Category: News

Categories
Helpful Articles News

Cybersecurity takes the spotlight

Abstract: Federal and state regulators are increasingly scrutinizing banks’ information security efforts. This article points out that, in light of this heightened scrutiny, banks should review, and if necessary, update their cybersecurity programs. The article explains what examiners look for, including risk identification, risk measurement and risk mitigation. A sidebar discusses increased state regulation of cybersecurity.

Cybersecurity takes the spotlight

Cybersecurity is a key issue for banks today, so it’s no surprise that federal and state regulators have been scrutinizing banks’ information security (IS) efforts. Recently, several federal and state regulatory agencies have taken some new steps in the ongoing effort to protect sensitive account information. In light of the heightened scrutiny — and the significant risks involved — it’s a good idea for all banks to review and, if necessary, update their cybersecurity programs.

Recent developments
In September 2016, the Federal Financial Institutions Examination Council (FFIEC) updated its Information Security booklet, part of its Information Technology Examination Handbook. The booklet provides banks with an excellent framework for evaluating and strengthening their cybersecurity programs.
Also in September, the New York State Department of Financial Services proposed comprehensive cybersecurity requirements for banks and other financial institutions. (See “State regulation of cybersecurity: A burgeoning trend?”) Finally, in October 2016, the OCC, FDIC and Federal Reserve issued a joint proposal to develop enhanced cyber risk management standards for the largest financial institutions (those with total consolidated assets of $50 billion or more).

What examiners look for
According to the FFIEC booklet, an effective IS program should cover four key areas: 1) risk identification, 2) risk measurement, 3) risk mitigation, and 4) risk monitoring and reporting. The 95-page publication contains detailed guidance on identifying threats, measuring risk, defining IS requirements and implementing appropriate controls.
An appendix contains updated examination procedures, providing valuable insights into examiners’ cybersecurity expectations. The procedures are designed to meet a number of examination objectives, including determining whether management:
• Promotes effective governance of the IS program through a strong IS culture, defined responsibilities and accountability, and adequate resources,
• Has designed and implemented the program so that it supports the bank’s IT risk management process, integrates with its lines of business and support functions, and is responsive to the cybersecurity concerns associated with the activities of technology service providers and other third parties,
• Has established risk identification processes,
• Measures risk to help guide the development of mitigating controls,
• Effectively implements controls to mitigate identified risk, and
• Has effective risk monitoring and reporting processes.
In addition, it’s important to ascertain whether security operations encompass necessary security-related functions, are guided by defined processes, are integrated with lines of business and activities outsourced to third-party service providers, and have adequate resources. Implementing assurance and testing activities to provide confidence that the program is operating as expected and reaching its goals is also necessary.
Although the guidance applies to all types of institutions, the booklet emphasizes that banks should develop and maintain risk-based IS programs commensurate with their size and operational complexity.

Focus on security operations
The updated publication contains a new section on security operations that emphasizes:

Threat identification. A bank should go beyond risk identification to pinpoint specific threat sources and vulnerabilities and analyze the potential for exploitation. Management can use this information to develop strategies and tactics for protecting the bank’s IT system and detecting attacks.

Threat monitoring. Threat monitoring — both continual and ad hoc — is critical. And management should clearly delineate the responsibilities of security personnel and system administrators as well as review and approve monitoring tools and the conditions under which they’re used. Monitoring should focus not only on incoming network traffic, but also on outgoing traffic to identify malicious activity and data exfiltration.

Incident identification and assessment. Management needs a process that will identify compromise indicators — for example, antivirus alerts or unexpected file changes or logins — and rapidly report them for investigation.

Incident response. A bank’s incident response plan should include defined protocols for containing an incident, coordinating with law enforcement and third parties, restoring systems, preserving data and evidence, and providing customer assistance.

Third-party oversight

Banks often outsource services, such as data and transaction processing, cloud computing and even information security. But management remains responsible for ensuring the bank’s system and information security.
Oversight of outsourced activities includes due diligence in selecting and managing third-party service providers. In addition, management should obtain contractual assurances for security, controls and reporting; get nondisclosure agreements regarding the bank’s data and systems; and arrange for independent auditing and testing of third-party security.

Get with the program
Given the level of regulatory activity related to cybersecurity and the serious consequences of a data breach, banks can expect scrutiny of IS programs to intensify. Now’s the time to review your program to ensure that your institution is protected.

Sidebar: State regulation of cybersecurity: A burgeoning trend?
In September 2016, the New York State Department of Financial Services (DFS) proposed comprehensive cybersecurity requirements for banks and other financial institutions under its jurisdiction. Among other things, the proposal would require banks to undertake the following steps:
• Establish and maintain a cybersecurity program — reviewed by the board of directors and approved by a senior officer — designed to ensure the confidentiality, integrity and availability of its information systems.
• Incorporate certain mandatory functions into the program, designed to identify risks, implement defensive infrastructure and policies, detect and respond to cybersecurity events, and fulfill regulatory reporting obligations.
• Appoint a chief information security officer with specified responsibilities, including providing the board with biannual written assessments of the program.
• Adopt written cybersecurity and third-party information security policies addressing specified areas.
• File annual certifications of compliance with the DFS and report material cybersecurity events to the agency within 72 hours.
If finalized, the proposed regulations likely would affect not only New York banks, but also banks that do business in New York. This also could mark the beginning of a trend toward increased state regulation of cybersecurity.
© 2016

Categories
News

New rules on customer due diligence

Abstract: As a result of an action in May 2016 by the Financial Crimes Enforcement Network (FinCEN), financial institutions will be required to verify the identities of the beneficial owners of their legal-entity customers when the owners open new accounts. This article answers some questions regarding the new due diligence rules, such as which institutions are covered and who a beneficial owner is. The article also notes that banks should have a plan to ensure that the policies and procedures are in place to collect information about the beneficial owners of legal-entity customers.

New rules on customer due diligence
FinCEN answers frequently asked questions about beneficial ownership

Beginning on May 11, 2018, financial institutions will be required to verify the identities of the beneficial owners of their legal-entity customers when those entities open new accounts. This is the result of an action in May 2016 by the Financial Crimes Enforcement Network (FinCEN), which issued its “Customer Due Diligence Requirements for Financial Institutions” (CDD Rule).
More recently, FinCEN published frequently asked questions (FAQs) to help banks understand the new requirements and incorporate them into their Bank Secrecy Act and anti–money-laundering (BSA/AML) compliance programs.

The highlights
Here’s a brief look at some of the often-asked questions and responses about the new requirements:
Q: Which institutions are covered?
A: The CDD Rule applies to federally regulated banks and federally insured credit unions, as well as to mutual funds, securities brokers and dealers, and certain other financial services firms. Note that a recent FinCEN proposal would expand its customer identification program (CIP) requirements, including the CDD Rule, to non–federally regulated institutions.
Q: What’s a legal-entity customer?
A: Generally, “legal entity” refers to a corporation, limited liability company or general partnership, or similar entities formed in foreign jurisdictions. It also includes limited partnerships, business trusts and other entities created by filing a public document with the Secretary of State or its equivalent. Exceptions include natural persons, unincorporated associations, government entities, federally regulated financial institutions and U.S. public companies.
Q: Which accounts are covered?
A: The CDD Rule generally uses the same definition of “account” as the CIP rules do, with certain exceptions. Covered institutions are required to obtain beneficial owner information only for new accounts opened on or after May 11, 2018. The rule doesn’t apply to existing accounts.
Q: Who’s a beneficial owner?
A: There are two types of beneficial owners:
1. Each individual, if any, who owns 25% or more of an entity’s equity interests (directly or indirectly — the “ownership prong”),      or
2. A single individual — such as a CEO, CFO, COO, president, vice president, treasurer, managing member, general partner           or other person who performs similar functions — with significant responsibility to control, manage or direct an entity (the             “control prong”).
Generally, covered financial institutions are required to collect beneficial ownership information concerning up to five individuals for a given legal-entity customer: one person under the control prong, and zero to four persons under the ownership prong.

Required procedures
Covered institutions must establish and maintain written procedures that are “reasonably designed to identify and verify the beneficial owners of legal-entity customers” at the time a new account is opened. These procedures should, at a minimum, contain the same elements the CIP rules require for verifying individual customer identities. But the regulator’s FAQs clarify that, for documentary verification, institutions may use photocopies or other reproductions of identification documents.
Institutions needn’t obtain information directly from an entity’s beneficial owners. Rather, they may obtain such information from the individual seeking to open a new account on behalf of the legal entity.
The CDD Rule also amends the BSA/AML requirements to require covered institutions to implement and maintain appropriate risk-based procedures for conducting ongoing customer due diligence.

Get ready
If your bank is covered by the CDD Rule, you have until May 11, 2018, to comply. Because examiners may ask you about your preparation process if they visit you before the effective date, begin now to review your BSA/AML program and be sure you have a plan to ensure the policies and procedures are in place to collect information about the beneficial owners of legal-entity customers.
© 2016

Categories
News

Alexander Thompson Arnold CPA Is Again Recognized Nationally by INSIDE Public Accounting’s as a Top 200 Accounting Firm

The award-winning newsletter for the accounting profession, INSIDE Public Accounting (IPA), released its annual ranking of the nation’s 300 largest accounting firms. Over 500 accounting firms participated in the twenty sixth annual IPA Survey and Analysis of Firms in 2016, which resulted in Alexander Thompson Arnold being among the National IPA Top 200 list. ATA CPAs twelve offices throughout Tennessee and western Kentucky were awarded this distinction. “This ranking, and accompanying analysis, is one of the most comprehensive, accurate and largest of its kind and reflects the “state of the Union” of the profession says The Platt Group, the publisher of IPA.

In the most recent fiscal year, IPA 200 firms range in size from $15 million to $34 million net revenue and employ anywhere from 58 to 235 staff. This is an independent report for the accounting profession compiled annually since 1990. For more than two decades, IPA’s Benchmarking Report has been one of the most thorough, complete and insightful analyses of CPA firms in the U.S. The annual IPA survey and Analysis of Firms, the data source for the benchmarking report, is one of the longest-running management of an accounting practice surveys in the nation.

The report is well-respected and includes aggregated data compiled from the firm’s and the more than 300 data points from the survey are analyzed and broken down by revenue bands and geographical locations in more than 100 pages of tables and graphs.

ATA is a regional accounting firm that offers its clients the resources and expertise of a large firm while maintaining the personalized service of a small firm. The firm has 18 partners and approximately 150 staff members and offers a complete range of accounting, auditing, tax, and consulting services to a diverse portfolio of clients. Offices are located in Dyersburg, Henderson, Jackson, Martin, McKenzie, Memphis, Milan, Nashville, Paris, Trenton and Union City, Tennessee and Murray, Kentucky. Each office reflects the community it serves and gives exceptional personal attention to its clients. For more information about Alexander Thompson Arnold CPAs, visit www.ata.net.

Categories
News Tax

Act soon if you want to help your child buy a home

Act soon if you want to help your child buy a home

Mortgage interest rates are still at historically low levels, but they’re expected to go up by year end. So if you’ve been thinking about helping your child — or grandchild — buy a home, consider acting soon. There also are some favorable tax factors that will help:

0% capital gains rate. If the child is in the 10% or 15% tax bracket, instead of giving cash to help fund a down payment, consider giving long-term appreciated assets such as stock or mutual fund shares. The child can sell the assets without incurring any federal income taxes on the gain, and you can save the taxes you’d owe if you sold the assets yourself. As long as the assets are worth $14,000 or less (when combined with any other 2015 gifts to the child), there will be no federal gift tax consequences — thanks to the annual gift tax exclusion.

Low federal interest rates. Another tax-friendly option is lending funds to the child. Now is a good time for taking this step, too. Currently, Applicable Federal Rates — the rates that can be charged on intrafamily loans without causing unwanted tax consequences — are very low by historical standards. But these rates are also expected to increase by year end.

If you have questions about these or other tax-efficient ways to help your child or grandchild buy a home, please contact us.

© 2015

Categories
News Tax

How to begin collecting your 2015 tax refund now

How to begin collecting your 2015 tax refund now

If you usually receive a large federal income tax refund, you’re essentially making an interest-free loan to the IRS. Rather than wait until you file your 2015 tax return in 2016, why not begin enjoying your “refund” now by reducing your withholdings or estimated tax payments for the remainder of 2015?

It’s particularly important to review your withholdings, and adjust them if necessary, when you experience a major life event, such as marriage, divorce, birth or adoption of a child, or a layoff suffered by you or your spouse.

If you’d like help determining what your withholding or estimated tax payments should be for the second half of the year, please contact us.

© 2015

Categories
News Tax

Tax impact of the Supreme Court’s same-sex marriage decision

Tax impact of the Supreme Court’s same-sex marriage decision

On June 26, 2015, the U.S. Supreme Court ruled that same-sex couples have a constitutional right to marry, making same-sex marriage legal in all 50 states. For federal tax purposes, same-sex married couples were already considered married, under the Court’s 2013 decision in United States v. Windsor and subsequent IRS guidance — even if their state of residence didn’t recognize their marriage.

From a tax planning perspective, the latest ruling means that, in states where same-sex marriage hadn’t been recognized, same-sex married couples no longer will need to deal with the complications of being treated as married for federal tax purposes but not married for state tax purposes. So their tax and estate planning will be simplified and they can take advantage of state-level tax benefits for married couples. But in some cases, these couples will also be subject to some tax burdens, such as the “marriage penalty.”

Same-sex married couples should review their tax planning strategies and estate plans to determine what new opportunities may be available to them and whether there are any new burdens they should plan for. Employers will need to keep a close eye on how these developments will affect their tax obligations in relation to employees who have same-sex spouses. Please contact us if you have questions.

© 2015

Categories
News Tax

Married with a large estate? Why you still need a credit shelter trust.

Married with a large estate?
Why you still need a credit shelter trust

Even though portability now allows married couples to use up both spouses’ estate tax exemptions without having to make lifetime asset transfers or set up trusts, this “easier” path isn’t necessarily the better path. For couples with large estates, making lifetime asset transfers and setting up trusts can provide benefits that exemption portability doesn’t offer.

With portability, if one spouse dies and part (or all) of his or her estate tax exemption is unused at death, the estate can elect to permit the surviving spouse to use the deceased spouse’s remaining estate tax exemption. But making the portability election doesn’t protect future growth on assets from estate tax like applying the exemption to a credit shelter trust does.

Also, the portability provision doesn’t apply to the GST tax exemption, and some states don’t recognize exemption portability. Credit shelter trusts offer GST and state estate tax planning opportunities, as well as creditor and remarriage protection.

If you’d like to learn more about credit shelter trusts or other estate planning strategies for your situation, please let us know.

© 2015

Categories
News Tax

Warning! IRS Phone Scams

Warning! IRS Phone Scams

Please be wary of any unsolicited phone calls or emails you get from individuals claiming to represent the IRS or the US Treasury. This is one of the biggest scams out there and is a crime of opportunity. Do not engage these callers, who often threaten to issue arrest warrants or involve local law enforcement if you do not cooperate. If they call you, simply hang up on them.

The IRS usually first contacts people by mail — not by phone or email — about unpaid taxes. The IRS will never request personal or financial information by email, text or any social media. And the IRS will NOT ask for payment using a pre-paid debit card or wire transfer. The IRS also won’t ask for a credit card number over the phone.

If you get a call from someone claiming to be with the IRS asking for a payment, here’s what you need to do:

* If you owe Federal taxes or think you might owe taxes, hang up and call the IRS at 800-829-1040. IRS workers can help you with your payment questions.
* If you don’t owe taxes, fill out the “IRS Impersonation Scam” form at www.treasury.gov/tigta or call 800-366-4484.
* You can also file a complaint with the Federal Trade Commission. Add “IRS Telephone Scam” to the comments in your complaint.
* Forward scam emails to phishing@irs.gov. Do not open any attachments or click on any links in questionable emails.

We hope you find this information helpful. Please contact us if you have any questions.

Categories
Construction Financial News News Tax

100% Deduction for Certain M&E Expenses

100% Deduction for Certain M&E Expenses

Generally, businesses are limited to deducting 50% of allowable meal and entertainment (M&E) expenses. But certain expenses are 100% deductible, including expenses:

• For food and beverages furnished at the workplace primarily for employees,
• Treated as employee compensation,
• That are excludable from employees’ income as de minimis fringe benefits,
• For recreational or social activities for employees, such as holiday parties, or
• Paid or incurred under a reimbursement or similar arrangement in connection with the performance of services.

If your company has substantial M&E expenses, you can reduce your tax bill by separately accounting for and documenting expenses that are 100% deductible. If doing so would create an administrative burden, you may be able to use statistical sampling methods to estimate the portion of M&E expenses that are fully deductible.

For more information on how to take advantage of the 100% deduction, please contact us.

© 2015

Categories
News Tax

2015 Tax Planning Starts Now

2015 Tax Planning Starts Now

Whether you filed your 2014 income tax return by the April 15 deadline or filed for an extension, you may think that it’s a good time to take a break from thinking about taxes. But doing so could be costly. Now is actually the time you should begin your 2015 tax planning — if you haven’t already.

A tremendous number of variables affect your overall tax liability for the year, and starting to look at these variables early in the year can give you more opportunities to reduce your 2015 tax bill. For example, the timing of income and deductible expenses can affect both the rate you pay and when you pay. By regularly reviewing your year-to-date income, expenses and potential tax, you may be able to time income and expenses in a way that reduces, or at least defers, your tax liability.

In other words, tax planning shouldn’t be just a year end activity. To get started on your 2015 tax planning, contact us. We can discuss what strategies you should be implementing now and throughout the year to minimize your tax liability.

© 2015