Skip to Main Content

insightsarticles

COVID-
19 and fraud―a security measures refresher

04.10.20

Read this if you would like a refresher of common-sense approaches to protect against fraud while working remotely.

Coronavirus (COVID-19) has imposed many challenges upon us physically, mentally, and financially. Directly or indirectly, we all are affected by the outbreak of this life-threatening disease. Anxious times like this provide perfect opportunities for fraudsters. The fraud triangle is a model commonly used to explain the three components that may cause someone to commit fraud when they occur together:

  1. Financial pressure/motivation 
    In March 2020, the unemployment rate increased by 0.9 percent to 4.4 percent, and the number of unemployed persons rose by 1.4 million to 7.1 million.
  2. Perceived opportunity to commit fraud 
    Many people are online all day, providing more opportunities for internet crime. People are also desperate for something, from masks and hand sanitizers to coronavirus immunization and cures, which do not yet exist. 
  3. Rationalization 
    People use their physical, mental, or financial hardship to justify their unethical behaviors.

To combat the increasing coronavirus-related fraud and crime, the Department of Justice (DOJ) launched a national coronavirus fraud task force on March 23, 2020. It focuses on the detection, investigation, and prosecution of fraudulent activity, hoarding, and price gouging related to medical resources needed to respond to the coronavirus. US attorney’s offices are also forming local task forces where federal, state, and local law enforcement work together to combat the coronavirus related crimes. Things are changing fast, and the DOJ has daily updates on the task force activities. 

Increased awareness for increased threats

Given the increase in fraudulent activity during the COVID-19 outbreak, it’s important for employees now working from home to be aware of ways to protect themselves and their companies and prevent the spread of fraud. Here are some of the top COVID-19-related fraud schemes to be aware of. 

  • Phishing emails regarding virus information, general financial relief, stimulus payments, and airline carrier refunds
  • Fake charities requesting donations for illegitimate or non-existent organizations 
  • Supply scams including fake shops, websites, social media accounts, and email addresses claiming to sell supplies in high demand but then never providing the supplies and keeping the money 
  • Website and app scams that share COVID-19 related information and then insert malware that could compromise the device and your personal information
  • Price gouging and hoarding of scarce products
  • Robocalls or scammers asking for personal information or selling of testing, cures, and essential equipment
  • Zoom bombing and teleconference hacking

If you have encountered suspicious activity listed above, please report it to the FBI’s Internet Crime Complaint Center.

Staying vigilant

To protect yourself from these threats, remember to use proper security measures and follow these tips provided by the Federal Bureau of Investigation (FBI) and DOJ:

  • Verify the identity of the company, charity, or individual that attempts to contact you in regards to COVID-19.
  • Do not send money to any business, charity, or individual requesting payments or donations in cash, by wire transfer, gift card, or through the mail. 
  • Understand the features of your teleconference platform and utilize private meetings with a unique code or password that is not shared publicly.
  • Do not open attachments or click links within emails from senders you do not recognize.
  • Do not provide your username, password, date of birth, social security number, insurance information, financial data, or other personal information in response to an email or robocall.
  • Always verify the web address of legitimate websites and manually type them into your browser.
  • Check for misspellings or wrong domains within a link (for example, an address that should end in a ".gov" ends in .com" instead).

Stay aware, and stay informed. If you have specific concerns or questions, or would like more information, please contact our team. We’re here to help.
 

Related Professionals

Principals

Read this if you think your organization may have to prepare an HRSA audit.

Many healthcare providers who have never done an audit before may be required by the Health Resources and Services Administration (HRSA) agency to do so this year because they received Provider Relief Funding (PRF). We’re helping you prepare by answering some common queries about the PRF audit:

Will my organization have to complete a PRF audit?

The HRSA requires organizations to complete a federal single audit when they expend more than $750,000 of federal funding in one year, regardless of whether those federally sourced funds came directly from the federal government or were passed from a state or local government. Healthcare providers who received $10,000 or more from the PRF during a given period must report on usage.

For many providers, this is the first time they’ve received over $750,000 in federal funding. As a result, these providers will need to complete the single audit for the first time.

Other providers, especially physician practices, may not meet the single audit expense threshold, but that doesn’t mean they’re free from audit obligations. While they may not have to complete a single audit, if they received funding from the PRF, they may need to complete a HRSA-required audit—and the data requests for these audits are, in some cases, more involved than those for the single audit.

What will the HRSA’s PRF audit look like?

The audit will address the data used by the providers to report on their usage of PRF money. That means they will need to provide support for lost revenue and expenses that justify the use of the funds that they received.

The HRSA is going to drill down on the revenue numbers, specifically looking at the general ledger (GL) and other select revenue tests. On the expenses side, they’re going to look at the GL, invoice dates, payments and more.

To complete this audit, HRSA will require a significant amount of supporting documentation. Ideally, most of these documents should already have been copied and set aside as support in anticipation of financial reporting requirements. Below is a partial list of items that could be requested during the audit:

  • General Ledger details
  • Listing of expenses reimbursed with PRF payments grouped into specified categories
  • Listing of patient care revenue by payer
  • Listing of other sources of assistance
  • Listing of expenses reimbursed with the other assistance received
  • Detailed inventory listing of IT supplies
  • Budget attestation from CEO or CFO and board minutes showing ratification of the budget before March 27, 2020
  • Documentation of lost revenue methodologies
  • Audit financial statements
  • CMS cost reports for Medicare and Medicaid
  • Other supporting documentation

If certain documentation isn’t available, providers will need to request copies from their vendors. Missing documentation may make it difficult to justify the use of funds, in which case, providers may have to repay a portion or all of their provider relief funding.

It’s possible that certain expenses were not allowable under PRF. However, that doesn’t necessarily mean providers will have to repay their funds. Providers may have other lost revenue or expenses that would be allowed under PRF—but only if they have the documentation to prove it. That’s why it’s crucial that providers have all relevant documentation for expenses and lost revenue over the periods they received provider relief funding.

What challenges should I anticipate when it comes to completing the audit?

According to the 2022 BDO Healthcare CFO Outlook Survey, 35% of respondents identified CARES Act/PRF reporting as a regulatory concern.

Much of this concern likely stems from a lack of resources as well as audit inexperience. Many providers who will have to complete an HRSA audit don’t have the necessary resources to dedicate to navigating the process. In addition, they may not know the type, scope, or time frame of documentation they need to pull. They may also struggle to locate certain documentation, especially documentation that’s more than two years old.

Finding the right people to sift through the information to ensure its accuracy can be extremely difficult, especially if the documents are not filed electronically. This problem is even greater right now, given the professional services labor shortage that makes it difficult to hire the right people for the job if they aren’t already employed at your organization.

What should my next steps be?

To get ready for a potential HRSA audit, there are at least three immediate steps you should take:

  1. Select a responsible point person. One person should be responsible for coordinating the process to ensure that nothing falls through the cracks or is overlooked.
  2. Keep your PRF filing reports on hand. Pull any related supporting documentation and collate it into one place if it isn’t already.
  3. Identify what support is needed by doing a gap analysis. Determine where you need additional support or expertise and seek to close these gaps before the notification of any audit process.

Insufficient documentation may result in the recapture of provider relief funding by the HRSA. Fortunately, a lack of documentation is preventable with the right support and resources in place.

Article
HRSA audit preparation: All you need to know

Read this if you use QuickBooks Online.

Let's talk about where records for products and services are used in QuickBooks Online.

To create a product or service record, you hover your mouse over Sales in the left vertical pane on the main page and click Products and services. Click New in the upper right corner and open a blank record for an Inventory or Non-inventory part, a Service, or a Bundle (assembly). Once you complete a record and save it, it will appear in the list back on the Product and services page.

Working with products and services

That’s where we’ll start today, on the Products and services screen. This is a comprehensive table, a dashboard (or home page) for your products and services. It displays real-time information about your items’ pricing and inventory levels, as well as their type and tax status. At the top of the page, you’ll see big, colorful buttons that provide a total of the number of items that are low on stock or out of stock. When you click on one, a list of those products appears.

QuickBooks Online’s Products and services page displays inventory levels and warns you when your stock is low and at zero.

Each row on this screen contains details about the item listed there, like Description, Sales Price and Cost, and Qty On Hand. If you look down at the end of the row, you’ll see options for several types of Actions: Edit, Make inactive, Run report, and Duplicate. Click the gear icon above the table to modify the columns in the table. 

The More menu at the top of the screen contains more options: Manage categories, Run reports, and Price rules. If you want to know what actions you can take on multiple items simultaneously, check the box in front of each and click the Batch actions menu, over to the right (Adjust quantity, Reorder, etc.).

Warning: Be very careful using the Adjust quantity option. There are legitimate reasons for employing it, but you need to make very sure that you understand how this will affect other areas of your accounting. Please ask us if you’re unsure.

Using products and services in transactions

Once you start using product and service records in transactions, you’ll see why we suggested that you create those early on and make them as comprehensive as possible. While you can add products and services in the process of creating an invoice, for example, it’s much easier if you have them ready to go.

Let’s look at a sales receipt to see how this works. Click +New in the upper right corner and select Sales receipt. Select a Customer in the first field and verify that the related fields on the form were filled out correctly. Check and make any changes necessary in the Sales receipt date, Payment method, and Deposit to fields. 

Once you’ve built up a list of products and services, they’ll be available when you create transactions.

Enter the Service Date, and then click the down arrow in the field under Product/Service. The top of the list has an entry labeled +Add new. Click it if you need to add a product or service on the fly, or just select the existing one that you want. QuickBooks Online will fill in the Rate, Amount, and Tax (status). You only have to enter the Qty (quantity) that you’re selling. 

If you have more items or services to add, you can do so on the next line(s). When you’re done, check the numbers in the lower right and save the transaction. QuickBooks Online will adjust your inventory to account for any items you just sold. You can see this change by going back to the Products and Services screen. Or you can run reports, including:

  • Sales by Product/Service
  • Product/Service List
  • Inventory Valuation Detail
  • Physical Inventory Worksheet

Supply chain woes?

It seems that the serious supply chain problems we were experiencing in previous months have eased up some, but you may still be having trouble stocking some items. We hope this isn’t affecting you too much. 

QuickBooks Online, though, can help ensure that you know ahead of time when you must reorder. Its inventory-tracking capabilities can also alert you to items that aren’t selling well, so you don’t get overstocked on anything. And the ability to pull up product and service records when you’re creating transactions saves time and keeps your inventory levels accurate. Please let the Outsourced Accounting team know if you need assistance with this element of your accounting or any of QuickBooks Online’s other tools.

Article
How QuickBooks Online tracks products and services

Read this if you are responsible for cybersecurity at your organization.

Cybersecurity threats aren’t just increasing in number—they’re also becoming more dangerous and expensive. Cyberattacks affect organizations around the globe, but the most expensive attacks occur in the US, where the average cost of a data breach is $9.44 million, according to IBM’s 2022 Cost of a Data Breach Report. The same report shows that the cost of a breach is $10.10 million in the healthcare industry, $5.97 million in the financial industry, $5.01 million in the pharmaceuticals industry, and $4.97 million in the technology industry.

Cyber threat actors are a serious danger to your company, and your customers, stakeholders, and shareholders know this. They expect you to be prepared to defend against and manage cybersecurity threats. How can you demonstrate your cybersecurity controls are up to par? By obtaining a SOC for cybersecurity report.

What is a SOC for cybersecurity report?

It provides an independent assessment of an organization’s cybersecurity risk management program. Specifically, it determines how effectively the organization’s internal controls monitor, prevent, and address cybersecurity threats.

What’s included in a SOC for cybersecurity report?

The report is made up of three key components:

  1. Management’s description of their cybersecurity risk management program, aligned with a control framework (more on that below) and 19 description criteria laid out by the AICPA.
  2. Management’s assertion that controls are effective to achieve cybersecurity objectives.
  3. Service auditor’s opinion on both management’s description and management’s assertion.

Why should you consider a SOC for cybersecurity report?

A SOC for cybersecurity report offers several important benefits for your organization, which include:

  • Align with evolving regulatory requirements. The cybersecurity regulatory environment is constantly evolving. In particular, the SEC’s cybersecurity guidelines are becoming stricter over time. A SOC for cybersecurity report can demonstrate you’re aligned with these guidelines. If you’re a public company or are considering going public in the future, you need to be prepared to meet not just the SEC’s guidelines of today, but their evolved guidelines in the future.
  • Keep your board of directors informed. Your board is responsible for ensuring the business is effectively addressing and mitigating risks—and that includes cyber risk. A SOC for cybersecurity report offers your board a clear and practical illustration of your organization’s cybersecurity risk management controls.
  • Attract and retain more customers. It’s becoming increasingly common for companies to require that their vendors have a SOC for cybersecurity report. Even for companies that don’t require such a report, it’s important to know their vendors are keeping their data safe. Having this report differentiates you from vendors who have not prepared one.
  • Improve your cybersecurity posture. A SOC for cybersecurity report can identify current gaps in your cybersecurity risk management program. Once you’ve addressed these gaps, you can show your customers, stakeholders, and shareholders that you’re continuously improving and evolving your cybersecurity risk management approach.

How do I prepare for my SOC for cybersecurity assessment?

There are several steps you should take to prepare for your assessment.

  1. Choose your control framework. You have several options, including the NIST Cybersecurity Framework, ISO 27002, and the Secure Controls Framework (SCF). There are multiple online resources to help you choose the framework that’s right for your organization.
  2. Determine who your key internal stakeholders are for your cybersecurity risk management program. You’ll need to select a point person to be responsible for ensuring the independent services auditor has all the documentation they need to complete their assessment and act as liaison across internal and external stakeholders.
  3. Collect all cybersecurity-related documentation in one location. Make sure you have an organizational system that makes sense to your point person so it’s easy for them to pull the appropriate materials to give to the independent services auditor.
  4. Conduct a readiness assessment. You can work with an independent services auditor to conduct such an assessment which will identify gaps you can address before performing the attestation.
  5. Select an independent services auditor to perform the attestation. SOC for cybersecurity services are provided by independent CPAs approved by the AICPA. Ideally, you’ll want to select a firm that is experienced in your industry, has a diverse and robust team of cybersecurity professionals, and is accessible when and where you need them.

As always, if you have questions about your specific situation or would like more information about SOC for cybersecurity services, please contact our IT security experts. We’re here to help.

Article
Yes, you need a SOC for cybersecurity report—here's why

Read this if you are at a Medicaid agency.

After attending this year’s NASHP Conference, I realized Seattle wasn’t the only gem I found. The city welcomed a record number of NASHP attendees, including many first timers, who brought with them a passion for the vital work they do to support Medicaid and health and human services agencies across the nation. Executive Director Tewarson led her first conference with finesse, and the entire conference exemplified her team’s passion and dedication to state health policy. 
 
The 35th annual conference was full of fresh ideas and a collaborative spirit. As I reflect over the three days of the conference, some ideas I am taking back to my team include:

  • Workforce challenges are here to stay—and are only becoming more severe, requiring states to rethink hiring, training, and staffing among healthcare providers at all levels. Actions to consider:
    • Work to help ensure we allocate appropriate funding for behavioral health and clinical staff. 
    • Encourage more diversity in the field. This means having more representation in the workforce for new hires to identify with, including recruiting and training staff, so they feel welcome and encouraged to join.
    • Increase support for highly skilled jobs like CNAs and childcare workers. Our system cannot work without these staff, and the skills they bring to the table are crucial to the field, developed over time, and indispensable.
    • Start planning now to address the potential loss of childcare dollars to avoid exacerbating the workforce shortage challenges.
    • Identify other ways to help the workforce with benefits and support that can go a long way toward recruiting and retaining experienced caregivers. 
  • Disparities in health equity were always there, and the pandemic laid them bare. 
    • We need to assess the impact of all initiatives to help ensure they aren’t creating additional health inequities and develop strategies to rectify existing barriers.
    • We should bring those experiencing health inequities to the table, listen to their struggles, and let them lead us to solutions.
    • We need to build a diverse workforce that will bring more voices and ideas into the room in this arena.
  • There is a lot of innovative work going on in child behavioral health that can impact outcomes:
    • Providing youth mental health first-aid training and trauma-informed training to school-based, nonclinical staff is crucial to addressing the children’s behavioral health crisis. Children spend so much time at school and build trust in teachers, bus drivers, custodians, and administrative staff.
    • Training school staff on the use of mobile crisis units to avoid children inappropriately becoming involved in the juvenile justice system or being treated in emergency rooms.
    • Putting clinical staff in schools, even via telehealth or part-time, has shown positive outcomes for child behavioral health.
  • We may not know when the Public Health Emergency will end. Still, we can spend this time developing and improving our plans for unwinding, setting consistent expectations with our members and meeting them where they are, developing strategies to make successful emergency provisions permanent, and engaging our legislatures now to prepare for the upcoming federal funding gap.
  • The most significant success factor in every session I attended was breaking down silos across health and human services agencies. We need to continue working across programs, agencies, and states to help ensure we are innovating, growing, and providing the best care for those our policies and programs serve.
  • Lastly, as a foster-adopt mom, I was heartened to hear the speakers consistently bring the topic back to focus on some of our most vulnerable youth: children in foster and kinship care and our justice-involved youth. The call to collaboration and partnerships across child welfare, juvenile justice, public health, county health departments, and Medicaid agencies to impact change was not lost on me, and I found my passion for improving our foster care system invigorated by the passion of those around me.

I am thankful for organizations like NASHP that help us come together to innovate and collaborate on the biggest problems facing our industry today. NASHP’s mission to support the development of policies that promote and sustain healthy people and communities, advance high-quality and affordable health care, and address health equity is needed now more than ever. The 2022 conference allowed us to collaborate and share innovations that can be used to help propel us in our essential work to improve the health and lives of the individuals we serve.
 
My biggest takeaway was that we are stronger when we work together. I’m excited to hear what your biggest takeaways were this year. It has energized me to continue this critical work to help Medicaid agencies improve the health and lives of our residents. I do not doubt that this group will take back all the lessons and work to improve the lives of the residents of their states, and we will all gather in Boston next year, excited to hear of all the new successes. See you next year!

Article
NASHP meets the Emerald City

Read this if you are at a state agency looking to implement or improve your 988 Suicide & Crisis Lifeline. 

Between 2015 and 2020, one in four fatal police shootings involved a person with a mental illness, and an estimated 44% of people incarcerated in jail and 37% of people incarcerated in prison had a mental health condition. In addition, the recent COVID-19 pandemic has adversely impacted the mental health situation in the country. 

Many people experiencing mental health distress call 911 because it is a widely known emergency number and easy to use. Recent data has shown that people using 911 to get help with serious mental illness do not get the right care at the right time and some even end up in law enforcement custody, rather than being seen by a mental health professional.

The 988 Suicide & Crisis Lifeline (formerly known as the National Suicide Prevention Lifeline) is the new three-digit, nationwide phone number that is locally operated and offers 24/7 access via call, text, and chat to trained crisis counselors who can help individuals experiencing mental health-related distress. Mental health-related distress can include substance use crisis, suicidal thoughts, depression, or any emotional distress. The 988 Suicide & Crisis Lifeline is also available for individuals worried about a loved one who might need crisis support services. Its goal is to provide accessible and immediate crisis intervention and support to every individual in need. 

988 state implementation and top challenges

As of August 2022, 23 states have passed legislation to facilitate the implementation of the 988 Suicide & Crisis Lifeline. Colorado, Nevada, and Washington enacted legislation with user fees to support 988 operations and provide financial sustainability for the system. Several states have established advisory groups or planning committees with representatives from state agencies, health providers, law enforcement, emergency medical services, and other partners to better coordinate the system and identify policy levers. 

Implementing a three-digit number for behavioral health emergencies in every state and providing 24/7 primary coverage through in-state call centers have presented certain challenges to states across the nation. As states prepare to launch the 988 hotlines, they have encountered key issues around infrastructure, workforce, 911 integration, readiness of the crisis care continuum, cultural competence, and performance management.  

Solutions for state agencies

To address these key issues, states should consider the following to aid in the successful implementation of the 988 Suicide & Crisis Lifeline:

Assess the states’ needs to successfully implement the 988 Suicide & Crisis Lifeline

Despite meeting baseline requirements for the implementation of the 988 Suicide & Crisis Lifeline, state agencies are struggling to implement the 988 Suicide & Crisis Lifeline. 

By performing a structured needs assessment, state agencies can evaluate their infrastructure, policies and procedures, funding, and workforce needs to better understand their readiness to implement and capability to sustain the 988 Suicide & Crisis Lifeline. This assessment provides insight for state agencies to understand their strengths, challenges, and areas of opportunity, and it should evaluate: 

  • State infrastructure
    Behavioral health leaders acknowledge that infrastructure supports are necessary to make the 988 Suicide & Crisis Lifeline work across the continuum of care. It is important to assess the infrastructure across the crisis care continuum to help ensure a smooth transition for individuals who need care quickly. Successful implementation should take certain considerations into account during the planning process, such as including all the interested parties representing diverse populations.
  • Workforce
    In the current labor market, workforce availability and retention are top concerns for sustainable and effective 988 Suicide & Crisis Lifeline operations. States are struggling to hire the extra staff needed to launch the 988 Suicide & Crisis Lifeline as well as to recruit qualified persons. To realistically implement the system, innovative workforce development and supporting wages to recruit and retain a specialized workforce are critical considerations for the states. Critical components to include in the assessment should include, but are not limited to:
    • Training
      Staff training and proper supervision will be crucial to effectively manage the 988 Suicide & Crisis Lifeline, and states need best practices models for how to best train crisis responders and the call center staff. States should assess the existing training infrastructure to identify ways early on to support the mental health of their 988 Suicide & Crisis Lifeline counselors to reduce the risk for burnout and post-traumatic stress disorder. 
    • Capacity
      Adequate capacity is a key factor to workforce. The assessment should identify the number of qualified workforce available for in-person staffing. In the current labor market, it will also be important to consider including the identification of the number of qualified staff able to work remotely. If states would like to consider remote capabilities for the call centers, it will also be important to assess the available technology necessary, as well as the development of standards and expectations, including strong communication. 
  • Readiness of the crisis care continuum
    Apprehension about the readiness of the crisis care continuum (e.g., mobile crisis teams through diversion services and lower levels of care) exist. Federal officials have stated they expect up to 12 million calls/texts/chats in the first year of the 988 Suicide & Crisis Lifeline, and research suggests approximately 20% of those calls/texts/chats will require some level of in-person response. States are questioning whether mobile crisis teams are prepared for the increased demand while also identifying connections and access to upstream services. In addition, states can consider the needs and experiences of the system’s end users to help address equity. The assessment can help to assess the readiness of the various components across the crisis care continuum.

Establish a strategic plan of action to implement the 988 Suicide & Crisis Lifeline 

With the implementation of the 988 Suicide & Crisis Lifeline, state agencies have an opportunity to strengthen crisis care. The best way to begin strengthening crisis care is to develop and implement strategic plans that optimize the 988 Suicide & Crisis Lifeline and the following services. Building on the strengths and opportunities identified in the needs assessment and the associated recommendations, strategic plans can establish priorities and identify sustainable solutions that build capacity, promote equitable access to care, and promote continuous quality improvement. Collaborating with key stakeholders to develop a strategic plan can help identify a roadmap for how the state should approach the implementation, maintenance, and sustainability of the 988 Suicide & Crisis Lifeline, including, but not limited to, the following areas:

  • Data and performance management
  • Stakeholder engagement
  • Health equity
  • Voice of the customer
  • Financial sustainability

Maximize available funding streams

Historically, behavioral health has not had sufficient funding to adequately address mental health and substance use disorder prevention, treatment, and recovery services across the continuum of care. The COVID-19 pandemic exacerbated behavioral health challenges for many individuals struggling and highlighted the challenges with the infrastructure and workforce. In the last couple of years, the federal administration has continued to allocate additional funding to supplement existing and ongoing federal funding. States should begin by evaluating the existing federal funding opportunities to support the implementation of the 988 Suicide & Crisis Lifeline. According to the Substance Abuse and Mental Health Services Administration’s (SAMHSA) 988 Convening Playbook for States, Territories, and Tribes, below are a few examples of funding sources that can be leveraged for the implementation of the 988 Suicide & Crisis Lifeline. 

  • SAMHSA 
    • Transformation Transfer Initiative
    • Community Mental Health Services Block Grant
    • Substance Abuse and Treatment Block Grant
    • Mental Health Block Grant Set-aside
    • State Opioid Response Grant
    • Tribal Opioid Response Grants
  • American Rescue Plan Act (ARPA) of 2021—for Mobile Crisis and Crisis Line Services
  • Medicaid
    • Early, Periodic, Screening, Diagnosis, and Treatment (known as EPSDT)
    • 1915(a) waivers
    • 1915(b) waivers
    • 1115 SMI/SED Service Delivery Waiver

The implementation of the 988 Suicide & Crisis Lifeline is critical to supporting the community and meeting their needs at a time where they need community support the most. If you have any questions, please contact BerryDunn’s behavioral health consulting team. We’re here to help.

Article
Components of successful implementation of the 988 Suicide & Crisis Lifeline

Read this if you are at a state Medicaid agency.

The uncertainty surrounding the end date of the COVID-19 Public Health Emergency (PHE) has made it difficult for state Medicaid agencies to plan and prepare to transition to pre-pandemic operations. Upon the federal declaration of the PHE, states and territories were forced to react quickly to reduce the impact on the Medicaid program and its enrollees. Many states and territories took advantage of the emergency authorities through the Centers for Medicare and Medicaid Services (CMS) to implement temporary policy changes such as the removal of prior authorization requirements, increased payments to providers, removal of cost-sharing, and the expansion of telehealth services. 

While many of the emergency authorities will terminate on or around the end of the PHE, states and territories may elect to make those temporary changes permanent due to the positive impact for both enrollees and providers. Take telehealth, for example. The broad flexibilities allowed during the PHE permitted providers to meet the healthcare needs of enrollees in a time where in-person visits were not recommended, nor available. To increase access to testing and vaccinations in pharmacies, pharmacy technicians and interns were permitted to administer COVID-19 vaccinations when supervised by an immunizing pharmacist.

So what comes next for states and territories once the PHE ends? Taking a proactive approach to plan out next steps will assist states and territories to be better prepared upon conclusion of the PHE. The US Department of Health and Human Services (HHS) has committed to providing at least a 60-day notice prior to the official end date of the PHE. CMS encourages states and territories to communicate changes to enrollees, managed care plans, counties, providers, and other stakeholders.

As we await the declared end date of the PHE or notification of another extension, states and territories can begin taking actions to prepare for the resumption of normal operations. We have learned new ways to prevent disruptions in meeting the needs of enrollees, developed enhanced methods of communication to stay in touch, and used technology to its fullest capacity. While our new normal is very different than pre-pandemic times, we can all use what we have learned to strengthen our tactics for any future PHEs. BerryDunn is here to assist and support states and territories as they prepare for the eventual end of the PHE.

If you have questions or would like to discuss further, please contact the Medicaid consulting team. We're here to help. You can also read more BerryDunn articles on the PHE unwinding here.

Article
Looking beyond the Public Health Emergency: What's next for states

Read this if you are at a financial institution. For more CECL information, tune in to the latest episode of BerryDunn’s CECL Radio podcast. It features Susan Weber and David Stone discussing how to handle unfunded commitments and debt securities during CECL preparation.

I love a big surprise! Of course, I mean the fun, uplifting kind—like birthday parties, a best friend’s unexpected visit, or that special anniversary gift. Not that other kind of surprise that’s more like biting into an apple only to find half a worm. Calculating a loss reserve for unfunded commitments is not a new concept, but the reach and significance of it may end up surprising institutions. How much? A review of 2020 public filings and disclosures shows that some adopters saw unfunded commitment reserves increase millions of dollars, from one percent of total reserves pre-adoption to six percent or more post-adoption. In this article, we take a close look at unfunded commitments under CECL, in an effort to help you avoid that “other kind” of surprise.  

Within the CECL standard (Accounting Standards Codification (ASC) 326 – Financial Instruments-Credit Losses), key considerations for estimating reserves tied to unfunded commitments are covered in section 326-20-30-11. The section lays out three key fundamentals: it applies to credit commitments that are not unconditionally cancellable, and that institutions should consider how likely the commitment is to be funded, and its expected life. 

First, let’s look at unconditionally cancellable—this essentially means that unless an institution can, at any time and for any reason, cancel its commitment to lend, then the commitment has to be included in this part of the estimate. Institutions may be surprised to discover that a portion of its commercial sales pipeline should now be included in unfunded commitment balances. Why? Because commitment letters issued to business loan applicants are often considered legally binding and they typically do not contain language that would make them unconditionally cancellable by the institution. This makes sense when you realize the primary goal of the commitment letter is to assure the applicant that the bank is committed to making the loan. This discovery, in turn, has led those involved in CECL implementation to develop (1) processes to ensure commercial loan pipelines are sufficiently detailed enough to know what, when, and how these commitments should be included in the calculation, and (2) internal controls that assure the accuracy, completeness, and timeliness of the information. 

Next up—how likely is it that the commitment will be funded? For unused portions of existing loans and lines, this may mean taking a look at average utilization rates. For in-scope pipeline commitments, institutions may find that they need to dig through information that is not commonly held in a central system to come up with a success or close rate. The likelihood of funding may vary widely between products or segments, and over its expected life. For example, the expected funding of a residential or commercial real estate construction line may approach 100%, whereas only 40% or less of a revolving line may ever be used. These funding rates become the basis for “discounting” the unfunded balances subject to reserve estimation and should be re-evaluated on some periodic basis, which can be detailed in the institution’s CECL model documentation related to governance and monitoring.

Finally, let’s look at the expected life of the loan component. This language and expectation are consistent with on-balance sheet credit, leading institutions to (1) make sure they are able to segment their off-balance sheet commitments in the same pools used for boarded loans, and (2) apply the appropriate pool reserve factor to unfunded commitments over the expected life of that type of loan. One-way institutions may accomplish this is by making sure that they are using the same fully adjusted reserve factor and expected life assumptions for unfunded pools as they do for their funded pool counterparts. 

You may discover that your CECL model or software vendor does not provide for unfunded commitment calculations, or only provides support for the available credit portion of loan facilities boarded to your core loan system. In either case, this means institutions must consider, support, and complete calculations outside of the model. Writing clear step-by-step instructions and ensuring a robust independent review/approval process will help off-set risks posed by such manual calculations.

Could you use an experienced resource to help you document or validate your CECL model?  

No matter what stage of CECL readiness you are in, we can help you navigate the requirements as efficiently and effectively as possible. For more information, visit the CECL page on our website. If you would like specific answers to questions about your CECL implementation, please visit our Ask the Advisor page to submit your questions.

For more tips on documenting your CECL adoption, stay tuned for our next article in the series. You can also follow Susan Weber on LinkedIn.

Article
Unfunded commitments and CECL: You may be in for a big surprise