Client trust accounts are central to the attorney-client relationship, safeguarding more than $14 billion in client funds across California. To strengthen public protection and address longstanding concerns, the State Bar launched the Client Trust Account Protection Program (CTAPP). This initiative focuses on proactive regulation, attorney education, and early detection of potential misconduct.
CTAPP sets three annual requirements for attorneys:
- Certification of knowledge and compliance with Rule 1.15
- Registration of all trust accounts, IOLTA and non-IOLTA
- Completion of a self-assessment on client trust account management
The next and most impactful stage of this initiative is the Compliance Review. Unlike the annual filings, this phase involves independent oversight. As one of the few State Bar–approved Certified Public Accountant (CPA) firms, we perform these reviews to help attorneys demonstrate adherence to the highest fiduciary standards.
What Is a CTAPP Compliance Review?
The Compliance Review is an Agreed-Upon Procedures (AUP) engagement. While the procedures performed can be similar, this engagement is not an audit, and the CPA does not provide an opinion or assurance about the attorney’s financial position or the results of the procedures.
Instead, the CPA performs specific procedures mandated by the State Bar and reports factual findings. The purpose is straightforward: to evaluate an attorney’s compliance with California Rules of Professional Conduct, Business and Professions Code, and related client trust accounting rules and statutes.
How Attorneys Are Selected
In the early phases of CTAPP, attorney selection is random. Over time, the State Bar may also consider risk-based criteria. Most importantly, being selected is not an indication of misconduct.
Scope of the Review
A Compliance Review typically covers at least one full calendar year of trust account activity. Core areas include:
- Trust accounting records such as ledgers, journals, and monthly three-way reconciliations
- Timely client notification of funds received (within 14 days)
- Distribution of undisputed funds (within 45 days)
- Adequacy of supervision and internal controls related to the trust accounting
The Compliance Review Process: Step-by-Step for the Attorney
Notification and CPA Selection
When the State Bar notifies an attorney they have been selected, the State Bar will send an initial records request of information as well as a request for the attorney to provide the name of the approved CPA firm the attorney has engaged to perform the mandatory compliance review. It’s the attorney’s responsibility to engage an approved CPA within 30 days.
The cost of a CTAPP compliance review generally ranges from $5,000 to $12,000. However, fees may increase depending on the complexity of the trust account activity, the quality of recordkeeping, and the timeliness of responses during the engagement. Poor documentation or delayed communication can lead to extended review times and higher costs.
CPA Engagement and Information Request
Once engaged, the CPA and attorney enter into an agreement in the form of an engagement letter, and this will be communicated to the State Bar. Once the State Bar is notified of the attorney’s selected CPA firm, the initial records obtained by the State Bar will be forwarded to that CPA.
The CPA will coordinate with the attorney to establish a timeline that aligns with the State Bar deadline and accommodates the attorney’s availability. Following this, the CPA will make selections and issue a second records request, with items due according to the agreed-upon schedule.
Execution of Procedures and Reporting
The CPA performs the agreed-upon procedures on selected trust account records and transactions, applying the methodology and requirements set forth by the State Bar. The CPA will report factual findings to the State Bar and the attorney for review prior to finalization.
Confidentiality and Privilege
Attorneys often worry about confidentiality. Business and Professions Code section 6091.4 ensures privilege, confidentiality, and work product protections remain intact for information provided during a Compliance Review.
Potential Outcomes and Next Steps
Following a mandatory compliance review, attorneys may receive one of several outcomes:
- Confirmation of compliance with no further action
- Recommendations for improving trust account practices
- A Mandatory Corrective Action Plan (MCAP) for minor to moderate issues
- Escalation to an investigative audit or referral to the Office of Chief Trial Counsel for significant or unresolved issues
Most outcomes are corrective rather than punitive, reinforcing CTAPP’s focus on education and prevention.
How Attorneys Can Prepare Proactively
Attorneys can reduce risk and streamline compliance by implementing sound practices, including:
- Performing monthly three-way reconciliations across bank statements, trust account journals, and client ledgers
- Maintaining complete client ledgers with date, payor/payee, purpose, amount and running balances
- Establishing written trust account policies and procedures, including appropriate internal controls and oversight by the designated attorney.
- Ensuring the 14-day notification and 45-day distribution requirements are consistently documented and adhered to.
Partnership in Public Protection
CTAPP is designed to enhance trust in the legal profession by ensuring client funds are managed responsibly. Compliance Reviews provide an independent, structured assessment that supports public protection and attorney competence.
Rather than viewing the compliance review as punitive, it is an opportunity to confirm best practices and gain assurance that their fiduciary responsibilities are being met.
We are committed to guiding attorneys through the review process with professionalism, objectivity, and respect for the confidential nature of client trust accounting records.
If you have been selected for a CTAPP compliance review or would like to understand the process, please contact us.
