Accountant Document Compliance: US Verification Guide
Document compliance guide for US accountants and auditors. BSA/AML obligations, AICPA standards, supporting documents checklist
Summarize this article with
ChatGPT
Claude
Perplexity
Gemini
GrokAccountants and auditors in the United States bear direct legal responsibility for verifying the authenticity and completeness of supporting documents. Under the Bank Secrecy Act (BSA) and the Anti-Money Laundering Act of 2020 (AMLA), accounting professionals who provide services to financial institutions or certain regulated entities must support anti-money laundering (AML) controls, including customer due diligence, suspicious activity reporting, and document retention. Combined with AICPA auditing standards (AU-C sections) and IRS record-keeping requirements, the compliance framework for document verification is both broad and enforceable.
This guide covers the regulatory obligations, the documents that require verification, the applicable auditing standards, and the practical tools available to streamline compliance for accounting and audit firms operating in the United States.
This article is for informational purposes only and does not constitute legal, financial, or regulatory advice.
Regulatory Framework: AML and Document Obligations for US Accountants
US accountants and auditors operate under a layered regulatory framework. The American Institute of Certified Public Accountants (AICPA) sets auditing and ethical standards. State Boards of Accountancy regulate licensure and professional conduct. FinCEN (Financial Crimes Enforcement Network) administers BSA compliance, and the IRS enforces tax-related record-keeping obligations.
The Bank Secrecy Act (31 USC ยง5311 et seq.) and its implementing regulations (31 CFR Chapter X) require financial institutions โ and the accounting professionals who serve them โ to establish AML programs, verify customer identity through Customer Identification Programs (CIP), and maintain records for at least five years (FinCEN โ BSA Regulations).
The core obligations include:
- Client identification and verification: verifying the identity of individuals using government-issued photo ID (US passport, state driver's license, state ID) and proof of address, and verifying legal entities using state registration records, Certificates of Good Standing, Articles of Incorporation, and beneficial ownership declarations under the Corporate Transparency Act (CTA) 2021.
- Risk assessment: conducting a firm-wide risk assessment and applying enhanced due diligence to higher-risk clients, politically exposed persons (PEPs), and clients in high-risk jurisdictions identified by FinCEN or the FATF.
- Suspicious Activity Reports (SARs): filing reports with FinCEN when there are grounds to suspect money laundering or terrorist financing, as required under 31 CFR ยง1020.320.
- Record keeping: retaining copies of identification documents, transaction records, and due diligence evidence for five years, consistent with BSA requirements and IRS record retention rules.
The AICPA's AU-C Section 250 requires auditors to consider laws and regulations throughout the audit, including those related to fraud and money laundering (AICPA โ AU-C Section 250). Non-compliance can result in regulatory sanctions from the state Board of Accountancy, including fines, suspension, or revocation of CPA licensure.
The AICPA publishes detailed guidance on AML responsibilities for its members, covering practical procedures for client onboarding, ongoing monitoring, and record keeping. State CPA societies and the AICPA's Forensic and Valuation Services section provide additional resources on acceptable forms of identification, verification methods, and the standard of evidence required (AICPA โ Anti-Money Laundering Resources).
Supporting Documents Checklist: Purpose, Retention, and Format
The volume and variety of documents that accounting and audit firms must verify is substantial. Each document serves a specific compliance or evidential purpose, and retention requirements vary by regulation.
| Document | Purpose | Retention Period | Accepted Format |
|---|---|---|---|
| Purchase and sales invoices | Accounting entries, sales tax recovery, audit evidence | 7 years (IRS general rule, IRC ยง6501) | Paper, PDF, EDI, structured XML |
| Bank statements | Bank reconciliation, cash flow verification | 7 years | PDF, paper, OFX |
| Trial balance and general ledger | Year-end review, consistency checks | 7 years | Accounting software export |
| Client photo ID (US passport, driver's license) | KYC/AML identification | 5 years after relationship ends (BSA/CIP rules) | Certified copy |
| Proof of address (utility bill, bank statement) | KYC/AML verification | 5 years after relationship ends | Certified copy, original |
| Certificate of Good Standing / Articles of Incorporation | Entity identification and verification | 5 years after relationship ends | PDF, state registry extract |
| Payroll records (W-2, pay stubs) | Payroll tax compliance, audit trail | 4 years (IRS) / 7 years recommended | PDF, paper |
| Sales tax returns and working papers | State tax compliance, reconciliation | 7 years | Digital |
| Expense receipts and claims | Deductibility of expenses, sales tax input | 7 years | PDF, scan, photo |
| Contracts and engagement letters | Scope of work, liability allocation | Duration of contract + 7 years | Original or copy |
Under IRS regulations, businesses must maintain adequate books and records that substantiate income, deductions, and credits reported on tax returns. The IRS requires that all records supporting tax return positions be retained for at least 3 years from the filing date โ though 7 years is the standard professional recommendation for most business records, and employment tax records must be kept for at least 4 years (IRS โ How Long Should I Keep Records). For accounting firms, this means that the supporting documents underpinning tax calculations must be stored, organized, and retrievable.
Auditing Standards for Document Verification
US auditors apply the AICPA's Clarified Statements on Auditing Standards (AU-C sections), which align with International Standards on Auditing (ISA). Several standards directly govern how auditors verify supporting documents.
AU-C Section 500: Audit Evidence
AU-C Section 500 establishes the framework for obtaining sufficient appropriate audit evidence. The standard requires auditors to design and perform procedures to gather evidence that supports the financial statements. Key procedures include:
- Inspection of records and documents: examining invoices, contracts, bank statements, board minutes, and correspondence for authenticity, completeness, and accuracy.
- External confirmation: obtaining direct written confirmation from third parties, such as bank balance confirmations, accounts receivable confirmations, and attorney letters.
- Recalculation: independently verifying arithmetic accuracy of calculations in the financial statements and supporting schedules.
- Analytical procedures: comparing financial data with prior periods, budgets, and industry benchmarks to identify anomalies that require further investigation.
AU-C Section 240: Consideration of Fraud in a Financial Statement Audit
AU-C Section 240 requires auditors to maintain professional skepticism and consider the risk of material misstatement due to fraud throughout the audit. This includes evaluating whether documents may have been altered, fabricated, or omitted. The standard mandates specific procedures when fraud risk is identified, including examining journal entries for unusual characteristics, reviewing accounting estimates for bias, and evaluating the business rationale of significant transactions.
AU-C Section 230: Audit Documentation
Every verification procedure performed must be documented in the audit file. AU-C Section 230 requires that documentation be sufficient to enable an experienced auditor with no prior connection to the audit to understand the nature, timing, and extent of procedures performed, the evidence obtained, and the conclusions reached.
Ready to automate your checks?
Free pilot with your own documents. Results in 48h.
Request a free pilotDigital Record-Keeping and IRS Compliance
The United States does not have a centralized mandatory e-invoicing regime comparable to some EU countries, but digital transformation is reshaping document management for US accounting firms through several channels.
IRS Electronic Filing and Record-Keeping Requirements
The IRS has been progressively expanding electronic filing mandates. Starting in 2024, businesses filing 10 or more information returns (W-2s, 1099s) must file electronically. The IRS accepts electronic records as original records, provided they are an accurate and complete reproduction of the original and remain accessible and legible for the required retention period (IRS โ Revenue Procedure 98-25).
Structured Data and E-Invoicing Adoption
While not federally mandated, structured e-invoicing formats are gaining traction in the US, particularly for government procurement (where SAM.gov registration is required) and large corporate supply chains. For accounting firms, the shift from unstructured PDFs to structured data means:
- Automated extraction: structured invoices eliminate the need for OCR, as data fields are machine-readable by design.
- Built-in validation: structured formats enforce mandatory fields (supplier EIN, line item detail, tax breakdown), reducing the incidence of incomplete documents.
- Streamlined reconciliation: machine-readable invoices can be matched automatically against purchase orders, delivery notes, and bank payments.
Federal and state laws require companies to maintain adequate books and records. The Sarbanes-Oxley Act of 2002 (SOX) imposes additional record-keeping and internal control requirements on publicly traded companies (US Congress โ SOX). Digital record-keeping that meets these requirements benefits from the auditability and traceability that structured formats provide.
Automating Document Verification for Accounting Firms
Manual document verification does not scale. A mid-sized US accounting firm managing 200 clients processes between 4,000 and 8,000 documents per month during peak periods. At 3 to 5 minutes per document, this represents 200 to 670 hours of verification labor per month.
What AI Automates
AI-powered document verification addresses the highest-volume, most repetitive verification tasks:
- Structured extraction: OCR and data extraction from invoices, receipts, bank statements, and payroll documents โ capturing amounts, dates, EINs, state registration numbers, and mandatory mentions.
- Cross-validation: automated matching of invoices to bank payments, tax consistency checks (net + tax = gross), sequential numbering validation, and supplier verification against state registries and SAM.gov records.
- Regulatory compliance: verification of AML documentation completeness, checking ID validity periods, and flagging expired documents that require renewal.
- Anomaly detection: identifying duplicate invoices, unusual amounts, date inconsistencies, and unrecognized suppliers.
Measurable Outcomes
| Metric | Manual Processing | Automated Processing | Improvement |
|---|---|---|---|
| Average time per invoice | 3 to 5 minutes | 15 to 30 seconds | 85 to 90% |
| Error rate | 5 to 8% | 0.5 to 1% | 8x reduction |
| Monthly close timeline | 12 to 18 days | 5 to 8 days | 50 to 60% |
| Cost per document processed | $2.50 to $4.00 | $0.30 to $0.60 | 75 to 85% |
For a detailed analysis of automation features designed for accounting firms, see our guide on automating document verification in accounting firms.
Integration Without Disruption
Automated verification integrates with existing practice management and accounting software through APIs. The firm retains its current tools and adds an automated verification layer upstream of data entry. Documents are checked on receipt, anomalies are flagged, and staff intervene only on exceptions where professional judgment is required.
Solutions such as CheckFile.ai connect to the software accounting firms already use, creating a continuous workflow from document receipt through verification to posting. Our platform processes over 180,000 documents per month with 98.7% OCR accuracy and an average verification time of 4.2 seconds per document. To explore pricing for accounting firms or learn about solutions for finance and leasing, visit our dedicated pages.
For a comprehensive overview, see our industry document verification guide.
Frequently Asked Questions
Are US accountants legally required to verify client identity documents?
Yes, when providing services that fall under BSA obligations. Under the Bank Secrecy Act and the Customer Identification Program (CIP) rules, financial institutions โ and the accounting professionals who support their compliance โ must verify customer identity using reliable, independent sources before establishing a business relationship. The Corporate Transparency Act (CTA) further requires reporting of beneficial ownership information to FinCEN. State Boards of Accountancy can take disciplinary action for negligence in professional duties, including failures in due diligence documentation.
How long must accounting firms retain supporting documents?
The IRS generally requires records supporting tax return positions to be retained for at least 3 years from the filing date, with a 7-year recommendation for most business records. AML records (identity verification documents, transaction records) must be retained for 5 years after the end of the business relationship under BSA/CIP rules. Employment tax records must be kept for at least 4 years after the tax becomes due or is paid, whichever is later.
Does electronic filing replace the need for document verification?
No. IRS electronic filing mandates require digital submission of tax forms, but they do not verify the accuracy or authenticity of the underlying documents. Accounting firms must still verify that invoices, receipts, and other supporting documents are genuine, complete, and consistent with the submitted returns.
What happens if an audit file lacks sufficient documentation?
The AICPA Peer Review Program and state Boards of Accountancy can take regulatory action against auditors whose files do not meet the documentation requirements of AU-C Section 230. Insufficient documentation undermines the evidential basis for the audit opinion and can result in sanctions ranging from corrective actions to license suspension. The PCAOB (Public Company Accounting Oversight Board) inspects audit firms registered to audit public companies and has cited documentation failures as among the most common deficiency findings in its annual inspection reports (PCAOB โ Inspection Reports).
Document compliance is a core obligation for accountants and auditors operating in the United States. To structure your verification process and explore solutions tailored to accounting firms, contact our team. For a broader view of document verification requirements across industries, consult our industry verification guide.
Stay informed
Get our compliance insights and practical guides delivered to your inbox.