Tax Preparer Insurance, IRS WISP Requirement, and Due Diligence Penalties

Professional Liability (E&O) Insurance: Why It Is Non-Optional

A tax preparer's errors and omissions insurance (E&O), also called professional liability insurance, covers claims that you made a mistake in preparing a client's return that resulted in financial harm — including audit adjustments, penalties, and interest the client owes as a result of your error. E&O coverage for solo tax preparers runs $300–$800 per year through specialized carriers. Without coverage, a single significant error — missing a Form 1099 that triggers a $5,000 CP2000 notice, incorrectly claiming a deduction that results in audit adjustments, or failing to file a required form — could generate a client claim that costs you $10,000–$50,000 out of pocket. For a practice generating $40,000 per season, an uninsured claim could eliminate two years of profit.

Best E&O Insurance Options for Tax Preparers

Hiscox is one of the most widely recommended E&O insurers for independent tax preparers. Their tax preparer professional liability policy starts around $500–$700 per year for a $1M/$1M policy (per claim/aggregate), and the online quote process takes about 10 minutes. Utica National Insurance Group is another highly regarded carrier specifically focused on tax professionals — they offer coverage through the National Association of Tax Professionals (NATP) and NAEA member programs, often at favorable rates for credentialed preparers. The NATP member E&O program provides access to coverage from approximately $310/year for basic coverage. Joining NATP or NAEA for the discounted E&O access is often worth the membership cost ($200–$300/year) on insurance savings alone, plus the professional community benefits.

IRS Due Diligence Requirements: Form 8867

The IRS requires preparers to complete Form 8867 (Paid Preparer's Due Diligence Checklist) for every return that claims the Earned Income Tax Credit (EITC), Child Tax Credit (CTC), American Opportunity Tax Credit (AOTC), or Head of Household (HOH) filing status. The due diligence requirement means you must ask specific questions, document client responses, and retain records for three years. The penalty for each failure to comply with due diligence requirements is $600 per credit per return in 2026 (indexed annually). A return claiming all four credits or statuses with a due diligence failure could generate $2,400 in preparer penalties from a single return. The IRS actively audits high-EITC preparers for due diligence compliance — preparers with patterns of non-compliance face injunctions and license suspension.

The IRS WISP Requirement: What It Is and What You Must Document

Since the 2018 filing season, the IRS has required all paid tax preparers — including solo home-based preparers — to maintain a Written Information Security Plan (WISP). A WISP is a documented security policy covering how you collect, store, transmit, and dispose of client data. Required elements include: designation of a security coordinator (you, in a solo practice); inventory of all systems that store client data; password policies; procedures for handling data breaches; client data disposal procedures (secure deletion or shredding); network security measures (encrypted Wi-Fi, firewall, antivirus); and procedures for working remotely or with portable devices. The IRS does not provide a standard WISP template, but the Security Summit (an IRS-industry partnership) publishes a sample WISP template annually at irs.gov. Failure to maintain a WISP is a Gramm-Leach-Bliley Act violation that can result in FTC enforcement action.

Creating Your WISP: The Practical Approach

Start with the IRS Security Summit WISP template — it is free, comprehensive, and specific to tax preparers. The template covers all required elements and needs only to be customized with your specific business details, the software and devices you use, and your specific procedures. Plan to spend two to three hours completing the WISP template before your first filing season. After completion: save the WISP as a PDF, store it on your computer and in a secure cloud backup, and review and update it annually when you renew your software and insurance. Key minimum security practices your WISP should document: use of multi-factor authentication on all tax software accounts and email; encrypted storage for client files (not unencrypted USB drives); a secure Wi-Fi network for your practice (no client data over public Wi-Fi); and a documented response procedure if you discover a data breach — including the IRS-required notification to the IRS within 24 hours of a breach.

Data Breach Response for Tax Preparers

If your practice suffers a data breach — including theft of a laptop containing client data, unauthorized access to your email account, or a ransomware attack on your practice management system — the IRS requires immediate notification. Contact the IRS at 800-908-4490 within 24 hours of discovering the breach. You must also notify affected clients in writing, provide credit monitoring services in most states under breach notification laws, and file a police report. Professional liability insurance typically does not cover data breach response costs — you need a separate cyber liability policy. Cyber liability insurance for a solo tax practice costs $200–$500 per year and covers breach notification costs, credit monitoring, forensic investigation, and regulatory defense. The IRS Security Summit publishes an updated data breach resource guide at irs.gov/safeguards each filing season.

RECOMMENDED TOOLS

Some links above are affiliate links. We may earn a commission if you sign up — at no extra cost to you.

FREQUENTLY ASKED QUESTIONS