Chartered accountant insurance in France: securing your practice and your firm

For a chartered accountant (expert-comptable) in France, insurance is not a budget line to minimise at renewal. It is a statutory obligation, a signal of professional credibility, and — in the event of a serious claim — a survival mechanism for the firm. Yet in practice, most practitioners do not re-read their policy beyond the initial subscription.

In 2026, two developments have reshaped the insurance landscape for accounting professionals in France: a regulatory tightening of the professional civil liability obligation, and a sharp rise in digital risks that fall entirely outside the scope of a standard RCP policy. Understanding both dimensions is what allows a firm principal to make informed decisions about coverage.

Every chartered accountant registered with the Ordre des experts-comptables must hold professional civil liability insurance (responsabilité civile professionnelle — RCP) covering all professional acts. This obligation, rooted in Ordinance No. 45-2138 of 19 September 1945 and detailed by Decree No. 2012-432, applies to self-employed practitioners, partners in professional structures (SELARL, SELAS, SCP) and employed accountants. Complementary covers — cyber insurance, legal protection, professional multi-risk, income protection — are not legally mandated but have become operationally necessary in light of actual claims experience.

Yes, without exception. Article 22 of Ordinance No. 45-2138 of 19 September 1945 requires every chartered accountant, at the point of registration with the Ordre, to demonstrate valid RCP coverage. Decree No. 2012-432 of 30 March 2012 governs the detailed conditions. A practitioner unable to produce a current insurance certificate faces disciplinary sanctions from the regional Ordre council, up to and including removal from the register.

In practice, the Ordre des experts-comptables negotiates collective contracts at regional level, giving members access to pooled coverage at negotiated terms. Joining the collective contract does not preclude taking out a supplementary individual policy or replacing it entirely with a bespoke arrangement, provided the minimum guarantee requirements set by the regulations are met.

Bespoke individual policies carry a practical advantage: they can be calibrated to the specific scope of the firm's actual activities — something the collective contract, designed for the common denominator across the profession, does not always achieve fully.

RCP responds to one specific logic: compensating the loss suffered by a client as a result of a professional fault, negligence or omission on the part of the accountant in the execution of the engagement. It does not cover intentional misconduct or the firm's own operational risks (equipment, premises, cyber incidents).

The most frequently covered claims include:

• An error in a VAT return generating an assessment and penalties for the client.
• A failure to file annual accounts on time, resulting in a fine or loss of rights for the client.
• Failure to advise on an available tax option, leading to a higher-than-necessary tax liability.
• A delay in preparing financial statements that compromised a bank financing application.
• Legal and expert costs where the firm's liability is formally contested.

RCP does not, however, cover missions carried out without a signed engagement letter. This is critical: verifying that the engagement letter covers every service actually provided is the first safeguard before any client mandate begins.

Virtually all RCP contracts for regulated French professions operate on a claims-made basis (base réclamation): it is the client's claim that triggers the relevant insurer, not the date on which the underlying error occurred.

This creates two specific risks at the point of changing insurer:

1. Prior acts coverage: an error made in 2024, claimed in 2026, must be covered by the 2026 policy via a retroactivity clause. Without that clause, the claim can fall between the two contracts.
2. Post-termination claims: after the policy is cancelled, claims can still arise from past engagements. The former insurer's run-off cover (garantie subséquente or garantie de découverte) fills this gap for a defined period.

Whenever changing insurer, two things must happen simultaneously: request unlimited retroactivity from the new contract, and obtain the maximum run-off period from the previous insurer. Skipping either step leaves a gap.

RCP contracts operate with a per-claim limit and an annual aggregate, with an excess applying to each claim and remaining at the firm's cost.

These ranges are indicative. The appropriate limit depends on revenue, the nature of engagements handled and the scale of individual client files. There is no legally prescribed minimum limit: it is the practitioner's responsibility to assess actual exposure. A firm that handles consolidated accounts or advises on corporate transactions should set limits accordingly.

In 2026, the question is no longer whether cyber insurance is useful — it is how to calibrate it. Accounting firms concentrate inherently valuable data: bank account details, tax returns, payslips, unpublished balance sheets. This makes them attractive targets.

Standard RCP does not cover direct cyber losses suffered by the firm itself. In some configurations it may cover the firm's liability towards clients whose data has been compromised — but that scope is narrow and frequently disputed in practice.

A dedicated cyber policy typically covers:

• Ransomware and digital extortion: system restoration costs, crisis negotiation, and potential ransom payments (subject to policy terms).
• GDPR notification obligations: France's CNIL requires notification of personal data breaches within 72 hours. Notification costs and crisis management are covered.
• Wire transfer fraud by impersonation: a cybercriminal impersonates the firm or a client to redirect payments to a fraudulent account.
• Cloud service interruption: prolonged failure of a hosted accounting platform that prevents deadline-critical filing.
• Defence costs: if a client brings a claim for personal data violations.

Cyber hygiene measures — offline backups, two-factor authentication, IT policies, staff training — remain the first line of defence. Cyber insurance complements these measures; it does not replace them.

Legal protection (protection juridique)#

Legal protection covers procedural costs in situations not addressed by RCP: disputes with a software supplier, challenging a URSSAF audit on the firm's own payroll, or defence costs in a disciplinary proceeding brought by the Ordre. It is frequently undervalued because its premium is modest — and its utility becomes obvious at precisely the moment when the firm is already under pressure.

Professional multi-risk cover (multirisque professionnelle)#

Professional multi-risk covers material damage to the firm: fire, water damage, theft of IT equipment. It typically includes business interruption cover, which compensates for lost revenue during the period of unavailability. A firm whose premises are inaccessible for three weeks following a loss continues to owe salaries, rent and software subscriptions regardless.

Key-person cover (garantie homme-clé)#

For small structures, key-person cover is a firm-level security tool in the event of the death or permanent disability of a principal. It pays the company — not the family — to compensate for lost revenue and finance recruitment or restructuring. In a two-partner firm where one partner originates 70% of turnover, the absence of this cover is a structural risk.

Income protection for the principal (prévoyance)#

Distinct from key-person cover, income protection covers the practitioner personally: income maintenance during sick leave, disability payments, and death benefits payable to the family. The French social protection system for self-employed professionals provides only partial cover; supplementary prévoyance closes the gap.

Exclusions are where most claim refusals originate. They are often barely noticed at subscription and fully apparent only when a claim is filed.

The most common exclusions in French accounting firm RCP policies include:

• Missions carried out without a signed engagement letter: verbal or email-only mandates are regularly refused coverage.
• Undeclared activities: statutory audit (commissariat aux comptes), wealth management advice or restructuring mandates outside the declared scope may be excluded.
• Undeclared software: damage arising from a tool not notified to the insurer can be challenged.
• Intentional or fraudulent acts: no policy covers deliberate professional misconduct.
• Cyber incidents without specific cover: most standard RCP policies now explicitly exclude direct cyber losses.

A six-person firm using a cloud-based accounting platform suffered a ransomware attack in early 2026. The SaaS provider's servers were unaffected, but all local workstations were encrypted, blocking file access for eighteen days.

Financial impact:

• IT contractor for cleanup and workstation restoration: €12,000
• Client penalties for three missed VAT filing deadlines: €8,500
• Lost billings during the blocked period: €22,000
• CNIL notification and crisis communication costs: €4,000
• Total: €46,500

The firm's standard RCP covered none of these items: not the business interruption, not the IT remediation costs, and not the client penalties. A cyber policy appropriate for a firm of this size — annual premium typically in the range of €1,500 to €2,500 depending on the risk profile and insurer — would have covered the bulk of these losses.

In a professional liability dispute handled with outside counsel, a firm had carried out two years of restructuring advisory work without updating its engagement letter to reflect that activity. When the claim arose — a dispute over a capital gain on a sale that had been poorly anticipated — the insurer invoked the standard exclusion for undeclared activities and declined coverage. The firm had to bear the litigation costs in full.

The lesson: each extension of practice must result in both a formal update to the engagement letter and a separate declaration to the insurer. The two steps are independent of each other and both are required.

An effective annual review of a firm's insurance follows a straightforward logic:

1. Compare actual engagements carried out in the past year against the declared scope: new service lines, new client sectors, new digital tools introduced.
2. Check limits: if the firm's revenue has grown or if high-value mandates have been taken on, limits need updating.
3. Re-read the exclusion clauses in the general conditions — these can change silently at renewal.
4. Verify the claims-made mechanism and run-off provisions, especially where a partner has departed or a significant client relationship has ended.
5. Review cyber coverage: franchise levels, waiting periods and claim notification conditions in this segment evolve rapidly.

The scope of an expert-comptable's practice has broadened significantly — tax advisory, outsourced CFO (DAF externalisé), business creation support, sustainability reporting. Each new dimension should be reflected in the policy.

The most common vulnerabilities are not gross professional errors — those remain rare. They are structural blind spots:

• Guarantee limits set at the time the firm was founded and never revised, despite turnover having tripled.
• An engagement letter last updated three years ago that leaves recently added service lines technically outside coverage.
• A cyber policy subscribed once and never reassessed as the firm migrated to cloud tools, enabled remote access for staff, or brought in new IT suppliers.
• No key-person cover in a two-partner structure where one partner accounts for the majority of client relationships and billings.

Professional insurance provides protection in direct proportion to the rigour with which the firm maintains its engagement documentation and keeps its insurer informed. Both dimensions reinforce each other.

Current as of 2026-06-14. This article is for information purposes and does not replace personalised advice. For your specific situation, consult a chartered accountant registered with the Ordre des experts-comptables.