How to Respond to Comfort Letter Pressures

by Suzanne M. Holl, CPA | Mar 01, 2021

Insightful lessons can be learned by reviewing professional liability issues. With this in mind, Gallagher Affinity provides this column for your review. For more information about liability issues, contact Irene Walton at

Pressures are put on CPAs from many sources. An unfortunately common source is from banks and other lenders pressuring them to provide assurance regarding a client’s financial strength. Many CPAs have shared their frustrations regarding veiled threats from aggressive brokers and lenders, alleging that the CPAs’ clients will not qualify for a loan without receiving a letter supporting the clients’ loan qualifications. Some brokers even suggest that the client should seek a “more cooperative” CPA. 

As tempting as it may be to comply with such requests, CPAs who provide the requested assurances could put their license at risk. First, CPAs could fall short of professional expectations if they don’t adhere to AICPA Professional Standards. Interpretation No. 1, Responding to Requests for Reports on Matters Relating to Solvency, of AT-C Section 105, Concepts Common to All Attestation Engagements: Attestation Interpretations of Section 105, prohibits CPAs from providing any level of assurance that an entity is, or will continue to be, solvent.

Another risk is that lenders may allege that the CPA misrepresented the client’s creditworthiness should that client later default on the loan. In some situations, lenders have alleged that CPAs misrepresented self-employment status, financial condition, or creditworthiness. 

The creditworthiness dilemma is a balancing act, and CPAs need to carefully evaluate the risks associated with complying with these requests. For example, since professional standards do not require CPAs to provide any letters to third parties, they need to balance the risk of saying “no” (and potentially losing the client or being sued should the loan fall through) against the risks of saying “yes” (and not meeting the profession’s standard of care or becoming a “deep pocket” target  if the client defaults).

The following examples provide some ideas on how to traverse the delicate balance of mitigating risks while managing client and third-party expectations.

Verification of Tax Information or Employment

Financial institutions often send forms directly to a prospective borrower’s CPA requesting verification of tax information, employment or self-employment, and/or assurance that the client’s business or owner will not be affected by the contemplated loan. Typically, the form is short and already filled out: it calls for the CPA’s response and signature verifying the information provided. CPAs must be cautious if considering these requests. 

Only after the client has provided you with appropriate written consent should you draft a letter in response to the form (instead of signing it) that clearly identifies the following:
• Scope and limits of the services rendered to the client.
• Responsibility of the financial institution to exercise its own due diligence and to perform the procedures and tests the lender deems appropriate in determining whether to extend credit.

• Limited responses (facts, as opposed to judgments) to the questions posed on the form that are relevant to the client, stating that these answers are based solely upon information shared by the client, which was not audited or otherwise verified. To avoid potential privity issues, this letter should also clearly state that the response is not intended to establish a client relationship with the financial institution.

Telephone Verification

Another type of request that exposes CPAs comes from the so-called “underwriting quality control” divisions of large financial institutions. These folks call CPAs for verbal confirmations regarding their clients’ self-employment or other assurances regarding their clients’ financial information. Let the caller know that professional standards regarding client confidentiality prohibit CPAs from discussing their clients over the phone. CPAs should request that the financial institution put any questions it may have in writing and, if you receive written client consent to respond, you will address the inquiries in writing as appropriate, given the scope and limitations of the services provided. CPAs should consider sending a letter or an email acknowledging the request and reiterating that no assurance was given during the conversation. This is excellent defensive documentation to ward off later allegations that could suggest otherwise.

Confirm Information on a Previously Issued Lender Letter

CPAs should be wary if ever contacted after the fact by a third party requesting confirmation of client information previously provided to the lender on behalf of their client. These individuals may be investigators trying to build a fraud case against a borrower who has defaulted on a loan. CPAs have no professional obligation to respond to these requests; in fact, it would be a breach of client confidentiality if you responded without written client consent. You should not sign or make any statements to requests of this nature.

Tips for Responding 

Before you tailor any response letter, remember the following:
• Be sure to obtain the client’s written consent before disclosing tax return information. 
• The letter should be simple and clear. 
• Document only facts and the services that you perform. Do not speculate on future events (e.g., forecast future income or contingencies) and do not make conclusions not supported by the services you perform for the client (i.e., a CPA should not make assurances regarding the accuracy or completeness of the information provided unless the scope of services enables the CPA to provide such assurances).
• Do not provide any form of assurance regarding matters of solvency.

• Avoid using words that expand rather than narrow your responsibilities.

Tips for Educating Clients

It’s important to inform clients about these issues so they understand what information CPAs can and cannot provide: 
• Have a conversation with the client regarding the scope and limits of the services you perform.
• Clarify for the client what you can and cannot provide as their CPA under the scope and limits of the services rendered.
• Explain how professional standards prohibit CPAs from providing assurance regarding the client’s financial position when the requisite scope of services hasn’t been performed.

• State that professional standards prohibit CPAs from offering any form of assurance regarding matters of solvency.

Following these guidelines early on in a relationship is ideal, because there is often little or no time to educate your clients about the issues after requests are already made.  

Suzanne M. Holl, CPA, is senior vice president of loss prevention services with CAMICO in San Mateo, Calif. She can be reached at

Leave a comment

Thousands of CPE Courses  

With the highest quality CPE and thousands of options for online, self-study, and in-person learning, PICPA's CPE meets all of your professional education needs.

Search Courses
Read It Your Way

digital edition

Read the latest edition of the Pennsylvania CPA Journal via the web or digital edition. 

Read Now
Member Benefit

The Pennsylvania CPA Journal is a PICPA member benefit. Receive quarterly editions of the Journal delivered to your doorstep.