laws of each jurisdiction that may apply, which may include the states where the accountant, the client and the end users are domiciled.

Accountants can preemptively include language in engagement letters with clients, indicating that they will not respond to any requests for verification from third-parties or that they prohibit the client from sharing the accounting work with third-parties without the accountant's prior consent. Accountants can further mitigate risk by limiting interactions with third-parties to avoid creating a situation where the third-party later claims reliance on those communications.

If the accountant is aware of certain end users of the work product, the accountant can limit the person or class of persons to whom the accountant can be liable by sending a letter to the client indicating the third-parties of which the accountant is aware will rely on the financial statements. This way the accountant will clearly define the third-parties to whom he/she may be liable.

Responding to verification requests or to notices from third-parties of intended reliance. In some instances, a third-party will notify the accountant of its intended reliance on the accountant's work product. The accountant should strongly consider sending written notice to the third-party indicating that he/she does not consent to the third-party's reliance and does not agree to be responsible for any action the third-party takes going forward.

Clients often pressure their accountants to help them out with their lender or other third-parties the clients are negotiating with for various reasons. Accountants always want to help their clients, and the pull of the anxious or desperate clients may be hard to resist; however, serving clients well does not mean exposing yourself to liability. Be extremely careful when asked to interact with third-parties or you just might be exposing yourself to risk and potential liability.

Originally published by PLUS Journal Q1 2020

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.