How to Comply with the New SSTSs

Published: Jun 3, 2024

AICPA’s new Statements on Standards for Tax Services emphasize data protection, responsible use of tools, and client representation. Learn how to show compliance and strengthen your firm’s ethical practices through training, policy, and documentation.

 

By William Stromsem, CPA, J.D., George Washington University School of Business 

AICPA promulgated three new Statements on Standards for Tax Services (SSTS) covering data protection, reliance on tools and tax representation that became effective on January 1, 2024. Prior SSTSs were carried over and reorganized but contain no new requirements and will not be dealt with in this article, assuming that you already have policies in place to work with them.   

The new SSTSs do not have bright-line standards and mostly use flexible terms like reasonable efforts, due professional care, due diligence and professional judgment. (See prior article on SSTSs.) The SSTSs tend to use “should” instead of the more mandatory “must,” so the compliance is somewhat flexible and hedged. This should give comfort to CPAs in tax practice, and the SSTSs might be thought of as providing a defensible standard against regulatory sanctions and liability claims.  

The new SSTS on data protection requires members to make “reasonable efforts to safeguard taxpayer data, including data transmitted or stored electronically” and consider “applicable privacy laws when collecting and storing data.” It does not require encryption or ask us to do any more than most practitioners are currently doing to protect taxpayer privacy. The new SSTS on reliance on tools requires only that members exercise professional care when using a tool, that members exercise “appropriate” professional judgment when using a tool, and that they “take reasonable steps to determine that the tools are appropriate for the intended purpose.” The new SSTS on representation requires that a practitioner determine that technical competence exists, follow applicable agency or court rules, act with integrity and professionalism, comply with applicable rules on timeliness of responses, consider confidentiality responsibilities for the taxpayer, suspend or withdraw from engagement if the case appears to be going into criminal issues, and review with the client the consequences of a proposed agreement with a tax authority. 

Note that the AICPA standards reflect current external legislative, regulatory and judicial standards. AICPA would not want to set more lenient standards, misleading practitioners to believe that they were in compliance with external standards, and having the standards look weak to outside regulators and the public. AICPA would also not want to set more rigorous standards, placing a self-regulatory burden on members and placing them at a competitive disadvantage to non-CPA practitioners. So, in general, compliance with the SSTSs may help avoid sanctions by other regulators.     

The SSTSs are binding under the AICPA Code of Professional Conduct. You may be tempted to think that there are likely to be few disciplinary actions by AICPA with the new flexible standards and that in the rare instance of a successful action against a CPA, AICPA’s most extreme sanction is to expel you from the organization, with a major consequence being the loss of AICPA group-term life insurance. However, this ignores the fact that the IRS and state professional licensing authorities all review AICPA sanctions – if you are sanctioned by AICPA, you may also see an action brought by other regulators. AICPA disciplinary actions are published on its website, and IRS sanctions are published in the IRS Bulletin, with each regulatory body reviewing the work of the other, and with state licensing authorities often having the same standards also reviewing AICPA and IRS sanctions. If your IRS practice rights are terminated, your firm must choose between giving up IRS practice or terminating you because the IRS does not want a sanctioned CPA to be able to work indirectly through others in the firm. Violations can result in a loss of your job, your right to practice before the IRS, or your CPA license, as well as your valuable professional reputation. Another major concern with failing to comply with the SSTSs is that these standards are often used in malpractice claims that a CPA was not acting in accordance with professional standards.   

The issue, then, is how do we show compliance with these flexible standards. You do not have to get it right with the benefit of hindsight, but you do have to be prepared to show a reasonable effort to satisfy the requirements. Again, there are no bright lines, but there are several ways to evidence your efforts that may be helpful. 

 

Training on Professional Standards, Including the New SSTSs   

A training session on the SSTSs will help your staff members to be aware of ethical issues and know how to exercise professional judgment and due professional care. The training might include some close calls, bringing a good discussion of current and better practices. This will help your associates and staff recognize when they are in an area where there are issues. Plus, it shows your firm’s effort to act in accordance with the standards. Be sure to keep a record of the training to be able to show your efforts. 

 

Written Policies   

A firm might consider various policies to help support a claim of compliance with the SSTSs, such as: 

  • A policy that requires employees to report possible professional standards issues in writing to a more senior professional in the firm, emphasizing to everyone that this is an important part of quality review. Resolution of the issue might provide a defense against penalties or liabilities by showing, for example, why a preparer decided that a position taken met the applicable IRS and SSTS standards (substantial authority for undisclosed positions, reasonable basis for disclosed positions, more-likely-than-not standard for tax shelters and realistic possibility of success for other issues where there is no regulatory standard). These are set in SSTS No. 1, which is the only bright-line standard in the SSTSs. Even these may be subject to different opinions as to the level of certainty for the position. 

  • Consider using ethics compliance checklists whenever a sensitive issue arises. This analysis may help avoid problems and can show that the firm exercised professional judgment and due professional care in resolving an issue. This documentation may be helpful in a future claim of an ethics violation or a professional liability claim.   

  • Ensure that everyone in the firm is aware of the importance of documentation to comply with the soft requirements of the SSTSs. Substantiation will help you recall your efforts when the issue arises during an IRS audit, a disciplinary action or a liability claim for failing to comply with professional standards. Regulatory sanctions and liability claims may arise years after the event; without records, it may be difficult to recall, let alone defend yourself. 

  • Develop policies on the use of generative artificial intelligence tools. You might have a staff member who heavily uses ChatGPT for research, and you don’t even know it. Your firm might require a researcher to disclose the use of an AI tool and the specific tool used when it is a major source of a work product. This might be in an in-house cover memo that transmits the research. 

 

Engagement Letters 

Consider the need for engagement letters, particularly in client representation work. Although the SSTSs do not require engagement letters, they may help limit your exposure to unreasonable client expectations. The engagement letter should clearly state what is being done and what is not being done. This will help, for example, if a criminal issue arises in a controversy, and the CPA must withdraw from the engagement. Otherwise, the client may feel entitled to be reimbursed for the extra costs of bringing in a second professional. 

 

Summary 

The new SSTSs does not place any new specific requirements on CPAs—we are already expected to meet the requirements of the AICPA Code general standards (rule 1.300.001), IRC penalty provisions, IRS regulations, Circular 230, privacy protection law and other standards. However, practitioners should be prepared to show that they have complied with the SSTSs to protect against a penalty or lawsuit based on the practitioner allegedly failing to meet professional standards. It is not just complying with the standards, but it is being prepared to show your reasonable efforts to meet them. This can be done largely by training, firm policies that require documentation and engagement letters. Implementation of these procedures will help make compliance with ethical standards a routine part of your firm’s tax practice.   

 

Topics:

You May be Interested in

  • The Verdict is In. The Texas Franchise Tax is GILTI, Raising New Questions and Potential Issues
    Beginning with the 2026 report year, the Texas Comptroller will align the franchise tax with the current Internal Revenue Code, likely requiring GILTI to be included in total revenue. This change raises sourcing, statutory and potential constitutional questions for businesses with foreign operations, creating new uncertainty and possible tax impacts.
  • NIL Income for Student-Athletes: Tax Implications and Emerging Pitfalls for Practitioners
    The expansion of NIL opportunities has created complex tax issues for student-athletes, whose income is generally treated as self-employment business income. Common pitfalls include unreported non-cash compensation, multi-state tax exposure, weak recordkeeping and limited financial literacy, all of which heighten audit risk. As IRS scrutiny increases and new reporting rules emerge, CPAs must understand these challenges to effectively advise this growing group of taxpayers.
  • Data Processing Services – SaaS and Software Licenses
    Cloud-based SaaS is treated as a taxable data processing service in Texas, with 80% of the sales price subject to sales tax, compared with 100% taxation for traditional software licenses. Taxpayers using SaaS in multiple states can further reduce Texas tax by allocating the software’s usage between Texas and non‑Texas locations. This often results in significant savings and may allow refunds for past overpayments.
More News

Support the Next Generation

Donate to TXCPA scholarships and help aspiring accountants achieve their goals.

Scholarships