The comment period for these proposed rules lasted for two months, ending on May 9, 2022. During that time, the SEC received more than 100 comments from various sectors, including legal, government, business, and nonprofit. These comments vacillated from critical to supportive, but many had several concerns about the rule’s provisions. For those curious about the specific apprehensions, our Technology and Cybersecurity team analyzes them, as well as the suggested solutions, in this article.
Most common concerns regarding the SEC’s cybersecurity proposal
Within the comments provided on the proposal, there were eight key issues broached along with solutions to these issues.
1. The four-day incident notice deadline
Many commenters believe being given a mere four days to report a cybersecurity incident was not enough time to truly analyze the incident and complete an accurate report. Worried a harried or slapdash report could yield even more security risks, they proposed more flexible solutions to provide accurate disclosures, like:
- A 30-day reporting deadline;
- Government-permitted reporting delays (as needed);
- A modification in the disclosure framework to ensure state notification statutes are exemplified; and
- Additional time for smaller companies to investigate, report, and fully disclose the situation as needed.
2. Law enforcement and national security exceptions
Feedback for the proposed rules also stated some specific incidents should benefit from delayed reporting exceptions, namely those that need to involve law enforcement or security investigations on a larger scale.
This solution allows those grappling with more challenging and involved cybersecurity incidents to remain compliant with the law while doing what is necessary to complete an investigation and strengthen security to prevent future incidents. It also gives law enforcement more freedom to complete their efforts — and prevents publicity that could tip off the attackers, who could then cover their tracks.
3. The definition of key terms
The SEC uses several words that could be misconstrued, have multiple meanings, or are not succinct enough to require disclosures surrounding them. These words, as pointed out in the comments, include:
- Cybersecurity threat,
- Cybersecurity incident, or
- Information systems.
To solve this and streamline compliance reporting requirements, commentors believe the SEC should utilize the thorough and uniform definitions employed by the National Institute of Standards and Technology (NIST), as well as those used in the Cybersecurity Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), SEC’s Release Number 33-11028, and the 2016 Presidential Policy Directive on United States Cyber Incident Coordination.
In addition, the SEC can break down each incident or threat into a tier system to accurately encapsulate the severity each tier entails, better describing the impact on the organization.
4. The disclosure of the board of directors’ cybersecurity expertise
Comments also touched on the requirement to include the experience the members of a company’s board of directors have, finding it unnecessary to disclose and tedious to acquire. The suggestions given included eliminating this narrow requirement (primarily because if a board member(s) does not have heavy cybersecurity experience, that could reflect negatively on the company’s prioritization of cybersecurity) even if the company does, in fact, take cybersecurity seriously.
They also call for “cybersecurity expertise” to be defined using broad criteria so smaller companies can meet the requirement without struggling to find an “expert” just to tick a box — or to allow the requirement to meet with a leader at different level in the company besides the board of directors.
5. The accumulation of immaterial events requirement
Another criticism of the proposed rules targets the requirement to list previously undisclosed immaterial cybersecurity incidents, which many comments revealed to find unnecessary and vague, as an incident to one company may be deemed immaterial but found material to another. The lack of consistency and definition means their solution is to either scratch the requirement or, alternatively, provide more guidance on what these incidents should entail to be included, as well as an example of one — and set a one-year limit, as this requirement does not include one.
6. Security program disclosures
Requiring a company to disclose security program-related protocols and plans, like strategies and risk management tactics would, comments to the proposal argue, make the company more vulnerable to future security breaches — as well as inadvertently divulge protected information. To mitigate this, critics suggest removing the requirement to keep companies (and their security plans) safe, allowing a vague summary of the program to meet the requirement; or introducing a confidentiality clause.
7. Fear of regulatory discord
As cybersecurity becomes a bigger issue for all industries across the country, the SEC’s proposal could contradict other states’ laws and requirements regarding cybersecurity (and their varying definitions, triggers, timings, and more). This could create confusion for companies who want to remain compliant in the event of a cyberattack but are unsure of which requirements they must meet to determine if a breach has, in fact, occurred. Readers of the proposed rule believe creating standardized terms and requirements can help. Plus, the SEC should demonstrate how it will work with the other regulations so companies can align their requirements in a streamlined way.
8. Safe harbor provisions
It seemed to many if a company has already reported a material cybersecurity risk, it is redundant to be required to report it again via the Form 8-K. The provided (short) timeframe, too, could cause issues — in the case of a third-party breach, a company may hurry to complete the form without confirming it to be reliable or accurate, defeating the entire point of the form.
This requirement invited split opinions. Some comments mentioned two “safe harbors” (i.e., double reporting) is a good thing, helping the SEC to promote consistent disclosure. Others, however, stated that including both would be redundant, especially with a tight deadline and the lack of clear definitions for these incidents.
Our perspective on the response to the SEC’s cybersecurity proposal
As the SEC strives to increase transparency and prevent malicious cyberattacks, cybersecurity disclosure requirements will continue to change and strengthen. The number of comments received on this proposed rule indicates that companies across industries are not only invested in what these disclosure requirements mean, but they are willing to do what is necessary (albeit logical) to enhance and standardize the way they protect themselves and disclose risk.
Looking forward, the SEC will take these comments into consideration for the next draft of the proposal.
How we can help
While you wait for the next draft of the proposal, remember to stay vigilant—not only to protect your organization, but also to maintain compliance. To stay up to date, bookmark the SEC’s Cybersecurity news and our Technology and Cybersecurity insight library.
Professional service firms like MGO help verify you are compliant and strengthen your overall cybersecurity — so these incidents are less likely to occur, and if they do, you will be ready to mitigate risks at once. Let us know if you are ready to assess your cybersecurity or get started on a SOC for Cybersecurity.
For insights tailored to your company and industry, schedule a conversation with our Technology and Cybersecurity team today.
]]>Giving state and local governments the resources to protect against hackers
The SLCIA updates the Homeland Security Act of 2002 to give the DHS leeway to utilize centers like the Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing and Analysis Center (MS-ISAC). This will allow them to work with state, local, tribal, and territorial governments as needed, upon request.
This collaboration will encourage conducting cybersecurity exercises and hosting trainings meant to address current or future cyber risks or incidents. It will also provide operational and technical assistance to state and local governments to implement security resources, tools, and procedures to improve overall protection against attacks. The goal is to provide state and local governments with the support they need to defend themselves from hackers.
Resources to bolster government security capabilities
The SLCIA establishes a $500 million DHS grant program that will empower government institutions to increase their focus on cybersecurity. The bill also:
- Requires CISA to develop a strategy to improve cybersecurity of state, local, tribal, and territorial governments, enabling them to identify federal resources to capitalize on as well as set baseline objectives for their efforts;
- Indicates state, local, tribal, and territorial governments must develop a comprehensive cybersecurity plan to guide their usage of any grant money they receive;
- Establishes a state and local cybersecurity resiliency committee made up of representatives from state, local, tribal, and territorial governments to provide awareness of cybersecurity needs; and
- Enjoins CISA to assess the feasibility of a rotational program for the detail of approved government employees holding cyber positions.
The bill gives state and local governments the push they need to begin defending their networks. This can include the development of new strategies to boost their cybersecurity capabilities and acquisition of the funding needed to ensure their implementation. By investing in cybersecurity ahead of an attack, an entity is more likely to save money and protect its data.
Assessing eligibility for cybersecurity grants
Cybersecurity grants are available to municipalities of all sizes — but it’s important to start strategizing now by considering your IT infrastructure and cybersecurity frameworks. By applying for the grants, you indicate that you are taking your entity’s security seriously and taking the proper steps to qualify.
The State and Local Cybersecurity Improvement Act will provide up to $1 billion in grants for state, local, tribal, and territorial governments, allowing them to directly address their cybersecurity threats and risks. The program’s funding starts at $2 million for 2022, $400 million for 2023, $300 million for 2024, and $100 million for 2025.
To be eligible, an entity must:
- Maintain responsibility for monitoring, managing, and tracking its information systems, applications, and those user accounts owned and operated by the government;
- Show it has a process of continuously prioritizing the assessment of its cybersecurity vulnerabilities and threat mitigation practices; and
- Have a tangible plan that outlines:
- How to manage and audit network traffic.
- How the government plans to use the information to improve its systems’ resiliency and strength.
Our perspective
While the bill is still waiting on the Committee on Homeland Security and Governmental Affairs there are some things you can do to make sure you are ready. State and local governments should focus on building teams that can handle the grant application process — and be prepared to implement once awarded. This bill indicates that governments are past the point of merely updating a firewall or running a generic virus program — things like multifactor authentication and zero-trust architecture are viewed as the next steps (which was required for federal agencies in a 2021 executive order).
How we can help
Prior to starting the grant application process, your IT leaders should start thinking about how to handle security gaps with various procedures and consistent tests. MGO can help. Our Technology and Cybersecurity team can provide guidance as you prepare for the future.
About the authors
Francisco Colon is a Partner at MGO with extensive experience in external audit, fraud examinations, litigation support, operational and internal controls reviews, and buyer/seller due diligence. He specifically focuses on assisting organizations with evaluating and updating their internal controls with a focus on strategic alignment and fraud litigation deterrence management in a variety of industries, including tribal government, gaming, technology, cannabis, hospitality, government contracting, distribution, manufacturing, and private equity. Contact Francisco at FColon@mgocpa.com.
]]>Eligibility for the casualty loss deduction
Casualty losses can result from the damage, destruction or loss of property due to any sudden, unexpected or unusual event. Examples include floods, hurricanes, tornadoes, fires, earthquakes and volcanic eruptions. Normal wear and tear or progressive deterioration of property doesn’t constitute a deductible casualty loss. For example, drought generally doesn’t qualify.
The availability of the tax deduction for casualty losses varies depending on whether the losses relate to personal-use or business-use items. Generally, you can deduct casualty losses related to your home, household items and personal vehicles if they’re caused by a federally declared disaster — meaning a disaster that occurred in an area that the U.S. president declares eligible for federal assistance. Casualty losses related to business or income-producing property (for example, rental property) can be deducted regardless of whether they occur in a federally declared disaster area.
Casualty losses are deductible in the year of the loss, usually the year of the casualty event. If your loss stemmed from a federally declared disaster, you can opt to treat it as having occurred in the previous year. You may receive your refund more quickly if you amend the previous year’s return than if you wait until you file your return for the casualty year.
The role of reimbursements
If your casualty loss is covered by insurance, you must reduce the loss by the amount of any reimbursement or expected reimbursement. (You also must reduce the loss by any salvage value). Reimbursement also could lead to capital gains tax liability.
When the amount you receive from insurance or other reimbursements (less any expense you incurred to obtain reimbursement, such as the cost of an appraisal) exceeds the cost or adjusted basis of the property, you have a capital gain. You’ll need to include that gain as income unless you’re eligible to postpone reporting the gain.
You may be able to postpone the reporting obligation if you purchase property that’s similar in service or use to the destroyed property within the specified replacement period. You also can postpone if you buy a controlling interest (at least 80%) in a corporation owning similar property or if you spend the reimbursement to restore the property.
Alternatively, you can offset casualty gains with casualty losses not attributable to a federally declared disaster. This is the only way you can deduct personal-use property casualty losses incurred in areas not declared disaster areas.
The loss amount vs. the deduction
For personal-use property, or business-use or income-producing property that isn’t completely destroyed, your casualty loss is the lesser of:
• The adjusted basis of the property immediately before the loss (generally, your original cost, plus improvements and less depreciation), or
• The drop in fair market value (FMV) of the property as a result of the casualty (that is, the difference between the FMV immediately before and immediately after the casualty).
For business-use or income-producing property that’s completely destroyed, the amount of the loss is the adjusted basis less any salvage value and reimbursements.
If a single casualty involves more than one piece of property, you must figure the loss on each separately. You then combine these losses to determine the casualty loss.
An exception applies to personal-use real property, such as a home. The entire property (including improvements such as landscaping) is treated as one item. The loss is the smaller of the decline in FMV of the entire property and the entire property’s adjusted basis.
Other limits may apply to the amount of the loss you may deduct, too. For personal-use property, you must reduce each casualty loss by $100 (after you’ve subtracted any salvage value and reimbursement).
If you suffer more than one casualty loss during the tax year, you must reduce each loss by $100 and report each on a separate IRS form. If two or more taxpayers have losses from the same casualty, the $100 rule applies separately to each taxpayer.
But that’s not all. For personal-use property, you also must reduce your total casualty losses by 10% of your adjusted gross income, after you’ve applied the $100 rule. As a result, smaller personal-use casualty losses often provide little or no tax benefit.
The requisite records
Documentation is critical to claim a casualty loss deduction. You’ll need to be able to show:
• That you were the owner of the property or, if you leased it, that you were contractually liable to the owner for the damage,
• The type of casualty and when it occurred,
• That the loss was a direct result of the casualty, and
• Whether a claim for reimbursement with a reasonable expectation of recovery exists.
You also must be able to establish your adjusted basis, reimbursements and, for personal-use property, pre- and post-casualty FMVs.
Additional relief
The IRS has granted tax relief this year to victims of numerous natural disasters, including “affected taxpayers” in Alabama, California, Kentucky, Louisiana, Michigan, Mississippi, New Jersey, New York, Oklahoma, Pennsylvania, Tennessee, and Texas. The relief typically extends filing and other deadlines. (For detailed information for your state visit: https://bit.ly/3nzF2ui.)
Note that you can be an affected taxpayer even if you don’t live in a federally declared disaster area. You’re considered affected if records you need to meet a filing or payment deadline postponed during the applicable relief period are located in a covered disaster area. For example, if you don’t live in a disaster area, but your tax preparer does and is unable to pay or file on your behalf, you likely qualify for filing and payment relief.
A team effort
If you’ve incurred casualty losses this year, tax relief could mitigate some of the financial pain. We can help you maximize your tax benefits and ensure compliance with any extensions.
]]>That all changed on March 11, when President Biden signed the American Rescue Plan Act of 2021 into law. The bill allocates $432 billion in direct financial support to U.S. territories, states, and local and tribal governments. In the following, we highlight how the bill affects state, local, and Tribal governments, and breakdown the details of key provisions.
American Rescue Plan of 2021: Impact on State, Local and Tribal Governments
The American Rescue Plan of 2021 contains wide-ranging programs designed to support state, local, and Tribal governments through the financial crises resulting from the COVID-19 pandemic. These include active support for COVID-19 response and planning, funds for in-state capital improvement projects, emergency housing support, and much more.
Much of the relief funding is allocated and disbursed automatically using metrics that include population, economic conditions, and unemployment rates. While each program has different disbursement details, broadly speaking, payments are delivered in two or more installments, the first coming within a 60-day window following the bill becoming law, and future installments through 2022 and beyond.
Other programs will require state and local authorities to apply for grants based on specific needs.
One of the highlights of the revised funding and plan is looser restrictions on how funds from the Coronavirus State Fiscal Recovery Fund can be utilized. The accepted uses include:
• Funding government services that have been curtailed due to decreases in tax revenue caused by the pandemic.
• Aid to households, small businesses and nonprofits, and impacted industries like tourism, hospitality and travel.
• Making “necessary investments” in water, sewer, or broadband infrastructure.
While potential uses have been broadened, all programs require stringent rules for intended use, tracking and reporting.
Highlights of the American Rescue Plan of 2021
Coronavirus State Fiscal Recovery Fund
50 States and the District of Columbia receive $195.3 billion in aid:
- $25.5 billion will be split evenly among each state and the District of Columbia, with each state and the District of Columbia receiving $500 million in aid.
- $168.55 billion distributed based on each state’s share of total unemployed workers over the period of October 2020 to December 2020.
- District of Columbia receives additional $1.25 billion.
- Tribal governments receive $20 billion (further discussion to come).
- U.S. territories receive $4.5 billion.
- U.S. Treasury receives $50 million to cover costs of administration of the fund.
Coronavirus Local Fiscal Recovery Fund
Local governments to receive $130.2 billion in aid to be split among counties, metropolitan cities, and non-entitlement units of local government:
- Counties receive $65.1 billion in population-adjusted payments, with additional adjustments for Community Development Block Grant (CDBG) recipients.
- Metropolitan cities receive $45.57 billion.
- Non-entitlement units of local government receive $19.53 billion, distributed by individual states and funded by the U.S. Treasury. Each jurisdiction receives population-adjusted payments based on such jurisdiction’s share of the state population.
Coronavirus Capital Projects Fund
$10 billion available for states, territories, and Tribal governments to support critical capital projects directly enabling work, education and health monitoring in response to COVID-19:
- Each state receives $100 million.
- U.S. territories receive $100 million to be split among them.
- Tribal governments and the state of Hawaii receive $100 million to be split among them.
- Remainder of funds to be allocated to states based on population.
NOTE: The Treasury Department will establish an application process for grants from the fund within 60 days of enactment of the law.
Local Assistance and Tribal Consistency Fund
$2 billion for eligible revenue-sharing counties and tribal governments:
- Eligible revenue-sharing counties will receive $750 million allocated based on economic conditions for each FY 2022 and FY 2023.
- Eligible tribal governments will receive $250 million allocated based on economic conditions for each FY 2022 and FY 2023.
NOTE: Payments from this fund may be used for any governmental purpose other than a lobbying activity and will remain available until September 30, 2023.
Other State, Local, and Government Funding Sources
Additional federal government programs have received funding earmarked to support recovery efforts in states, Tribes, and territories. These funds can be applied for via grant applications depending on each government agency’s circumstances.
Homeowner Assistance Fund
$10 billion allocated to states, territories, and tribes through grants to prevent homeowner mortgage defaults, foreclosures, and displacements.
Funds may be used to reduce mortgage principal amounts, assist homeowners with housing payments and other aid needed to prevent eviction, mortgage default, foreclosure, or the loss of utility services.
Funds may also reimburse state and local governments that have provided similar assistance since January 2020.
Each state, along with the District of Columbia and Puerto Rico, will receive at least $50 million. Additional amounts will be set aside for other U.S. territories and tribes.
States, territories, and Tribes receiving funding will have to set aside at least 60% of their allocation to assist homeowners who make less than 100% of the local or national median income.
Homelessness Assistance and Supportive Services Program
$5 billion allocated to state and local governments to provide supportive services for homeless and at-risk individuals. Permitted fund uses include tenant-based rental assistance, housing counseling and homeless prevention services, and acquiring non-congregate shelter units.
Low-Income Home Energy Assistance Program (LIHEAP) and Water Assistance Program
$4.5 billion allocated to fund the LIHEAP program, and $500 million provided in state grants to assist low-income households with drinking water and wastewater services.
FEMA Disaster Relief Fund
$50 billion to reimburse state and local governments for the costs of ongoing COVID-19 response and recovery activities, and other emergencies.
Funding to remain available through FY 2025.
Final thoughts
With billions of dollars in aid becoming available to state, local and tribal government agencies, the use of these funds is going to be tracked very closely by federal regulators. If you have any questions about how funds can be utilized, and how to track and report this use, MGO’s dedicated State and Local Government team can help. Contact Us.
]]>With economic and tax policy a primary focus during the 2020 election, the
winning candidate/party will play a central role in pushing further economic
stimulus forward and determining long-term course for recovery following the
economic fall-out from the COVID-19 pandemic.
With the Biden campaign all but wrapping up the presidential election, businesses
and individuals with overseas concerns must pay close attention to how the
proposed policies of the candidate/party will affect their total tax liability and be prepared to make any changes or updates, in some cases, during the two months
ending the 2020 tax year.
2020 prospective results overview
Biden Victory | 50/50 Senate Split
In the case of a 50/50 split in the Senate, the tie-breaking vote goes to the Vice President, giving de facto Senate leadership to the party in the White House.
The Biden campaign’s proposed tax plan focuses on rolling back tax breaks and “loopholes” for corporations and high-net-worth individuals, specifically related to changes made in the 2017 Tax Cuts and Jobs Act (TCJA). Biden also proposed a number of significant tax breaks and stimulus efforts targeted at spurring growth in historically-disadvantaged communities and the renewable energy sector, while simultaneously rolling back fossil fuel industry subsidies.
Economic Stimulus
In the case of a Biden/Democratic win, it seems unlikely that an out-going President Trump will be motivated to support a new COVID-19 economic stimulus plan before leaving office. On the other hand, an incoming President Biden will likely immediately push for stimulus upon taking office, and will be successful with control over the Senate.
Biden Victory | Republican Senate Majority
Any outcome that has White House and Senate leadership at loggerheads will likely result in the blocking of any major economic and tax policy changes. With Senate Majority Leader Mitch McConnell’s re-election, there is little reason to suspect he’ll alter his long-standing obstructionist stance against Democrat-sponsored and supported bills.
Tax planning considerations
Increase in GILTI Tax Rate
- Accelerate income in 2020 under preferable tax rate.
- Defer deductions until after tax rate is raised.
Changes to Offshoring Tax Breaks and Penalties
- Accelerate overseas manufacturing and imports before tax plans change.
- Consider delaying launching U.S.-based manufacturing expansion until tax benefits are put into place.
Changes to Repatriation Tax Breaks and Penalties
Accelerate plans to move operations overseas before proposed tax penalties can be installed.
Final thoughts
It may be weeks before the full outcome of the election is determined and agreed-upon. This delay could create difficulties for corporations and individuals with overseas interests seeking to avoid tax penalties that could follow a Biden presidency. It is recommended to begin planning for all likely outcomes as soon as possible.
]]>For companies that have already received PPP funding, or expect to in this second wave, now is the time to focus on meeting the conditions for maximal loan forgiveness. In the following we will discuss what the PPP loans are intended for, how to use them for those purposes, and finally, how to document that use when applying for forgiveness.
The basics of PPP
In response to the widespread economic fallout of the COVID-19 pandemic, federal legislators introduced the CARES Act, a historically large economic stimulus program. For many businesses, both large and small, the standout from the program was the creation of the Paycheck Protection Program, which offers forgivable loans designed to help struggling businesses retain employees and make other necessary operational costs.
The popular PPP ran out of funds within two weeks of launch – with many small businesses still desperately in need of funds. The program has since been funded a second time, and there may be future waves of funding, depending how long current stay-at-home orders are maintained and the resulting economic distress.
Loans are being disbursed by approved lenders. You can find a complete list of approved vendors here.
You can access the PPP loan application here.
How PPP funds are to be used
The PPP funds have been made available by federal legislators with the primary purpose of helping employers maintain staffing levels and pay for other costs essential to continued operation for the eight week benefit period that begins when the loan is made.
Qualified expenses for PPP loans include:
- Payroll costs, which include:
- Salary, wages, and commissions, up to a maximum annualized amount of $100,000 per employee.
- Note: Severance pay and bonuses are subject to the annualized cap and should be included in payroll costs.
- Group health benefits, retirement benefits, medical or sick leave, and any state or local taxes assessed on employee compensation.
- Note: Not applicable if tax credits under FFCRA are taken.
- Interest on mortgage obligations that originated before February 15, 2020.
- Rent on lease agreements that were in force prior to February 15, 2020.
- Utilities, including electricity, water, gas, telephone/internet, and transportation that were placed into service prior to February 15, 2020.
A sample of frequently cited costs that DO NOT qualify as PPP expenses include:
- Payments made toward the principal portions of mortgages or other debts;
- Accounts payable;
- Life insurance payments;
- Payments of interest on debts established after February 15, 2020;
- Rent on lease agreements established after February 15, 2020.
Conditions for PPP loan forgiveness
Perhaps the most appealing aspect of the PPP loan program is the offer of forgiveness – up to 100% of the borrowed amount – if you meet specific criteria:
- At least 75% of loan proceeds are used to cover the qualifying costs associated with maintaining payroll over the eight-week period that begins the day the loan is made;
- Employee headcount levels are maintained;
- Compensation levels for employees earning $100,000 or less are maintained; and
- No more than 25% of the total loan amount is used on qualified, non-payroll expenses, including utilities, rent, etc.
Accessing PPP Loan Forgiveness
The lenders providing PPP loans will be responsible for determining loan forgiveness. To receive loan forgiveness, borrowers must apply to their lender. Requirements for forgiveness will include:
- A formal application;
- Documentation verifying employees and pay rates for the applicable 8 week period;
- Documentation supporting other qualified, covered expenses;
- Certification that presented information is true and accurate.
Lenders may require additional documentation, and will determine levels of forgiveness on a case-by-case basis.
Approach to maximizing loan forgiveness – document, document, document
Obviously, the first and most important rule for PPP loan forgiveness is to strictly follow all requirements for how funds can be used within the eight-week period following receiving the loan. But beyond that, an equally essential step is the ability to provide necessary documentation to lenders on how the funds were used to secure forgiveness. Following are some steps for optimizing documentation and record-keeping.
Create an Eight Week Budget Plan
Planning the use of funds will not only help make sure funds are directed to qualified PPP expenses, but will also help make sure the funds are used appropriately within the allotted eight week period.
Track Qualifying Expenses
Keep distinct records of all qualifying expenses PPP funds are used for. Whether a simple Excel spreadsheet or a function of your ERP, tracking expenses will help provide a visual of your organization’s progress, and can be shared with lenders following the eight week period as supplementary documentation.
Utilize Third Party Documentation Whenever Possible
Since payroll costs are at the center of the use of PPP funds, if you use a third party payroll provider, include their reports in your documentation. Similarly for other expenses, save all receipts and other documentation provided by utilities, etc.
Establish Employee Headcount
Maintaining staff numbers is a central component to PPP loan forgiveness. Depending on your organization, you may have time cards or an electronic timekeeping system. Provide copies of the timecards or reports from your timekeeping system to establish you’ve maintained headcount levels.
Rent, Leases and Mortgage Loans
Some lenders may require you to provide copies of rent, lease, and mortgage loan agreements to validate commitments that were in place prior to February 15, 2020. Be prepared to provide copies of these documents when applying for forgiveness.
Communicate with your Lender Ahead of Time
Lenders will have different requirements for establishing PPP loan forgiveness. Maintain an open line of communication with your lender to fully understand the documentation they will need. That way there will be no surprises when it comes time to apply for forgiveness.
Final thoughts
It is important to remember that PPP funds that do not ultimately qualify for forgiveness will convert into low interest loans. With that in mind, it is probably not in your organization’s best interest to bend over backward, altering payroll systems or other operations, to meet PPP forgiveness requirements.
There are a great many technical accounting issues, tax implications, and other complexities surrounding accessing, utilizing, and securing forgiveness for PPP loans. MGO has a dedicated team focused on navigating the various economic stimulus programs enacted to combat the COVID-19 pandemic. To schedule a consultation, please contact us here.
]]>To help combat the economic fallout from the pandemic, the federal government has introduced sweeping legislation to provide emergency relief via loan and grant programs and tax breaks, credits and other incentives.
Sources of relief include:
- SBA Economic Injury Disaster Loans (EIDLS)
- SBA Paycheck Protection Program (PPP)
- Families First Coronavirus Response Act (FFCRA) Tax Credits
- CARES Act Employee Retention Tax Credit
- CARES Act Employer Tax Payment Deferral
Millions of dollars of emergency relief is now available to qualifying organizations, some of which is eligible for 100% forgiveness. Unfortunately application processes are complex and time-sensitive, strict usage rules determine what can be forgiven, and changes to tax code are complex.
MGO has created the attached one-page summary to provide basic details on what your organization may be eligible for, and the levels of relief available.
If you need assistance applying for loans, or applying tax incentives, please do not hesitate to reach out to our team.
]]>
Later in the day, the IRS issued Notice 2020-18 (which supersedes Notice 2020-17) and automatically extends the due date for filing tax returns and making tax payments from April 15 to July 15. No federal extensions need to be filed by April 15, 2020. The Notice does not provide for the deferment of Q2 payments for 2020, however, this should (hopefully) be addressed shortly by Congress (see further below).
Notice 2020-18 removes the cap on the amount of tax payments that can be postponed. The earlier notice set a $1 million cap on individual income tax payments that could be postponed and a $10 million cap on tax payments for corporate taxpayers.
The news follows a previous update issued by Secretary Mnuchin and the IRS earlier this week that extended the deadline for tax payments 90 days to July 15, 2020. That move came under heavy fire from all sides as many were confused by the change (with many misinterpreting it as a deadline change).
The news comes as a big relief for anyone hit hard by the current COVID-19 pandemic, which, at this point, is pretty much everyone. States will be responding to these changes if they have not already expressly stated that they will conform to the IRS’ extended filing and payment due dates.
Tax professionals were among the loudest critics, stating that tremendous obstacles remain for the proper filing of taxes due to quarantine measures, including business shut-downs and restrictions on person-to-person interaction. In an official statement issued on Wednesday, Barry Melancon, CEO of the American Institute of Certified Public Accountants (AICPA), had this to say:
“Nearly 60% of all taxpayers turn to a tax practitioner to prepare and file their tax returns, and individual and business tax filing deadlines are fast approaching. Even the relatively simple process of filing an extension form requires calculations based on data and information from the taxpayer. Given the current environment, this extension process is impossible for many taxpayers.”
The announcement from Secretary Mnuchin arrives ahead of the proposed “Phase Three” economic stabilization package that is expected to include provisions and other measures meant to counter the negative economic impacts of the COVID-19 pandemic.
On March 19th, GOP Senate Majority leader Mitch McConnell delivered an initial draft of the proposed “Phase Three” bill, which includes the following notable provisions for individuals and businesses (as applicable):
- Postponement of estimated tax payments due from the date of enactment until October 15, 2020.
- Delay of estimated tax payments for corporations due after the date of enactment until October 15, 2020.
- Delay of payment of employer payroll taxes (deferred employer-share of payroll taxes to be paid over following two years).
- Five year Net Operating Losses (NOL) carryback for 2018, 2019 or 2020 losses, temporary removal of 80% NOL limitation, and modification of pass-thru loss limitation.
- Acceleration of corporate AMT credit refunds.
- Changes to Section 163(j), which will increase the 30% interest deduction limitation to 50% for 2019 and 2020.
- Technical corrections to the 2017 tax reform act regarding qualified improvement property (QIP), Section 965 overpayment refunds, and downward attribution rules.
Leaders in the Senate are currently negotiating the “Phase Three” bill and legislation is expected to be revised, voted on, and approved by President Trump within the next few days. When that legislation is finalized we will provide a recap and analysis of all provisions.
Lawmakers are also developing a “Phase Four” package, responding to a call for an additional $46 billion in emergency supplemental funding. No draft has been shared but these stimulus packages have been fast-tracked by bipartisan support and passage of that legislation could arrive as early as next week.
In the meantime, we recommend that anyone who can, should, file their taxes as soon as possible. Especially if they are due for a tax refund. The IRS has stated they are processing returns and making tax rebate payments. Receiving this money will provide a measure of liquidity for anyone currently experiencing a cash crunch due to the COVID-19 pandemic.
]]>To contextualize the parameters, Mnuchin stated:
“If you owe a payment to the IRS, you can defer up to $1 million as an individual — and the reason we are doing $1 million is because that covers pass-throughs and small businesses — and $10 million for corporations, interest-free and penalty-free for 90 days.”
It is essential to note the change does not extend the April 15th deadline. The IRS still expects all returns to be filed on-time, they are simply providing an option for penalty-free deferment. Taxpayers will still be required to pay their tax bill in full at the end of the deferment period, barring any additional government relief.
In his briefing, Mnuchin also made a point of clarifying that taxpayers can still file for the standard six month extension, which extends filing and payment due dates to October 15, 2020.
The move by the IRS is positioned to have a two-fold effect on individuals and businesses experiencing a ‘cash crunch’ due to the COVID-19 outbreak. By delaying payments on tax debts, affected individuals and businesses can use the additional 90 days to build the cash reserves necessary to make their tax payment. This provides much-needed breathing room for those in industries directly affected by the outbreak, including the travel and service industries (hospitality, restaurant/dining, etc.)
The second beneficial impact is aimed at providing a boost to the U.S. economy. By Mnuchin’s calculations, the plan will free-up as much as $300 billion in would-be tax payments, creating “an enormous amount of liquidity in the system.” This gives individuals and corporations flexibility when it comes to everything from business and investing activities, to making necessary purchases during quarantine periods.
Many tax payers and tax professionals were hoping for an extension to the April 15th deadline, as quarantine measures and other obstacles are making it difficult for many to access the necessary information to file on time.
The IRS is still processing tax returns and issuing refunds. For taxpayers in need of the refund to mitigate cash problems, filing as soon as possible remains the recommended approach.
The IRS has issued formal guidance on this issue, which can be found here.
If you have any questions regarding the new payment dates, the status of filings, or other tax issues please reach out to us for a consultation.
]]>Everything changes, except when it doesn’t
Time and time again we’ve seen reactions to various accounting scandals, after which new policies, procedures, and legislation are created and implemented. An example of this is the Sarbanes-Oxley Act (SOX) of 2002, which was a direct result of the accounting scandals at Enron, WorldCom, Global Crossing, Tyco, and Arthur Andersen.
SOX was established to provide additional auditing and financial regulations for publicly held companies to address the failures in corporate governance. Primarily it sets forth a requirement that the governing board, through the use of an audit committee, fulfill its corporate governance and oversight responsibilities for financial reporting by implementing a system that includes internal controls, risk management, and internal and external audit functions.
Governments experience challenges and oversight responsibility similar to those encountered by corporate America. Governance risks can be mitigated by applying the provisions of SOX to the public sector.
Some states and local governments have adopted similar requirements to SOX but, unfortunately, in many cases only after cataclysmic events have already taken place. In California, we only need to look back at the bankruptcy of Orange County and the securities fraud investigation surrounding the City of San Diego as examples of audit committees that were established in response to a breakdown in governance.
Taking your audit committee on the right mission
Governments typically establish audit committees for a number of reasons, which include addressing the risk of fraud, improving audit capabilities, strengthening internal controls, and using it as a tool that increases accountability and transparency. As a result, the mission of the audit committee often includes responsibility for:
- Oversight of the external audit.
- Oversight of the internal audit function.
- Oversight for internal controls and risk management.
Chart(er) your course
Most successful audit committees are created by a formal mandate by the governing board and, in some cases, a voter-approved charter. Mandates establish the mission of the committee and define the responsibilities and activities that the audit committee is expected to accomplish. A wide variety of items can be included in the mandate.
Creating the governing board’s resolution is the first step on the road to your audit committee’s success.
Follow the leader(ship)
In practice we see a combination of these attributes, ranging from the full board acting as the audit committee, committees with one or more independent outsiders appointed by the board, and/or members from management and combinations of all of the above. While there are advantages and disadvantages for all of these approaches, each government needs to evaluate how to work within their own governance structure to best arrive at the most workable solution.
Strike the right balance between cost and risk
The overriding responsibility of the audit committee is to perform its oversight responsibilities related to the significant risks associated with the financial reporting and operational results of the government. This is followed closely by the need to work with management, internal auditors and the external auditors in identifying and implementing the appropriate internal controls that will reduce those risks to an acceptable level. While the cost of establishing and enforcing a level of zero risk tolerance is cost prohibitive, the audit committee should be looking for the proper balance of cost and a reduced level of risk.
Engage your audit committee with regular meetings
Depending on the complexity and activity levels of the government, the audit committee should meet at least three times a year. In larger governments, with robust systems and reporting, it’s a good practice to call for monthly meetings with the ability to add special purpose meetings as needed. These meetings should address the following:
External Auditors
- Confirmation of the annual financial statement and compliance audit, including scope and timing.
- Ad hoc reporting on issues where potential fraud or abuse have been identified.
- Receipt and review of the final financial statements and auditor’s reports
- Opinion on the financial statements and compliance audit;
- Internal controls over financial reporting and grants; and
- Violations of laws and regulations.
Internal Auditors
- Review of updated risk assessments over identified areas of risk.
- Review of annual audit plan, including status of the prior year’s efforts.
- Status reports of ongoing and completed audits.
- Reporting of the status of corrective action plans, including conditions noted, management’s response, steps taken to correct the conditions, expected time-line for full implementation of the corrective action and planned timing to verify the corrective action plan has been implemented.
Establish resources that are at the ready
Audit committees should be given the resources and authority to acquire additional expertise as and when required. These resources may include, but are not limited to, technical experts in accounting, auditing, operations, debt offerings, securities lending, cybersecurity, and legal services.
Taking extra steps now will save time later
While no system can guarantee breakdowns will not occur, a properly established audit committee will demonstrate for both elected officials and executive management that on behalf of their constituents they have taken the proper steps to reduce these risks to an acceptable tolerance level. History has shown over and over again that breakdowns in governance lead to fraud, waste and abuse. Don’t be deluded into thinking that it will never happen to your organization. Make sure it doesn’t happen on your watch.
]]>