Why Did Our Firm Stop Responding to My Inquiry?

When a new inquiry reaches our firm, it goes through a security screening process before anyone invests time in a conversation. That screening is intentionally conservative, and when an inquiry accumulates enough risk signals, the firm stops communicating with that contact permanently and without explanation. This is a deliberate data-protection posture, not a personal judgment. CPA firms hold sensitive financial data for many clients, and protecting that data is the firm's first obligation. A conservative screening system will occasionally flag people who have entirely legitimate needs, and the firm accepts that tradeoff knowingly. The decision, once made, is final.

Why CPA Firms Are High-Value Targets for Fraud and Social Engineering

A CPA firm is not a typical small business. At any given time, the firm holds tax returns, financial statements, payroll records, entity structures, ownership details, and banking information for dozens or hundreds of clients. That concentration of sensitive data in one place makes accounting firms a disproportionately attractive target for fraud, identity theft, and social engineering attacks.

Social engineering, in this context, means any attempt to manipulate firm personnel into disclosing information, granting access, or taking an action they would not take if they fully understood who they were dealing with. These attempts rarely look like obvious scams. They tend to look like ordinary business inquiries: a prospective client asking reasonable questions, a referral that seems plausible, a request that fits a familiar pattern. The goal is to appear legitimate long enough to extract something of value.

The threat is not theoretical. Accounting firms are regularly targeted through:

Impersonation of prospective clients to probe for information about existing clients
Fabricated referral scenarios designed to establish false credibility
Pretextual service inquiries intended to gather intelligence about firm systems or personnel
Staged identity verification requests that are themselves the attack

Because the firm's obligation to its existing clients is ongoing and unconditional, every new contact represents a potential vector until the firm has reason to conclude otherwise. That is the environment in which the firm's intake screening was designed, and it is the reason that screening is built to be conservative rather than accommodating.

Why the Firm Screens New Inquiries and Why That Screening Errs Toward Caution

Every inquiry that reaches the firm, regardless of how it arrives or how routine it appears, enters a screening process before anyone on staff invests meaningful time in a conversation. That process is not a formality. It is a deliberate gate, and it is calibrated to favor caution over convenience.

The reasoning behind that calibration is straightforward. The firm's existing clients have entrusted it with some of the most sensitive financial information in their lives: tax positions, business structures, payroll details, banking relationships. Those clients did not consent to having their information exposed to risk because the firm was eager to take on new business. The intake process is the point at which the firm controls who gets close to that information, and it is far easier to maintain that control at the front door than to recover from a breach after the fact.

Screening new inquiries conservatively also reflects a realistic view of how threats present themselves. A contact that poses a risk rarely identifies itself as one. It arrives looking like a normal prospective client with a plausible story and ordinary questions. The firm's screening is therefore designed to evaluate patterns rather than to take stated context at face value. When those patterns raise sufficient concern, the firm stops engaging. It does not wait for certainty, because by the time certainty arrives, the damage may already be done.

This means the firm accepts a tradeoff that any conservative system imposes: some contacts that are stopped would, if the firm knew everything, turn out to be entirely legitimate. The firm is aware of this. The screening threshold is set where it is not because the firm assumes the worst about every flagged contact, but because the cost of a wrong call in one direction is categorically different from the cost of a wrong call in the other. A prospective client who is turned away can find another firm. Existing clients whose data is compromised cannot undo that outcome.

There is no parallel, lower-scrutiny path for inquiries that arrive with a referral, a familiar name, or a compelling explanation. Those elements are part of what the screening considers, but they do not bypass it. The process applies uniformly because the value of a consistent process comes precisely from its consistency.

Conservative Screening Produces False Positives, and the Firm Accepts That Tradeoff

Any screening system calibrated toward caution will, over time, stop some contacts that pose no actual risk. That is not a flaw in the design. It is a predictable consequence of the design, and the firm has made a deliberate choice to accept it.

The screening process evaluates patterns across an inquiry. No single element determines the outcome, and the firm does not require certainty before it stops engaging. When the cumulative picture raises sufficient concern, the firm ends the conversation. Because the process works this way, it will occasionally reach that threshold with someone who has entirely legitimate intentions and a genuine need for accounting services. The firm understands this happens. It has chosen a threshold it considers appropriate given what is at stake, and it does not treat the existence of false positives as a reason to raise that threshold or add exceptions.

It is worth being direct about what a false positive does and does not mean. It does not mean the firm has concluded that the flagged contact is a bad actor. The screening does not produce verdicts about individuals. It produces a risk assessment about an inquiry, and when that assessment crosses the firm's threshold, the firm stops. A person caught by that process may be entirely who they say they are. The firm's response is the same either way, because the firm has no reliable way to distinguish between the two cases at the point the decision is made, and waiting for more information is itself a risk.

The firm also does not attempt to notify a flagged contact of the outcome or explain what led to it. Silence is the deliberate response. An explanation would require the firm to describe, at least in part, what the screening considers, and that description would be useful to anyone attempting to engineer around the process in the future. The absence of an explanation is therefore part of the same protective posture as the screening itself.

For a reader who believes they were caught by a false positive, that may feel frustrating. The firm acknowledges that plainly. A person with a real need who receives no response has not been treated the way they hoped to be treated, and the firm does not pretend otherwise. What the firm can say is that the cost of occasionally turning away a legitimate prospective client is one it has weighed against the cost of a data exposure affecting existing clients, and it has concluded that the tradeoff is the right one to make.

Protecting Existing Clients Outweighs the Cost of Losing a Prospective Client

The firm's obligation to its existing clients is not conditional on how convenient it is to honor. Those clients shared their financial lives with the firm under an implicit and explicit expectation that the firm would treat that information as something worth protecting, not as a secondary concern to be balanced against the firm's interest in growing its client base. When the screening process stops a new inquiry, that obligation is the reason.

The asymmetry here is real and worth stating plainly. A prospective client who does not become a client has lost access to one firm. There are other firms. The inconvenience is genuine, but it is recoverable. An existing client whose tax records, banking relationships, or business structure are exposed through a lapse in the firm's intake process has suffered a harm that cannot be undone by finding a different accountant. The data is out. Whatever follows from that, the client bears it.

That asymmetry is what justifies a conservative threshold. The firm is not indifferent to the cost imposed on a prospective client who is turned away without explanation. It has simply concluded that the two costs are not comparable in kind, and that a policy designed to minimize the more serious harm is the right policy even when it produces the less serious one with some regularity.

It is also worth noting that the firm's existing clients have no visibility into, and no ability to protect themselves from, decisions made during the intake process. They are not present when a new inquiry arrives. They cannot object, ask questions, or decline to have their information put at risk. The firm acts on their behalf at that stage, and doing so responsibly means the screening threshold is set for their protection, not adjusted for the convenience of someone the firm has not yet taken on any obligation toward.

This is not a calculation the firm makes reluctantly or apologetically. It reflects a straightforward view of where the firm's primary duty lies. New business is welcome when it arrives through a process that the firm is satisfied with. When that process raises sufficient concern, the firm's answer is to protect the people it has already made commitments to, and to accept that a prospective client will need to look elsewhere.

The Decision Is Final: No Appeal, No Re-Screening

When the firm's screening process reaches a threshold that ends communication with a contact, that decision does not remain open for reconsideration. There is no appeal process, no re-screening path, and no mechanism by which additional information provided after the fact changes the outcome. The firm will not reopen the inquiry.

This is not an administrative oversight. The finality is intentional, and the reasoning behind it is the same reasoning that drives the rest of the firm's intake posture. A process that can be reopened through persistence, explanation, or escalation is a process with a known workaround. The value of a firm boundary comes from the fact that it holds.

Frequently Asked Questions

Does this mean you think I'm a scammer?

No. A flag produced by the screening process is not an accusation and is not a conclusion about who you are. Conservative screening systems catch people who pose no actual risk, and the firm has been direct throughout this article about the fact that false positives occur. The process evaluates patterns in an inquiry. It does not render a verdict about a person. If you were flagged, the firm is not asserting that you acted in bad faith. It is saying that the inquiry, as it presented, crossed the firm's threshold, and the firm's response to that outcome is the same regardless of what the underlying reality turns out to be.

Can I appeal or get re-screened?

No. The decision is final. The firm does not maintain an appeals process, a secondary review path, or a waiting period after which a flagged inquiry can be resubmitted. This policy exists because a process that can be relitigated is a process that can be worked around. The firm has made a deliberate choice to hold the line at the point the screening reaches its threshold, and that choice does not vary based on the circumstances of any individual inquiry.

I have a legitimate need. What are my options?

You are free to engage another accounting firm. The firm will not reopen this inquiry, but nothing about this outcome prevents you from finding a CPA elsewhere. The firm acknowledges that being turned away without explanation is not the experience you were looking for, and it does not pretend that referring you to a competitor is a satisfying resolution. It is, however, the honest answer to the question. The firm's door on this inquiry is closed. Other firms' doors are not.

Why not just verify my identity and clear it up?

Identity verification exchanges are themselves an attack surface. The firm's policy does not permit it to use verification as a path to reversing a screening decision, and the firm will not describe the specifics of why at a procedural level. What the firm can say is that at the point a screening decision has been made, the process of attempting to verify and re-evaluate an inquiry introduces risk rather than eliminating it. The policy of finality exists in part for this reason.

The firm applies this policy uniformly to every inquiry that crosses its screening threshold. It is not a comment on any individual, and it is not a judgment of the person who submitted the inquiry. It is the firm's answer to a straightforward question about where its obligations lie, and it applies the same way every time.

data-protection Due Diligence firm-policy fraud-prevention Internal Policies new-client-intake Prospective Clients security