Not overseas as in a tax firm’s office based in another country. Rather, overseas as in your tax firm has contracted your tax return out to a third-party firm in another country.
It sounds crazy and far-fetched but outsourcing to India, the Philippines, Bangladesh and other countries is increasingly common. While there is no clear data on how many returns are being prepared overseas, it is likely in the millions based on the claims made by outsource firms. Given the apparent efficiency and cost-effectiveness of outsourcing for tax preparation firms, we can expect that this number will continue to grow.
For taxpayers, this is not the experience they expect when hiring a professional. Engaging a tax firm should provide peace of mind that a true expert is managing your return. But as technology and outsourcing take a firmer hold on the American economy, client expectations may need to be adjusted.
How Outsourcing Tax Returns Works
Legally, your return cannot be sent overseas without your consent. Federal law requires taxpayers to consent before their tax data, including their Social Security number is disclosed to a tax preparer located outside the United States. However, the consent is usually part of the engagement letter and appears so innocuous that unless you read it and ask questions, you might not realize that you are agreeing to have your return sent overseas to tax preparers who are not employees of the tax firm you engaged to prepare your return.
To be fair, the preparation of your tax return overseas might not be a negative. Tax firms often espouse the benefits of sending returns overseas, including saving time (the firm’s) and money (the client’s.) This is especially true when taxpayer returns have complex K-1s (investment in partnership interests.) As outsourcing by the major tax firms becomes more common, questions naturally arise around cost, security and the client experience.
What Is Driving This Change?
Cost has a major impact on the decision for tax firms to outsource to overseas preparers. Most outsourcing firms advertise that they can save US tax firms 60% in salary expenditures. In India, the hourly rate for employees typically ranges from $8 to $15. In comparison, Salary.com estimates that the cost of an entry level accountant in 2018, including benefits, was $23 to $28 an hour. For many US tax firms, the decision to take the work offshore can appear to be a no brainer.
The real question then is, what happens to these savings? If they go directly to the firm’s bottom line, that may seem unfair from the client’s perspective. If the firm is saving money by outsourcing the return, at least part of the savings should go to the client. For tax firms acting as fiduciaries, this may be the most prudent approach, in which case they should show clients the cost of preparing in the US versus overseas. Clients can then decide if the savings are worth it.
Finally, costs savings must be weighed against the quality of overseas work product. While many of the outsource firms are using the same tax preparation software as US preparers, such as LaCerte and Prosystems, entering data requires accuracy – from having the numbers flow correctly to spelling the names of charities and other entries. If the returns being sent back to the US are of substandard quality, the tax firms may end up spending the time they were trying to save bringing the returns to the quality required.
Security and Privacy Must Be Front of Mind
The argument that clients should benefit from the savings is made even more clear when considering the risk taken.
Most outsource firms offer security protection to provide tax firms with peace of mind. This may be done via Non-Disclosure Agreements signed by the employees; establishment of VPNs (Virtual Private Networks) and firewalls; surveillance cameras and armed guards; and workstations that do not allow for storage devices.
Some security experts feel this is not sufficient protection. “VPN and Firewall technologies just celebrated their 22nd birthday and aren’t enough to protect your high value assets,” says Gregory Touhill, adjunct professor at Carnegie Mellon’s Heinz College and President of Cyxtera Technologies’ Cyxtera Federal Group. “Twenty-two years has given bad actors plenty of time to figure out how to defeat them.”
But the bigger question is how much due diligence are firms doing on security.
“It’s worth the time and effort to dig deeper and ask additional questions about these protocols,” says Tim Williams, Vice-Chairman of Pinkerton, a global risk management firm. “For example, what is the origin of the software/encryption/computing devices they use? I would be skeptical of Russian- or Chinese-made products where “back doors” could be built into the software, allowing nefarious individuals easy access to sensitive data and information at a time when relations are contentious between the U.S. and these nation states.”
Second, firms need to conduct an internal analysis of cost savings versus the reputational risk they are taking with regard to cyber threats by going overseas.
“If a data breech happens, those short-term savings could result in hundreds of millions in lost revenue from customers not using your services, legal payouts to consumers whose personal information might have been impacted, legal fees, etc.,” says Williams. “They need to ask themselves if the short-term savings are worth the potential exposure to variable risk.”
Transparency Is the Best Way Forward
Ultimately clients will decide if outsourcing continues, but educating a client allows for a better experience. There must be stricter transparencies on the cost, the risks and the quality of outsourcing. Clients should be shown the total cost savings to them versus the cyber risk issues. To some clients, it may be a perfect fit. To others, the risk outweighs savings money on tax preparation. But given the rise in cyber threats, tax firms might provide greater value by using a more personal approach.
Further, it may be helpful for organizations like the AICPA to provide tax firms with guidance on best practices for determining whether to outsource. (AICPA chose not to comment). Currently there are no specific security standards or quality requirements. As this type of outsourcing becomes more common in the industry, guidelines are imperative. Ultimately, clients and their data must be protected.