Consider this before serving on a board


 Serving on the board of a business client or local charitable organization is an honor. CPAs are trusted business advisers, and the opportunity helps strengthen relationships with clients and the local community. However, the role and responsibilities of a board member significantly differ from those of a CPA in public practice. To explore the unique responsibilities of external board members—and the exposures they face—two attorneys who defend claims against external board members and accountants were interviewed for this column.   

James K. Thurston is a partner at Wilson Elser Moskowitz Edelman & Dicker LLP. His practice focuses on professional liability coverage matters. His clients include insurers that issue policies for directors and officers. Peter J. Larkin is a partner at Wilson Elser and co-chairs the firm’s national accountants practice. He represents accounting firms of all sizes in professional liability malpractice suits and also provides legal counsel to accounting firms on practice management matters.

An edited version of the discussion follows.

What are the duties of an individual acting in the capacity of a director?

Thurston: Regardless of whether public, private, or nonprofit, a director has the following obligations to the company and its shareholders:

  • Loyalty;
  • Care;
  • Obedience; and
  • Disclosure.

Some of these fiduciary duties overlap, but essentially it is required that the individual place the interests of the company first. 

Are these duties heightened for CPAs who serve as directors?

Thurston: Whether the individual is a CPA or a layperson, the duties and obligations remain the same. However, in the event of a claim, it will be assessed whether the individual acted reasonably in comparison to someone with similar credentials. So if you are a financial expert, you will likely be held to having that knowledge in addition to the knowledge of a person without a financial background. 
Describe the types of claims brought against board members.

Thurston: A for-profit director faces multiple types of claims, including violations of antitrust and security laws or regulations, employment discrimination claims (less so than officers), and environmental claims, to name a few. Employment claims are most frequently made, while securities class actions and derivative suits are potentially the most damaging, from a liability perspective. The underlying allegation is likely a breach of a fiduciary duty or board misconduct. Nonprofit boards have less exposure than for-profit boards, as many states have adopted some form of immunity for nonprofit directors (they also do not have shareholders). The misconduct threshold is generally higher, requiring gross negligence or willful intentional misconduct. 

Larkin: Once you sit on a board, you are exposing yourself to breach of fiduciary duty claims, which are different in many ways from malpractice claims. Jurisdiction will play a role in assessing this exposure because the law in each state is different. For example, the statute of limitation may be longer, and the fiduciary duty may lessen the burden of proof for the plaintiff, such as removing the burden to prove causation. A fiduciary duty claim also may open the door for punitive damages, which generally cannot be recovered in malpractice cases. Since you are exposing yourself to a new type of liability, care should be exercised to keep your board activities separate from your firm. So paying the director fees to the firm generally should be avoided to limit any confusion.

What additional risks do individuals face when sitting on the board of a client?

Larkin: No rule states that a CPA cannot sit on the board of a client (as long as attest services are not provided). However, CPAs should generally avoid this practice. The primary concern is defining where one role ends and the other begins. For example, if the CPA sits on the board and provides tax services, the roles and responsibilities differ, but the distinction will be blurred if there is a problem. If there is an error in a tax return because the CPA firm did not receive an important piece of information, it would be hard to base a defense on the client’s failure to provide the information when the individual serving on the board would appear to have had full access to client information.

Confidentiality challenges and potential conflicts of interest also come into play. For example, if you sit on the board of a bank, you may also provide services to customers of that bank. An ethics ruling under Rule 301, Confidential Client Information, and Rule 102, Integrity and Objectivity, is set forth in ET Section 391, Ruling 18 [AICPA Code of Professional Conduct §391, Ethics Ruling 18] and ET Section 191, Ruling 85 [AICPA Code of Professional Conduct §191, Ethics Ruling 85]. The ethics ruling essentially says it’s generally not desirable to serve as a bank director if the CPA’s clients are likely to engage in significant transactions with the bank. The CPA faces a high probability of a conflict of interest because he or she has access to confidential information about customers that may be relevant to a board action, but he or she cannot use or share the confidential information. As a result, the CPA may be breaching a fiduciary duty owed to the bank. Parallels can be drawn to other types of business organizations.

Thurston: The duty of loyalty requires the director to first and foremost protect the interests of the company. Any potential conflict requires full and complete disclosure to the company and its board. If an external member is also providing services, you generally cannot use any information you have for your own interest. It’s a difficult situation to find your firm in if something goes wrong. If your firm was earning fees from the company, even if fully disclosed, it will bring on heightened scrutiny because you have a financial interest.

What are some risk-mitigating practices that can help limit one’s exposure in this capacity?

Thurston: Through retained counsel, one should ensure that appropriate indemnification provisions are included in the bylaws of the organization and proper insurance coverage applies. Additionally, you should consult with an insurance agent on adequate limits of liability. Do not rely on the organization’s statement that “you are covered under our policy.” Perform the necessary due diligence to ensure maximum protection to your personal risk at the end of the day. 

What are the key steps one should take before accepting a position on a board?

Thurston: Do your homework on the company similar to procedures you would perform before accepting a client. Also, know the rest of the board and their background. Will you be the only person on the board with a financial background? If so, expect all financial matters to be delegated directly to you, and be willing to accept that responsibility.

An issue of particular concern is the potential for personal liability relating to unpaid taxes—because insurance would not cover such liability. In one case involving a not-for-profit hospital, the IRS pursued a director for unpaid payroll withholding taxes, alleging that he was a “responsible party,” and the court agreed. Investigate whether or not the company is current on tax reporting and payment obligations.  

Larkin: In addition to the protections that Thurston mentioned, a CPA should answer three key questions before accepting the position:

  1. Why am I doing this?
  2. How does it impact my career?
  3. How does it impact my firm’s business?

A CPA should have valid reasons and reasonable expectations before moving forward with accepting the position.

After Thurston and Larkin were interviewed, Alvin Fennell, vice president of underwriting at Aon Affinity, was asked to provide some perspective on insurance coverage for this type of service. He noted that most professional liability policies do not cover director services. “A CPA should consult with its professional liability insurance agent regarding coverage,” he said. “If a gap is identified, there may be other products or endorsements available from the carrier.” 

In summary, it’s important to consider the potential benefits, risks, and responsibilities before accepting a position as an external board member. If you have any questions about potential liability, be sure to consult with your attorney and insurance agent before making a decision.

Amy Waldron ( is a risk control consulting director at CNA.

Continental Casualty Company, one of the CNA insurance companies, is the underwriter of the AICPA Professional Liability Insurance Program. Aon Insurance Services, the National Program Administrator for the AICPA Professional Liability Program, is available at 800-221-3023 or visit

This article provides information, rather than advice or opinion. It is accurate to the best of the author’s knowledge as of the article date. This article should not be viewed as a substitute for recommendations of a retained professional. Such consultation is recommended in applying this material in any particular factual situations.

Examples are for illustrative purposes only and not intended to establish any standards of care, serve as legal advice, or acknowledge any given factual situation is covered under any CNA insurance policy. The relevant insurance policy provides actual terms, coverages, amounts, conditions, and exclusions for an insured. All products and services may not be available in all states and may be subject to change without notice.


Year-end tax planning and what’s new for 2016

Practitioners need to consider several tax planning opportunities to review with their clients before the end of the year. This report offers strategies for individuals and businesses, as well as recent federal tax law changes affecting this year’s tax returns.


News quiz: Retirement planning, tax practice, and fraud risk

Recent reports focused on a survey that gauges the worries about retirement among CPA financial planners’ clients, a suit that affects tax practitioners, and a guide that offers advice on fraud risk. See how much you know with this short quiz.


Bolster your data defenses

As you weather the dog days of summer, it’s a good time to make sure your cybersecurity structure can stand up to the heat of external and internal threats. Here are six steps to help shore up your systems.