insightsArticles

Read this if you have a responsibility for victim notification.

Is your state complying with state and federal victim notification system statutes? How do you know if you are (or aren’t)? The federal government passed the Victims’ Rights and Restitution Act in 1990. This act requires all federal law enforcement officers and employees to make their best efforts to accord victims of crime with the right to be notified of offender status changes (i.e., movement from incarceration to the community). All states have similar statutes; many are more prescriptive and specific to each state.

You may be thinking “we have implemented a victim notification system, we’re all set.” To be sure, it’s best practice to ask yourself these questions:

• Does my state use multiple victim notification systems, possibly one for the Department of Corrections, and others in use for jails, courts, or by the prosecutor’s office?
• Do victims understand how to register and use the system(s)?
• If you have multiple systems in use across your state, do victims know they must register in each (assuming that the offender is nomadic)?
• Are the systems interfacing with the victim notification system to provide real-time updates regarding offender status changes and movements, or is the data reliant on human entry alone?
• Is there redundancy in your victim notification approach? Are you relying solely on the victim notification system for statutory compliance, or are there other measures in place?
• Have you defined the term “victim” in your state? How do you distinguish “known victims” from “interested parties”? Are these two groups treated equally in your victim notification systems and processes?

As we have explored these questions with various corrections clients, we’ve found that states address them in unique ways. In many cases, initial information regarding victims is captured on a pad of paper; in some, that information is never transposed into electronic form. Smaller, rural jails are more inclined to manually reach out to victims in their tight-knit communities, while jails in larger jurisdictions may not have the capacity to do so, and rely much more heavily on automation to comply with victim notification requirements. 

Many states use multiple victim notification systems (jails may use one system, while prisons use another), without integrating them to share data about offender movements and victim registrations. This results in a gap of service to victims likely unaware of the ramifications of having multiple, disparate victim notification systems. Many mature victim notification systems have the ability to interface with systems such as offender management systems (typically managed by the state’s department of corrections), jail management systems (typically managed by each county sheriff’s office), prosecution systems, and others. 

These system integrations are critical to reducing redundancy and increasing the timeliness with which both offender and victim data is entered into the victim notification system and used to trigger the notifications themselves.

So how can you assess your processes? The first step is to determine if your state has a problem with, or compliance gap between current practices and victim notification statutes. Here are some steps you can take to assess your situation:

1. Review the victim notification statutes in your state
2. Inventory the victim notification systems in use across your state, including any interfaces that may exist with the systems described earlier
3. Talk to victim advocates to learn more about how they use the systems to augment their efforts
4. Connect with representatives within your state department of corrections, sheriff’s offices, prosecutors, courts, probation, and other groups that may be providing some level of victim advocacy and learn more about their concerns

If this is all overwhelming, try and take it one step at a time. You can also engage a professional consulting firm that can help you organize and systematically assess the problem, then collaborate with you to develop a plan to close the gaps. 

If you have questions about your specific situation, please contact our Justice & Public Safety team. We're here to help. To learn more about other choices in victim notification procedures and systems, stay tuned for our second article in this series, where we explore options for acquiring and implementing a statewide victim notification system.

Read this if your agency is planning to procure a services vendor.

In our previous article, we looked at three primary areas we, or a potential vendor, consider when responding to a request for services. In this follow-up, we look at additional factors that influence the decision-making process on whether a potential vendor decides to respond to a request for services.

• Relationship with this state/entity―Is this a state or client that we have worked with before? Do we understand their business and their needs?
  
  A continuing relationship allows us to understand the client’s culture and enables us to perform effectively and efficiently. By establishing a good relationship, we can assure the client that we can perform the services as outlined and at a fair cost.
• Terms and conditions, performance bonds, or service level agreements―Are any of these items unacceptable? If there are concerns, can we request exceptions or negotiate with the state?
  
  When we review a request for services our legal and executive teams assess the risk of agreeing to the state’s terms and compare them against our existing contract language. States might consider requesting vendors provide exceptions to terms and conditions in their bid response to open the door for negotiations. Not allowing exceptions can result in vendors assuming that all terms are non-negotiable and may limit the amount of vendor bid responses received or increase the cost of the proposal.
  
  The inclusion of well-defined service level agreements (SLAs) in requests for proposals (RFPs) can be an effective way to manage resulting contracts. However, SLAs with undefined or punitive performance standards, compliance calculations, and remedies can also cause a vendor to consider whether to submit a bid response.
  
  RFPs for states that require performance bonds may result in significantly fewer proposals submitted, as the cost of a performance bond may make the total cost of the project too high to be successfully completed. If not required by law that vendors obtain performance bonds, states may want to explore other effective contractual protections that are more impactful than performance bonds, such as SLAs, warranties, and acceptance criteria.
• Mandatory requirements―Are we able to meet the mandatory requirements? Does the cost of meeting these requirements keep us in a competitive range?
  
  Understanding the dichotomy between mandatory requirements and terms and conditions can be challenging, because in essence, mandatory requirements are non-negotiable terms and conditions. A state may consider organizing mandatory requirements into categories (e.g., system requirements, project requirements, state and federal regulations). This can help potential vendors determine whether all of the mandatory requirements are truly non-negotiable. Typically, vendors are prepared to meet all regulatory requirements, but not necessarily all project requirements.
• Onsite/offsite requirements―Can we meet the onsite/offsite requirements? Do we already have nearby resources available? Are any location requirements negotiable?
  
  Onsite/offsite requirements have a direct impact on the project cost. Factors include accessibility of the onsite location, frequency of required onsite participation, and what positions/roles are required to be onsite or local. These requirements can make the resource pool much smaller when RFPs require staff to be located in the state office or require full-time onsite presence. And as a result, we may decide not to respond to the RFP.
  
  If the state specifies an onsite presence for general positions (e.g., project managers and business analysts), but is more flexible on onsite requirements for technical niche roles, the state may receive more responses to their request for services and/or more qualified consultants.
• Due date of the proposal―Do we have the available proposal staff and subject matter experts to complete a quality proposal in the time given?
  
  We consider several factors when looking at the due date, including scope, the amount of work necessary to complete a quality response, and the proposal’s due date. A proposal with a very short due date that requires significant work presents a challenge and may result in less quality responses received.
• Vendor available staffing―Do we have qualified staff available for this project? Do we need to work with subcontractors to get a complete team?
  
  We evaluate when the work is scheduled to begin to ensure we have the ability to provide qualified staff and obtain agreements with subcontractors. Overly strict qualifications that narrow the pool of qualified staff can affect whether we are able to respond. A state might consider whether key staff really needs a specific certification or skill or, instead, the proven ability to do the required work.
  
  For example, technical staff may not have worked on this particular type of project, but on a similar one with easily transferable skills. We have several long-term relationships with our subcontractors and find they can be an integral part of the services we propose. If carefully managed and vetted, we feel subcontractors can be an added value for the states.
• Required certifications (e.g., Project Management Professional^® (PMP^®), Cybersecurity and Infrastructure Security Agency (CISA) certification)―Does our staff have the required certifications that are needed to complete this project?
  
  Many projects requests require specific certifications. On a small project, maybe other certifications can help ensure that we have the skills required for a successful project. Smaller vendors, particularly, might not have PMP®-certified staff and so may be prohibited from proposing on a project that they could perform with high quality.
• Project timeline―Is the timeline to complete the project reasonable and is our staff available during the timeframe needed for each position for the length of the project?
  
  A realistic and reasonable timeline is critical for the success of a project. This is a factor we consider as we identify any clear or potential risks. A qualified vendor will not provide a proposal response to an unrealistic project timeline, without requesting either to negotiate the contract or requesting a change order later in the project. If the timeline is unrealistic, the state also runs the risk that the vendor will create many change requests, leading to a higher cost.

Other things we consider when responding to a request for services include: is there a reasonable published budget, what are the minority/women-owned business (M/WBE) requirements, and are these new services that we are interested in and do they fit within our company's overall business objectives?

Every vendor may have their own checklist and/or process that they go through before making a decision to propose on new services. We are aware that states and their agencies want a wide-variety of high-quality responses from which to choose. Understanding the key areas that a proposer evaluates may help states provide requirements that lead to more high-quality and better value proposals. If you would like to learn more about our process, or have specific questions, please contact the Medicaid Consulting team.

Read this if you are a bank.

On October 20, 2020, the FDIC Board of Directors voted to issue an interim final rule (the Rule) to provide temporary relief from the Part 363 Audit and Reporting requirements. Banks have experienced increases to their consolidated total assets as a result of large cash inflows resulting from participation in the Paycheck Protection Program (PPP) and the effects of other government stimulus efforts. 

Since these inflows may be temporary, but are significant and unpredictable, the Rule allows banks to determine the applicability of Part 363 of the FDIC’s regulations, Annual Independent Audits and Reporting Requirements, for fiscal years ending in 2021 based on the lesser of the bank’s:

1. consolidated total assets as of December 31, 2019, or
2. consolidated total assets as of the beginning of its fiscal year ending in 2021.

This Rule provides relief to banks that were going to meet the $1 billion FDICIA internal control audit requirement, or the $500 million management report and independence requirements, for 2021 due to asset growth from PPP loan activity and deposit liquidity. 

Note, a bank may be required to comply with one or more requirements of Part 363 if the FDIC determines that asset growth was related to a merger or acquisition. 

Planning tip

Despite the temporary relief, based on pre-COVID total assets and organic growth, banks could meet the requirements in 2022. Therefore, we recommend banks continue preparing internal control over financial reporting documentation and conduct preliminary testing to ensure a comfortable project timeline and smooth implementation. 

If any questions arise, please contact the BerryDunn FDICIA compliance team. We're here to help.
 

Read this if you are a renewable energy producer, investor, or installer.

As Election Day approaches, much if not all of the nation’s attention is focused on the global COVID-19 pandemic, the millions of people it has affected, and its effect on the global economy. What haven’t been prominent in presidential election news are the different policy approaches of the two candidates. In the renewable energy sector, the differences are stark. Here is a brief look at those differences and tax approaches of the candidates.

General tax information: Trump 

Traditionally at this time in an election year we’re presented with tax plans from both candidates. While these are campaign promises and may not fully come to fruition after the election, they can shed light on what each candidate plans to prioritize if elected. As the incumbent candidate in this election, Donald Trump has not provided much detail on his tax plans for the next four years, as noted by the Tax Foundation’s Erica York:

“While light on detail, the agenda includes a few tax policy items like expanding existing tax breaks, creating credits for specific industries and activities, and unspecified tax cuts for individuals. The president has also expressed support for other policy changes related to capital gains and middle-class tax cuts. Of note, none of the campaign documents so far have detailed a plan for the expiring provisions under the 2017 Tax Cuts and Jobs Act (TCJA).”

The president’s main priorities have been growing the economy and creating jobs, both of which have taken a massive hit in 2020 due to the pandemic. President Trump has had little else to say on his plans for a second term other than extending the sunset of the Tax Cuts and Jobs Act (TCJA) of 2017 to 2025, or the end of this coming term. One of the items that could be considered is an expansion of the Opportunity Zone program, providing a tax deferral for investment in specified economically distressed areas.

Another item is how Net Operating Losses (see our prior blog post on this topic) will be treated and whether or not the TCJA or the Coronavirus Aid, Relief, and Economic Security (CARES) Act rules will be the ones used in the future. With the recent New York Times article detailing the president’s tax filings and showing how he took advantage of the NOL rules, it’s still a guess as to how that could impact the tax policy around NOLs going forward.  

Trump energy plan: fossil fuels first

In the energy sector, Trump’s focus has been on bolstering the oil and gas industry, while also trying to revive the flagging coal industry, and it appears his focus will continue in that vein. His proposed budget continues to provide tax breaks for fossil fuel companies, while planning to repeal renewable energy tax credits. Prior to his election in 2016, the renewable energy sector was somewhat hopeful that the benefits of increased jobs provided by the industry would be appealing to the President. This hasn’t played out over the last four years and with current energy credits scheduled to phase out and unprecedented unemployment, the jobs being provided by this sector may be part of the formula to help sway the administration to extending or expanding these programs.

General tax information: Biden 

Biden, as the challenger, has a much more detailed tax plan laid out. As expected, it is very different from the direction the Trump presidency has taken regarding taxes. A brief summary of his plan:

Raise taxes on individuals with income above $400,000, including:

• Raising the top individual income tax bracket from 37% back to 39.6%
• Removing the preferential treatment of long-term capital gains for taxpayers with income over $1 million
• Creating additional phase outs of itemized and other deductions 
• Instituting additional payroll taxes related to funding social security
• Expanding the Child Tax Credit up to $8,000 for two or more children

Biden’s plan would also raise taxes on corporations:

• Raising the corporate income tax rate from 21% to 28% 
• Imposing a corporate minimum tax on corporations with book profits of $100 million or higher.

According to the Tax Foundation’s analysis of Biden’s tax plan:  

“[Expectations are that it] would raise tax revenue by $3.05 trillion over the next decade on a conventional basis. When accounting for macroeconomic feedback effects, the plan would collect about $2.65 trillion the next decade. This is lower than we originally estimated due to the revenue effects of the coronavirus pandemic and economic downturn.”…“On a conventional basis, the Biden tax plan by 2030 would lead to about 6.5 percent less after-tax income for the top 1 percent of taxpayers and about a 1.7 percent decline in after-tax income for all taxpayers on average.”

Taxpayers earning more than $400,000 a year, and investors who have enjoyed preferential treatment and lower tax rates on capital gains will certainly pause at this proposal. While Trump’s tax policy has been to lower taxes in these areas to spur investment in the economy, Biden’s plan shows the need to generate tax revenue in order to cover the massive amounts spent during the COVID-19 pandemic.  

Biden energy plan: renewables first

Joe Biden’s energy policy is focused on climate change and renewable energy. In addition to ending tax subsidies for fossil fuels, his platform proposes investing $2 trillion over four years for clean energy across sectors, recommit to the Paris agreement, and achieve 100% clean energy by 2035.

Other Biden initiatives include:

• Improving energy efficiency of four million existing buildings
• Building one and a half million energy-efficient homes and public housing
• Expanding several renewable-energy-related tax credits
• Installing 500 million solar panels within five years 
• Restoring the Energy Investment Tax Credit (ITC) and the Electric Vehicle Tax Credit

Indeed, over the past decade the Democratic Party has been a proponent of investment in and expansion of renewable energy technologies. While increased taxes will certainly cause many business owners and investors to pause, and any changes will need to be passed by Congress, it is encouraging to the renewable energy sector that Biden’s policy platform states goals related to increasing renewable energy in the United States.

As one might expect during this era of the two main political parties being so far apart from each other on policy, the proposed tax plans of both candidates also stand in fairly stark contrast, as does their approach to the United States’ energy sources in the coming decade. There are benefits and consequences to both plans, which will have an impact beyond the 2020 election.  
 

Read this if your agency is planning to procure a services vendor. 

Every published request for services aims to acquire the highest-quality services for the best value. Requests may be as simple as an email to a qualified vendor list or as formal as a request for proposal (RFP) published on a state’s procurement website. However big or small the request, upon receiving it, we, or a potential vendor, triages it using the following primary criteria:

1. Scope of services―Are these services or solutions we can provide? If we can’t provide the entire scope of services, do we have partners that can?
   As a potential responding vendor, we review the scope of services to see if it is clearly defined and provides enough detail to help us make a decision to pursue the proposal. Part of this review is to check if there are specific requests for products or solutions, and if the requests are for products or solutions that we provide or that we can easily procure to support the scope of work. 
2. Qualifications―What are the requirements and can we meet them?
   We verify that we can supply proofs of concept to validate experience and qualification requirements. We check to see if the requirements and required services/solutions are clearly defined and we confirm that we have the proof of experience to show the client. Strict or inflexible requirements may mean a new vendor is unable to propose new and innovative services and may not be the right fit.
3. Value―Is this a service request that we can add value to? Will it provide fair compensation?
   We look to see if we can perform the services or provide the solution at a rate that meets the client’s budget. Sometimes, depending upon the scope of services, we can provide services at a rate typically lower than our competitors. Or, conversely, though we can perform the scope of services, the software/hardware we would have to purchase might make our cost lower in value to the client than a well-positioned competitor.

An answer of “no” on any of the above questions typically means that we will pass on responding to the opportunity. 

The above questions are primary considerations. There are other factors when we consider an opportunity, such as where the work is located in comparison to our available resources and if there is an incumbent vendor with a solid and successful history. We will consider these and other factors in our next article. If you would like to learn more about our process, or have specific questions, please contact the Medicaid Consulting team.
 

Read this if you administer a 401(k) plan.

On December 20, 2019, the Setting Every Community up for Retirement Enhancement (SECURE) Act was signed into law. The SECURE Act makes several changes to 401(k) plan requirements. Among those changes is a change to the permissible minimum service requirements.  
 
Many 401(k) retirement plan sponsors have elected to set up minimum service requirements for their plan. Such requirements help eliminate administrative burden of offering participation to part-time employees who may then participate in the plan for a short period of time and then keep their balance within the plan. Although plan sponsors do have the ability to process force-out distributions for smaller account balances, a minimum service requirement, such as one year of service, can help eliminate this situation altogether.  

Long-term part-time employees now eligible

The SECURE Act will now require that long-term part-time employees be offered participation in 401(k) plans if they are over the age of 21. The idea behind the requirement is that 401(k) plans are responsible for an increasingly larger amount of employees’ retirement income. Therefore, it is essential that part-time employees, some of which may not have a full-time job, have the ability to save for retirement.  
 
Long-term is defined as any employee who works three consecutive years with 500 or more hours worked each year. This new secondary service requirement becomes effective January 1, 2021. Previous employment will not count towards the three-year requirement. Therefore, the earliest a long-term part-time employee may become eligible to participate in a plan under the secondary service requirement is January 1, 2024.  

403(b) plans not affected 

Please note this provision is only applicable for 401(k) plans and does not impact 403(b) plans, which are subject to universal availability. Furthermore, although long-term part-time employees will be allowed to make elective deferrals into 401(k) plans, management may choose whether to provide non-elective or matching contributions to such participants. These participants also may be excluded from nondiscrimination and top-heavy requirements.  
 
This requirement will create unique tracking challenges as plans will need to track hours worked for recurring part-time employees over multiple years. For instance, seasonal employees who elect to work multiple seasons may inadvertently become eligible. We recommend plans work with their record keepers and/or third-party administrators to implement a tracking system to ensure participation is offered to those who meet this new secondary service requirement. If a feasible tracking solution does not exist, or plans do not want to deal with the burden of tracking such information, plans may also consider amending their minimum service requirements by reducing the hours of service requirement from 1,000 hours to 500 hours or less. However, this may allow more employees to participate than under the three-year, 500-hour requirement and may increase the employer contributions each year. 

If you have questions regarding your particular situation, please contact our Employee Benefit Audits team. We’re here to help.

Read this is you are a business owner or an advisor to business owners.

With continued uncertainty in the business environment stemming from the COVID-19 pandemic, now may be a good time to utilize trust, gift, and estate strategies in the transfer of privately held business interests. 

As discussed in our May 26, 2020 article 2020 estate strategies in times of uncertainty for privately held business owners, there may be opportunity to free up considerable portions of lifetime gift and estate tax exemption amounts. This is possible due to suppressed values of privately held businesses and the uncertainty surrounding the impact of the 2020 presidential election on tax rates and future exemption and exclusion thresholds.

An element to consider is the ability to transfer non-controlling interests in a business. These interests are potentially subject to discounts for lack of control and lack of marketability. The discounts may further reduce the overall value transferred through a given strategy, potentially offloading a larger percentage of ownership in a business while retaining large portions of the gift and estate lifetime exemption. Part I of this series focused on the discount for lack of control. In Part II, let’s focus on the discount for lack of marketability.

Discount for lack of marketability

In the context of a hypothetical willing buyer and willing seller, the buyer may place a greater value on an ownership interest of an investment that is “marketable.” Marketable investments can be bought and sold easily and offer the ability to extract liquidity compared to an interest where transferability and marketability are limited. 

Simply put, buyers would rather own investments they can sell easily, and will pay less for the investment if it lacks this ability. Non-controlling interests in private businesses lack marketability—few people are interested in investing in a business where control rests in someone else’s hands. Discounts for lack of control commonly reduce the value of the transferred interest by 5% to 15%, discounts for lack of marketability can drop value of the business by 25% to 35%.

Market-based evidence of proxies for discounts for lack of marketability can be found within the following resources, studies, and methods (including, but not limited to):

• Various restricted stock studies
• The Quantitative Marketability Discount Model (QMDM) developed by Z. Christopher Mercer
• Various pre-initial public offering studies
• Option pricing models
• Other discounted cash flow models

In addition to these resources, to fully assess the degree of discount applicable to a subject interest, consider company-specific factors when estimating the discount for lack of marketability. The degree of marketability is dependent upon a wide range of factors, such as the payment of dividends, the existence of a pool of prospective buyers, the size of the interest, any restrictions on transfer, and other factors. 

To establish a comprehensive view on the applicable degree of discount, here are more things go consider. In a ruling on the case Mandelbaum v. Commissioner¹, Judge David Laro outlined the primary company-specific factors affecting the discount for lack of marketability, including:

1. Restrictions on transferability and withdrawal
2. Financial statement analysis
3. Dividend policy
4. The size and nature of the interest
5. Management decisions
6. Amount of control in the transferred shares

Conclusion

Business owners are knowledgeable of the facts and circumstances surrounding a business interest. They take a close look at what they are buying before they make an offer. Like most people, they prefer investments they can readily convert into cash, and are therefore generally not willing to pay the pro-rata value for a minority interest in a business when the interest lacks marketability. To assess an appropriate discount for lack of marketability, consider resources such as those referred to above, then ensure selected discounts are appropriate based on the factors specific to the company and interest being valued. 

Our mission at BerryDunn remains constant in helping each client create, grow, and protect value. If you have questions about your unique situation, or would like more information, please contact the business valuation consulting team.

Part III of this series will focus on the application of DLOC and DLOM to a subject interest.

¹Mandelbaum v. Commissioner, T.C. Memo 1995-255 (June 13, 1995).

Read this if you are a bank with over $1 billion in assets.

It’s no secret COVID-19 has had a substantial impact on the economy. As unemployment soared and the economy teetered on the edge of collapse, unprecedented government stimulus attempted to stymie the COVID-19 tidal wave. One tool used by the government was the creation of the Paycheck Protection Program (PPP). Part of the Coronavirus Aid, Relief, and Economic Security (CARES) Act, the PPP initially authorized the lending of $349 billion to encourage businesses to keep workers employed and cover certain operating expenses during the coronavirus pandemic. The PPP was then extended through August 8, 2020 with an additional $310 billion authorized.

Many financial institutions scrambled to free up resources and implement processes to handle the processing of PPP loan applications. However, such underwriting poses unique challenges for financial institutions. PPP loans are 100% guaranteed by the US Small Business Administration (SBA) if the borrowers meet certain criteria. Establishing appropriate controls over the loan approval and underwriting process is more a matter of ensuring compliance with the PPP, rather than ensuring the borrower can repay their loan.

Federal Deposit Insurance Corporation Improvement Act of 1991 compliance 

Banks with total assets over $1 billion as of the beginning of their fiscal year must comply with the Federal Deposit Insurance Corporation Improvement Act of 1991 (FDICIA). Amongst other things, FDICIA requires management perform an assessment and provide a resulting attestation on the operating effectiveness of the bank’s internal controls over financial reporting (ICFR) as of the bank’s fiscal year-end. Although this attestation is as of year-end, management must perform testing of the bank’s ICFR throughout the bank’s fiscal year to obtain sufficient evidence regarding the operating effectiveness of ICFR as of year-end. Key controls over various transaction cycles are typically housed in a matrix, making it easy for management and other users, such as independent auditors, to review a bank’s key ICFR. 

Internal control documentation

If the process for originating PPP loans is different from the bank’s process for traditional loan products, it’s likely the internal controls surrounding this process is also different. Given that $659 billion in PPP loans have been granted to date, it is possible PPP loans may be material to individual banks’ balance sheets. If PPP loans are material to your bank’s balance sheet, you should consider the controls that were put in place. If the controls are deemed to be different from those already documented for other types of loans, you should document such controls as new controls in your FDICIA matrix and test accordingly.

As noted earlier, the risks a financial institution faces with PPP loans are likely different from traditional underwriting. If these unique risks could impact amounts reported in the financial statements, it’s smart to address them through the development of internal controls. Banks should assess their individual situations to identify any risks that may have not previously existed. For instance, given the volume of PPP loans originated in such a short period of time, quality control processes may have been stretched to their limits. The result could be PPP loans inaccurately set up in the loan accounting system or loan files missing key information. Depending on the segregation of duties, the risk could even be the creation of fictitious PPP loans. A detective internal control that could address inaccurate loan setup would be to scan a list of PPP loans for payment terms, maturity dates, or interest rates that appear to be outliers. Given the relatively uniform terms for PPP loans, any anomalies should be easily identifiable. 

Paycheck Protection Program loan fees

Aside from internal controls surrounding the origination of PPP loans, banks may also need to consider documenting internal controls surrounding PPP loan fees received by the SBA. Although the accounting for such fees is not unique, given the potential materiality to the income statement, documenting such a control, even if it is merely addressing the fees in an already existing control, exhibits that management has considered the impact PPP loan fees may have on their ICFR. 

The level of risk associated with PPP loan fees may differ from institution to institution. For instance, a bank that is calculating its PPP loan fees manually rather than relying on the loan accounting system to record and subsequently recognize income on these fees, inherently has more risk. This additional level of risk will need to be addressed in the development and documentation of internal controls. In this example, a periodic recalculation of PPP loan fees on a sample basis, including income recognition, may prove to be a sufficient internal control.

With the calendar year-end fast approaching, it is time to take a hard look at those FDICIA matrices, if you haven’t already done so:

• Consider what has changed at your bank during the fiscal year and how those changes have impacted the design and operation of your internal controls. 
• Ensure that what is happening in practice agrees to what is documented within your FDICIA matrix. 
• Ensure that new activities, such as the origination of PPP loans, are adequately documented in your FDICIA matrix. 

With Congress considering another round of PPP loans, there is no time like the present to make sure your bank is ready from an ICFR perspective. If you have questions about your specific situation, or would like more information, please contact the FDICIA compliance team. 

Read this if you are a State Medicaid Director, State Medicaid Chief Information Officer, State Medicaid Project Manager, or State Procurement Officer—or if you work on a State Medicaid Enterprise System (MES) certification or modernization efforts.

You can listen to the companion podcast to this article now:

Over the last two years, the Centers for Medicare and Medicaid Services (CMS) has undertaken an effort to streamline Medicaid Enterprise System (MES) certification. During this time, we have been fortunate enough to have been a trusted partner in several states working to evolve the certification process. Through this collaboration with CMS and state partners, we have been in front of recent certification trends. 

What is outcomes-based certification (OBC)? 

OBC (or streamlined modular certification) is a fascinating evolution in MES certification. OBC represents a fundamental rethinking of certification and how we measure the success of system implementation and modernization efforts. The prior certification approach, as many know it, is centrally focused on technical capability, answering the question, “Can the system perform the required functions?” 

OBC represents a shift away from this technical certification and toward business process improvement, instead answering the question, “How is this new technology enhancing the Medicaid program?” Or, put differently, “Is this new technology helping my Medicaid program achieve its desired outcomes?” 

What are the key differences between the MECT and OBC? 

To understand the differences, we have to first talk about what isn’t changing. Technical criteria still exist, but only so far as CMS is confirming compliance with core regulatory and statutory requirements—including CMS’ Standards and Conditions. That’s about the extent of the similarities. In addition to pivoting to business process improvement, we understand that CMS is looking to generalize certification under this new approach, meaning that we wouldn’t see the same Medicaid Information Technology Architecture (MITA)-tied checklists like Provider Management, or Decision Support Systems. Instead, we might expect more generalized guidance that would allow for a more tailored certification. 

Additionally, OBC introduces outcomes statements which serve as the guiding principles for certification. Everything, including the technical criteria, roll-up into an outcome statement. This type of roll up might actually feel familiar, as we see a similar structure in how Medicaid Enterprise Certification Toolkit (MECT) criteria rolled up into critical success factors. 

The biggest difference, and the one states need to understand above all else, is the use of key performance indicators (KPIs). These KPIs aren’t just point-in-time certification measures, they are expected to be reported against regularly—say, quarterly—in order to maintain enhanced funding. Additionally, it’s likely that each criterion will have an associated KPI, meaning that states will continue to be accountable to these criteria long after the Certification Final Review. 

How are KPIs developed? 

We’ve seen KPIs developed in two ways. For more strategic, high level KPIs, CMS develops a baseline set of KPIs heading into collaborating with a state on an OBC effort. In these instances, CMS has historically sought input on whether those KPIs are reasonable and can be easily reported against. CMS articulates what it wants to measure conceptually, and works with a state to ensure that the KPI achieves that within the scope of a state’s program.  

For KPIs specific to a state’s Medicaid program, CMS engages with states to draft new KPIs. In these instances, we’ve seen CMS partner with states to understand the business need for the new system, how it fits into the Medicaid enterprise, and what the desired outcome of the particular approach is. 

What should states consider as they plan for MES procurements? 

While there might be many considerations pertaining to OBC and procurements, two are integral to success. First—as CMS noted in the virtual MESC session earlier this month—engage CMS at the idea stage of a project. Experience tells us that CMS is ready and willing to collaborate with—and incorporate the needs of—states that engage at this idea stage. That early collaboration will help shape the certification path. 

Second, consider program outcomes when conceptualizing the procurement. Keep these outcomes central to base procurement language, requirements, and service level agreements. We’re likely to see the need for states to incorporate these outcomes into contracts. 

What does this mean for MES modularity and scalability? 

Based on our current understanding of the generalization of certification, states, and subsequently the industry at large, will continue to refine what modularity means based on Medicaid program needs. Scalability represents an interesting question, as we’ve seen OBC scaled horizontally across smaller, discrete business areas like pharmacy or provider management. Now we’re seeing the beginnings of vertical scaling of a more streamlined certification approach to larger components of the enterprise, such as financial management and claims processing. 

The certification landscape is seemingly changing weekly as states wait eagerly for CMS’ next guidance issuances. Please continue to check back for in-depth analyses and OBC success stories. Additionally, if you are considering an OBC effort and have questions, please contact our Medicaid Consulting team.