Ushna: Welcome everyone to our webinar on the most common legal mistakes accounting practices make. My name is Ushna, and I am a senior lawyer in LegalVision’s enterprise and commercial team. Thank you so much for joining. I hope you are doing well, and if you are in Sydney, I hope you are keeping safe under this torrential rain today.
Before we begin, a couple of quick housekeeping items. You will receive the recording and slides for this webinar in your email after we have completed it. You can submit your questions in the Q&A box, and we will try to answer as many of them as possible at the end. We do have some pre-submitted questions as well that we will try to go through. Please complete the feedback survey after the webinar if possible. It is very helpful for us and lets us know how we can improve next time we run this.
By viewing this webinar, you qualify to receive a complimentary consultation with LegalVision to discuss how we can help your business. To claim that consultation, all you have to do is leave your contact details in the survey that appears once the webinar ends. If you do not get a chance to do that, just contact us via our website and we will organise something with you.
Today, we will be discussing what the law requires you to do as an accounting practice, what this looks like in practice, what the consequences are of not getting it right, and what to do to reduce your risks. We will then summarise the key takeaways from the presentation and have a Q&A at the end.
Starting or managing a professional services business? Our free guide offers key insights into compliance, contracts, and resolving legal disputes.
Ushna: So, in terms of legal mistakes, why is it important for you to attend this webinar? Why is it important for you to care about this topic? To start with, the landscape that accounting practices are operating in is one where they are facing increasing regulatory scrutiny and client expectations. Legal disputes can be financially devastating for a business and can damage hard-earned reputations that take years to build. Many practices focus on technical accounting skills but overlook more fundamental legal protections. As we all know, prevention is significantly more cost-effective than defending claims or paying penalties later on.
The financial impact is one of the biggest risks. Legal disputes are really expensive. There are penalties that could be ordered. Negligence claims can cost tens or hundreds of thousands of dollars. There is also reputational damage, which I am sure you all really value in your businesses. If any breaches become public, it can erode client trust. Regulatory consequences can be quite significant, and professional bodies may impose sanctions or suspend memberships. There is also business disruption. If you are in the middle of legal issues, that consumes time, energy, and resources that you would ideally devote to your existing clients, building your client base, and generating revenue.
The reality is that most legal problems are entirely preventable with proper systems and documentation in place. Simple mistakes, like failing to use an engagement letter, can create disproportionate risks. Many practices do not realise they are exposed until a problem arises. Many practices also feel they do not need to invest time or money in legal support until much later. That is a conversation I have with a lot of businesses, especially when they are quite small. They often lack dedicated compliance resources and do not want to invest that money upfront.
So, what we are going to do today is identify the five most common legal pitfalls accounting practices encounter, go through the practical consequences of each, provide actionable steps to protect your practice, and help you implement simple systems that will significantly reduce your legal risk.
Ushna: So, what does the law actually require you to do? Let us talk about client engagement and contractual obligations.
You really need to have clear contractual terms before you commence work. A bit later in this webinar, I will go over what those terms should include. You need to make sure you are providing your services with due care and skill. That is an Australian Consumer Law requirement. You have to comply with the professional standards relevant to you, whether that is CPA Australia, CA, or IPA. You also need to make sure you have the right indemnity in place, such as professional indemnity insurance if relevant. You must disclose all your fees and charges upfront to your client.
Secondly, privacy and confidentiality compliance. This is a huge area, and we advise a lot in this space. You need to comply with the Privacy Act. At a high level, this means making sure you only collect necessary personal information, that information is stored securely and accessible only on a need-to-know basis, that you comply with the Notifiable Data Breaches scheme and notify the regulator of any breaches within the required timeframes, and that you allow clients to access the information you hold about them when requested.
You may also have professional obligations under APES 110, such as maintaining client confidentiality, only disclosing client information with consent or legal obligation (for example, a court subpoena), and ensuring staff sign confidentiality agreements if they handle client matters.
In terms of business structure and governance, there are many ways you might structure your business. I am not a corporate lawyer, so our corporate team can advise if needed. Regardless of structure, whether partnership or company, you must have the right documentation in place. For example, a partnership agreement, even though the Partnership Act applies by default if you do not have one. If you are a company, you must comply with the Corporations Act and maintain ASIC registrations and records. You also need agreements outlining responsibilities and what happens if something goes wrong. We will touch on the risks of not doing this shortly.
Then record-keeping and documentation, which are very important. You need to retain client files for at least seven years, document all advice and client instructions, and keep those records. You must comply with relevant legislation, such as the Tax Agent Services Act if registered, and maintain systems to prevent loss of records. That includes technical systems to ensure records are not destroyed, accessed unauthorisedly, or lost.
Finally, marketing and advertising compliance. Under the Australian Consumer Law, it is very important you do not engage in misleading or deceptive conduct or make false representations about qualifications. That could include claiming qualifications you do not hold or that have expired, guaranteeing outcomes you cannot ensure, or providing financial advice without the appropriate licence, such as an AFSL.
Ushna: Now, what does this actually look like in practice? Starting with client engagement terms.
A mistake here can look like starting work based only on a phone call or email, without a signed engagement letter. For example, someone refers a contact to you, you speak briefly, and begin work. There is nothing outlining scope, fees, termination, or dispute processes. Using outdated engagement letter templates that do not reflect current services is another common issue. Businesses may use templates purchased years ago without checking whether they still reflect services, fees, or legislation.
Another example is verbally agreeing “just to do the tax return” without defining scope. Or adding extra services during the year without updating engagement terms. There is also the assumption that repeat clients do not need updated engagement letters. This is particularly concerning with long-term clients if the agreement has not been reviewed for years.
This can be acceptable if you have a master services agreement that rolls over annually. However, you must ensure it still reflects the relationship and services and remains legally current. Laws do change. For example, unfair contract terms laws have evolved. If your agreement includes problematic terms, that is an issue. A master services agreement with order forms can support long-term relationships, but the core agreement must remain accurate and up to date.
Ushna: Let us move on to privacy and confidentiality breaches. What does a mistake look like here?
It could include discussing client matters in cafés, lifts, or reception areas where others can hear. People do this often without considering implications. Another example is working on a train and leaving a laptop behind containing sensitive client data. Emailing sensitive documents via unsecured email is another risk. Leaving files open on a desk when meeting others, or failing to lock your computer screen, also creates exposure.
Other risks include using “reply all” and including incorrect recipients, storing client data on personal devices, or leaving screens visible when working from home. Throwing documents in regular bins instead of secure shredding, sharing client information without written authorisation, or using weak shared passwords all pose risks.
Ushna: In terms of business structure, mistakes include operating as partners for years on a handshake agreement, with nothing documented about profit sharing, decision-making, client ownership, or exit arrangements. There may be no restrictive covenants preventing departing partners from competing, or outdated shareholder agreements. There may also be no succession planning or buy-sell arrangements.
These informal arrangements work until they do not. If a partner leaves and takes clients, without documentation it is difficult to enforce expectations. Proper agreements are essential.
Ushna: Poor file management can include relying on memory instead of documentation, not making file notes, deleting files prematurely, storing files inconsistently, lacking backups, or failing to record advice rationale. Keeping records in formats that become unreadable over time is also a risk. This highlights the importance of proper systems and technical support.
Ushna: Finally, marketing compliance. Many practices unintentionally make misleading claims. For example, “we guarantee the best tax outcome” or “maximum refunds guaranteed”. Can you prove this? Using terms like “expert” or “specialist” without credentials is risky. Displaying expired membership logos, using testimonials without context, promising specific results, comparing services without evidence, or marketing financial advice without an AFSL are all problematic.
It is advisable to audit your marketing. Ensure claims are substantiated and memberships current.
What are the consequences of not getting it right? I will give examples.
Ushna: For engagement terms, imagine completing a $25,000 restructure without an engagement letter. The client refuses to pay, claiming it was included in annual fees. The dispute goes to court. You incur legal costs and potentially lose revenue.
For privacy breaches, imagine your server is hacked and 5,000 client records are compromised without encryption or backups. You could face regulator fines, legal costs, and client loss.
For business structure issues, two partners without an agreement dispute valuation in a $2 million practice. Litigation costs exceed $150,000, disputes last years, and clients leave.
If a partner leaves and opens a competing practice, taking clients, you may have no enforceable protection.
For file management, a negligence claim arises over advice given five years ago, but you have no records to defend yourself. Insurance premiums increase.
For misleading marketing, claiming specialist qualifications leads to regulator action, penalties, and reputational damage.
What can you do to reduce risks? Starting with engagement terms:
Ushna: Ensure you have a robust agreement signed before work starts, covering scope, fees, liability limits, termination, dispute processes, governing law, and updates if scope or fees change. Keep signed copies on file. If your terms are outdated, have them reviewed.
For privacy and confidentiality:
Encrypt client data, use secure transfers, strong passwords, two-factor authentication, secure backups, locked physical storage, and secure shredding. Train staff on privacy obligations, use confidentiality agreements, obtain written authority before disclosures, maintain a data breach response plan, and have an accessible privacy policy and collection notices.
For business structure:
Have partnership or shareholder agreements, reviewed periodically. Include profit distribution, decision-making, reasonable restraints, valuation and buyout terms, and dispute processes.
For file management:
Retain files for minimum periods, document all communications and advice, maintain consistent naming and storage, train staff, implement automated backups, store off-site or in the cloud, and test restoration.
For marketing:
Audit annually, remove guarantees, verify credentials, substantiate claims, describe services accurately, avoid unqualified “expert” claims, include testimonial disclaimers, avoid competitor comparisons, and do not offer financial advice without an AFSL.
Ushna: We are almost at the end. Key takeaways:
Prevention is cheaper than cure. Proper engagement letters, documented processes, compliant marketing, strong data security, and partnership agreements cost far less than disputes or regulatory breaches.
Document everything. The best defence is written records of advice and instructions, dated and securely stored.
Review and update regularly. Agreements, privacy policies, and structures must reflect current operations and evolving laws. Legal compliance can feel burdensome, but that is where we can assist.
Ushna: That concludes the main presentation. We also have a publication you may find useful called Legal Essentials for Professional Services Businesses, available in the resources tab or via the QR code.
We also have an upcoming webinar on superannuation changes and payday super on 4 March, which may be of interest. You can register via our website.
If you would like to send questions now, you can. In the meantime, I will briefly explain how LegalVision operates. We operate differently from traditional law firms. As a LegalVision member, you receive unlimited access to our team of specialist lawyers for business-as-usual legal needs across contracts, disputes, franchising, trade marks, and commercial law.
Membership includes unlimited contract drafting and review, legal advice consultations, domestic trade mark registration, and more. It is similar to having in-house counsel. If you are in-house counsel, we also offer a dedicated service to manage high-volume BAU legal work.
If you are interested, you can request a free consultation via the survey after the webinar.
Ushna: Now I will go through some questions.
Question: Marketing laws and bulk information emails to clients.
The relevant legislation is the Spam Act, which regulates commercial electronic messages in Australia, including emails and texts. Requirements include consent (preferably express), sender identification, and a functional unsubscribe mechanism. Express consent may be a tick box or sign-up form. Inferred consent may arise from an existing relationship, but not for cold emails. You must identify your business and contact details, and unsubscribe must be easy and free.
Commercial messages include promotions, offers, or event invitations. Purely factual notices, such as ATO deadline updates, may be exempt. Ensure your privacy policy states you send marketing communications.
Question: Can engagement letters reference website terms and conditions?
Yes. Best practice is ensuring clients clearly access and are aware of those terms before signing. The link should be prominent, and clients ideally should have an opportunity to review and negotiate.
Question: Compliance costs for accounting firms.
Costs are significant, but investing upfront is cheaper than remediation. For example, drafting a standard engagement letter once and reusing it, automating onboarding, using practice management software, and conducting annual legal reviews are cost-effective approaches.
Question: Do engagement letters need renewal annually?
Not necessarily. They must remain current and reflect services, fees, and law. Update if circumstances change.
Question: Commonly missed wording in engagement terms.
Scope exclusions are often missing. For example, specifying services not included, such as tax planning or financial advice. Liability limitations, fee variation clauses, and dispute resolution clauses are also often absent.
Question: Risk of not having a website?
Legally, you need accessible terms and privacy disclosures. If provided elsewhere, a website is not strictly required, though it is beneficial commercially.
Question: Do privacy laws apply to small practices?
The Privacy Act applies if turnover exceeds thresholds or other criteria. However, best practice is to comply regardless, as clients expect data protection and thresholds can be crossed unknowingly. Professional obligations and negligence risks also apply.
Question: Is it too late to formalise a partnership agreement?
No. It is better late than never. The longer you wait, the more complex disputes become. Formalise profit sharing, exit terms, and client ownership as soon as possible.
Ushna: We are out of time. Thank you again for joining. Please provide feedback via the survey. I hope this has been useful, and I hope we can assist your business with its legal needs. Thank you.
We appreciate your feedback – your submission has been successfully received.
