SOC 2

Every organization experiences pain points from time to time: your costs may be too high, your cycle times too slow, your error rates are unacceptable, complaints are mounting. When things go wrong, it’s often the underlying processes and systems—not the people—that are at fault. To find a solution, organizations may turn to a consulting partner, like BerryDunn, for Business Process Improvement (BPI) services.

In this article, we discuss the types of BPI and related services like business process reengineering (BPR) you might consider, and how to decide which approach is right for your organization.

What is Business Process Improvement (BPI)?

BPI involves making changes to your existing processes. The core system remains intact; the goal is to make it work better—faster, cheaper, more accurately, or with less waste.

A BPI project begins with an assessment to measure how well your technology needs, business processes, and staff competencies align with your strategic goals and objectives. BPI projects typically:

• Build on what already exists
• Draw on philosophies and tools from Six Sigma and Lean
• Involve incremental changes that may be easier for your employees to absorb

Following the assessment, your consulting partner will provide recommendations and action plans to help you establish priorities, adopt and implement action plans, and make informed decisions. The recommendations are designed to improve efficiency, effectiveness, streamlining, and accuracy, while prioritizing your business goals and objectives.

Central to our approach at BerryDunn is collaboration with stakeholders to gain a solid understanding of your current environment.

When do you need more than process improvement?

BPI can be a standalone service to improve your existing organizational structures, processes, procedures, operational practices, and technology. It can also be the starting point for business process reengineering (BPR), which takes the actions from BPI analysis a step further.

BPR involves a fundamental rethinking of how work gets done. Rather than asking “How do we do this better?” it asks “Should we be doing this at all?” Whereas BPI builds on what already exists, BPR starts with a clean mindset and the willingness to redesign your business process from scratch.

Before you decide on an approach, it pays to fully understand where the pain is coming from within your business process.

Diagnose before deciding

Your consultant can be an invaluable, objective partner in diagnosing your business process pain points. Consider this four-question framework for analyzing your problem:

1. What is the nature of the problem? Is it contained within one process or is it systemic?
2. Is the current problem fundamentally sound? Is it poorly executed or is it the wrong process entirely?
3. What has already been tried? Have previous fixes resulted in long-term solutions?
4. What is our organization's capacity for change? Not just appetite, but bandwidth, leadership alignment, and change management infrastructure

Understanding the problem before deciding on a solution can save your organization significant time, money, and disruption later.

Starting on the business process improvement path

If your process is structurally sound but has accumulated inefficiencies over time—if it’s localized rather than enterprise-wide—BPI is the place to start. Time and budget constraints favor the focused, lower-risk BPI approach, which involves incremental change rather than wholesale disruption.

Key questions your BPI consultant will want to explore at the start of your project include:

• Who will be the internal champions who can own this work?
• What project phases should they be involved in?
• How will we engage them in outreach and information gathering?
• How will we measure success, and over what timeframe?

Process improvement activities are focused on understanding the challenges in existing processes and their underlying causes, then developing solutions to eliminate or mitigate those causes. If staff performance issues are identified, they are handled through coaching, training, and escalation to supervisors as needed and appropriate.

If the root cause of your problem turns out to be structural rather than operational, an approach to more fundamental changes may be warranted; We call this Business Process Reengineering (BPR). BPR is the next step to the meaningful and sustainable business process improvements you are looking for.

When process reengineering makes sense

BPR takes the actions from BPI a step further by developing new solutions to current organizational challenges. Because it may require more transformational change, BPR can be a higher risk-higher reward undertaking. Important considerations for your team include:

• Is leadership committed to disruptive change?
• How will we manage resistance to change?
• Do we have the governance structures to make cross-functional decisions?
• What is our risk tolerance, and how do we manage it?
• How do we maintain operational continuity while the redesign is underway?

An effective approach for conducting BPR initiatives will integrate best practices and industry standards from three key disciplines: process improvement, project management, and organizational change management (OCM).

In our experience at BerryDunn, a focus on process improvement/redesign alone does not lead to meaningful and sustainable improvements: in addition to redesigning processes, the organizational culture must reinforce—and stakeholders must fully support—the changes.

Key takeaways

• Assess your pain points first to determine whether incremental improvement (BPI) or full redesign (BPR) is the right approach.
• Differentiate between BPI and BPR—improve existing processes for efficiency or redesign them when they no longer meet organizational needs.
• Align change efforts with business goals to ensure process improvements deliver measurable, sustainable outcomes.
• Engage stakeholders across the organization to uncover root causes, build buy‑in, and support successful implementation.
• Partner with experienced advisors to guide assessment, prioritization and execution for long‑term organizational change.

Leveraging your Business Process Improvement investment

Organizational capability building (OCB) is one of BerryDunn’s core services, designed to help organizations optimize their business operations and sustain the gains they made through the BPI/BPR initiative. We work with organizations of all kinds to solve business process problems, build a culture of continuous improvement, and provide the support and guidance necessary to successfully execute their project goals and objectives. Learn more about our services and team. 

Read this if you are a fiduciary for a defined contribution retirement plan.

Over the past several years, fiduciaries of defined contribution (DC) retirement plans—particularly 401(k) plans—have faced a sustained wave of ERISA class‑action litigation. While early cases focused heavily on excessive recordkeeping fees and imprudent investment options, recent lawsuits have sharpened their focus on plan forfeitures and revenue-sharing accounts, alleging breaches of fiduciary duty related to how these amounts are used, allocated, and disclosed.

Plaintiffs’ firms are increasingly targeting routine plan practices that were historically viewed as operational or discretionary, arguing that these practices result in unnecessary plan expenses or unfair cost shifting to participants. As a result, plan sponsors, committees, and service providers are reassessing long‑standing practices through a litigation‑risk lens.

Forfeitures: From administrative tool to litigation target 

What’s being challenged  

Forfeitures typically arise when participants terminate employment before becoming fully vested in employer contributions. Most plan documents allow forfeitures to be used to: 

• Reduce employer contributions 
• Pay plan administrative expenses 
• Be reallocated to participant accounts 

Recent litigation alleges that fiduciaries breach their duties of loyalty and prudence when forfeitures are used to reduce employer contributions instead of offsetting plan expenses paid by participants. Plaintiffs argue that this effectively benefits employers at participants’ expense, even when the plan document expressly allows such use. The DOL has also targeted plans that use language that is not clear or is inconsistent with the use of forfeitures. For instance, in 2023, the DOL alleged that a plan failed to follow its own governing documents regarding the use of forfeiture funds. The judge ruled in favor of the DOL, requiring the plan sponsor to restore $575,000 to plan participants.

Key litigation themes 

• Failure to prioritize forfeiture use to pay plan expenses 
• Inadequate consideration of participant impact 
• Lack of documented fiduciary deliberation 
• Mismatch between plan document language and actual practice 

Courts have not universally agreed with plaintiffs, but the claims themselves are costly to defend and have led to settlements—even where plan language is permissive.

Revenue sharing: Heightened expectations around fee controls 

What’s being challenged 

Revenue sharing—where a portion of investment fees is used to pay recordkeeping or administrative costs—remains a common industry practice. However, plaintiffs continue to challenge: 

• The reasonableness of total plan fees 
• The use of asset‑based revenue sharing instead of per‑participant fees 
• Alleged failure to monitor accumulating revenue credits or “ERISA accounts” 

A frequent allegation is that fiduciaries allowed revenue-sharing balances to accumulate beyond reasonable plan needs or failed to rebate excess amounts to participants, resulting in participants indirectly subsidizing plan expenses without adequate disclosure.

Key litigation themes 

• Inadequate benchmarking of recordkeeping fees 
• Lack of periodic review and return of excess revenue 
• Failure to convert to flat‑dollar (per‑capita) fees as plan assets grow 
• Insufficient transparency around revenue‑sharing mechanics 

Best practices to prevent—or defend against—litigation 

While litigation risk cannot be fully eliminated, plan management can significantly reduce exposure through disciplined fiduciary governance.

1. Align plan operations with plan document provisions 

• Confirm that forfeiture and revenue‑sharing practices strictly follow plan document language. 
• Periodically review whether current provisions remain appropriate given plan size and demographics. 
• Consider updating plan administrative policies to clearly follow the priority rules in the plan documents for forfeiture use, if ambiguity exists. 

2. Document fiduciary decision‑making 

• Detailed committee minutes should reflect discussions of forfeiture usage, fee structures, and participant impact. 
• Evidence that fiduciaries considered alternatives is often more important than the outcome itself. 
• Regular review is essential, rather than relying on “set it and forget it” approaches. 

3. Benchmark fees regularly 

• Perform periodic recordkeeping and investment fee benchmarking using independent data. 
• Ensure comparisons reflect plan size, complexity, and service scope. 
• Evaluate whether revenue-sharing remains appropriate as plan assets grow. 

4. Actively monitor revenue-sharing accounts 

• Review revenue‑sharing or ERISA accounts at least annually. 
• Establish policies for the timely use or rebate of excess balances. 
• Ensure consistent and equitable allocation methodologies. 

5. Evaluate participant impact 

• Analyze how forfeiture usage and revenue‑sharing arrangements affect different participant cohorts. 
• Be especially mindful of whether participants bear expenses that could otherwise be offset. 

6. Enhance fee transparency and disclosures 

• Confirm required participant disclosures accurately explain revenue‑sharing arrangements. 
• Align committee understanding with what participants are told. 
• Reduce confusion and litigation risk with clear communication. 

Focus on fiduciary process 

The recent litigation trend does not suggest that forfeitures or revenue sharing are inherently improper. Rather, courts and plaintiffs’ counsel are signaling that process, documentation, and participant‑centric decision‑making are paramount. For plan fiduciaries, the question is no longer just what the plan allows—but whether fiduciaries can demonstrate a prudent, well‑reasoned process that prioritizes participants’ interests. As always, your BerryDunn team is here to help.

Community engagement is at the heart of what we do as parks and recreation professionals. When it works, it builds trust, strengthens programs, and leads to better, community-driven decisions. When it falls short, participation drops, projects lose momentum, and we risk hearing from the same voices over and over.  

The reality is that most engagement challenges are shared across agencies. The difference lies in how we respond. With the right strategies, even persistent barriers can become opportunities to connect more meaningfully with our communities. 

Why community engagement still matters 

Strong engagement leads to better outcomes—plain and simple. It increases transparency, improves equity in decision-making, and helps ensure parks and programs reflect real community needs.  

More importantly, it reinforces something we all value: trust. When people feel heard, they’re more likely to stay involved, support initiatives, and advocate for your system long term. 

Common barriers to community engagement—and practical ways to overcome them 
 

1. Balancing the vocal minority and the silent majority 

Every engagement process has its regulars—the highly engaged individuals who consistently show up and share feedback. Their input is valuable, but it can unintentionally skew perception if it’s the dominant voice. Meanwhile, the majority of the community often remains quiet due to time constraints, lack of awareness, or uncertainty about how to participate.

What works in practice: 

• Diversify outreach methods (social, text, in-park signage, events) 
• Offer low-effort ways to participate, such as quick polls or QR codes 
• Facilitate meetings intentionally to prevent any one voice from dominating 

The goal isn’t to quiet the vocal group—it’s to broaden the conversation. 

2. Addressing survey fatigue 

Surveys are a staple in engagement, but over-reliance can backfire. Long, frequent surveys often lead to lower response rates and less reliable data.  

What works in practice: 

• Keep surveys brief and focused on a single topic 
• Reduce frequency and be strategic about timing 
• Pair surveys with interactive experiences like idea walls or live feedback stations 

Closing the feedback loop is critical here. When people see how their input shaped outcomes, future participation becomes easier to earn. 

3. Competing with convenience 

We’re not just competing with other priorities—we’re competing with convenience. If engagement requires too much effort, many people will opt out. 

What works in practice: 

• Bring engagement to existing touchpoints: events, rec programs, community spaces 
• Offer hybrid options (in-person and digital) to meet different preferences 
• Make participation engaging—interactive displays, giveaways, or hands-on activities 

Think about engagement as an experience, not an obligation. 

4. Navigating trust gaps 

In some communities, skepticism toward government can limit participation before engagement even begins. That hesitation often stems from past experiences or a perception that input won’t lead to meaningful change.  

What works in practice: 

• Partner with trusted community leaders and organizations 
• Use plain, approachable language—avoid overly formal or institutional tone 
• Show consistency by engaging early and often, not just during major projects 

Trust is built through repetition and authenticity, not just well-designed outreach campaigns. 

5. Doing more with limited resources 

Budget constraints are a reality for most agencies, but meaningful engagement doesn’t require a large investment—it requires intentionality.  

What works in practice: 

• Focus on high-impact, low-cost tactics (pop-up engagement, digital tools) 
• Leverage partnerships with local organizations, schools, and businesses 
• Use technology to scale outreach without significantly increasing costs 

The most effective strategies are often the ones that meet people where they already are. 

A more effective approach moving forward 

Across all of these barriers, one theme stands out: engagement works best when it’s designed around the community—not the process. 

Leading practices emphasize engagement that is: 

• Immersive (interactive and participatory) 
• Customized (tailored to specific audiences) 
• Convenient (easy to access and contribute) 
• Inclusive (welcoming to all voices) 
• Defensible (transparent and data-informed) 

When these principles guide your approach, engagement becomes more than a checkbox—it becomes a strategic advantage. 

Now turn these ideas into action 

Overcoming barriers to community engagement isn’t about finding one perfect tactic. It’s about layering strategies, staying flexible, and continuously refining your approach based on what works. The communities we serve are dynamic. Our engagement strategies should be too. 

How we can help 

BerryDunn's consultants work with you to improve operations, drive innovation, and identify service improvements based on community need—all from the perspective of our team’s combined 100 years of hands-on experience. We provide practical park solutions, recreation expertise, and library consulting. Learn more about our team and services. 

When the federal government shut down for 43 days (October 1 – November 12, 2025), millions of families worried about losing access to WIC—the Special Supplemental Nutrition Program for Women, Infants, and Children. WIC provides healthy food and nutrition support to pregnant women, mothers of infants and young children, and children 5 years and younger.

The shutdown exposed critical vulnerabilities in how WIC is funded. While states and USDA implemented emergency measures to keep the program running, the experience underscored the need for structural reforms and more proactive planning.

So how did states keep the program running—and what can be done to better protect WIC in the future?

How states maintained WIC services during the shutdown

1. State strategies to sustain WIC funding
States relied on a patchwork of strategies to maintain benefits in the short term. Some used leftover funds and manufacturer rebates, while others tapped emergency reserves or activated executive authorities:

• Colorado set aside $7.5 million before the shutdown even began
• Connecticut used emergency powers to authorize state funding
• Wisconsin declared a state of emergency to accelerate funding for food programs
• Hawai'i and Iowa used bridge funding to keep benefits flowing

2. Federal actions to support WIC continuity
USDA also took steps to stabilize the program during the disruption:

• Released $150 million in contingency funds and reallocated $164 million in unspent funds
• Authorized bridge funding, with assurances that states would be reimbursed after the shutdown ended

Contingency strategies states considered for WIC operations

Even with these efforts, states prepared for the possibility of more severe disruptions by considering actions such as:

• Restricting eligibility to high-risk populations (e.g., pregnant women and infants)
• Implementing waitlists for new applicants
• Accelerating SNAP benefit issuance, drawing on historical precedent

Strategies to strengthen WIC program resilience

The shutdown highlighted several opportunities for states to strengthen preparedness:

• Pre-authorize emergency WIC funding: Engage legislatures and budget committees to allocate interim funding during federal gaps
• Codify executive flexibilities: Establish clear authority for rapidly deploying state resources in a crisis
• Advance USDA coordination: Secure reimbursement commitments and guidance before a shutdown begins

Federal policy proposals to protect WIC funding

H.R. 5740—the WIC Benefits Protection Act—proposes to make WIC funding mandatory, so families would not have to worry about losing benefits during a shutdown. The bill aims to strengthen and stabilize one of the nation’s most effective nutrition programs for vulnerable mothers and children.

If enacted, the legislation would transition WIC from discretionary to mandatory funding beginning in FY2026, ensuring uninterrupted nutrition benefits regardless of appropriations disruptions and improving consistency in eligibility and program operations.

However, as of May 2026, H.R. 5740 has been introduced but has not been enacted, meaning WIC funding still relies on annual congressional appropriations.

Current funding reality for WIC

In response to the 2025 shutdown, Congress ultimately passed legislation to fully fund WIC for fiscal year 2026, providing short-term stability for states and participants.

This funding is expected to support the full caseload of eligible participants and maintain core benefits, continuing a long-standing bipartisan commitment to fully fund the program.

However, because WIC remains funded through the annual appropriations process, the program could still face uncertainty during future funding disruptions. 

State-level impacts of mandatory WIC funding

If a proposal like H.R. 5740 were enacted, states could see several key benefits:

• Elimination of uncertainty tied to annual federal appropriations
• Stable, predictable funding for both benefits and administration
• Reduced risk of program disruption during future shutdowns
• Potential increases in participation due to clearer eligibility, with costs federally supported

Key takeaways on WIC funding stability

The 2025 shutdown demonstrated that quick thinking and strong federal–state partnerships can keep WIC running in the short term. But it also made clear that stopgap measures are not a long-term solution.

While Congress ultimately fully funded WIC for FY2026, that action did not resolve the underlying structural challenge: the program still depends on annual appropriations. Without longer-term reform, similar risks could emerge in future shutdown scenarios.

Proposals like H.R. 5740 highlight a path forward—but until changes are enacted, ensuring continuity will continue to depend on advance planning, coordination, and contingency strategies at both the state and federal levels.

How BerryDunn can help

BerryDunn’s consulting services support current and emerging demands and prepare clients to successfully navigate change. Our team openly communicates and collaborates with project stakeholders to gain a clear sense of organizational needs and then develop strategies and tactics to address them. Serving as trusted advisors, our team provides ongoing expertise and support so that state staff can remain focused on providing high-quality services to individuals and families. Learn more about our services and team. 

Read this if you are a chief compliance officer or an AML/CFT officer at a community bank, credit union, or broker-dealer firm. 

The US Department of the Treasury’s 2026 National Money Laundering Risk Assessment (NMLRA), which was issued in March 2026, provides a comprehensive look at the most significant illicit finance threats facing the US financial system. While the report spans the entire economy, several themes are particularly relevant for community banks, credit unions, and broker-dealers—all of which remain critical entry points and transit nodes for illicit funds. 

Why this matters for banks and broker-dealers

The Treasury report confirms that the core money laundering threats—fraud, drug trafficking, cybercrime, human trafficking, corruption, and professional money laundering networks—have not changed. What has changed is scale and velocity.

Criminals are generating larger proceeds more quickly by: 

• Leveraging digital channels, social media, and encrypted communications 
• Using artificial intelligence (AI) to create synthetic identities, deepfakes, and believable scam communications 
• Moving funds rapidly across banks, broker‑dealers, money services businesses (MSBs), and digital asset platforms 

For smaller institutions and broker‑dealers with limited compliance resources, this evolution increases both operational risk and regulatory exposure. 

Fraud risks facing banks and broker-dealers 

The NMLRA identifies fraud—not drug trafficking—as the largest source of illicit proceeds entering the US financial system. The most common suspicious activity includes:  

• Investment fraud 
• Business email compromise 
• Confidence scams 
• Elder financial exploitation 
• Digital asset‑related scams 

Key implications:

• Community banks and credit unions are frequently used as deposit and transit accounts for fraud proceeds, often involving unwitting account holders or money mules (people who collect or receive illicit proceeds and then transport, transfer, or convert the funds on behalf of another person or organization). 
• Broker‑dealers face rising exposure to: 
  • Ramp‑and‑dump (a market-manipulation scheme where bad actors artificially “ramp” up a stock’s price/volume—often via deceptive promotion—then sell into the spike, leaving other investors with losses) and pump‑and‑dump (similar manipulation: promoters “pump” a stock with misleading hype, then “dump” their shares at inflated prices) securities schemes 
  • Foreign‑based investment clubs operating via social media 
  • Omnibus and correspondent-style accounts masking beneficial ownership 

Regulators are increasingly focused not just on transaction monitoring failures, but on whether firms understand how modern scams operate and have controls aligned to current typologies. 

Digital assets and stablecoins: No longer peripheral 

Although the report notes that most laundering still occurs through fiat channels, digital assets—especially stablecoins—play a growing role across fraud, ransomware, sanctions evasion, and drug trafficking. 

For community banks and broker‑dealers, the takeaway is not limited to crypto custody or trading: 

• Fraud proceeds are often converted into stablecoins after passing through traditional deposit accounts. 
• Digital asset kiosks, over-the-counter (OTC) brokers, and foreign exchanges are frequently downstream of US institutions. 
• Even firms that do not directly offer digital asset products may still be the first regulated touchpoint in the laundering chain.

Institutions are expected to recognize digital asset exposure through customer behavior, not just through product offerings.

Regulatory expectations are increasingly risk‑based—and personal 

The assessment highlights that most anti-money laundering (AML) enforcement actions in recent years stem from: 

• Weak internal controls 
• Inadequate customer due diligence 
• Insufficient authority, independence, or resourcing of the BSA (Bank Secrecy Act)/AML officer 
• Failure to reassess risk as products, technologies, or customer behavior change 

Notably, enforcement actions and SEC/FINRA cases against broker‑dealers emphasize individual accountability, including AML and compliance officers. 

What regulators are signaling: 

• “Check‑the‑box” AML programs are no longer sufficient 
• Firms must demonstrate active understanding of emerging risks 
• Boards and senior management are expected to own AML risk, not delegate it entirely 

Community institutions face unique pressure points 

The Treasury report recognizes that most US banks and credit unions are small institutions, often operating with lean compliance teams while facing the same threat environment as large, global firms. 

Common vulnerabilities include: 

• Rapid customer onboarding driven by competition and fintech pressures 
• Mergers or core conversions that disrupt customer risk profiles 
• Third‑party and fintech relationships that blur AML accountability 
• Overreliance on vendors without sufficient internal challenge or oversight 

At the same time, Treasury explicitly acknowledges the need to avoid excessive compliance burden, reinforcing that risk‑based tailoring—not volume of suspicious activity reports (SARs)—is the benchmark.

How community banks, credit unions, and broker-dealers can stay ahead 

The 2026 National Money Laundering Risk Assessment reinforces a central message: Illicit finance risk is no longer confined to niche products or large institutions. 

Community banks, credit unions, and broker‑dealers sit at critical points in the financial ecosystem. Institutions that proactively align their AML programs to modern fraud typologies, digital behaviors, and evolving regulatory expectations will be best positioned to manage risk without incurring unnecessary burden.

Practical takeaways for financial institutions and broker-dealers 

1. Refresh fraud risk assessments: This is especially important for elder customers, peer-to-peer (P2P) payments, wire activity, and investment‑related referrals. 
2. Revisit customer due diligence: Focus on beneficial ownership, nominee activity, and unexplained changes in behavior. 
3. Assess stress‑test controls around money mule activity: Funnel accounts, rapid movement of funds, and pass‑through behavior remain top red flags. 
4. Evaluate digital asset exposure—even indirectly: Consider how customers interact with exchanges, kiosks, or stablecoins outside the institution. 
5. Ensure BSA/AML governance is board‑engaged: Regulators increasingly expect documented oversight and challenge from senior leadership. 

BerryDunn can help

Our risk management team helps clients develop and implement effective risk management programs tailored to each organization’s size, risk level, and resources. If you have questions, please reach out to your BerryDunn financial institutions and broker-dealers teams.