Skip to Main Content

insightsarticles

Are your vendor contracts putting you at risk?

05.31.19

Best practices for financial institution contracts with technology providers

As the financial services sector moves in an increasingly digital direction, you cannot overstate the need for robust and relevant information security programs. Financial institutions place more reliance than ever on third-party technology vendors to support core aspects of their business, and in turn place more reliance on those vendors to meet the industry’s high standards for information security. These include those in the Gramm-Leach-Bliley Act, Sarbanes Oxley 404, and regulations established by the Federal Financial Institutions Examination Council (FFIEC).

On April 2, 2019, the FDIC issued Financial Institution Letter (FIL) 19-2019, which outlines important requirements and considerations for financial institutions regarding their contracts with third-party technology service providers. In particular, FIL-19-2019 urges financial institutions to address how their business continuity and incident response processes integrate with those of their providers, and what that could mean for customers.

Common gaps in technology service provider contracts

As auditors of IT controls, we review lots of contracts between financial institutions and their technology service providers. When it comes to recommending areas for improvement, our top observations include:

  • No right-to-audit clause
    Including a right-to-audit clause encourages transparency and provides greater assurance that vendors are providing services, and charging for them, in accordance with their contract.
  • Unclear and/or inadequate rights and responsibilities around service disruptions
    In the event of a service incident, time and transparency are vital. Contracts that lack clear and comprehensive standards, both for the vendor and financial institution, regarding business continuity and incident response expose institutions to otherwise avoidable risk, including slow or substandard communications.
  • No defined recovery standards
    Explicitly defined recovery standards are essential to ensuring both parties know their role in responding and recovering from a disaster or other technology outage.

FIL-19-2019 also reminds financial institutions that they need to properly inform regulators when they undertake contracts or relationships with technology service providers. The Bank Service Company Act requires financial institutions to inform regulators in writing when receiving third-party services like sorting and posting of checks and deposits, computation and posting of interest, preparation and mailing of statements, and other functions involving data processing, Internet banking, and mobile banking services.

Writing clearer contracts that strengthen your institution

Financial institutions should review their contracts, especially those that are longstanding, and make necessary updates in accordance with FDIC guidelines. As operating environments continue to evolve, older contracts, often renewed automatically, are particularly easy to overlook. You also need to review business continuity and incident response procedures to ensure they address all services provided by third-parties.

Senior management and the Board of Directors hold ultimate responsibility for managing a financial institution’s relationship with its technology service providers. Management should inform board members of any and all services that the institution receives from third-parties to help them better understand your operating environment and information security needs.

Not sure what to look for when reviewing contracts? Some places to start include:

  • Establish your right-to-audit
    All contracts should include a right-to-audit clause, which preserves your ability to access and audit vendor records relating to their performance under contract. Most vendors will provide documentation of due diligence upon request, such as System and Organization Control (SOC) 1 or 2 reports detailing their financial and IT security controls.

    Many right-to-audit clauses also include a provision allowing your institution to conduct its own audit procedures. At a minimum, don’t hesitate to perform occasional walk-throughs of your vendor’s facilities to confirm that your contract’s provisions are being met.
  • Ensure connectivity with outsourced data centers
    If you outsource some or all of your core banking systems to a hosted data center, place added emphasis on your institution’s business continuity plan to ensure connectivity, such as through the use of multiple internet or dedicated telecommunications circuits. Data vendors should, by contract, be prepared to assist with alternative connectivity.
  • Set standards for incident response communications 
    Clear expectations for incident response are crucial  to helping you quickly and confidently manage the impact of a service incident on your customers and information systems. Vendor contracts should include explicit requirements for how and when vendors will communicate in the event of any issue or incident that affects your ability to serve your customers. You should also review and update contracts after each incident to address any areas of dissatisfaction with vendor communications.
  • Ensure regular testing of defined disaster recovery standards
    While vendor contracts don’t need to detail every aspect of a service provider’s recovery standards, they should ensure those standards will meet your institution’s needs. Contracts should guarantee that the vendor periodically tests, reviews, and updates their recovery standards, with input from your financial institution.

    Your data center may also offer regular disaster recovery and failover testing. If they do, your institution should participate in it. If they don’t, work with the vendor to conduct annual testing of your ability to access your hosted resources from an alternate site.

As financial institutions increasingly look to third-party vendors to meet their evolving technology needs, it is critical that management and the board understand which benefits—and related risks—those vendors present. By taking time today to align your vendor contracts with the latest FFIEC, FDIC, and NCUA standards, your institution will be better prepared to manage risk tomorrow.

For more help gaining control over risk and cybersecurity, see our blog on sustainable solutions for educating your Board of Directors and creating a culture of cybersecurity awareness.
 

Related Professionals

Read this if you are an employer looking for more information on the Employee Retention Credit (ERC).

The Coronavirus Disease 2019 (COVID-19) stimulus package signed into law by President Trump on December 27 makes very favorable enhancements to the Employee Retention Credit (ERC) enacted under the Coronavirus Aid, Relief and Economic Security (CARES) Act. 

Background

The CARES Act passed in March 2020 provided certain employers with the opportunity to receive a refundable tax credit equal to 50 percent of the qualified wages (including allocable qualified health plan expenses) an eligible employer paid to its employees. This tax credit applied to qualified wages paid after March 12, 2020, and before January 1, 2021. The maximum amount of qualified wages (including allocable qualified health plan expenses) taken into account with respect to each eligible employee for all calendar quarters in 2020 is $10,000, so that the maximum credit an eligible employer can receive in 2020 on qualified wages paid to any eligible employee is $5,000.

The ERC was for eligible employers who carried on a trade or business during calendar year 2020, including certain tax-exempt organizations, that either:

  • Fully or partially suspend operation during any calendar quarter in 2020 due to orders from an appropriate governmental authority limiting commerce, travel, or group meetings due to COVID-19; or
  • Experienced a significant decline in gross receipts during the calendar quarter.

If an eligible employer averaged more than 100 full-time employees in 2019, qualified wages were limited to wages paid to an employee for time that the employee was not providing services due to an economic hardship described above. If the eligible employer averaged 100 or fewer full-time employees in 2019, qualified wages are the wages paid to any employee during any period of economic hardship described above.

Updated guidance: ERC changes

The bill makes the following changes to the ERC, which will apply from January 1 to June 30, 2021:

  • The credit rate increases from 50% to 70% of qualified wages and the limit on per-employee wages increases from $10,000 per year to $10,000 per quarter.
  • The gross receipts eligibility threshold for employers changes from a more than 50% decline to a more than 20% decline in gross receipts for the same calendar quarter in 2019. A safe harbor is provided, allowing employers that were not in existence during any quarter in 2019 to use prior quarter gross receipts to determine eligibility and the ERC. 
  • The 100-employee threshold for determining “qualified wages” based on all wages increases to 500 or fewer employees.
  • The credit is available to state or local run colleges, universities, organizations providing medical or hospital care, and certain organizations chartered by Congress (including organizations such as Fannie Mae, FDIC, Federal Home Loan Banks, and Federal Credit Unions). 
  • New, expansive provisions regarding advance payments of the ERC to small employers are included, including special rules for seasonal employers and employers that were not in existence in 2019. The bill also provides reconciliation rules and provides that excess advance payments of the credit during a calendar quarter will be subject to tax that is the amount of the excess.
  • Employers who received PPP loans may still qualify for the ERC with respect to wages that are not paid for with proceeds from a forgiven PPP loan. This change is retroactive to March 12, 2020. Treasury and the SBA will issue guidance providing that payroll costs paid during the PPP covered period can be treated as qualified wages to the extent that such wages were not paid from the proceeds of a forgiven PPP loan.
  • Removal of the limitation that qualified wages paid or incurred by an eligible employer with respect to an employee may not exceed the amount that employee would have been paid for working during the 30 days immediately preceding that period (which, for example, allows employers to take the ERC for bonuses paid to essential workers).

Takeaways

For most employers, the ERC has been difficult to use due to original requirements that prevented employers who received a PPP loan from ERC eligibility and, for those employers who did not receive a PPP loan, the requirement that there be a more than 50% decline in gross receipts. In addition, those employers who qualified for the ERC and had more than 100 employees could only receive the credit for wages paid to employees who did not perform services.

It is important to note that most of the new rules are prospective only and do not change the rules that applied in 2020. The new guidance should make it easier for more employers to utilize the ERC for the first two quarters of 2021. The following types of employers should evaluate the ability to receive the ERC during the first and/or second quarter of 2021:

  • Those that used the ERC in 2020 (the wage limit for the credit is now based on wages paid each quarter and the credit is 70% of eligible wages);
  • Those that previously received a PPP loan;
  • Those that have a more than 20% reduction in gross receipts in 2021 over the same calendar quarter in 2019;
  • Those employers with more than 100 but less than 500 employees who have had a significant reduction in gross receipts (i.e., more than 20%)1

For more information

If you have more questions, or have a specific question about your particular situation, please call us. We’re here to help.

Article
Stimulus bill extends and expands the Employee Retention Credit

Read this if you are a bank.

Consolidated Appropriations Act
On December 27, 2020, the Consolidated Appropriations Act, 2021 (CAA) was signed into law. For financial institutions, aside from approving an additional $284 billion in Paycheck Protection Program funding, the CAA most notably extended troubled debt restructuring (TDR) relief. Originally provided in Section 4013 of the Coronavirus Aid, Relief, and Economic Security (CARES) Act, this relief allows financial institutions to temporarily disregard TDR accounting under US generally accepted accounting principles for certain COVlD-19-related loan modifications. Under the CARES Act, this relief was set to expire on December 31, 2020. The CAA extends such relief to January 1, 2022.

Relief from CECL implementation was also extended from December 31, 2020 to January 1, 2022.

We are here to help
If any questions arise, please contact the financial services team with any questions.

Article
TDR and CECL relief is extended for financial institutions

Read this if your company is seeking guidance on PPP loans.

The Consolidated Appropriations Act, 2021 (H.R. 133) was signed into law on December 27, 2020. This bill contains guidance on the existing Paycheck Protection Program (PPP) and guidelines for the next round of PPP funding.

Updates on existing PPP loans

Income and expense treatment of PPP loans. Forgiven PPP loans will not be included in taxable income and eligible expenses paid with PPP funds will be tax-deductible. This tax treatment applies to both current and future PPP loans.

Tax attributes and basis adjustments. Tax attributes such as net operating losses and passive loss carryovers, and basis increases generated from the result of the PPP loans will not be reduced if the loans are forgiven.

Economic Injury Disaster Loans (EIDL). Any previous or future EIDL advance will not reduce PPP loan forgiveness. Any borrowers who already received forgiveness of their PPP loans and had their EIDL subtracted from the forgiveness amount will be able to file an amended forgiveness application to have their PPP forgiveness amount increased by the amount of the EIDL advance. The SBA has 15 days from the effective date of this bill to produce an amended forgiveness application. 

Simplified forgiveness application for loans under $150,000. Borrowers who received PPP loans for $150,000 or less will now be able to file a simplified one-page forgiveness application and will not be required to submit documentation with the application. The SBA has 24 days from the effective date of this bill to make this new forgiveness application available. 

Use of PPP funds. Congress expanded the types of expenses that may be paid with PPP funds. Prior eligible expenses were limited to payroll (including health benefits), rent, covered mortgage interest, and utilities. Additional expenses now include software and cloud computing services to support business operations, the purchase of essential goods from suppliers, and expenditures for complying with government guidance relating to COVID-19.

These additional expenses apply to both existing and new PPP loans, but they do not apply to existing loans if forgiveness has already been obtained.
 
In addition, the definition of "payroll costs" has been expanded to include costs for group life, disability, dental, and vision insurance. These additions also apply to both existing and new loans.

Information for new PPP loans

Application deadline. March 31, 2021 

Eligibility for first-time borrowers. A business that did not previously apply for or receive a PPP loan may apply for a new loan. The same requirements apply from the first round of loans. The business must employ fewer than 500 employees per physical location and the borrower must certify the loan is necessary due to economic uncertainty.

Eligibility for second-time borrowers. Businesses that received a prior PPP loan may apply for a second loan, however the eligibility requirements are a little more stringent. The business must have fewer than 300 employees per physical location (down from 500 previously) and it must have experienced a decline in gross revenue of at least 25% in any quarter in 2020 as compared to the same quarter in 2019. The business must have also expended (or will expend) their initial PPP loan proceeds. 

Maximum loan amount. Lesser of $2 million or 2.5x average monthly payroll for either calendar 2019 or the 12-month period prior to the date of the loan. Businesses operating in the accommodations and food service industry (NAICS code 72) can use a 3.5x average monthly payroll multiple. If the business previously received a loan less than the new amount allowed, or if it returned a portion or all of the previous loan, it can apply for additional funds up to the maximum loan amount. 

New types of businesses eligible for loans.

  • Broadcast news stations, radio stations, and newspapers that will use the proceeds to support the production and distribution of local and emergency information 
  • Certain 501(c)(6) organizations with fewer than 300 employees and that are not significantly involved in lobbying activities 
  • Housing cooperatives with fewer than 300 employees 
  • Companies in bankruptcy if the bankruptcy court approves

Ineligible businesses. A business that was ineligible to receive a PPP loan during the first round is still ineligible to receive a loan in the new round. The new legislation also prohibits the following businesses from receiving a loan in the second round:

  • Publicly traded companies 
  • Businesses owned 20% or more by a Chinese or Hong Kong entity or have a resident of China on its board 
  • Businesses engaged primarily in political or lobbying activities
  • Businesses required to register under the Foreign Agents Registration Act 
  • Businesses not in operation on February 15, 2020 

Forgiveness qualifications. New PPP loans will be eligible for forgiveness if at least 60% of the proceeds are used on payroll costs. Partial forgiveness will still be available if less than 60% of the funds are used on payroll costs. 

Covered period. The borrower may choose a covered period (i.e., the amount of time in which the PPP funds must be spent) between 8 and 24 weeks from the date of the loan disbursement.

Employee Retention Tax Credit. The CARES Act prohibited a business from claiming the Employee Retention Tax Credit if they received a PPP loan. The new legislation retroactively repeals that prohibition, although it is unclear how an employer can claim retroactive relief. The new bill also expands the tax credit for 2021. 

Additional guidance is expected from the SBA in the coming weeks on many of these items and we will provide updates when the information is released.

We’re here to help.
If you have questions about PPP loans, contact a BerryDunn professional.

Article
Paycheck Protection Program: Updates on new and existing loans

Read this if you are a community bank.

On December 1, 2020, the Federal Deposit Insurance Corporation (FDIC) issued its third quarter 2020 Quarterly Banking Profile. The report provides financial information based on call reports filed by 5,033 FDIC-insured commercial banks and savings institutions. The report also contains a section specific to community-bank performance based on the financial information of 4,590 FDIC-insured community banks. Here are some highlights from the community bank section of the report:

  • The community bank sector experienced a $659.7 million increase in quarterly net income from a year prior, despite a 116.6% increase in provision expense and continued net interest margin (NIM) compression. This increase was mainly due to loan sales, which were up 154.2% from 2019. Year-over-year, net income increased 10%.
  • Provision expense decreased 32.3% from second quarter 2020 to $1.6 billion. That said, year-to-date provision expense increased 194.3% compared to 2019 year-to-date.
  • NIM declined 41 basis points from a year prior to a record low of 3.27% (on an annualized basis). 
  • Net operating revenue increased by $2.8 billion from third quarter 2019, a 12.1% increase. This increase was attributable to higher revenue from loan sales and an increase in net interest income mainly due to higher interest income from commercial and industrial (C&I) loans (up 14.8%) and a decrease in interest expense (down 36.8%).
  • Average funding costs declined for the fourth consecutive quarter to 0.53%.
  • Growth in total loans and leases was stagnant from second quarter 2020, growing by only 1%. However, total loans and leases increased by 13.4% from third quarter 2019. This increase was mainly due to C&I lending, which was up 71%. This growth in C&I lending was mainly comprised of Paycheck Protection Program loans originated in the second quarter.
  • The noncurrent rate (loans 90 days or more past due or in nonaccrual status) remained unchanged at 0.80% from second quarter 2020. That being said, noncurrent balances were up $1.6 billion in total from third quarter 2019. This year-over-year increase was mainly attributable to increases in noncurrent nonfarm nonresidential, C&I, and farm loan balances.
  • Net charge-offs decreased 22.1% year-over-year and currently stand at 0.10%.
  • Total deposit growth since second quarter 2020 was modest at 1.8%. However, total deposits compared to third quarter 2019 were up 16.7%.
  • The number of community banks declined by 34 to 4,590 from second quarter 2020. This change included one new community bank, three banks transitioning from non-community to community banks, eight banks transitioning from community to non-community banks, 29 community bank mergers or consolidations, and one community bank self-liquidation.

Community banks have been resilient and weathered the 2020 storm, as evidenced by an increase in year-over-year net income of 10%. However, tightening NIMs will force community banks to find creative ways to increase their NIM, grow their earning asset base, and identify ways to increase non-interest income to maintain current net income levels. 

Much uncertainty still exists. For instance, although significant charge-offs have not yet materialized, the financial picture for many borrowers remains uncertain, and payment deferrals have made some credit quality indicators, such as past due status, less reliable. The ability of community banks to maintain relationships with their borrowers and remain apprised of the results of their borrowers’ operations has never been more important. 

Despite the turbulence caused by the pandemic, there are many positive takeaways, and community banks have proven their resilience. Previous investments in technology, including customer facing solutions and internal communication tools, have saved time and money. As the pandemic forced many banks to move away from paper-centric processes, the resulting efficiencies of digitizing these processes will last long after the pandemic. 

If you have questions about your specific situation, please don’t hesitate to contact BerryDunn’s Financial Services team. We’re here to help.
 

Article
FDIC issues its third quarter 2020 banking profile

Read this if you have a responsibility for acquiring and implementing victim notifications for your jurisdiction.

In the first article of this three-part series we explored the challenges and risks associated with utilizing multiple victim notification systems across your state, while the second focused on exploring what the choices are to address these challenges. In this final installment, we demystify the process of developing requirements for a victim notification system. Here are some things to address when developing requirements:

  • Considering all of your victim notification stakeholders and their specific needs
  • “Mining” requirements from your current victim notification system to ensure that your current needs are met in the future system 
  • Determining what the market can support (and what it can’t)
  • Utilizing standards to increase the likelihood that market solutions, designed based on these standards, will meet the needs of your jurisdiction 

Understanding the needs (and wants) of your stakeholder group is critical to defining a successful set of requirements that meets your specific needs. Representative stakeholders may include:

  • Victim advocacy groups (both government run and private sector)
  • Police and sheriff departments
  • Department of Corrections 
  • The courts
  • Probation department
  • Prosecutor offices
  • The victims themselves

Of course the stakeholder group in your jurisdiction may differ, and the needs of these groups will also differ. For example, victims and advocacy groups are concerned about ease of use, accuracy, and timeliness of notifications. Police and sheriff departments may be concerned about ensuring they are meeting their statutory and moral obligations to notify the victims when offenders are released from custody. 

Since these groups have varied needs, it’s important to engage them early and throughout the requirements development process. Talk to them, observe their practices, and review their current systems. It’s possible, for example, that it’s important that sheriff departments can integrate their jail management system to the replacement victim notification system and the integration creates a seamless and timeline notification process when an offender is processed out of jail and into the community. Because the Department of Corrections is designed to hold offenders for a longer period of time, the department may require that their offender management system triggers an alert to victims when pre-release planning activities begin.

Scaling victim notification systems

Utilization of victim notification systems can also include a broad spectrum; from a single jail engaging with a victim notification system vendor to provide specific notification services, to a statewide victim notification system that provides these services for the larger stakeholder group. Because of this, your requirements must reflect that “scale.” Consider the utilization of the system before developing your requirements so that you don’t over (or under) engineer the system for your jurisdiction.

As mentioned in the second article in this series, there are many victim notification system options to consider, from home-grown applications to turnkey software as a service (SaaS) services. Regardless of the path you choose, consider leveraging the victim notification system standards as defined by the Department of Justice (DOJ) Bureau of Justice Assistance (BJA SAVIN Guidelines). These guidelines and standards are terrific sources for victim notification system requirements, and can be thought-provoking as you engage your stakeholder groups. 

Though these standards are extremely useful, be sure to identify and include any jurisdiction-specific needs in your set of requirements. They may be driven by state statutes or by local policy or process. In defining your unique requirements, just ask, “Why are they important? Were they defined based on processes put in place because you don’t have a strong victim notification system, or are they critical to satisfying statute or policy?”

Stakeholder communication and engagement

Once you develop a preliminary set of requirements, it’s important to meet with the stakeholder groups to refine and prioritize the requirements. This exercise will result in a clear and concise set of requirements that are understandable by victim notification system vendors that may be responding to the resulting solicitation. When defining the requirements themselves, we find it useful to follow the guidelines from the Institute of Electrical and Electronics Engineers, Inc. (IEEE) called “IEEE Recommended Practice for Software Requirements Specifications.” According to the IEEE standard, good software and hardware requirements should be: 

  1. Correct
  2. Unambiguous
  3. Complete
  4. Consistent
  5. Ranked for importance
  6. Verifiable
  7. Modifiable
  8. Traceable

Prioritization of the requirements also helps responding vendors understand which requirements are most important to your jurisdiction. This prioritization model can also be used when scoring the vendors’ responses to the requirements once proposals have been received. 

Conclusion

In summary, it is important your victim notification system requirements reflect the needs of your stakeholders, are realistic, and clear. Vendors will be asked to respond to how they can accommodate the requirements, so using the IEEE method described above can be useful. 

Though this article doesn’t dive deeply into the development of the request for proposals (RFP) for the victim notification system, below are some actions to take to improve your chances for a successful system selection project:

  1. Define a meaningful project scope to scale the vendor market
  2. Assign a balanced evaluation committee with impartial scoring criteria
  3. Craft a structured procurement package that attracts multiple vendors
  4. Design a reasonable and achievable RFP schedule of events
  5. Reduce ambiguity and increasing clarity of RFP terms

If you have questions about your specific situation, please contact our Justice & Public Safety consulting team. We’re here to help. The BerryDunn team has developed a mature methodology for determining victim notification system requirements, and has a rich repository of requirements to start with so that you don’t need to start from scratch.
 

Article
Victim notification system requirements: It's easier (and harder) than you think

Read this if you are an employee benefit plan fiduciary.

The COVID-19 pandemic has challenged individuals and organizations to continue operating during a time where face-to-face interaction may not be plausible, and access to organizational resources may be restricted. However, life has not stopped, and participants in your employee benefit plan may continue to make important decisions based on their financial needs. This article looks at distributions from your plan, specifically focusing on required minimum distributions (RMD) and coronavirus-related distributions.

Required minimum distributions

If an employee benefit plan is subject to the RMD rules of Code Section 401(a)(9), then distributions of a participant’s accrued benefits must commence April 1 of the calendar year following the later of 1) the participant attaining age 70½, or 2) the participant’s severance from employment. Under the Coronavirus Aid, Relief, and Economic Security (CARES) Act of 2020, RMDs have been temporarily waived for retirement plans for 2020. This change applies to direct contribution plans, such as 401(k), 403(b), 457(b) plans, and IRAs. In addition, RMDs were waived for IRA owners who turned 70½ in 2019 and were required to take an RMD by April 1, 2020 and have not yet done so. Note: the waiver will not alter a participant’s required beginning date for purposes of applying the minimum distribution rules in future periods.

Coronavirus-related distributions

Under section 2202 of the CARES Act, qualified participants who are diagnosed with coronavirus, whose spouse or dependent is diagnosed with coronavirus, or who experience adverse financial consequences due to certain virus-related events including quarantine, furlough, layoff, having hours reduced, or losing child care are eligible to receive a coronavirus-related distribution.

These distributions are considered coronavirus-related distributions if the participant or his/her spouse or dependent has experienced adverse effects noted above due to the coronavirus, the distributions do not exceed $100,000 in the aggregate, and the distributions were taken on or after January 1, 2020 and on or before December 30, 2020.  

Such distributions are not subject to the 10% penalty tax under Internal Revenue Code (IRC) § 72(t), and participants have the option of including their distributions in income ratably over a three year period, or the entire amount, starting in the year the distribution was received. Such distributions are exempt from the IRC § 402(f) notice requirement, which explains rollover rules, as well as the effects of rolling a distribution to a qualifying IRA and the effects of not rolling it over. Also, participants can be exempt from owing federal taxes by repaying the coronavirus-related distribution. 

Participants receiving this distribution have a three-year window, starting on the distribution date, to contribute up to the full amount of the distribution to an eligible retirement plan as if the contribution were a timely rollover of an eligible rollover distribution. So, if a participant were to include the distribution amount ratably over the three-year period (2020-2022), and the full amount of the distribution was repaid to an eligible retirement plan in 2022, the participant may file amended federal income tax returns for 2020 and 2021 to claim a refund for taxes paid on the income included from the distributions. The participant will not be required to include any amount in income in 2022. We recommend the plan sponsor maintain documentation supporting the participant was eligible to receive the coronavirus-related distribution. 

There is much uncertainty due to the COVID-19 pandemic. A result of this uncertainty has been changes to guidance and treatment of plan transactions, which has forced many of our clients to review and alter their control environments. We have provided our current understanding of the guidance the IRS has provided for the treatment surrounding distributions, specifically RMDs and coronavirus-related distributions. If you and your team have any additional questions specific to your organization or plan, please contact us

Article
Impacts of the CARES Act on employee benefit plan distributions

Read this if you are an employer with more than 10 employees in Maine.

With 2020 quickly coming to an end, employers must be prepared to implement the new Maine Earned Paid Leave Law (EPL), effective January 1, 2021. The EPL law requires employers with more than 10 employees in Maine, for more than 120 days in any calendar year, to permit eligible employees to earn one (1) hour of earned time for every 40 hours worked, up to a maximum of 40 hours per year. 

A notable highlight of Maine’s EPL law, is that leave may be taken for any reason, making it the first law of its kind in the country. EPL may be taken for, but not limited to, an emergency, illness, sudden necessity, and planned vacation. Employees are required to notify employers as soon as practicable if EPL is to be taken for an emergency, illness, or sudden necessity. For any other reason, an employer may require that employees give up to four (4) weeks advance notice.

Covered employees and base rate of pay

The EPL law applies to all full-time, part-time, and per diem employees. Generally, seasonal employees, including summer interns and international workers, are exempt from the EPL rules. A determination of whether a business is seasonal and/or has a seasonal period must be made considering the rules defined by 26 M.R.S.A. § 1043, subsections 9 and 11, and § 1251 before seasonal employees can be excluded.

Employers are required to pay EPL at least at the same “base rate of pay” that an employee received in the week prior to taking leave. The base rate of pay is calculated by dividing total earnings from the week immediately prior by the total hours worked during the same period. Important to note, earnings for this purpose include bonuses, commissions, and other compensation as provided in 26 M.R.S. §664(3). This means that an employer will need to consider overtime and/or other special payments received by the employee during the week prior to the week leave is taken. Employers may need to make adjustments to existing policies and procedures to incorporate the definition of “base rate of pay” for the leave earned under the EPL. If an employer offers more than 40 hours of leave to an employee annually, the first 40 hours of leave available each year must be paid at the employee’s “base rate of pay”.

Additionally, employees must receive the same benefits as those provided under other established employer policies pertaining to other types of paid leave.

Timing & accrual

EPL accrual begins on an employee’s first day of employment. However, an employer may require that new employees wait for a period of up to 120 calendar days during a one-year period before taking EPL. For example, an employee who begins work on November 1st, 2020 would be eligible to use accrued leave after March 1st, 2021, if an employer elected to use the 120-day waiting period. Those employees who have been employed for at least 120 days during a one-year period prior to January 1, 2021, may use their leave as soon as it is earned.

Should an employer allow employees to take EPL before it has been earned, any unearned amount may be withheld from an employee’s final paycheck in the event of separation from employment. Additionally, an employer may elect to provide additional leave above and beyond the 40-hour maximum, at its discretion.

Employees may earn and take up to 40 hours of EPL in any defined year, and can carry over up to 40 hours of accrued and unused EPL from one defined year to the next. For this purpose, a defined year, as stated by the employer, may include, but is not limited to, a calendar year or an employee’s anniversary date. If an employee rolls over 40 hours of unused accrued EPL from one year to the next, the employee will not accrue any additional hours until the following year. If an employee rolls over less than 40 hours, the employee will only accrue hours until the 40-hour maximum is met. For example, if an employee rolls over eight (8) hours of unused accrued EPL from the previous year the employee is only entitled to accrue up to 32 additional hours of EPL in the present year, regardless of how much leave the employee uses in the current year. Employers may require  EPL to be taken in increments of one hour or less. However, an employer may not require EPL to be taken in larger than one-hour increments. 

The EPL law does not address the treatment of any earned paid leave remaining upon an employee’s separation from employment. However, the relevant guidance indicates an employer should honor its written policy or established practice in this area. This means if an employer typically pays out unused vacation/earned benefit/paid time off then unused EPL must be paid out when an employee’s employment ends. If an employer does not compensate an employee for the unused balance of EPL when employment ends, based on its policy and practice, then it will need to make the leave available to the employee if they return to work for that employer within a one-year period.

Exceptions

The EPL law does not apply to an employee covered by a collective bargaining agreement during the period between January 1, 2021 and the expiration of the agreement. Any subsequent agreement would be required to comply with the EPL law.

Compliance

Employers are not required to, but it is recommended that they create a written policy to clearly communicate restrictions and to avoid any misunderstandings. For example, there may be planning opportunities with identifying times of the year, month, or week that leave may be restricted due to operational needs, other than leave for an emergency, illness, or sudden necessity. In doing so, employers must be able to prove undue hardship if they deny the use of EPL for any reason. Considerations for determining undue hardship could include significant expenses, financial resources available, and the size of the workforce, among others. 

A written policy should also help to ensure compliance with the EPL rules. Failure to do so may result in penalties being assessed of up to $1,000 per violation, where each denial of paid leave constitutes a separate violation. For more information, employers may visit the ME DOL's website, which includes a link to its Frequently Asked Questions.

Article
Maine's new earned paid leave law―What employers need to know

Read this if you are a Financial Operations Principal or in the compliance department.

On July 30, 2013 the Securities and Exchange Commission (SEC) amended certain reporting, audit, and notification requirements for broker-dealers registered with the SEC. Among other things, these amendments required broker-dealers to file one of two new reports with the SEC—a compliance report, if the broker-dealer did not claim it was exempt from Rule 15c3-3 under the Securities Exchange Act of 1934, or an exemption report if the broker-dealer did claim it was exempt from Rule 15c3-3 throughout the fiscal year. The Division of Trading and Markets of the SEC came out with frequently asked questions regarding the amendments made on July 30, 2013 and periodically updates this list of frequently asked questions. This list was updated July 1, 2020. Here are some of the most notable changes to the FAQs. For the full list, click here.

Exemption provisions

As noted above, a broker-dealer may claim exemption from Rule 15c3-3. Paragraph (k) of Rule 15c3-3 outlines four exemption provisions: (k)(1), (k)(2)(i), (k)(2)(ii), and (k)(2)(iii). Exemption provision (k)(1) may be claimed by broker-dealers that only perform direct-way mutual fund or variable annuity business. If the broker-dealer performs any other type of business, this exemption may not be claimed. Exemption provision (k)(2)(i) is commonly seen as a catch-all for broker-dealers whose businesses don’t qualify for a different exemption. However, to qualify, the broker-dealer cannot carry margin accounts, must promptly transmit all customer funds and deliver all securities received, and cannot otherwise hold funds or securities for, or owe money or securities to, customers. All transactions must be completed through one or more bank accounts specially designated for such transactions. Exemption provision (k)(2)(ii) is for broker-dealers that introduce transactions to a carrying broker-dealer on a fully disclosed basis. Lastly, exemption provision (k)(2)(iii) may be granted by the SEC upon written application by a broker-dealer. However, the SEC has never granted such an exemption.

Exemption report prohibitions

In some instances, a broker-dealer may not meet any of the exemption provisions of paragraph (k) of Rule 15c3-3. However, the broker-dealer may have also not held customer securities or funds during the fiscal year and therefore not be required to file a compliance report. In these instances, the broker-dealer should file an exemption report, along with a corresponding accountant’s report based on a review of the exemption report. 

Since the broker-dealer has not claimed an exemption under paragraph (k) of Rule 15c3-3, its exemption report should include a description of all the broker-dealer’s business activities and a statement that during the reporting period the broker-dealer (1) did not directly or indirectly receive, hold, or otherwise owe funds or securities for or to customers, other than money or other consideration received and promptly transmitted in compliance with paragraph (a) or (b)(2) of Rule 15c2-4; (2) did not carry accounts of or for customers; and (3) did not carry a propriety securities account of a broker or dealer (PAB accounts, as defined in Rule 15c3-3). Furthermore, on the broker-dealer’s FOCUS report, items 4550, 4560, 4570, and 4580 should be left blank.

Broker-dealers with multiple lines of business

Non-carrying broker-dealers may have multiple lines of business with customers. For instance, a broker-dealer may introduce some customer transactions to a carrying broker-dealer on a fully disclosed basis and also provide M&A transaction services. For the former, a (k)(2)(ii) exemption would be most appropriate. However, in the latter, a (k)(2)(i) exemption would be most appropriate. In these cases, it is common for the broker-dealer to disclose the exemption that best fits their primary line of business. However, the SEC has indicated the broker-dealer should disclose both exemption provisions in these instances, including any exceptions under either exemption. Each exemption provision being claimed should also be indicated on the broker-dealer’s FOCUS report. 

Similarly, some broker-dealers may provide activities that qualify under one or more of the exemption provisions of Rule 15c3-3 as well as activities that involve the activities described in items 1, 2, and 3 above. In these instances, the broker-dealer would not qualify for exemption from Rule 15c3-3 and would be required to file a compliance report with a corresponding accountant’s report based on an examination of the compliance report.

The exemption provisions for broker-dealers can be difficult to navigate. Further exacerbating the difficulty of navigating the exemption provisions, each broker-dealer has a different set of circumstances. The SEC’s Division of Trading and Markets also acknowledges these difficulties, hence the creation of its FAQ list. Broker-dealers should refer to this list, in conjunction with Rule 15c3-3, to ensure compliance. If further clarification is needed, the broker-dealer should consult their Financial Industry Regulatory Authority (FINRA) representative. 

Article
The SEC updates its broker-dealer financial reporting rule FAQs