The outsourcing of tax returns to India for processing is likely to receive a big boost, given the fact that the American Institute of Certified Public Accountants (AICPA) - the apex body governing US-based certified public accountants (CPA)s - has given a clean chit to this practice. The AICPA will shortly be issuing a guidance note to its members, concerning their responsibilities when they outsource their work to BPO service providers in India and other countries.

Consensus was building in the US that outsourcing of tax returns to India would impair the norms of privacy, confidentiality, professional judgement and competence required to be observed by CPAs in client matters. A view in some quarters was that such outsourcing also violated the Gramm-Leach-Bliley Act (CLBA) that requires CPAs to maintain the privacy of the client data. A growing number of CPAs also felt that they would have to inform their clients that the work of processing the tax returns was being outsourced and would have to give these clients the option of opting out of getting the returns processed by a BPO service provider.

However legal eagles say that ordinarily the GLBA, in general, prohibits the disclosure of non-public personal information to unaffiliated third parties. A BPO service provider in India handling the outsourcing work for an institution covered by the act would be an unaffiliated third party. Thus outsourcing of work would require the US entity (CPA firm in this case) to issue privacy notices to its clients, giving them the opportunity to opt out along with stringent limitations on disclosures (information that can be given to the BPO service provider). But, there is an exception made available under the GLBA i.e under the exception available, non-public personal information can be shared, if in connection with processing a service, including financial services authorised by the customer. Sharing of non-public information with the BPO service provider in India is covered under this exception.

Thus it appears that there is no specific ethical requirement that the member disclose to the client that they are using the services of an outside provider nor are there any federal laws that require the disclosure of such a practice. There is a specific exemption to the notice to clients and opt-out requirements in the GLBA for processing and servicing transactions. The only rider thus being that CPAs are required to exercise due care, which includes ensuring that the outsourcing provider in India has sufficient safeguards in place to ensure the privacy and confidentiality of client data that is transmitted for processing.