Client bookkeeping, asked to pay suppliers

Client bookkeeping, asked to pay suppliers

Didn't find your answer?

We operate as a micro home-based practice and I am an AAT Licensed Accountant.

We have a couple of larger bookkeeping only clients who are pushing us to deal with supplier payments using their online banking HSBC/Lloyds.

I can see that this has been discussed before, but things are moving fast, and I wondered if this was becoming more common? 

Most of the comments on the previous threads urge caution and I will be contacting the AAT and our insurers to confirm their position.

AAT say this about client monies:

A firm sometimes has a power or control over a client’s own account. Even though this does not strictly meet the definition of clients' money, the firm must ensure it has the specific written authority of the client acknowledged by the Bank before exercising that authority, and it must maintain adequate records of the transactions it undertakes.

Ideally, we could go as far as setting up payments on a client’s system after they have been authorised through the usual procedures but leave it for them to press 'pay' as final authority. Is this possible with HSBC/Lloyds or are we OK to press 'pay' following an audit trail of directors’ authority and assuming the correct bank authority is in place?

I know that Xero works with Transferwise to make supplier payments and I guess that payments will be made direct from the software in the future so I expect bookkeeping client's may want their bookkeeper to make payments in the future.

There appear to be quite a few larger outsourcing offerings of a full accounting function or purchase ledger management (including payments) out there.

It would be great to hear from anyone doing this for clients under their general practice (if permitted) and any other comments regarding best practice and risk management.

Replies (25)

Please login or register to join the discussion.

Hitch photo
By Kevin Kavanagh
04th Sep 2020 10:32

You're running the bookkeeping for your client(s). You're not their employee. Whether or not your professional body sanctions you making bank payments on their behalf it's clearly not desirable. You must decide whether it's worth the risk, but personally I would be advising my client that it's your job to advise them what is payable and when, and their job to decide when and how to make the payment.

Thanks (1)
Replying to Kevkava:
avatar
By Elgin
04th Sep 2020 10:34

Hi,

Thanks for the reply.

As it stands we maintain the purchase ledger (client's staff authorise invoices and email them to the system), reconcile to the supplier statements and provide a report of suggested payments to the directors who decide what to pay and when.

They are asking us to go one step further and action the payment via online banking based on the suppliers that they instruct us to pay. We would not be involved in deciding which ones to pay and when to pay them but rather provide the 'admin' service of making payments as instructed by the directors.

I can see the risk but it must be mitigated on this basis?

Thanks (0)
avatar
By 0098087
04th Sep 2020 10:30

I think the expression is sod that for a game of soldiers. I don't even get client CIS repayments to our clients account. All repayments go to the clients even if they owe us money. Don't want to know.

Thanks (1)
Replying to 0098087:
avatar
By Elgin
04th Sep 2020 10:36

We don't have a client account and would only be operating using the client's business bank account with the appropriate mandate in place.

Thanks (0)
avatar
By Jdopus
04th Sep 2020 10:53

At the end of the day this matter inevitably comes down to your personal risk tolerance. Our practice does outsourcing for a number of clients, but we decided at the outset that we would never accept access to a client's bank account. Do you really want to accept the risk of sending a payment to the wrong place and being liable for a direct loss to your client? Do you want to be suspect number one if they're ever the victim of bank fraud (even if you have done nothing wrong)?

There's also the psychology to consider here. If you agree to this the client is going to completely disengage from the bookkeeping process. As long as they're authorising payments, it serves as an additional check and balance and also means any mistakes that happen are at least partially their responsibility. If they no longer do payments then anything that goes wrong is (in their mind) going to be 100% your fault no matter the circumstances leading up to it.

In my view the inherent risk of having access to another business' bank account far outweighs any benefit.

Thanks (4)
Replying to Jdopus:
avatar
By Elgin
04th Sep 2020 11:01

Thanks, much appreciated..........it does make me nervous.

Out of interest, is it the final press of the 'make payment' button that is the cliff edge in terms of risk even if a director has signed off the payment run and there is an audit trail of approval of payment and supplier bank details?

Could being set up as a secondary user on HSBC with say a 1p payment limit work? This would allow us to set up payments and require a director to press the 'make payment' button. Not even sure if HSBC would allow this set up!

This would be similar to a director authorising a payment run direct from Xero (when and if it gets this functionality).

Thanks (0)
Replying to Elgin:
avatar
By Jdopus
07th Sep 2020 10:02

Again, it's all tolerance, but for me, yes. It's the 'make payment' button that's the cliff edge. If you really want to appease the client you could go so far as to generate payment lists or I know some banks allow you to raise draft payments without ever having final authorisation to approve. We've done this before on rare occasions, but I would emphasise that it's their responsibility to do a final review of the outgoing payments for the psychological reasons I mentioned above. You do not want a client who totally disengages from the bookkeeping process, becomes lazy about providing information properly and then gets annoyed with you that their information isn't 100% accurate all the time.

Sounds like an absurd situation, but it happens all the time.

Didn't Xero add payment runs a few months ago? I don't use the function myself directly so maybe it's more limited than I thought but I think there's some equivalent feature.

Thanks (1)
avatar
By Elgin
04th Sep 2020 11:26

I have spoken to HSBC online business banking.

It seems that an external bookkeeper can be set up as a secondary user so that they can set up payments in online banking, without being authorised to pay them (as instructed by the client). These then need to be finally approved and sent by the client (primary user).

The bookkeeper then has no facility to actually send payments but the client is kept happy as his admin/time is minimised.

Works?

Thanks (1)
Replying to Elgin:
Routemaster image
By tom123
04th Sep 2020 11:39

It is common to split duties within a finance department. We do that, my staff can input but not send payments via hsbc.

However you still have the issue of control over account number changes.
The director in your case will spend 5 seconds clicking go, and you could still be on the hook.

Thanks (1)
Replying to tom123:
avatar
By Elgin
04th Sep 2020 11:45

Noted but surely that is the directors risk rather than mine particularly if it's specifically referred to in an engagement letter?

Thanks (0)
avatar
By Khalil Ur-Rehman
04th Sep 2020 11:44

On the same note, has anyone used software that automates supplier payments? Aptimise is an example of such software.

Thanks (0)
Replying to Khalil Ur-Rehman:
Slim
By Slim
04th Sep 2020 12:05

That would be my route, put a solution out there that makes it as easy as possible for client to diy

Thanks (0)
paddle steamer
By DJKL
04th Sep 2020 12:14

Take a step back and suggest to the client that he/she/it instead takes you on as an employee.

I gave up practice last September but with my largest former client I am now their part time in house accountant/company secretary instead, the role being outwith MLR, outwith PII etc- on paper it brings NIER and employer pension contributions to be paid by my new employer but in my case the fee that has been translated into salary is below the thresholds.

You are permitted to wear two different hats.

Thanks (2)
Replying to DJKL:
avatar
By Jfg
04th Sep 2020 12:33

Good solution, I do the same thing

Thanks (1)
Replying to Jfg:
the sea otter
By memyself-eye
04th Sep 2020 14:04

............and we will be soon (well my wife will)

We currently make supplier and PAYE payments on behalf of a client using their online HSBC banking access without any problems. We know who to pay and when, the client is happy that that issue is delegated.

Thanks (1)
Routemaster image
By tom123
04th Sep 2020 12:18

Suppliers change banks without telling us, payments bounce back etc.

Now, as an FD, I am perfectly comfortable to be in that 'chain', with division of duties, signing off etc. But we are paying £100s k per week.

BUT - I would not want to be in the middle of the average Aweb type customer, who would blame /sack first whenever anything went astray.

YOU don't really need that stress.

The thing is the 'approval' would just consist of the client pressing a button. Technically, you could say that he approved the payment so it was on him.

However, I don't think he would see it that way.

Thanks (2)
avatar
By Jfg
04th Sep 2020 12:37

You can certainly have different authority levels on Lloyds on both their cbo and (can’t remember the other platform name) , BUT the Lloyds set ups on signing authorities are painful and complex in the extreme and some phone advisors are better than others. I have 2 different companies on one of their platforms (no, don’t ask..) and it turned out that one of the parties could access the other ones accounts when Lloyds has sworn blind that it couldn’t happen

Thanks (1)
avatar
By Elgin
04th Sep 2020 14:51

It seems that this is good with my PI insurance with an individual payment limit of £15k for a single transfer requiring sole authorisation.

Thanks (0)
avatar
By Elgin
04th Sep 2020 14:51

It seems that this is good with my PI insurance with an individual payment limit of £15k for a single transfer requiring sole authorisation.

Thanks (0)
avatar
By Elgin
04th Sep 2020 15:44

I've spoken to HSBC and LLoyds Bank who have both confirmed that they have online access levels to designed for a third party bookkeeper/accountant with suitable authority to prepare payments for further approval prior to a business owner clicking send. Full access will allow any authorised user to send the payments.

It does seem that this is the direction of travel in that the expectation is that external bookkeepers will be completing this task.

I agree that it's important to draw the line between deciding what should be paid and when and acting on business owners express instructions.

Thanks (0)
avatar
By Paul Crowley
04th Sep 2020 21:17

Never considered it myself

One of the first questions on an ICAEW compliance visit is whether anyone can operate a clients bank account. As in belonging to the client, not the the one with our name on.

Do not know what the next question is, if the answer is yes.

Thanks (1)
Replying to Paul Crowley:
avatar
By Elgin
04th Sep 2020 21:45

ICAEW guidelines are:

GUIDELINES
Where a practising member is considering accepting authority to make payments from a client's own account, they should ensure that:

The activity is of an administrative and non-discretionary nature;
Payments are only made on the specific instructions of the client;
The process does not involve the member initiating transactions or taking
management decisions; and
Appropriate safeguards are applied and documented.

Thanks (1)
By Moonbeam
05th Sep 2020 10:03

All my letters of engagement specifically state that I will never handle money on their behalf.
Over the years, insurers have told me I would never get cover for this.
I would agree with others that this is a job for the client or their employee. And I would also point out to the client that any employee needs to be suitably monitored, as this is such a major area for fraud.

Thanks (1)
Replying to Moonbeam:
avatar
By Elgin
05th Sep 2020 12:05

I fully appreciate I should be cautious.

At what point would you draw the line if you were offering a bookkeeping service:

1) Providing a schedule of creditors to the client for them to action
2) Setting up bank payments using their online banking (with the appropriate mandate) based on their instructions and requiring further client authorisation i.e. the client themselves must press 'send'
3) Any access at all to a clients bank account other than read only

I'm genuinely interested to know where the modern freelance bookkeeper service should stop especially with all the IT firms pushing for greater automation and now focusing more on the purchase ledger/payment cycle.

Thanks (0)
avatar
By Elgin
09th Sep 2020 15:10

I thought it was worth an update on this as I have at last got an opinion from my insurers (Hiscox) underwriters.

I was initially told by the call handlers that it should be fine up to the stated £15k per transaction, the underwriter has confirmed that this limit relates to our own business bank accounts.

We are NOT insured in relation to making payments from a third parties bank account even if we are on the bank mandate and have directors express authority for individual payments.

Thanks (0)