US certified public accountants are navigating an increasingly complex compliance environment. On one side, IRS requirements for client authorisation are moving toward digital first. On the other, Bank Secrecy Act and FinCEN obligations for AML compliance have become a more active enforcement focus for accounting firms. Connecting these two streams in a single, auditable workflow is the challenge every modern CPA practice needs to solve.
What IRS Form 2848 Is and Why It Matters
Form 2848, Power of Attorney and Declaration of Representative, is the foundational authorisation document for CPAs and enrolled agents who represent clients before the IRS. Without a current, executed Form 2848 on file, you cannot discuss a client's tax affairs with IRS representatives, access their account information through the IRS practitioner portal, or file on their behalf in an official capacity.
The form authorises you to represent the taxpayer in specific matters — individual returns, corporate returns, payroll taxes, appeals proceedings, or all matters depending on how it is completed. A 2848 that is incomplete, unsigned, or for the wrong tax year provides no protection. A verbal authorisation, however clearly stated, is legally irrelevant.
The Digital Authorisation Challenge
The IRS introduced the Tax Pro Account portal, allowing CPAs to send digital authorisation requests to clients with an IRS Online Account. When the client approves, the authorisation is processed immediately — no paper, no postage, no delay. This is significantly more efficient than the traditional paper 2848 workflow.
The limitation: the client must have an active IRS Online Account. Many clients — particularly older clients, those who file through third parties, or those with irregular filing histories — do not. For these clients, a paper or digitally signed 2848 remains the practical path.
Digitally signed 2848 forms using a compliant e-signature platform can be submitted to the IRS via the practitioner priority line and through secure upload portals. The IRS accepts electronic signatures on 2848 forms where the platform meets the requirements for authentication and audit trail under the Electronic Signatures in Global and National Commerce Act (ESIGN).
BSA and FinCEN Requirements for CPA Firms
The Bank Secrecy Act imposes AML programme obligations on financial institutions — and the definition of financial institution has expanded steadily to encompass certain professional services. Several CPA firm activities trigger specific compliance obligations.
Trust and company service providers: Forming companies, acting as registered agents, and providing trustee services trigger FinCEN AML programme requirements under the Customer Due Diligence rule.
Tax preparation for high-risk clients: While standard tax preparation does not independently trigger BSA, the broader framework of professional responsibility means CPAs who identify suspicious activity have Suspicious Activity Report obligations under the Tax Return Preparer rules.
FBAR and FinCEN 114: CPAs advising on foreign financial account reporting are operating in a high-scrutiny area. Ensuring your client authorisation and identity verification processes are airtight in this context matters.
OFAC Screening: Who Must Be Checked and When
The Office of Foreign Assets Control administers US economic sanctions programmes. These apply to every US person and entity, including CPA firms. Knowingly providing accounting or tax services to a sanctioned entity or individual is a violation of OFAC regulations — regardless of whether you were aware of the sanctions at the time.
OFAC maintains the Specially Designated Nationals (SDN) list and multiple additional programmes. For CPAs, the relevant screening question is: before accepting a new client engagement, have you checked them against current OFAC lists?
Who should be screened:
- All new individual clients, particularly those with international connections
- All corporate clients, including their beneficial owners and key principals
- International clients, particularly those with connections to sanctioned jurisdictions
- Any client whose funds derive from activities in high-risk countries or industries
When to screen: At engagement acceptance, and on a periodic basis for ongoing client relationships. OFAC lists are updated frequently. A client who was clean at initial engagement may appear on the SDN list six months later.
How SignFlow Handles All Three
SignFlow Now connects authorisation, AML screening, and e-signatures in a single workflow designed for US CPA practices.
Digital authorisation: Send 2848-style authorisation documents digitally. Clients receive a link, review the authorisation, complete identity verification, and sign — in a single session from any device. The signed document and Certificate of Completion are stored automatically. No chasing, no lost paper forms.
OFAC and AML screening: Automated screening against the OFAC SDN list, FinCEN watchlists, UN consolidated sanctions, and additional US and international regulatory lists. Results are available instantly. The screening record is timestamped and retained per client for your compliance file.
Compliant e-signatures under ESIGN: Signatures generated through SignFlow Now meet the ESIGN Act requirements, including intent to sign, consent to electronic transactions, logical association with the signed document, and a complete retention record. Admissible in IRS proceedings and US federal courts.
Continuous Monitoring for Ongoing Client Relationships
For clients with ongoing engagements — annual returns, ongoing advisory, trust management — a one-time screening at onboarding is not sufficient. OFAC designations and FinCEN alerts can arise at any point in a long-term client relationship.
Continuous monitoring provides automated alerting when a current client's status changes. You receive a notification, document your review, and take the appropriate action — continuing, applying enhanced scrutiny, or terminating. For CPA practices with large client rosters, continuous monitoring scales what would otherwise be an unmanageable manual process.
The Audit Trail US Regulators Expect
Both the IRS and OFAC, in the event of an examination or investigation, will want to see documentation of your compliance processes. For AML and sanctions screening, that means records showing what was checked, when, against which lists, and what the result was. For client authorisation, it means a signed, authenticated document with a verifiable audit trail.
SignFlow Now generates both. Every screening check produces a timestamped record showing the date, the lists screened, and the outcome. Every signed authorisation comes with a Certificate of Completion documenting identity verification, IP address, timestamp, and cryptographic hash of the signed document.
Getting Started
SignFlow Now for US CPA firms is available at signflownow.com/cpas. The platform supports US Form 2848-style authorisation workflows, OFAC-compliant screening, and ESIGN-compliant electronic signatures. All plans include AML screening at no additional per-check cost. 14-day free trial, no credit card required.