Month: April 2023

Categories
General

BDO Capital Q1 2023 Manufacturing M&A Market Update

The manufacturing sector demonstrated continued momentum in 2022 despite facing various macro-economic headwinds. Inflationary pressures, supply chain bottlenecks, and labor shortages, combined with a high interest rate environment, sparked concerns around the Fed’s ability to achieve a soft landing. While M&A activity is down from 2021, transaction volume in 2022 was in line with pre-pandemic levels. Well-capitalized investors continued to seek quality assets to add to their portfolios, resulting in healthy multiples and steady deal flow.

Click the download button below to read more from the BDO Capital Q1 2023 Manufacturing M&A Market Update.

Categories
General

Spring Cleaning in QuickBooks

Have your company’s accounting records become cluttered with duplicate items and unused accounts? When you need to revise your QuickBooks® lists — such as the chart of accounts, customers, and vendors — the software provides methods for deleting, inactivating, and merging list entries. Here’s what you can do to help spruce things up. 

Deleting 

QuickBooks users are often concerned about botching up their accounting by deleting an unwanted list entry. No need to worry! If you attempt to delete a list entry and it’s in use somewhere within the company file, QuickBooks won’t allow it to be deleted. Instead, a warning message will be displayed. Before an item is deleted, QuickBooks will ask you to confirm the deletion. And, if you delete a list entry in error, you can undo it — but this only works immediately following the accidental deletion. 

Inactivating 

If QuickBooks won’t let you delete a list entry or you’re unsure whether you’ll need to access the item again in the future, you can make it inactive. When you inactivate a list entry, QuickBooks keeps the information associated with that entry. But the record is hidden in the list and won’t appear on any related drop-down lists. Once a list entry is inactivated, it can be re-activated at any time. For example, if a job has been completed, making it inactive will shorten the customer list and prevent accidental usage on an invoice or payment window. You can later re-activate the list item if you need to view or re-activate the job. 

Important: A customer that has one or more jobs can’t be deleted, but it can be made inactive. To delete a customer, all jobs for that customer must be deleted first. Likewise, a job that has one or more transactions can’t be deleted, but it can be made inactive. To delete a job, all transactions for that job must be deleted first. There are also some precautions to inactivating list entries that still have open balances. For instance, if you’d like to inactivate an inventory item, be sure to adjust the quantity on hand to zero. If a customer or vendor has a balance, be sure to adjust the balance to zero and apply the adjustment to any open balances before inactivating the name. Additionally, inactivating a list entry doesn’t prevent it from being included in a memorized transaction that was previously created. Be sure to update those recurring entries as well.

Merging 

The merge feature allows two entries within the same list to be combined. While this is an incredibly powerful tool, merging two list entries is an irreversible operation. To safeguard against any mistakes made during merging, it is a good idea to make a backup of the file first in case there’s a need to restore the file to its original state. 

We can help 

Accounting records are like tools in your garage. Some are used every day. Others are collecting cobwebs but may be needed for a rainy-day project. And a few are completely obsolete and need to be thrown out. Spring cleaning can give you a fresh start. Contact us for help cleaning up your QuickBooks lists. Our experts can guide you through the steps needed to delete, inactivate and merge list items. © 2023

Categories
General

5 Valuation Terms That Every Business Owner Should Know

As a business owner, you’ll likely need to have your company appraised at some point. An appraisal is essential in the event of a business sale, merger, or acquisition. It’s also important when creating or updating a buy-sell agreement or doing estate planning. You can even use a business valuation to help kickstart or support strategic planning. A good way to prepare for the appraisal process, or just maintain a clear big-picture view of your company, is to learn some basic valuation terminology. Here are five terms you should know:

1. Fair market value.

This is a term you may associate with selling a car, but it applies to businesses — and their respective assets — as well. In a valuation context, “fair market value” has a long definition: The price, expressed in terms of cash equivalents, at which property would change hands between a hypothetical willing and able buyer and a hypothetical willing and able seller, acting at arm’s length in an open and unrestricted market, when neither is under compulsion to buy or sell and when both have reasonable knowledge of the relevant facts.

2. Fair value.

Often confused with fair market value, fair value is a separate term — defined by state law and/or legal precedent — that may be used when valuing business interests in shareholder disputes or marital dissolution cases. Typically, a valuator uses fair market value as the starting point for fair value, but certain adjustments are made in the interest of fairness to the parties. For example, dissenting shareholder litigation often involves minority shareholders who are “squeezed out” by a merger or other transaction. Unlike the “hypothetical, willing” participants contemplated under the definition of fair market value, dissenting shareholders are neither hypothetical nor willing. The fair value standard helps prevent controlling shareholders from taking advantage of minority shareholders by forcing them to accept a discounted price.

3. Going concern value.

This valuation term often comes into play with buy-sell agreements and in divorce cases. Going concern value is the estimated worth of a company that’s expected to continue operating in the future. The intangible elements of going concern often include factors such as having a trained workforce; an operational plant; and the necessary licenses, systems and procedures in place to continue operating.

4. Valuation premium.

Sometimes, because of certain factors, an appraiser must increase the estimate of a company’s value to arrive at the appropriate basis or standard of value. The additional amount is commonly referred to as a “premium.” For example, a control premium might apply to a business interest that possesses the requisite power to direct the management and policies of the subject company.

5. Valuation discount.

In some cases, it’s appropriate for an appraiser to reduce the value estimate of a business based on specified circumstances. The reduction amount is commonly referred to as a “discount.” For instance, a discount for lack of marketability is an amount or percentage deducted from the value of an ownership interest to reflect that interest’s inability to be converted to cash quickly and at minimal cost. © 2023

If you need assistance with business valuation or have questions about the appraisal process, contact us for expert guidance and support.

Categories
General

2023 Q2 Tax Calendar: Key Deadlines for Businesses and Employers

Here are some of the key tax-related deadlines that apply to businesses and other employers during the second quarter of 2023. Keep in mind that this list isn’t all-inclusive, so there may be additional deadlines that apply to you. Contact us to ensure you’re meeting all applicable deadlines and to learn more about the filing requirements. 

April 18

If you’re a calendar-year corporation, file a 2022 income tax return (Form 1120) or file for an automatic six-month extension (Form 7004) and pay any tax due. For corporations pay the first installment of 2023 estimated income taxes. For individuals, file a 2022 income tax return (Form 1040 or Form 1040-SR) or file for an automatic six-month extension (Form 4868) and pay any tax due. For individuals, pay the first installment of 2023 estimated taxes, if you don’t pay income tax through withholding (Form 1040-ES). 

May 1

Employers report income tax withholding and FICA taxes for the first quarter of 2023 (Form 941) and pay any tax due. 

May 10

Employers report income tax withholding and FICA taxes for the first quarter of 2023 (Form 941), if they deposited on time and fully paid all of the associated taxes due.

June 15 

Corporations pay the second installment of 2023 estimated income taxes. © 2023

Categories
General

Have You Planned For Long-Term Health Care Expenses?

No matter how diligently you prepare, your estate plan can quickly be derailed if you or a loved one requires long-term home health care or an extended stay at an assisted living facility or nursing home. Long-term care (LTC) expenses aren’t covered by traditional health insurance policies or Medicare. So it’s important to have a plan to finance these costs, either by setting aside some of your savings or purchasing insurance. Let’s take a closer look at three options. 

1) LTC insurance 

An LTC insurance policy supplements your traditional health insurance by covering services that assist you or a loved one with one or more activities of daily living (ADLs). Generally, ADLs include eating, bathing, dressing, toileting, transferring (getting in and out of a bed or chair), and maintaining continence. LTC coverage is relatively expensive, but it may be possible to reduce the cost by purchasing a tax-qualified policy. Generally, benefits paid in accordance with an LTC policy are tax-free.

To qualify, a policy must:

Be guaranteed renewable and noncancelable regardless of health, Not delay coverage of pre-existing conditions more than six months, Not condition eligibility on prior hospitalization, Not exclude coverage based on a diagnosis of Alzheimer’s disease, dementia, or similar conditions or illnesses, and Require a physician’s certification that you’re either unable to perform at least two of six ADLs or you have a severe cognitive impairment and that this condition has lasted or is expected to last at least 90 days.

It’s important to weigh the pros and cons of tax-qualified policies. The primary advantage is the premium tax deduction. But keep in mind that medical expenses are deductible only if you itemize and only to the extent they exceed 7.5% of your adjusted gross income (AGI), so some people may not have enough medical expenses to benefit from this advantage.

It’s also important to weigh any potential tax benefits against the advantages of nonqualified policies, which may have less stringent eligibility requirements. 

2) Hybrid insurance 

Also known as “asset-based” policies, hybrid policies combine LTC benefits with whole life insurance or annuity benefits. These policies have advantages over standalone LTC policies. For example, their health-based underwriting requirements typically are less stringent and their premiums are usually guaranteed — that is, they won’t increase over time. Most important, LTC benefits, which are tax-free, are funded from the death benefit or annuity value. So, if you never need to use the LTC benefits, those amounts are preserved for your beneficiaries. 

3) Employer-provided plans

Employer-provided group LTC insurance plans offer significant advantages over individual policies, including discounted premiums and “guaranteed issue” coverage, which covers eligible employees (and, in some cases, their spouse and dependents) regardless of their health status. Group plans aren’t subject to nondiscrimination rules, so a business can offer employer-paid coverage to a select group of employees.

Employer plans also offer tax advantages. Generally, C corporations that pay LTC premiums for employees can deduct the entire amount as a business expense, even if it exceeds the deduction limit for individuals. And premium payments are excluded from employees’ wages for income and payroll tax purposes. 

Think long term 

Given the potential magnitude of LTC expenses, the earlier you begin planning, the better. We can help you review your options and analyze the relative benefits and risks. Contact an ATA expert to get started. 

 © 2023

Categories
Financial Institutions and Banking

Bank Wire

Crypto-assets: Handle with care

In January 2023, the federal banking agencies published “Joint Statement on Crypto-Asset Risks to Banking Organizations.” The statement cautions banks to be aware of — and, if applicable, mitigate — the risks associated with crypto-assets. According to the statement, these risks include:

  • Fraud and scams,
  • Legal uncertainties regarding custody practices, redemptions and ownership rights,
  • Inaccurate or misleading representations or disclosures, including misrepresentations regarding FDIC coverage,
  • Significant volatility, including potential impacts on deposit flows,
  • Stablecoins’ susceptibility to run risk,
  • Contagion risk resulting from interconnections among crypto-asset participants,
  • Lack of mature, robust risk management and governance practices in the crypto-asset sector, and
  • Heightened risks associated with open, public or decentralized networks (for example, lack of governance mechanisms, absence of contracts, or standards to clearly establish roles, responsibilities and liabilities).

The statement instructs banks to “ensure that crypto-asset-related activities can be performed in a safe and sound manner, are legally permissible, and comply with applicable laws and regulations,” including consumer protection laws. Notably, the statement opines that “issuing or holding as principal crypto-assets that are issued, stored, or transferred on an open, public, and/or decentralized network, or similar system is highly likely to be inconsistent with safe and sound banking practices.”

Be prepared to report computer security incidents

As concerns over cybersecurity intensify, banks should be prepared to report computer security incidents to federal regulators quickly. Under a rule that took effect last spring, banks must report computer security incidents that rise to the level of a “notification incident” within 36 hours. The rule defines “computer security incident” as an “occurrence that results in actual harm to the confidentiality, integrity, or availability of an information system or the information that the system processes, stores, or transmits.” These incidents aren’t limited to cyberattacks — they also can result from hardware or software failures, human error or other nonmalicious causes.

A computer security incident is deemed to be a notification incident if it’s reasonably likely to materially disrupt or degrade a bank’s 1) ability to carry out banking operations, activities or processes, or deliver products and services to customers, 2) business lines whose failure would result in a material loss of revenue, profit or franchise value, or 3) operations whose failure would pose a threat to U.S. financial stability. All banks should have procedures in place for identifying notification incidents and reporting them to their primary regulators on a timely basis.

© 2023

Categories
Financial Institutions and Banking

Strengthen Your Defenses: Preparing for ransomware attacks

In October 2021, a California community bank was victimized by a ransomware attack. The hackers obtained sensitive information from the bank’s systems, including loan application forms, tax returns, W-2 information, payroll records, names, addresses and Social Security numbers. They threatened to release this information if the bank failed to negotiate.

The bank incurred significant financial costs and reputational damage associated with the attack. It also offered free credit monitoring and identity theft protection services to affected customers. This is just one of many examples of community banks that have been targeted by ransomware attacks in recent years.

Double trouble

There was a time when smaller banks reasonably believed that cybercriminals would leave them alone, because larger institutions offered a bigger payoff. Recently, however, the trend has reversed. Cybercriminals are now targeting small banks, which they believe lack the wherewithal to protect against these attacks and have less robust internal controls than larger institutions.

A new ransomware scheme involves so-called “double extortion” attacks. In a traditional ransomware attack, the cybercriminal sends a phishing email to a bank employee or other user of the bank’s systems. If the recipient clicks on the link in the email, it introduces malware that infects the bank’s system, encrypting its data. The cybercriminal demands a ransom payment in exchange for the decryption key.

In some cases, however, victims were able to quickly restore their systems from unaffected backups and thus refused to pay the ransom. To avoid this result, a double extortion attack involves stealing sensitive data and threatening to release it if the ransom isn’t paid.

Protective measures

To minimize the risks associated with ransomware attacks, community banks should follow industry practices recommended by the Federal Financial Institutions Examination Council (FFIEC) and other federal banking agencies. These include:

  • Regularly assessing the bank’s exposure to ransomware risks and patching any vulnerabilities,
  • Educating employees about the risks of ransomware and training them on identifying and reporting potential attacks,
  • Inventorying hardware, software, connections and data, with programs in place that identify vulnerabilities,
  • Implementing backup systems designed to protect data from cybercriminals,
  • Segmenting networks to limit a cybercriminal’s access within the system if a breach occurs,
  • Managing third-party risks that expose the bank to ransomware attacks,
  • Implementing email filtering processes that identify malicious messages and prevent them from reaching end users, and
  • Restricting the use of employees’ personal devices on the bank’s network.

Be aware that payment of ransomware may result in sanctions if the cybercriminal is listed by the Office of Foreign Assets Control (OFAC) as a known or suspected terrorist or terrorist organization. Reporting ransomware demands promptly to the federal authorities can help mitigate these sanctions. Banks also may need to file Suspicious Activity Reports (SARs) in connection with ransomware payments.

Another critical tool for defending your bank against cyberattacks is a program of regular system vulnerability assessments and penetration tests. Vulnerability assessments involve scanning all internal and external networks to identify security flaws or weaknesses. Penetration testing — a form of “ethical hacking” — involves the intentional launching of simulated cyberattacks to identify any vulnerabilities that can be exploited to compromise the bank’s systems or data. It can also be used to test the bank’s security policies, employees’ security awareness, and the bank’s ability to flag and respond to security issues as they happen.

Typically, vulnerability assessments should be conducted twice a year and penetration testing should be done annually. But the appropriate frequency of testing depends on your bank’s circumstances and resources.

Have a plan

As cyber risks continue to mount, your bank needs a comprehensive cybersecurity plan that reduces risks and minimizes damages should they occur. It should include an incident response protocol for containing an incident, coordinating with law enforcement and third parties, restoring systems, preserving data and evidence, providing customer assistance, and reporting the incident to the relevant federal banking regulator within 36 hours.

© 2023

Categories
Financial Institutions and Banking

How To Assess and Deal With BSA/AML Risks

Over the past few years, many people have turned to electronic banking (e-banking), whether for individual or business purposes. While e-banking may be convenient, it also may increase the possibility of hidden criminal behavior. In addition, compliance with Bank Secrecy Act/Anti-Money Laundering (BSA/AML) laws and regulations is increasingly scrutinized by banking regulators. This puts banks in the middle of a potentially difficult — even dangerous — situation, unless they develop strategies to both assess and handle any related risks.

Get with the program

To help combat money laundering and terrorist financing, banks must develop and implement comprehensive BSA/AML programs. These programs ensure banks know their customers, monitor transactions, identify suspicious activity, and share information with the government and other financial institutions.

Federal regulators emphasize a risk-based approach to BSA/AML compliance. In other words, a bank is expected to conduct a thorough risk assessment and develop policies, procedures and processes that are adequate for its size, location, customer base, products and services.

Determine the impact

E-banking — including online account opening, ATM transactions, Internet banking transactions, remote deposit capture (RDC), telephone banking and mobile banking apps — can increase a bank’s BSA/AML risks. The lack of face-to-face contact in e-banking transactions introduces a heightened level of risk to institutions by making them vulnerable to unauthorized users accessing customer accounts. As your bank introduces new e-banking products and services, it’s imperative to evaluate their impact on your BSA/AML program.

For example, online account opening without face-to-face contact may heighten your risk because:

  • Verifying the customer’s identity is more difficult,
  • The customer may be outside the bank’s targeted geographic area,
  • The customer may perceive these transactions as less transparent, and
  • A front company or unknown third party may use the account.

To mitigate these risks, banks should ensure that their BSA/AML monitoring, identification and reporting systems are properly equipped to flag unusual and suspicious activities conducted electronically. Useful tools include ATM activity reports, funds-transfer reports, new-account-activity reports and change-of-Internet-address reports. Reports that identify related or linked accounts are particularly effective in an e-banking context. These reports reveal accounts with common addresses, phone numbers, email addresses and taxpayer identification numbers.

Additional risk-mitigating controls may include imposing limits on 1) the types and sizes of transactions that can be conducted through e-banking platforms, 2) the volume and frequency of online-initiated transactions, if allowed, and 3) online accounts to ensure they’re offered only to established customers. Banks need to develop effective and reliable methods for authenticating customers’ identities when they open accounts online (such as “out of wallet” questions that only that person can answer).

Reduce RDC risks

While RDC provides obvious benefits to customers, it exposes banks to money laundering, fraud and information security risks. For example, fraudulent, sequentially numbered or physically altered checks may be harder to detect when they’re submitted via RDC. Plus, it’s difficult for banks to control or locate RDC equipment, particularly when foreign correspondents and foreign money service businesses increasingly rely on RDC.

Inadequate controls can result in altered deposit data, duplicate deposits and other problems. Also, customers or service providers typically retain original checks or other deposit items, which may create recordkeeping, data safety and integrity issues.

Potential risk mitigation steps include:

  • Performing a comprehensive RDC risk assessment before implementation,
  • Conducting appropriate customer due diligence and enhanced due diligence,
  • Establishing risk-based parameters for RDC customer suitability, such as lists of acceptable industries and standardized underwriting criteria,
  • Comparing an RDC customer’s expected account activity to actual activity,
  • Establishing RDC transaction limits, and
  • Ensuring that RDC customers receive adequate training.

Contracts should clearly set out the relative roles, responsibilities and liabilities of the bank and its customers with respect to RDC transactions. This includes procedures for handling and disposing of original documents.

Being vigilant

Make sure your bank remains watchful for ongoing BSA/AML issues and other potential risks resulting from e-banking. There’s no going back — e-banking is here to stay. The best strategy is to ensure your bank remains fully compliant, with all appropriate processes and procedures in place.

© 2023

Categories
Financial Institutions and Banking

Should You Outsource The Internal Audit Function?

A solid internal audit program is one of the most effective tools a bank has to inspire confidence — among directors, investors, regulators, and other stakeholders — in its financial processes and reporting practices. Many banks outsource the internal audit function, in whole or in part, to take advantage of external auditors’ special skills and independence, address internal staffing shortages, and control costs. Here are some factors to consider when deciding whether to outsource this function.

Advantages of outsourcing

First and foremost, by outsourcing the internal audit, a community bank can tap a level of skill and expertise — critical in the highly regulated banking industry — that may be difficult to find or too expensive to maintain in-house. Access to this expertise is particularly beneficial for banks in smaller communities and those that want to expand their product or service offerings or enter new markets. External auditors may also have access to more sophisticated software or other audit tools that would otherwise be cost-prohibitive for a community bank.

Second, in the wake of the COVID-19 pandemic, many businesses, including banks, are facing severe labor shortages. Outsourcing the internal audit function allows them to focus on filling core positions.

Third, outsourcing can help a bank control costs. It allows the bank to set an internal audit budget that meets its needs and design a program that has more flexibility. The bank avoids the fixed labor and overhead costs associated with an internal audit staff, and it can adjust the use of outside consultants as its internal audit needs fluctuate or special projects arise.

Finally, outsourcing can help enhance auditor independence. In-house auditors who develop relationships with other bank staff may lose some objectivity — or at least the appearance of objectivity. Outsourcing also facilitates the rotation of internal auditors, something that’s difficult to do in-house.

Disadvantages of outsourcing

One potential downside is that outside consultants generally lack an insider’s in-depth knowledge about the bank’s operations, particularly when outsourced auditors are rotated frequently. The resulting learning curve may reduce the cost-effectiveness of an outsourced audit. To overcome this obstacle, some community banks outsource the internal audit function to their external auditors. Although doing so is permissible under specific circumstances, a bank should consider the potential impact on the external auditor’s independence before taking this approach.

Also, outsourcing arrangements require meticulous planning and monitoring, including a comprehensive engagement letter and regular communication. It’s critical to ensure that the parties are on the same page regarding the auditing firm’s activities, the scope of the audit and the advice provided by the auditor.

Outsourcing vs. co-sourcing

Co-sourcing can be an attractive alternative to fully outsourcing the internal audit function. As the name suggests, it involves splitting internal audit activities between internal and external auditors. This approach can take many forms, depending on the bank’s needs. A short-staffed bank might use outside auditors to supplement its staff and share various auditing tasks and responsibilities.

Co-sourcing also can be a good strategy if a bank’s internal audit staff lacks certain specialized skills. For example, if in-house staff isn’t equipped to perform specialized audits — such as information technology or Bank Secrecy Act/Anti-Money Laundering (BSA/AML) audits — the bank might engage an outside auditor to conduct those audits while its internal staff focuses on areas within its skill set.

A powerful tool

A well-designed internal audit program can be a powerful tool for evaluating a bank’s internal controls, processes, and procedures. Internal auditors also can recommend improvements and share their findings with the bank’s board of directors and other stakeholders. Whether conducted in-house, outsourced or co-sourced, an internal audit provides an opportunity for a fresh look at a bank’s operations by auditors who are independent from management.

Sidebar: Managing third-party risk

For banks that outsource or co-source the internal audit function, it’s important to recognize that doing so doesn’t absolve the bank’s board or management from responsibility for the internal audit. This function also doesn’t relieve the bank from liability for compliance or consumer protection issues associated with outsourced activities.

Before you enter an outsourcing relationship, review the federal banking regulators’ guidance on managing third-party risk, including the Office of the Comptroller of the Currency’s “Interagency Policy Statement on the Internal Audit Function and its Outsourcing.” Failure to properly manage this risk can result in financial loss and regulatory action. It can also jeopardize your bank’s reputation.

Among other things, a bank should:

  • Conduct a risk assessment to weigh the benefits and risks, including service provider risk, of outsourcing the internal audit.
  • Exercise due diligence in vetting the provider — including an examination of its background, reputation, financial condition, internal controls, disaster recovery plans, and business continuity plans.
  • Be sure that the contract or engagement letter clearly spells out each party’s rights and responsibilities. (For example, it should provide details on performance benchmarks, information sharing, audit rights, compliance, confidentiality, and indemnification.)
  • Monitor the provider’s performance and compliance with contract terms throughout the life of the arrangement.
  • Have a contingency plan in place in the event there are any disruptions in service.

© 2023

Categories
General

IRS Provides Tax Relief to Victims of Severe Storms in Arkansas

The IRS is offering tax relief to victims of the Arkansas severe storms and tornadoes that occurred on March 31st. Individuals and businesses in the disaster area now have until July 31, 2023, to file various tax returns and make tax payments. Taxpayers who reside or have business in Cross, Lonoke, and Pulaski counties qualify for relief as well as other areas added to the disaster area later. The current list of eligible areas is available on the disaster relief page on IRS.gov. The tax relief postpones various tax filing and payment deadlines that occurred starting on March 31, 2023. As a result, affected individuals and businesses will have until July 31, 2023, to file returns and pay any taxes that were originally due during this period. More information regarding the tax relief can be found on the IRS webpage: https://bit.ly/3m3CaYm

Have more questions? Contact one of our experts for help.