We operate as a micro home-based practice and I am an AAT Licensed Accountant.
We have a couple of larger bookkeeping only clients who are pushing us to deal with supplier payments using their online banking HSBC/Lloyds.
I can see that this has been discussed before, but things are moving fast, and I wondered if this was becoming more common?
Most of the comments on the previous threads urge caution and I will be contacting the AAT and our insurers to confirm their position.
AAT say this about client monies:
A firm sometimes has a power or control over a client’s own account. Even though this does not strictly meet the definition of clients' money, the firm must ensure it has the specific written authority of the client acknowledged by the Bank before exercising that authority, and it must maintain adequate records of the transactions it undertakes.
Ideally, we could go as far as setting up payments on a client’s system after they have been authorised through the usual procedures but leave it for them to press 'pay' as final authority. Is this possible with HSBC/Lloyds or are we OK to press 'pay' following an audit trail of directors’ authority and assuming the correct bank authority is in place?
I know that Xero works with Transferwise to make supplier payments and I guess that payments will be made direct from the software in the future so I expect bookkeeping client's may want their bookkeeper to make payments in the future.
There appear to be quite a few larger outsourcing offerings of a full accounting function or purchase ledger management (including payments) out there.
It would be great to hear from anyone doing this for clients under their general practice (if permitted) and any other comments regarding best practice and risk management.
Replies (25)
Please login or register to join the discussion.
You're running the bookkeeping for your client(s). You're not their employee. Whether or not your professional body sanctions you making bank payments on their behalf it's clearly not desirable. You must decide whether it's worth the risk, but personally I would be advising my client that it's your job to advise them what is payable and when, and their job to decide when and how to make the payment.
I think the expression is sod that for a game of soldiers. I don't even get client CIS repayments to our clients account. All repayments go to the clients even if they owe us money. Don't want to know.
At the end of the day this matter inevitably comes down to your personal risk tolerance. Our practice does outsourcing for a number of clients, but we decided at the outset that we would never accept access to a client's bank account. Do you really want to accept the risk of sending a payment to the wrong place and being liable for a direct loss to your client? Do you want to be suspect number one if they're ever the victim of bank fraud (even if you have done nothing wrong)?
There's also the psychology to consider here. If you agree to this the client is going to completely disengage from the bookkeeping process. As long as they're authorising payments, it serves as an additional check and balance and also means any mistakes that happen are at least partially their responsibility. If they no longer do payments then anything that goes wrong is (in their mind) going to be 100% your fault no matter the circumstances leading up to it.
In my view the inherent risk of having access to another business' bank account far outweighs any benefit.
Again, it's all tolerance, but for me, yes. It's the 'make payment' button that's the cliff edge. If you really want to appease the client you could go so far as to generate payment lists or I know some banks allow you to raise draft payments without ever having final authorisation to approve. We've done this before on rare occasions, but I would emphasise that it's their responsibility to do a final review of the outgoing payments for the psychological reasons I mentioned above. You do not want a client who totally disengages from the bookkeeping process, becomes lazy about providing information properly and then gets annoyed with you that their information isn't 100% accurate all the time.
Sounds like an absurd situation, but it happens all the time.
Didn't Xero add payment runs a few months ago? I don't use the function myself directly so maybe it's more limited than I thought but I think there's some equivalent feature.
It is common to split duties within a finance department. We do that, my staff can input but not send payments via hsbc.
However you still have the issue of control over account number changes.
The director in your case will spend 5 seconds clicking go, and you could still be on the hook.
On the same note, has anyone used software that automates supplier payments? Aptimise is an example of such software.
That would be my route, put a solution out there that makes it as easy as possible for client to diy
Take a step back and suggest to the client that he/she/it instead takes you on as an employee.
I gave up practice last September but with my largest former client I am now their part time in house accountant/company secretary instead, the role being outwith MLR, outwith PII etc- on paper it brings NIER and employer pension contributions to be paid by my new employer but in my case the fee that has been translated into salary is below the thresholds.
You are permitted to wear two different hats.
............and we will be soon (well my wife will)
We currently make supplier and PAYE payments on behalf of a client using their online HSBC banking access without any problems. We know who to pay and when, the client is happy that that issue is delegated.
Suppliers change banks without telling us, payments bounce back etc.
Now, as an FD, I am perfectly comfortable to be in that 'chain', with division of duties, signing off etc. But we are paying £100s k per week.
BUT - I would not want to be in the middle of the average Aweb type customer, who would blame /sack first whenever anything went astray.
YOU don't really need that stress.
The thing is the 'approval' would just consist of the client pressing a button. Technically, you could say that he approved the payment so it was on him.
However, I don't think he would see it that way.
You can certainly have different authority levels on Lloyds on both their cbo and (can’t remember the other platform name) , BUT the Lloyds set ups on signing authorities are painful and complex in the extreme and some phone advisors are better than others. I have 2 different companies on one of their platforms (no, don’t ask..) and it turned out that one of the parties could access the other ones accounts when Lloyds has sworn blind that it couldn’t happen
Never considered it myself
One of the first questions on an ICAEW compliance visit is whether anyone can operate a clients bank account. As in belonging to the client, not the the one with our name on.
Do not know what the next question is, if the answer is yes.
All my letters of engagement specifically state that I will never handle money on their behalf.
Over the years, insurers have told me I would never get cover for this.
I would agree with others that this is a job for the client or their employee. And I would also point out to the client that any employee needs to be suitably monitored, as this is such a major area for fraud.