McGowanPRO Professional Liability Blog / Resources / Articles

Why CPAs Should Consider Cyber Insurance

Posted by Gary Sutherland on Fri, Sep 22, 2017 @ 12:04 PM


CPAs keep vast troves of valuable personal data that cybercriminals are itching to get their fingers on.

So far, the most notorious CPA breaches have culminated in identity thefts that led to fraudulent tax returns. Those cases became the bane of recent tax seasons when victims tried to file their taxes with the IRS and found that a hacker had used their personal data to file a fraudulent return and get an illicit refund.

An IRS-led crackdown slashed those kinds of cases in half last year, USA Today reported, but that still amounted to 787,000 fraudulent returns processed in 2016 alone. And the crackdown is not exactly good news for CPAs. After all, the news headlines about tax-return fraud make CPAs an inviting target.

Why cybercriminals want to breach CPA firms

Let’s quickly review the kinds of private data CPAs have in their computer systems:

  • Full names and addresses
  • Social Security numbers
  • Telephone numbers
  • Bank account and routing numbers
  • Employment, income, and expense information
  • Brokerage information
  • Confidential client communications


It’s difficult to imagine what cybercriminals could not do with all this data. With names, addresses, and Social Security numbers, hackers can use phishing, malware, and other tactics to break into people’s home computers, access their logins to their banks and financial providers, and clean them out.

Another cybercriminal favorite, information on the financial condition of CPA clients is extremely valuable. And private email or text-message conversations between CPAs and clients can wreak havoc if they are made public. When these kinds of confidential information fall into the wrong hands, there’s no telling how much damage can be done. But it’s safe to say the liabilities could cripple many CPA organizations — if they lack cyber insurance.

Ransomware Underscores Risks CPAs Face

Ransomware is the most serious and insidious cyber threat to emerge in recent years. Cybercriminals using a range of tactics sneak into organizations’ computer networks, take up residence and wait for a vulnerable moment to strike — encrypting systems and demanding a ransom in return for decrypting them.

If undetected, these breaches can give cybercriminals widespread access to computer networks and the sensitive data within them. So, your CPA firm could pay the ransom to get your systems back online and still face the risk that private client data now belongs to cybercriminals.

What’s more, many ransomware attackers these days refuse to unlock computer systems after they get their money, potentially creating ruinous downtime for organizations that depend heavily on their computer networks.

Regulatory demands are expanding

New York State created new cyber security rules in 2017 for organizations that report to the state’s Department of Financial Services (DFS). Generally, CPA firms are not covered (yet), but given that many CPAs work with financial companies, they still need to be familiar with the regulations.

As CPA Journal put it: “In order to counsel these businesses, CPAs must understand the new regulations and their impact. In addition, it makes sense for CPA firms to be proactive in adopting the new regulations, as the profession itself is likely to be included in future regulatory efforts.”

New York’s rules provide a broad outline for safer cyber security practices. According to CPA Journal, New York’s rules require covered companies to:

  • Assess current risks to create a cybersecurity program and put cybersecurity policies in place.
  • Create a plan to dispose of nonpublic information they don’t need anymore.
  • Review and limit access privileges.
  • Ensure third-party service providers are secure.
  • Assign a chief information security officer (CISO).
  • Train employees and monitor authorized users.
  • Craft an incident-response plan.
  • Establish multifactor authentication.
  • Conduct penetration testing and vulnerability assessments.
  • Establish security policies for applications developed in-house.
  • Encrypt data at rest and in transit.
  • Establish an audit trail.

These kinds of practices reflect the principles of sound cyber hygiene that every company that any firm would be well advised to follow (and may well have to if more states adopt the rules). Also, companies that implement programs and policies to secure private data can potentially reduce their overall liability in a breach (though this depends on the facts of an individual lawsuit).

With cyber risk rising every day, a comprehensive network-security program is just one component of a sound risk-management program. Another crucial component is a cyber insurance policy that can protect your organization if it becomes the target of litigation.

A cyber insurance policy for CPAs can cover legal liability from:

  • Theft, loss, or unauthorized disclosure of private data or third-party corporate information.
  • Failure to comply with state breach notice laws.
  • Failure to comply with the insured’s privacy policies.
  • Failure to administer an identity theft prevention program required by governmental regulation.
  • Unauthorized access, theft, or destruction of data.
  • Denial of service attacks and virus transmission involving the insured’s computer systems resulting from computer security breaches.

All these risks underscore why professionals like CPAs should look into cyber coverage from McGowanPRO. We can help CPAs in organizations of all sizes get the right cyber coverage for their exact needs.

 If you would like to speak to a professional advisor concerning your company’s exposure to cyber risks, please contact Rob Ferrini at McGowanPRO. 508-656-1327 or 

Tags: cpas, CPA Alert, risk management, cyber

NAPLIA Announces Hanover Insurance as Underwriter of its Nationwide Accountant’s Error and Omission Program

Posted by Gary Sutherland on Tue, Apr 11, 2017 @ 12:52 PM

Hanover and NAPLIA have had a strategic alliance for the last eight years and are now taking it to the next level with an exclusive 50 state Accountants program, now called CPAOnePro. NAPLIA insures thousands of accounting firms in all 50 states.

CPAOneProLogo.pngNorth American Professional liability Insurance Agency, LLC (NAPLIA) is pleased to announce that Hanover Insurance will be replacing Rockhill and Plaza Insurance as the underwriter of NAPLIA’s nationwide accountant’s error and omission program.

The accountant’s program, now called the CPAOnePro (SM), will maintain all of the great benefits that have been a hallmark of our program since October of 2014.

John Raspante, CPA, MST, CDFA heads up NAPLIA's Risk Management team. Attorney Ralph Picardi will continue to manage the Hotline and claims triage for the Accountant’s program. Both John and Ralph regularly assist clients in best practices, claims mitigation and engagement letters as well as website reviews.

NAPLIA offers NASBA approved online risk management webinars which provide premium credits and CPE for qualified firms.

Hanover Insurance Company, founded in 1852 and listed on the New York Stock Exchange as “THG”, is a Top 25 Property and Casualty insurance company with 42 offices in the United States and over $5 Billion in written premium. Hanover has an AM Best rating of “A” Excellent and is one of only a handful of insurance companies to be rated with AM Best since 1907. Additionally, Hanover maintains “A” ratings with both Standard and Poors and Moodys, and is a Forbes 2016 best mid-size company.

North American Professional Liability Insurance Agency, LLC (NAPLIA) created an Errors and Omissions insurance program designed specifically for accounting and consulting firms called CPAOnePro. Working with CPAOnePro you can expect more than just a policy. We are dedicated to providing clients with continuous risk management and practical learning opportunities to keep firms protected, the highest quality customer service so partners can feel comfortable calling us with any issue, and a team of risk and legal experts who are ready and able to work to solve or mitigate any problem that arises.

“Hanover’s vision of managing a successful Accountants Insurance Program through quality risk management aligns with NAPLIA’s experience and resources. We we are delighted to call them partners" said CFO/Partner Stephen Vono.

CPAOnePro is a Registered Servicemark of North American Professional liability Insurance Agency, LLC


Why a stop-work caveat for engagement letters?

Posted by Gary Sutherland on Tue, Apr 11, 2017 @ 12:48 PM

By John Raspante, CPA, MST, CDFA, Director of Risk Management

Many claims faced by CPAs have their origin in breach of contract causes of action. While the more prevalent claims assert negligence as the cause of action, breach of contract is growing in frequency. NAPLIA’s book of insureds have been indoctrinated on the use of engagement letters and client termination letters. Nevertheless, when a CPA ceases to provide services or simply stops work, the knee jerk reaction by the client is to allege a breach of the contract has occurred.  Consider the following claim scenario:

ABC accounting firm has provided bookkeeping, payroll tax preparation, and corporate tax preparation services for their longtime client BEST Manufacturing (BM). An engagement letter is in place, but contains no stop-work provision. Thirty days prior to the due date for the corporate tax return the CPA firm decides on ending the client relationship and sends BM a standard client termination letter. The letter contains the basics of a solid termination letter and includes the status of unpaid fees, ABC's willingness to assist the new CPA firm, pending due dates, and the reason(s) for the termination. It should be noted, the reasons for the termination centers around the unpaid fees and possible corporate tax filings in other states as a result of what ABC feels are BMs satisfying corporate tax NEXUS requirements is these states. BM insists that the fees will be paid as they have just opened locations in other states and cash flow will improve. With respect to the NEXUS requirements being satisfied, BM states they will register later in the year and other manufacturers they know of do not file in those states. 

As a result of the termination, BM is appalled and feels this should have been discussed and not facilitated by a letter. After all, the relationship has spanned several decades and the managing partner’s father serviced the BM prior to the formation of ABC. Second, BM feels they were not provided ample time to locate a new CPA Firm, and opposes going on extension. Several calls are placed to ABC by BM and they go unanswered. As the managing board at BM grows more infuriated, they finally call their corporate council and serve a complaint to ABC alleging breach of contract. In addition, they file an ethical complaint with the state board of accounting alleging violations of the accountancy act.


While the majority of the problems faced by ABC could have been averted by a stop-work caveat (the focus of this article) which we have included, the following are also recommended to effectively deal with client terminations: 

  • Allow for ample time, if possible, when terminating. This termination occurred 30 days prior to the due date of the corporate tax return.
  • Begin the process of terminating with a phone call and or a meeting as opposed to simply sending a letter giving BM little time to shop for a new CPA firm.
  • Discuss the reason(s) for termination. While the unpaid fees were important, the NEXUS issue was the real reason for terminating. ABC should have explained that a NEXUS study should have been conducted and what others do or don’t do does not satisfy professional standards.



If I elect to terminate my services for nonpayment, or for any other reason provided for in this letter, my engagement will be deemed to have been completed upon written notification of termination, even if I have not completed your return.  You will be obligated to compensate me for all time expended, and to reimburse me for all of our out-of-pocket costs, through the date of termination. In addition, I will be held harmless from any resulting damages caused by this termination.


Tags: risk management, engagement letter

State Auto Financial Corporation reported fourth quarter 2016 net income of $32.5 million

Posted by Gary Sutherland on Mon, Feb 27, 2017 @ 02:39 PM
COLUMBUS, OHIO - February 14, 2017 -  State Auto Financial Corporation (NASDAQ:STFC) today reported fourth quarter 2016 net income of $32.5 million, or $0.77 per diluted share, versus net income of $3.1 million, or $0.07 per diluted share, for the fourth quarter of 2015. Net income from operations1 per diluted share for the fourth quarter 2016 was $0.46 versus net income from operations1 per diluted share of $0.00 for the same 2015 period.


Better Business Bureau Certificate of No Complaints and No Negative Customer Reviews for 36 months

Posted by Gary Sutherland on Tue, Feb 14, 2017 @ 02:05 PM

NAPLIA recently received a Certificate of "No Complaints and No Negative Customer Reviews".  

The Certificate states "As of February 8, 2017, NAPLIA has not received a single customer complaint and has not received a negative customer review within BBB's reporting period of 36 months."

NAPLIA has been a Better Business Bureau Accredited Business for since March 2005.



Webinar: Avoiding Risk in CPA Firm Mergers

Posted by Gary Sutherland on Wed, Jan 04, 2017 @ 01:29 PM

We'll discuss how to avoid M&A risks and maximize the deal’s ROI.

January 18, 2017 at 2pm ET

Presented by Joseph Tarasco of AAG and John Raspante of NAPLIA


All mergers and acquisitions (M&A) involve some degree of risk—and carry no guarantees of fulfilling the intended goals and objectives of the transaction. However, using M&A as a growth, talent acquisition, and succession planning strategy is essential and a top priority at most firms.

Learn more or register to attend.

What we will discuss:

  • Balancing risk in M&A while maximizing ROI
  • Increase ROI and the chances of a successful transaction by assessing the level of risk and avoiding M&A deal traps.
  • Doing what it takes to avoid big risks and placing the emphasis on the deal’s ROI and strategic implications.
  • Determining the right M&A strategic goals and objectives that have the best potential of maximizing ROI and minimizing risk in the future.
  • Avoiding the risk of a terminated transaction after many months of discussions by planning and structuring the deal terms and identifying deal breakers and dissenting partners early in the negotiation stages.


Learn more or register to attend.

Tags: risk management, mergers

North American Professional Liability Insurance Agency, LLC (NAPLIA) Announces an Alliance with Accountants Advisory Group, LLC (AAG)

Posted by Gary Sutherland on Tue, Nov 22, 2016 @ 03:01 PM

North American Professional Liability Insurance Agency, LLC (“NAPLIA”) is pleased to announce a business alliance with Accountants Advisory Group, LLC (“AAG”), effective immediately.

Recognizing that risk management goes beyond matters of professional liability, NAPLIA has entered into a strategic alliance with AAG.  NAPLIA’s clients will now have direct access to AAG’s accounting expertise and full range of advisory services. NAPLIA is aligning with the leaders of today’s accounting firms as they work toward achieving long term success by growing their practices — organically and through M&A — increasing profitability, and developing succession plans. In addition to practice management advisory services, AAG can provide outsourced marketing and lead generation services to NAPLIA’s clients to provide them opportunities to:

  • Attain above average growth each year
  • Avoid an upward merger
  • Replace retiring rainmakers
  • Increase client realizations through engaging higher quality clients
  • Become more competitive in their marketplace by implementing new niche and specialty services
  • Continuously upgrade their client base
  • Have access to marketing professionals who have diverse talents and years of experience in the accounting industry

Through AAG’s vast network of resources, NAPLIA’s clients will also have access to a full range of M&A consulting, recruiting resources, and partner retreat services to support their growth and assist in succession planning.

As an example of NAPLIA and AAG’s commitment to CPA firms’ success, the firms will jointly offer webinars on a variety of topics, such as:

  • Risk Management in M&A
  • Target marketing and lead generation
  • Advisory and value added services
  • Using M&A as a growth and succession plan
  • Growth initiatives through industry and niche specialization
  • Partner performance compensation and accountability programs
  • Recruiting: best practices and risk management
  • Partner retreats and strategic meetings
  • Practice management subjects, including partner compensation structure, leadership, partner governance, succession planning strategies, etc.
  • HR-related topics

NAPLIA aims to differentiate from other insurance agencies by providing “more than just a policy.” Stephen Vono, Principal, says “NAPLIA is dedicated to providing CPA firms with continuous risk management and practical learning opportunities to keep our clients’ firms protected.  This alliance with Accountants Advisory Group will allow us to provide our clients with a broader range of resources from some of the top minds in the profession.”

Joe Tarasco, the CEO of AAG, said, “It's not enough for the leaders of today’s public accounting firms to insure themselves against professional liability risk. They need to manage their succession planning risks, as well as, the risks of diluting the value of their practices. We look forward to assisting NAPLIA’s clients in adding value to their practices along with implementing successful succession plans for the future.”



North American Professional Liability Insurance Agency, LLC (“NAPLIA”) is an agency well-known and respected in the accountants’ professional liability industry for close to 20 years, and is the managing general agent (MGA) for CPA ProSecure. The professionals at NAPLIA have decades of specialized experience in providing professional liability, and related insurance products to public accounting firms. We are proud members of the Professional Liability Underwriting Society (PLUS), the Better Business Bureau, and hold the highest ranking from Dun & Bradstreet for companies our size.


Accountants Advisory Group, LLC (“AAG”) is a national and international consulting firm specializing in Certified Public Accounting firms in the areas of succession planning, growth strategies, strategic planning, marketing and lead generation, mergers and acquisitions, and recruiting.


Tags: risk management, NAPLIA

The DOL Changes and E&O Premiums

Posted by Gary Sutherland on Fri, Nov 18, 2016 @ 03:38 PM

Paul J. Smith, AIF and Gary Sutherland CIC, MILS                            

NAPLIA (North American Professional Liability Insurance Agency, LLC)

Hardly a day goes by that we are not asked by a client or colleague what impact the new DOL Conflict of Interest rule will have on Professional Liability insurance underwriting and pricing - given NAPLIA’s presence in the market, and history as thought leaders in the financial industry insurance space.

Like many interested parties, we have gone through a series of reactive conclusions, from “no big deal” to “absolute horror”, depending on the latest webinar or seminar we attended. In fact it was almost embarrassing when we attended a seminar in NYC where the industry speakers were near tears, when discussing how unprepared they were for the change.

Our firm’s DNA is for the most part in the RIA space, but I started my career at PaineWebber as a stock and Bond Salesman, at least that’s what the branch manager called us twenty five years ago. The idea that we might be fiduciaries was never on the radar screen. We were a distribution channel for the IPOs the firm had a hand in marketing, in addition to selling our favorite stocks of the day  on the secondary market, to whom ever would write us a check.

This background may add some flavor to my team’s approach to the leading question posed by clients and colleagues above; what effect the new DOL Conflict of Interest rule will have on Professional Liability insurance underwriting and pricing?

The insurance industry isn’t very good at answering questions based on forward looking markets where a paradigm   change has taken place – where’s the data, who has underwritten this in the past? With no data, a judgement call must be made, and the insurance industry is built around the theory of large numbers, and the story they tell.

When the numbers aren’t available, underwriters assume the worst. It’s an instinctual reaction – until the numbers tell me differently, I’m going to assume the “change” will bring more risk to the table, than less.

In my “absolute horror” stage, I was asked to take a stab at what premium increases Broker Dealers could expect per Registered Rep, and after careful analysis, I came up with 25%; suggesting that the average cost per Rep might go up $500 to $1,000 annually.

To Justify that conclusion (or prognostication), I’d have to come up with some hard data, as to where the new claims would come from, and why it was inevitable that more claims  would in fact be triggered by the new rule.  Up until this point I was operating on what I’d heard from others – read or seen at webinars and seminars, rather than using my 20 plus years in the industry to develop a well thought out, defensible conclusion. That’s where my theory hit a bit of a roadblock.

Actually it was more of a guess than a theory, and what became clear was that I was transferring the financial industries fear of change and expensive consulting infrastructure overruns, into an existential threat that an increase in client claims were inevitable. I hadn’t de-coupled the overall industry dread from what was likely to happen on the client liability side of the equation.

At my colleagues prodding, we began to explore the real existential threats to E&O carriers, and why an assumed increase in claims might in fact, not be on the horizon. The rest of this paper is based on our primary reasons why the obvious conclusion of higher premiums and more frequent claims is more than likely not the case (specific concepts are bolded).

The marriage of Compliance, Risk Management and the Corner Office Executive Suite has been in the works for years. How often have we heard that good compliance equals good business – use it as a marketing tool. Overnight the Compliance folks at the Broker Dealer are driving the bus and playing a leadership role.

In reality, the Broker Dealer community has been significantly more compliance focused for years, in comparison with a nearly unsupervised RIA world that’s done an amazing job of self-management – making their 40Act fiduciary status as the pillar of their professionalism.

 Because FINRA has always brought much more structural oversight to the Broker Dealer world, than has ever been present in the RIA world -- our feeling is that the intellectual horsepower is in place at the Broker Dealer firm’s to take this current change on, maybe more so than the small RIA who’s looking at far fewer changes, but with far fewer resources.

In fact, not many are talking about FINRA Rule 2111 that preceded the recent DOL change, taking effect in October of 2010. The FINRA rule addition, approved by the SEC, brought the Broker Dealer Rep, much closer to operating in their client’s best interest than had ever been the case. The concepts of Suitability and Best Interest were suddenly brought much closer, and looking back, under appreciated.

New FINRA Rule 2111 generally is modeled after former NASD Rule 2310 (Suitability) and requires that a firm or associated person “have a reasonable basis to believe that a recommended transaction or investment strategy involving a security or securities is suitable for the customer, based on the information obtained through the reasonable diligence of the member or associated person to ascertain the customer’s investment profile.” The rule further explains that a “customer’s investment profile includes, but is not limited to, the customer’s age, other investments, financial situation and needs, tax status, investment objectives, investment experience, investment time horizon, liquidity needs, risk tolerance, and any other information the customer may disclose to the member or associated person in connection with such recommendation.”

The new rule makes clear that a broker must have a firm understanding of both the product and the customer.

It also makes clear that the lack of such an understanding itself violates the suitability rule.

The new rule continues to use a broker’s “recommendation” as the triggering application of the rule, and continues to apply a flexible “facts and circumstances” approach to determining what communications constitute such a recommendation.

The new rule also applies to recommended investment strategies, clarifies the types of information that brokers must attempt to obtain and analyze, and discusses the three main suitability obligations. Finally, the new rule modifies the institutional-investor exemption in a number of important ways. (Taken from FINRA Regulatory Notice 11-02)

 Our contention is that since the Pension Protection Act in 2006, many of the Broker Dealer Reps working in the Retirement Plan market have gone to flat fee pricing, utilizing 12b(1) fees, and in many ways have already been acting with fiduciary stewardship ideals, front and center.  

The RIA community never had a monopoly on prudence and putting the client’s needs first. The competition in the marketplace has done a great deal to raise the bar, and bring down all too high fees over the last ten years since the PPA and the DOLs 408(b) Fee Disclosure Rules that took effect in 2012. The new DOL Conflict of Interest Rules will further these trends.

Meaningful product reviews are taking place at every Broker Dealer in America. Mutual Fund shops are being pressured to make institutional funds available to small investors, and compliance teams are lifting the hood on incentives that could possibly sway Reps to push products that may not be in the client’s best interest.

Approved product lists will become much more front and center, as compliance teams increase oversight and play more meaningful management roles. Investment options in the Plan and IRA space will be intensely vetted, and as a result limited.

Benchmarking will become critical – giving the Reps and Broker Dealers objective pricing data, to present to the IRA / Plan client in the product discussion. This benchmarking focus will act to prevent client claims, rather than increase them. We see nothing in these changes that are not a catalyst a reduction of risk for the E&O carrier.

The reasonable fee requirement that’s part of the Full and Limited BIC Agreement (taken straight from ERISA), will require more transparency than ever before, especially in the IRA market. Reps, Advisors and financial institutions will be on record, justifying case by case how the BIC Exempted recommendations are in the Clients Best Interest.

This will put the brakes on claims – creating a formal agreement amongst the parties that the particular investment is appropriate and in the clients’ best interest. In the vast majority of financial industry claims we have seen over the years, the foundation underlying the claim has been the client didn’t know – was never told about the true cost of the transaction. Be it an upfront commission, or lack of liquidity – transparency will stem the tide of E&O claims based on poor communication.

We expect an increase in the percentage of Level Fee based activity in the Qualified Plan / IRA space, as some Broker Dealers are moving in that direction on an enterprise level, and commission based activity done under the BIC Exemption, as noted above, will force additional focus on reasonableness and transparency.

The existence of a signed BIC agreement (by the financial institution and the client) will in itself create a clear record of product approval that will be difficult to walk back – making client claims of Rep driven ignorance, difficult to sustain in a court of law. This is especially true if the Broker Dealer implements the recent DOL suggestions, as regards handling of the Contracts and making them available on their website.

Section II of the BIC Exemption requires that financial institutions agree to certain standards and make specified warranties in a written contract with their IRA and non-ERISA plan customers. Section II(a)(2) of the BIC Exemption requires financial institutions to maintain an electronic copy of the retirement investors’ contracts on its website that is accessible by the investor.

The best practice is for a financial institution to maintain an executed copy of the retirement investor’s individual contract on its website that is accessible by the retirement investor. This ensures that the retirement investor will have ready access to a statement of his or her rights and potentially eliminates many needless disputes about the existence of the contract and the scope of the financial institution’s obligations under that contract……… (Taken from the DOL recent FAQ on the Conflict of Interest Exemption)

Having the Client Contract online, connected to the clients account, will be a powerful reminder to both parties what has been agreed to. We strongly recommend this approach, and feel that if this transparent posting of the Agreement is done, the likelihood of claims will be further reduced.

We also feel strongly that the Financial Institution follow-up every sale with a client communication – confirming the client has understood the Contract and has a copy. There are organizations that are already offering that service for a small fee – LIMRA is one of them.

Better training of Reps in fiduciary concepts will inevitably take place, as part of expanded training programs. Fi360 has been the center of this training, and will likely continue to expand their training programs in connection to the new regulations.

As discussed above, the elevated FINRA suitability rules have started this client focus at Broker Dealers, but we expect to see a much greater focus on fiduciary training as a result of the DOL changes connected to who is a fiduciary, and the elevated responsibilities connected to the Reps new status.

It makes common (prima facie) sense that a new “higher” fiduciary standard will raise the bar on the quality of client care. Taken from the DOLs recent FAQ:

 The initial standards specifically require advisers and financial institutions to:

  • Give advice that is in the “best interest” of the retirement investor. This best interest standard has two chief components: prudence and loyalty: Under the prudence standard, the advice must meet a professional standard of care as specified in the text of the exemption; Under the loyalty standard, the advice must be based on the interests of the customer, rather than the competing financial interest of the adviser or firm;
  • Charge no more than reasonable compensation; and
  • Make no misleading statements about investment transactions, compensation, and conflicts of interest.


Clarity in Reps and IARs responsibilities connected to rollovers from qualified retirement plans to IRAs will help guide these transactions, and lower the risk that they are completed without attention to the clients’ best interest, with a focus on prudence and loyalty. The rule change sheds further light on how Level Fee Advisors can use a Streamlined BIC Agreement when recommending participants move to IRAs away from the plan.

However, the BIC Exemption does provide relief for investment advice to roll over a participant’s account, even if the adviser serves as a discretionary fiduciary with respect to the plan or that participant’s account and will provide fiduciary investment advice following the rollover, as long as the adviser does not have or exercise any discretionary authority or discretionary control with respect to the decision to roll over and the other applicable conditions of the exemption are satisfied.

This clarity and Prohibited Transaction protection essentially shields the Rep and Advisor from second guessing and client remorse, that in the past has led to claims. Naturally this risk management and reduced exposure assumes the proper precautions and disclosures are made. This is another area where we feel the risk of client claims will be reduced by the change.

Essentially, the rule change in concert with utilization of the BIC Exemption, will help eliminate conflicts of interest and self-dealing.  As discussed earlier, lack of communication and transparency have been a historic driver of claims, we believe the new rule will significantly limit misrepresentation of product and cost detail, lowering the Reps opportunity for inherent conflicts and self-dealing.

The full BIC Exemption provides that financial institutions cannot “use or rely upon quotas, appraisals, performance or personnel actions, bonuses, contests, special awards, differential compensation or other actions or incentives that are intended or would reasonably be expected to cause Advisers to make recommendations that are not in the Best Interest of the Retirement Investor.”(DOL Bulletin)

It’s our belief that the Retirement Plan business will continue trending toward flat fee pricing, and we will see little if any transaction driven commission business going forward. The fiduciary rule will create an environment where deposit based commissions will be difficult to justify, even in the small/micro market, as products are developed for this space to accommodate small and startup plans. The next wave of MEP Plans with outsourced fiduciaries will only serve to further this trend toward lowering the volume of E&O claims.

Our conclusion is that the DOL Conflict of Interest regulation, and changing the definition of who is a fiduciary, will reduce, not inflate the litigious environment and number of E&O claims we have traditionally seen in the financial services community.

Insurance carrier underwriters that understand how these moving parts will align to reduce risk in the Financial Services community, will find themselves better positioned to exploit the changes taking place in a compliance focused workplace.

It’s important that those effected by the changes realize there is a phase in or transition period with phase one starting April 10, 2017; the date when financial service provider status will change from non-fiduciary to fiduciary, and financial service providers must disclose any material conflicts of interest.

On January 1, 2018, the transition period ends and full compliance with all the exemptions conditions must be met.

Complete details of all the required disclosures is not the intention, or within the scope of this paper.


North American Professional Liability Insurance Agency, LLC (NAPLIA) is the leading independent agency in the country specializing in professional insurance products for Financial Professionals. 


The information provided in this paper is intended solely for general educational purposes. It is not intended for the purpose of providing specific legal, insurance, or other professional advice to any particular recipient or with respect to any particular jurisdiction. The author, publisher, and distributor of this document (1) make no representations, warranties, or guarantees as to its technical accuracy or compliance with any law ( federal, state, or local) or professional standard; and, (2) assume no responsibility to any recipient of this document to correct or update its contents for any reason, including changes in any law or professional standard. You should formally retain the counsel of an attorney knowledgeable as to your industry, your practice, and the laws of any jurisdiction(s) within which you conduct your practice to ensure the document’s maximum usefulness and compliance with applicable laws and professional standards.






PHISHING? What is it and why you need to be concerned

Posted by Gary Sutherland on Fri, Nov 18, 2016 @ 11:48 AM

At NAPLIA, we strive to be proactive in addressing the changing risks affecting CPA firms

When it comes to protecting your client’s data, social engineering is continually evolving as an important topic in risk management.  Social engineering is a whole category of threats, encompassing the many ways “bad guys” try to trick employees into disclosing information.

Firms like yours are especially rich targets for social engineering due to the amount of sensitive financial and personal information with which they are entrusted.  Technology-based controls and prevention measures are being overwhelmed by new social engineering techniques and the sheer number of attacks.

The best preventative measure against social engineering attacks is education. At NAPLIA, our goal is “provide more than a policy” with education and services that protect your practice.


NAPLIA offers a free phishing test for our clients which sends a harmless test email to each of your employees.  A report is then emailed to your firm’s insurance contact which summarizes how many people opened the email and how many people clicked the “malicious” link within it.  When an employee opens a link, they will receive a list of tips on how to avoid opening a phishing email in the future.

Some of the emails we have sent include:

  • A forged FedEx Shipping Notification (your company address to be shown in delivery address field):
FedEx Phish.png
  • A forged LinkedIn Invitation
LinkedIn Phish.png
  • A Dropbox notification about “tax return source information”
Dropbox Phish.png

How many employees at your firm will open the next Phishing Email? Most studies say that 35% of all phishing emails are opened at least once.


Rob Ferrini | Program Manager | NAPLIA

Direct: 508.656. 1327 |Toll Free: 866.262.7542, ext. 1327

NAPLIA Now Offers BIZLock® Cyber Liability Coverage

Posted by Rob Ferrini on Fri, Nov 18, 2016 @ 11:43 AM

Because of the growing cybercrime epidemic, NAPLIA now offers BIZLock® Cybercrime Protection, a comprehensive cyber insurance program specifically designed for small to medium sized professional firms.

Cybercrime Creates Very Serious Exposures…

  • Incident response obligations and the associated forensic, PR, Legal and notification expenses
  • Liability arising from the Loss/theft of the personal information of others within your control
  • Cyber extortion and Ransomware (thieves lock down your system and hold it for ransom)
  • Regulatory fines and penalties
  • Payment card industry fines and penalties
  • Losses arising from the theft of Business Identifying Information or BII
  • Business interruption losses and more


Watch our 3 minute video for a quick highlight:         IFI Chalk Talk VIDEO.


Program Summary:

  • Limits from $50,000 to $1MM
  • Premiums ranging between $569 to $1999 per year (annual revenues less than $10MM)
  • Retentions/Deductibles at $1,000
  • Essential Risk management / Compliance tools
  • Incident Response On-Demand™ – Comprehensive 24/7 claims and remediation/resolution services provided by the BIZLock team and its panel of experts
  • Simple application and instant coverage, subject to qualification


Protect your business today. Click here to obtain instant pricing, limit options and actual coverage. Or, copy and paste this URL into your browser


BIZLock is quick, simple and vital to help secure your business against today’s evolving cyber risks. 


Don’t risk becoming a victim of cybercrime without having a professional solution and remedy standing behind you.  Protect yourself against cybercrime with BIZLock.


For more information-


Rob Ferrini | Program Manager | NAPLIA

Direct: 508.656. 1327 |Toll Free: 866.262.7542, ext. 1327 | Fax: 508.656.1399

Tags: cyber