CENTRAL PENNSYLVANIA BUSINESS LEADERS SUMMIT€¦ · Central Pennsylvania Business Leaders Summit / 4. MERGERS & ACQUISITIONS. Joseph Burke, Transaction Advisory Services Partner,

BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. BDO is the brand name for the BDO network and for each of the BDO Member Firms.

CENTRAL PENNSYLVANIA

BUSINESS LEADERS SUMMIT

Spooky Nook Sports2914 Spooky Nook RoadManheim, PA 17547October 19, 2016

Central Pennsylvania Business Leaders Summit / 2

UPCOMING EVENTS


EVENT DETAILS

Date Event Location

November 10 Let’s Talk Tax: Transfer Pricing Update Harrisburg

November 16 The Exit Planning Crisis Advisor Roundtable – Luncheon King of Prussia

November 22 Data Security for Small Businesses (Pennsylvania Society of Tax & Accounting Professionals) Lancaster

December 6 Pennsylvania Banking Seminar Downingtown

December 8 New Jersey Banking Seminar Monroe Twp, NJ

December 13 Cybersecurity for Lawyers and Law Firms Harrisburg

https://www.bdo.com/events/harrisburg-let%E2%80%99s-talk-tax-transfer-pricing-updamailto:[email protected]?subject=Exit%20Planning%20Crisis%20Advisor%20Roundtable%20Registrationhttps://na01.safelinks.protection.outlook.com/?url=http://www.mcneeslaw.com/data-security-small-businesses/&data=01|01|[email protected]|062b64862a324e5dfc8708d3f76e77d7|6e57fc1a413e405091da7d2dc8543e3c|0&sdata=pV0VxHJI2Nj4PCCZzDeUqHtbfYM8osqxz/s8bAzUzvQ%3D&reserved=0mailto:[email protected]?subject=PA%20Banking%20Seminar%20Registrationmailto:[email protected]?subject=NJ%20Banking%20Seminar%20Registrationhttps://na01.safelinks.protection.outlook.com/?url=http://www.mcneeslaw.com/cybersecurity-lawyers-law-firms/&data=01|01|[email protected]|062b64862a324e5dfc8708d3f76e77d7|6e57fc1a413e405091da7d2dc8543e3c|0&sdata=xj9pc00P9v4DhukrBppYJsQTCIi0NVvoKSOKbE5kP8I%3D&reserved=0


MERGERS & ACQUISITIONS

Joseph Burke, Transaction Advisory Services Partner, BDO USA, LLP

Nicole Stezar Kaylor, Of Counsel, McNees Wallace & Nurick LLC

Bob McCormack, Founder & Managing Partner, Murphy McCormack Capital Advisors

Moderator: Michael Hund, Member, McNees Wallace & Nurick LLC


ARE YOU PREPARED TO TRANSITION YOUR BUSINESS?

Vance Antonacci, Member, McNees Wallace & Nurick LLC

Joe Burke, Transaction Advisory Services Partner, BDO USA, LLP

Katie Smarilli, Partner, Murphy McCormack Capital Advisors


AGENDA

Key Business Transition Facts Your Options – Consider Them Now Prepare to Maximize Your Value/Building Value 10 Things to Help You Prepare for Transitioning Your Business Review of Your Succession Choices Questions


KEY BUSINESS TRANSITION FACTS

4.5 million small businesses are set to transition with over $20 trillion in value

80% of small businesses do not sell or transition, they close their doors 75% of business owners are not familiar with the transition process 70% not familiar with value of company 50% are not prepared for the unexpected


KEY BUSINESS TRANSITION FACTS (CONTINUED)

Reasons that 80% Do Not Transition: Unplanned event, such as death, disability, dispute, divorce Lack of focused planning for exit Too much Debt and too large of a tax liability Many are small companies and are lifestyle businesses


CONSIDER YOUR TRANSITION OPTIONS NOW

Do nothing Transition to family Management buy out ESOP Strategic buyers Private equity/financial buyer Liquidation - “Going out of business”


PLAN FOR UNEXPECTED CONTINGENCIES

Unexpected Succession

Death

Disability

DivorceTermination

Bad Acts

Other


HAVE YOU PROTECTED YOUR FAMILY’S WEALTH

Only 33% of business owners have completed a succession plan for the business

Completed a will

Named a professional trustee

Created a succession plan for my business

Set up a trust fund for some or all of my household assets

Named a friend or family member to administer my estate

Obtained long-term care insurance for myself and/or spouse/partner

Developed a comprehensive written financial plan with a professional, including wealth transfer

31%

32%

33%

33%

44%

52%

63%

77%

Completed a living will/healthcare proxy

Source: Wealth and Values 2007-08, Presented by PNC, Prepared by HNW, Inc. © 2007 HNW, Inc.


PREPARATION TO MAXIMIZE VALUE

• Segmentation to attract buyers

• Pipeline and forecasting

• Recurring and ‘repeat reactive’ revenue

• Run rate

• Demonstrable added value from contract base.

• Succession

• Briefing of key people

• Incentivisation

• Value of second tier management.

• Working capital

• Pension matters

• Deferred income.

• Comparability, consistency and reliability of historic and forecast information

• Legal, financial, tax, KPIs

• Management’s financial forecast model

• Building buyers confidence.

• Demonstrating possible value add from future acquisitions

• Ability to fund/support organic growth

• Scalable platform.

• Segmentation

• Add backs/exceptional items

• Savings available to buyer

• ‘Mature’ run rate.

Information

Profit

Revenue

Strategic platform

Cash generation

VALUE MAXIMIZATION

People


BUILDING VALUE

Growing enduser markets

Diversifiedrevenue

Assetmanagement

Capitalintensive

SustainableService notjust price

One off dealsInternet auction

procurement

Hidden value

Synergies

Creatinglower capex

business model

VALUE ENHANCERS

MANAGE POTENTIAL DOWNSIDES

Fundinglines

Missingforecasts

Diligence issues/or ‘overselling’

Unprepared for process

SHAR

EHO

LDER

VAL

UE


10 STEPS YOU SHOULD TAKE NOW TO PREPARE FOR TRANSITIONING YOUR BUSINESS

(Even if transition is years away)


#1 - GETTING STARTED -“TAKING STOCK”

Are operating agreements in place and reviewed/updated regularly?

Do you have a quality buy-sell agreement in place if there are multiple owners/partners?

Ongoing review of employment agreements, leases, vendor & customer agreements

Review intellectual property, make sure patents, trademarks, royalty agreements, etc. are in order

Has ownership completed their personal estate and financial plans and are they current?


#2 – KNOW THE VALUE OF YOUR COMPANY

Start with Fair Market Value Know the ‘true value’ of your company Consider all potential transition options and structures Analyze taxes and fees of any viable option Review all risks to your business, can your business risks be mitigated? Financial

Risk, Diversification of company operation, Management depth competency, Industry & compliance risk, Reputational Risk


#3 – WILL YOUR LEADERSHIP TEAM TRANSFER THE VALUE OF YOUR COMPANY?

Is your company singularly reliant on you? Are you the key to your company’s growth?

What are the strengths of your leadership team? Having “Best In Class” seasoned leadership will safeguard the transfer of value

Establish a plan to develop your team or consider hiring others to lead the company

Consider taking an extended vacation regularly to test the strength of your team- Give up control at least for a little while!


#4 - QUALITY FINANCIAL REPORTING

Upgrade your financial reporting-compilation, review, audit Eliminate ‘non business’ expenses, i.e.,

personal expenses, boat, plane, trips etc. Accurately report inventory in advance of a transition Develop internal management reporting systems like performance score cards Respond to data requests in a timely fashion Be sure your CPA understands business transitions & transition tax issues.

Does your CPA have credibility with financial institutions?


#5 - ARTICULATE A STRATEGY FOR THE FUTURE OF YOUR COMPANY

Articulate clearly the future opportunity of your business to the next owner. Will you support this plan after a transition?

Prepare realistic and supportable financial projections including key assumptions

Consider all paths open to you for growth and continued success, be prepared to move outside your current comfort zone in this process


#6 - CUSTOMER CONCENTRATIONS

Diversify revenue among customers Any customer accounting for 40% or more of your revenue

is a risk in a transition

Mitigate risks of client retention now Written agreements with customers Broaden the pipeline

Review existing agreements for ability to transfer Establish multiple points of contact within the company Review your vendor relationships


#7 - WORKING CAPITAL

Working Capital is the lifeblood of the cash flow of the company Manage your working capital levels Collect accounts receivable, clean up ‘past due’ accounts receivable Reduce obsolete inventory Build quality processes for billing, collection, purchases, controls Understand the definition of working capital in the purchase agreement and

impact on valuation


#8 - CAPITAL EXPENDITURES

Manage capital expenditures wisely Document your capital expenditure and repair policy Document the difference between growth capital

cap ex & maintenance cap ex Consider your tax liability in terms of both year end

company/cash impact and the impact on your transition plans


#9 – IS YOUR ‘HOUSE’ IN ORDER?

Clean and orderly operation/facility is important your successful operation Ensure that safety requirements are being met and in use Well-organized facility is indicative of an effective management team and

efficient overall operation


# 10 - FAMILY ISSUES

Document family members who are not actively involved in your business but receiving compensation

Eliminate discretionary spending or at a minimum document it Have a well thought out financial plan outside of the business


UNDERSTANDING THE CHOICES

Succession Choices

Internal External

Employees

Employee Stock Option Plan (ESOP)

Management Buyout

Sale Recapitalized

InfusionFamily

Sale Gift

Combo


Thank you!


LUNCH & KEYNOTE PRESENTATION


THE IMPACT OF THE ELECTION IN THE ECONOMYMatías Vernengo, Economics Professor, Bucknell University; Co-editor of the Review of Keynesian Economics


PLAN OF THE TALK

General overview of the macroeconomy;Brief discussion of possible effects of policy plans and the likelihood that they can be adopted after the election;What to expect for next year.


SLOW RECOVERY AND STAGNATION

The presidential campaign will offer conflicting narratives about how the US economy is faring and how well incumbent policymakers have managed the recovery from the Great Recession;We are enduring one of the slowest economic recoveries in recent history, and the pace can be entirely explained by the fiscal austerity, particularly with regard to spending;Since the recovery’s trough in June 2009, employment took longer (51 months) to reach its prerecession peak than in any other of the previous three recoveries.


EMPLOYMENT RECOVERY

Since the recovery’s trough in June 2009, employment took longer (51 months) to reach its prerecession peak than in any other of the previous three recoveries.


FISCAL AUSTERITY

The figure shows the growth in per capita spending by federal, state, and local governments following the troughs of the four recessions. Astoundingly, per capita government spending in the first quarter of 2016—27 quarters into the recovery—was nearly 3.5 percent lower than it was at the trough of the Great Recession. By contrast, 27 quarters into the early 1990s recovery, per capita government spending was 3 percent higher than at the trough, 23 quarters following the early 2000s recession (a shorter recovery) it was 10 percent higher, and 27 quarters into the early 1980s recovery it was 17 percent higher.


UNEMPLOYMENT

Civilian unemployment is at round 5 percent, which is low and suggests the economy is doing well. However, broader measures of unemployment, including part time workers, is almost double that figure at 9.7 percent. The labor market is less robust than most people think.


CIVILIAN EMPLOYMENT-POPULATION RATIO

The employment-population ratio that provides a better picture of the labor market only started to recover in the last couple of years. In other words, only recently employment growth started to outpace population growth, and the reason for relatively low unemployment numbers is that the labor participation rate is still relatively low.


EXTERNAL BALANCES

The current account deficit, and the more recent appreciation of the dollar, have also compounded fears related to international trade and its effects on the US economy.


POLICY PLANS AND IMPLEMENTATION

If we simplify the policy proposals we can say that Mr. Trump is focusing on cutting taxes, eliminating regulation and ending trade deals, while Mrs. Clinton, on the other hand, wants to raise taxes on the wealthy, increase spending on job training and lower taxes on companies that hire more Americans;There are other issues that might result from the election, from the rejection of ‘Obamacare’ to the privatization of Social Security, if Republicans win, to the expansion of health benefits, and the expansion of debt-free college benefits in the case of a Democratic victory;However, while a Democratic victory seems (at least now) more plausible, Republicans are almost certain to retain the House, if not the Senate. Thus, a Democratic president might encounter the same gridlock we have had for the last 6 years.


SECULAR STAGNATION

The possibility of expanding demand in the near future are bleak. Government will be paralyzed by gridlock, and income inequality might reduce the ability of households to expand consumption. Investment will be negatively impacted by both trends, since evidence suggests that the number one driver of business investment are sales (interest rates cannot be any lower, and might arguably be higher next year);Productivity figures have also been disappointing and there is little hope that an expansion of the supply capacity could lift the economy its current whole;Hope springs eternal!


FEDERAL TAX POLICY AND LEGISLATIVE UPDATEKevin Anderson, National Tax Partner, BDO USA, LLP


AGENDA

Recently Enacted Tax Legislation Other Legislative Activity Other Updates from IRS and Treasury Prospects for Fundamental Tax Reform Presidential Candidates’ Tax Proposals Questions and Answers


FEDERAL TAX UPDATERECENTLY ENACTED TAX LEGISLATION


PROTECTING AMERICANS FROM TAX HIKES ACT OF 2015 (“PATH ACT”)

Pub. L. No. 114-113, Div. Q, signed December 18, 2015:• Extended most expired tax provisions retroactively to the beginning of 2015• Made many provisions permanent• Phased out other provisions

No effort to offset costs of decreased revenues• Five-year revenue loss of $396 billion, FY 2016 through 2020• Second five-year revenue loss of $226 billion, FY 2021 through 2016• Total ten-year revenue loss of $622 billion


PATH ACT/REVENUE IMPLICATIONS

$- $20,000 $40,000 $60,000 $80,000

$100,000 $120,000 $140,000 $160,000 $180,000

2016 2017 2018 2019 2020 2021 2022 2023 2024 2025

Projected Revenue Loss

$ (Millions)


PATH ACT/RESEARCH AND DEVELOPMENT CREDIT

Principal features of the PATH Act for R&D credits:• Credit is expanded and made permanent• Enhanced utilization for “eligible small businesses,” giving the credit

“specified credit” status so as to offset both regular tax and AMT• Payroll tax offsets for “qualified small businesses,” which are likely to have

little or no income tax liability

Key definitions and limitations:• “Eligible small business” has average annual gross receipts not exceeding

$50 million for three preceding taxable years• “Qualified small business” may offset up to $250,000 of payroll tax liabilities

in each year for up to five years


PATH ACT/BONUS DEPRECIATION

Brief history of bonus depreciation provisions:• Originally enacted at 30% for property acquired and placed in service after

September 10, 2001• Increased to 50% for property acquired and placed in service after May 5,

2003• Allowed to expire effective January 1, 2005 (with certain exceptions)• Reinstated at 50% for property acquired and placed in service after

December 31, 2007, temporarily• Increased to 100% for property placed in service from September 9, 2010,

through December 31, 2011• Further extended at 50% for property placed in service after 2011 and

through December 31, 2014


PATH ACT/BONUS DEPRECIATION (CONT’D)

PATH Act further temporary extensions:• 50%, for property placed in service through 2017• 40%, for property placed in service in 2018• 30%, for property placed in service in 2019• Retained a complex provision to make certain AMT credits refundable if the

taxpayer forgoes bonus depreciation


PATH ACT/OTHER DEPRECIATION PROVISIONS

First-year expensing increased limitations made permanent:• Annual limitation is $500,000 in fixed assets acquired and placed in service• Annual limitation is reduced dollar-for-dollar for total fixed asset additions

in excess of $2 million for the year• Both amounts to be indexed for inflation beginning in 2016

15-year recovery period made permanent for:• Qualified leasehold improvements• Qualified restaurant property• Qualified retail improvements


PATH ACT/OTHER BUSINESS PROVISIONS

International tax provisions:• Active financing exception from subpart F provisions (permanent)• Subpart F “look-through rule” for controlled foreign corporations (through

2019)

S corporation provisions made permanent:• Five-year recognition period for section 1374 built-in gains tax• Favorable stock basis adjustments for charitable contributions of

appreciated property

Affordable Care Act provisions temporarily suspended:• Medical devices excise tax suspended for 2016 and 2017• “Cadillac” tax on high-cost health plans delayed for two years (to 2020)• Health insurance provider fee suspended for 2017


PATH ACT/OTHER BUSINESS PROVISIONS (CONT’D)

Section 1202 exclusion for small business stock made permanent at 100%

Extensions through 2019:• Work opportunity tax credit• New markets tax credit

Variety of other business incentive provisions extended only for two years, through 2016

Variety of energy incentives extended for varying periods, through 2019


PATH ACT/INDIVIDUAL PROVISIONS

Variety of personal/individual tax provisions made permanent:• Deduction for state sales and use taxes in lieu of state and local income

taxes• American Opportunity Tax Credit• Increased child tax credit amounts• Above-the-line deduction for up to $250 of out-of-pocket expenses of

elementary and secondary school teachers• Earned income credit enhancements• Transit benefits parity• Favorable treatment of charitable distributions from IRAs


PATH ACT/INDIVIDUAL PROVISIONS

Variety of personal tax provisions extended for two years (through 2016):• Above-the-line deduction for qualified tuition and fees for post-secondary

education• Limited exclusion for income from cancellation of mortgage debt• Deduction of mortgage insurance premiums as home mortgage interest


OTHER ENACTED TAX LEGISLATION

Pub. L. No. 114-94, signed December 4, 2015:• Fixing America’s Surface Transportation (“FAST”) Act

Non-highway revenue provision; Act Section 32102 directs the IRS to:• Enter into qualified tax collection contracts to collect outstanding inactive

tax receivables;• Establish a program to hire, train, and employ special compliance personnel

to collect taxes using the automated collection system; and• Provide a progress report to congressional committees.

See IR-2016-125 for recent implementation.


OTHER ENACTED TAX LEGISLATION (CONT’D)

Pub. L. No. 114-239, signed October 7, 2016:• United States Appreciation for Olympians and Paralympians Act of 2016

Key provisions:• Exempts from income tax the value of medals and prize money received for

competing in Olympic Games or Paralympic Games• Not available to individuals with adjusted gross income exceeding $1 million

for the taxable year• Effective for prizes and awards received after December 31, 2015


FEDERAL TAX UPDATEOTHER LEGISLATIVE ACTIVITY


THE APPROPRIATIONS CALENDAR

Federal Government’s fiscal year ends on September 30 Pub. L. No. 114-223, signed September 29, 2016:

• Continues appropriations for all government operations at prior levels, with approximately ½% across-the-board reductions

• Expires December 9, 2016 Principal “hot button” spending issues

• Zika funding• Emergency relief for Louisiana flooding• Water resources (Flint, Michigan, and elsewhere)


CONGRESS AND THE IRS/PROPOSED LEGISLATION

H.R. 3724• Prevents the IRS from rehiring any individual who was previously discharged

due to misconduct

H.R. 4890• Prevents the IRS from paying any bonuses to employees until it has adopted

a comprehensive customer service strategy

H.R. 1206• Prevents the IRS from hiring any employee until the Secretary of the

Treasury certifies that no employee has seriously delinquent tax debt


CONGRESS AND THE IRS/PROPOSED LEGISLATION (CONT’D)

H.R. 5053, Preventing IRS Abuse and Protecting Free Speech Act• Prevents the IRS from requiring a section 501(c) organization to provide any

donor information, with two limited exceptions

H.R. 4885, IRS Oversight While Eliminating Spending (OWES) Act of 2016• Requires all IRS user fees to be deposited into the general fund of the

Treasury


OTHER CHALLENGES FOR THE IRS

Continued budget pressures• Agency annual appropriations reduced by $900 million since 2010• Total headcount down 17,000 since 2010, 2,000 in last year alone• Audit coverage at historic lows

Increasing demands from new tax legislation Section 501(c)(4) investigations Glimmers of hope

• Following supplemental appropriation of $290 million specifically for taxpayer service, identity theft, and cybersecurity, hired 1,000 employees to staff phone lines

• Near-term plans to hire 600 to 700 employees in enforcement areas


STILL ANOTHER CHALLENGE

Rep. Jason Chaffetz (R-Utah) has introduced a resolution to impeach Commissioner John Koskinen

Joined by 18 House Oversight Committee members, it alleges that the Commissioner:• Engaged in a pattern of conduct that is incompatible with his duties as an

Officer of the United States;• Engaged in a pattern of deception that demonstrates his unfitness to serve

as Commissioner;• Has acted in a manner inconsistent with the trust and confidence placed in

him as an Officer of the United States; and• Has failed to act with competence and forthrightness in overseeing the

investigation into IRS targeting of Americans.

May 24 House Judiciary Committee hearings


FEDERAL TAX UPDATEOTHER UPDATES FROM IRS AND TREASURY


SIGNIFICANT REGULATORY DEVELOPMENTS

Section 385 regulations• Proposed April 4; finalized (mostly) October 13• Imposes new documentation requirements on related-party debt• May recharacterize significant related-party debt as equity

Proposed Section 2704 regulations• Would significantly reduce the use of valuation discounts in making gifts of

closely-held business interests• Public hearing scheduled for December 1; finalized before January 20, 2017?


FEDERAL TAX POLICY AND LEGISLATIVE UPDATEPROSPECTS FOR FUNDAMENTAL TAX REFORM


FACTORS MOTIVATING TAX REFORM

Nominal corporate tax rates (highest or nearly highest) International competitiveness Treatment of foreign investment by U.S. businesses

• Deferral (generally) if in foreign subsidiaries• Subpart F income• Repatriation of earnings• Reinvestment in United States property• Foreign tax credits• Transfer pricing (arm’s length) standards


FACTORS MOTIVATING TAX REFORM (CONT’D)

Complexity of the Internal Revenue Code Frequent changes to tax provisions Continued reliance on temporary/expiring tax provisions Compliance burdens resulting from complexity Use of Internal Revenue Code to achieve certain social and economic

goals (substitute for grant programs)• Retirement and investment incentives• Treatment of health care benefits, including Affordable Care Act provisions• Education incentives• Adoption incentives/subsidies• Capital gains incentives


GOP “BETTER WAY” TAX REFORM PROPOSALS

1986-style tax reform consisting of:• Reduced tax rates• Broaden the base by eliminating or reducing a wide variety of tax benefits

for business and individual taxpayers

Overview of tax rates and proposals:• Top corporate tax rate of 20% (compared with current 35%)• Individual split top rates of 25% and 33% (compared with current 39.6%)• Eliminate need for itemized deductions for approximately 95% of individual

taxpayers• Significant reform of international taxation


THE “DYNAMIC SCORING” DEBATE

“Static” vs. “dynamic” estimates of changes in revenues:• A “static” estimate takes expected behavioral changes into account but not

macroeconomic changes• A “dynamic” estimate takes expected macroeconomic changes into account,

including growth in jobs and in the economy (GDP)

The “Better Way” blueprint is said to be revenue neutral using dynamic scoring


PRINCIPAL BUSINESS/CORPORATE TAX PROPOSALS

Reduce corporate tax rate to 20% Repeal section 199 (domestic production) deduction Full expensing of capital improvements No current deduction for “net investment interest” Modify (but retain) the research credit Permit net operating losses to be carried forward indefinitely


PRINCIPAL BUSINESS/CORPORATE TAX PROPOSALS (CONT’D)

Retain last-in, first-out (“LIFO”) inventory methods Repeal corporate alternative minimum tax Provide for lower rate of tax on business income taxed to individuals,

e.g., sole proprietorships, S corporations, and partnerships


PRINCIPAL INTERNATIONAL TAX PROPOSALS

Switch from world-wide to territorial system:• Border adjustment system taxes sales to United States customers, whether

the taxpayer is foreign or domestic• Conversely, the system exempts sales to foreign customers are exempt,

whether the taxpayer is foreign or domestic

Represents move toward consumption tax The “toll tax” has two parts:

• An 8.75% tax on accumulated foreign earnings held in cash or cash equivalents; and

• A 3.5% tax on other accumulated foreign earnings.


PRINCIPAL FEATURES OF INDIVIDUAL TAX PROPOSALS

Reduce tax rates across the board• Maximum tax rate of 33% (down from 39.6%)• Lower tax rates for business income taxable at individual rates

Repeal individual alternative minimum tax Permit a 50% deduction for net capital gains, dividends, and interest

income Larger standard deduction and enhanced child and dependent tax

credit—replaces five current provisions Continue earned income tax credit


PRINCIPAL FEATURES OF INDIVIDUAL TAX PROPOSALS (CONT’D)

Simplify benefits for higher education Retention/modification of other tax benefits:

• Mortgage interest deduction• Unspecified incentives for charitable giving• Tax incentives for savings and retirement

Repeal other exemptions, deductions, and credits Repeal the estate tax


INDIVIDUAL INCOME TAX RATES FOR 2016

Married Filing Jointly or Qualifying Widow(er)

If taxable income is: The tax will be:Not over $18,550 10% of taxable income

Over $18,550 but not over $75,300 $1,855 plus 15% of the excess over $18,550

Over $75,300 but not over $151,900 $10,367.50 plus 25% of the excess over $75,300




Over $466,950 $130,578.50 plus 39.6% of the excess over $466,950


INDIVIDUAL TAX RATE COMPARISONS

Current Law The GOP “Better Way”

10%0%/12%*

15%

25%25%

28%

33%• 25% on “small business income”• 33% on other income35%

39.6%

*Treats increased standard deduction as an effective 0% tax rate


LARGEST TAX EXPENDITURES, 2014-2018

$1,245 $805

$633 $421 $405

$353 $350

$316 $286

$209

$- $200 $400 $600 $800 $1,000 $1,200 $1,400

HealthcareRetirement savings

Dividends/LTCGCFC deferral

Mortgage interestEITC

Medicare benefitsState and local tax

Child tax creditsSoc. Sec. benefits

Source: Joint Committee on Taxation Dollar amounts in billions


FEDERAL TAX POLICY AND LEGISLATIVE UPDATEPRESIDENTIAL CANDIDATES’ TAX PROPOSALS


PROJECTED EFFECTS ON FEDERAL DEBT

Category Clinton Trump

Unfunded policies $ 150 $ 100

Tax cut 4,500

Interest on debt 50 700

Totals $ 200 $5,300

All numbers are in billions of dollars.


PROJECTED EFFECTS ON FEDERAL DEBT

$2.1T

$6.8T

$2.25T

$1.5T

$200B new debt

$5.3T new debt

CLINTON TRUMP

Savings/ New taxes

Spending/ tax cuts

$2T

0

-2

-4

-6T

Source: The Washington PostNote: Numbers may not add to total due to rounding.


“DISTRIBUTIONAL” EFFECTS OF TAX PLANS


CORPORATE TAX PROPOSALS—TRUMP

Reduce corporate tax rate from 35% to 15%:• Lower rate presumably applies to business income otherwise taxed at

individual rates• Deemed repatriation of foreign earnings at 10% tax rate

Retains research credit; repeals most other corporate tax expenditures Potential (elective) full expensing of improvements by manufacturers:

• Taxpayer must give up deduction for interest• Otherwise, may keep depreciation and interest expense deductions


INDIVIDUAL TAX PROPOSALS—TRUMP

Across-the-board rate reduction:• Similar to GOP “Better Way” plan, with rates of 12%, 25%, and 33%• Generally retains structure of capital gains tax rates (0%, 15%, and 20%)• Presumably offers 15% maximum tax rate on business income available to

corporations

Limit overall deductions to $100,000 for single filers and $200,000 for married couples

Standard deduction increased to $15,000 for single filers and $30,000 for married couples


INDIVIDUAL TAX PROPOSALS—TRUMP (CONT’D)

Replace deduction for personal exemptions with child-care tax benefits Eliminate the alternative minimum tax Tax carried interest as ordinary income Repeal estate tax

• In exchange, carryover basis at death will apply to estates valued over $10 million

Disallow contributions of appreciated assets to private charities established by decedent or related persons


INDIVIDUAL TAX PROPOSALS—CLINTON

Add another marginal tax rate for high-income taxpayers (taxable income in excess of $5 million):• Increase from 39.6% to 43.6%• Maximum capital gains tax rate would increase from 20% to 24%

Enact the “Buffett Rule” tax, a minimum 30% on individuals with adjusted gross income of $1 million or more

Restore the estate tax to 2009 parameters:• Maximum tax rate of 45% (up from 40%); and• Exemption of $3.5 million per estate (down from $5.45 million).


INDIVIDUAL TAX PROPOSALS—CLINTON (CONT’D)

Impose a sliding scale maximum long-term capital gains tax rate, based on holding period:• Two years or less at ordinary income tax rates• More than two years, up to three years, 36%• More than three years, up to four years, 32%• Reduced by four percentage points for each additional year• Lowest rate is 20% at more than six years• All rates increased by 4% for high-income taxpayers

Caps the value of all itemized deductions at 28% Tax carried interest as ordinary income


QUESTIONS & ANSWERS

For Additional Questions Please Contact:

BDO USA, LLP — Washington, D.C.Kevin D. AndersonPartner, National Tax Office(202) [email protected]

mailto:[email protected]


CYBERSECURITY BREAKOUT SESSIONS


DON’T BE THE NEXT HEADLINE: AVOIDING LEGAL LIABILITY FOR DATA BREACHESDevin Chwastyk, J.D., CIPP/US, Chair, McNees Privacy & Data Security Group, Of Counsel, McNees Wallace & Nurick LLC


THE COSTS OF INFORMATION SECURITY BREACHES

Average cost incurred by a business for each lost or stolen record is $150 Victims spend an average of 25 – 175 hours

to resolve problems caused by identity theft, together with $50 - $2,000 (excluding attorney's fees)

Direct costs to businesses may pale in comparison to reputational damage, which can be very expensive in terms of lost consumer trust and brand loyalty

ALFA International 2015 Client Seminar Poll:• Has your organization experienced a data

breach? Yes (32%); No (68%)

• Does your organization have a written data breach response policy? Yes (45%); No (55%)

• Do you have cyber liability insurance? Yes (52%); No (48%)

• Do you believe your organization is well prepared to respond to a data breach? Yes (31%); No (69%)


THE COSTS OF INFORMATION SECURITY BREACHES

A list of products/services offered in the principal black markets:

Credit card information• CVV (name and address, card number,

expiration date, and CVV2): less than $10

• Dumps: magnetic stripe information: $20-80

Fullz• Name, address, credit card information,

social security number, date of birth, and more: $100

Paypal/Ebay account records: $2 and up

Source: InfoSec Institute


WHAT WE TALK ABOUT WHEN WE TALK ABOUT "PERSONALLY IDENTIFIABLE INFORMATION"

In the U.S., Personally Identifiable Information ("PII") is generally defined as: First name, or first initial, and last name

of an individual in combination with: 1. SSN; 2. Driver's license number or state ID number; 3. or, financial account, debit, or credit card

number in combination with security code or password

Outside the U.S., "Personal Information" is defined more broadly: Any information relating to an identified

or identifiable natural person• "Direct" or "indirect" identification, i.e.,

Devin Chwastyk, or, the McNees lawyer who lives on Boas Street

• Broadly drawn to encompass website cookies, IP addresses, factors specific to physical, physiological, mental, economic, cultural or social identity

"Sensitive personal data" afforded extra protection:• Data relating to racial or ethnic origin,

political opinions, religious or philosophical beliefs, trade-union membership, and health or sex life


TYPES OF DATA EXPOSURE EVENTS

Electronic intrusions: Hacking (unauthorized access to a

network)• Insiders and outsiders

Ransomware Malware Skimming (POS attacks)

Physical loss of control: Theft or loss

• Unencrypted hardware• Laptops, hard drives, backup tapes, mobile

devices

• Paper records Employee error/negligence Vendor error/negligence


APPLICABLE PRIVACY LAWS

1. State data breach notification laws2. State data security requirements3. Federal Trade Commission – unfair trade practices4. Federal laws (industry specific)

a. HIPAA/HITECH Act (health care providers/insurers)b. Privacy Act and Federal Information Security Management Act (public sector)c. Family Educational Rights and Privacy Act (education institutions)d. Gramm-Leach-Bliley Act (financial institutions)

5. Payment Card Industry Data Security Standard (PCI-DSS)6. Approximately 109 foreign data privacy laws and regulations

a. Examples:1. GDPR and Privacy Shield (EU)2. Data protection regulations (European states)3. PIPEDA (Canada)

7. Contractual liability


PENNSYLVANIA BREACH OF PERSONAL INFORMATION NOTIFICATION ACT

An entity that maintains, stores or manages computerized data that includes personal information shall provide notice of any breach of the security of the system following discovery of the breach of the security of the system to any resident of this Commonwealth whose unencrypted and unredacted personal information was or is reasonably believed to have been accessed and acquired by an unauthorized person.

"Breach of the security of the system" means the unauthorized access and acquisition of computerized data that materially compromises the security or confidentiality of personal information maintained by the entity as part of a database of personal information regarding multiple individuals, and that causes (or the entity reasonably believes has caused or will cause) loss or injury to any PA resident. 47 states have similar breach notification laws Laws vary as to notification requirements and

whether reasonable likelihood of harm is required to trigger notification


STATE DATA SECURITY REQUIREMENTS

Beyond notification laws, some states impose affirmative data security requirements on entities collecting personally-identifiable information of their residents At least 12 states—Arkansas, California,

Connecticut, Florida, Indiana, Maryland, Massachusetts, Nevada, Oregon, Rhode Island, Texas and Utah—have imposed broader data security requirements

Many impose obligations to dispose of physical and electronic records when no longer needed for business purposes by burning, shredding, erasing

Some states impose general requirement that organizations implement "reasonable safeguards" (e.g., California)

Massachusetts requires organizations implement a WISP (written information security program)• Plan must address 10 specific topics

including with regard to use of vendors and employee discipline

• Imposes specific technical requirements, including access controls, firewalls, encryption, and training

New York Department of Financial Services in October issued new regulations applicable to banks, insurers, and vendors who contract with those entities


FEDERAL TRADE COMMISSION: UNFAIR TRADE PRACTICES

FTC v. Wyndham: 3rd Circuit decision (August 2015)

Repeated hacking of Wyndham Hotels' system had exposed the personally identifiable information (including payment card information) of more than 619,000 consumers, resulting in more than $10.6 million in fraud

FTC alleged this failure amounts to an "unfair or deceptive act or practice" under FTC Act

Wyndham argued it was mere negligence

Third Circuit holding: A company does not act equitably when it

publishes a privacy policy to attract customers who are concerned about data privacy, fails to make good on that promise by investing inadequate resources in cybersecurity, exposes its unsuspecting customers to substantial financial injury, and retains the profits of their business.

Upheld FTC standing to bring enforcement actions


PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS

Industry regulation (VISA, MasterCard, Discover, AmEx, JCB)• Requires organizations that handle

credit/debit cards to conform to security standards and follow testing/reporting requirements

• Applies to merchants, payment processors, POS vendors, financial institutions

• Entities that fail to comply face fines ($5,000 - $25,000), increases in transaction fees, and revocation of authorization to accept credit/debit transactions

PCI-DSS Requirements:• Build and maintain a secure network• Protect cardholder data• Maintain a vulnerability management

program• Implement strong access control measures• Regularly monitor and test networks• Maintain an information security policy


EU GDPR AND PRIVACY SHIELD

The EU-US "Safe Harbor" is gone• Schrems v. Data Protection Commissioner

(October 6, 2015)• European Court of Justice finds that U.S. law

does not afford adequate protection to personal data

• Safe Harbor thrown out entirely• Any company exporting data out of the EU

potentially liable for violations of the Data Privacy Directive• Fines can be assessed by any member state

up to 2% of "global gross income" of the organization

New EU-U.S. "Privacy Shield"• Companies collecting data of EU residents in

the EU and exporting that data must satisfy EU laws

• Privacy Shield is a compliance mechanism• Requires certification filed with U.S.

government• Privacy Shield will still be challenged in

European courts on same grounds as Schrems



Privacy Shield imposes safeguards on privacy of personal information of EU residents • Notice: clear/conspicuous notice: of types

of data collected and purposes for collection; of all third parties involved; of right to access/control; of recourse mechanisms

• Choice: readily available opt out for personal data• Opt-in requirement for data related to health,

racial or ethnic origin, political and religious opinions, trade union membership, or revealing an individual's sex life

Organizations must take reasonable measures to protect data from loss, misuse, unauthorized access; measures must be appropriate to the risks involved and nature of the personal data

Data collection limited to data "relevant for the purposes of processing"

Organization remains bound indefinitely when data is collected under the Shield

Individuals must be permitted access to data and opportunity to correct, amend, or delete information that is inaccurate

Complaints may be made to third party resolution bodies in U.S. or EU



EU’s new General Data Protection Regulation will take effect in 2018• Under the GDPR, "personal data" is defined

as "any information relating to an individual, whether it relates to his or her private, professional or public life."

• Encompasses data related to genetic, mental, economic, cultural, or social identity• Name, a photo, an email address, bank details,

posts on social networking websites, medical information, or a computer’s IP address.

GDPR requires notice and valid consent for all data collected (opt-in only; consent may be withdrawn)• In case of a data breach:

• EU data authorities must be notified "immediately" of a breach;

• Individuals must be notified if an "adverse impact" is determined;

• No de minimis exception

Sanctions from warning to fines up to the greater of $20m EUR or 4% of annual global gross income • GDPR provides for extraterritorial

enforcement; jurisdictional questions are certain to arise


CONTRACTUAL LIABILITY

By agreement, a party can obligate another to safeguard information provided in the course of their contractual relationship• Parties also contractually can place

limitations on liability for a data breach• In commercial contracts, assignments and

limitations of liability can conform to cyber insurance coverage

For consumers, a company’s outward-facing privacy policy governs the company’s collection, storage, and use of consumer data• Lawsuits (including class actions) have

alleged the failure to protect data deprives the customer of the “benefit of the bargain,” entitling the customer to a partial refund of price/fees paid for goods/services• Such claims do not require the customer to

show actual harm resulting from the exposure of their data


THE LIABILITY LANDSCAPE

Any publicized data breach is a target for plaintiffs' lawyers and class action litigation• Claims for negligence, breach of implied

contracts, violations of state privacy laws, misrepresentation

• Offer of credit monitoring will not avoid lawsuits

The key issue is standing: have the class members suffered some cognizable harm?• Mere fear of future harm? Or real financial

impact?

U.S. Supreme Court decisions:• Clapper v. Amnesty International USA: 2013

ruling by U.S. Supreme Court regarding challenge to government wiretapping• Plaintiff’s contention that communications

likely would be intercepted in the future was not sufficient to establish standing

• Alleged injury was hypothetical, future harm vs. injury-in-fact

• Spokeo Inc. vs. Robins: 2016 decision regarding FCRA claim with no consequential harm, only statutory violation• An “injury-in-fact” must be both concrete and

particularized


THE LIABILITY LANDSCAPE

Post-Spokeo, courts have struggled to interpret "injury-in-fact"• Some courts have found that alleged

"imminent threat of identity theft" is insufficient to sue

• Other courts have found harm not speculative where data has been stolen by criminals even where no actual misuse has happened

• Allegations of "tangible harm" (fraudulent charges, fees, costs of identity monitoring) have been more successful

• Spokeo not a "magic bullet" for defendants: in 3 months post-Spokeo, 32 decisions addressed standing: 22 allowed the case to proceed

A finding of standing in a class action can result in significant liability• In re: Target Data Breach Litigation: court

found consumers had standing; Target quickly settled out for $10 million with consumer class and more than $50 million with Visa/MasterCard issuing banks

• Estimated that Target spent $300 million on breach response and litigation costs

U.S. Court of Appeals for the Third Circuit presently considering Storm et al. v. Paytime, Inc.

Pennsylvania’s Superior Court recently heard oral argument in Dittman v. UPMC


AVOIDING LIABILITY FOR DATA BREACHES

McNees counsels clients to be "compromise ready"• Assessment: proactive risk & security

monitoring• Protection: security policies

• Training for Staff

• Response Planning• Outside Counsel and IT Vendors

• Risk Transfer• Cyber insurance policies• Vendor contracts

• Limitations of liability• Indemnification

Risk & Security Assessments• What data exists? Where? Who has access?

What safeguards? What laws are applicable?• Penetration testing & compromise

assessments • Assess security of the resources, susceptibility

to attacks in any number of areas • Penetration testing – attempting to gain access

to your own systems through unapproved means.

• Vulnerability Testing – identifying areas that may be vulnerable to an attack



Data Security Policies• Designate a senior responsible person to

coordinate data security efforts• Policy elements to address compliance with

all applicable laws• Regulate the handling, storage, and protection

of PII and confidential business information• Limit access to records to employees• Incorporation of other policies/procedures

• Electronic Resources policies, BYOD policies, etc.

Data Security Policies• Procedures for IT staff support

• Proactive security: anti-virus, anti-spyware, firewalls, monitoring, patching, encryption

• Backup and disaster recovery plans• Review of vendors and use of cloud technology• Limit use of unencrypted information and

portable devices/storage media• Continue and upgrade regular training modules



Data Security Policies• Require training and impose disciplinary

steps• Start simple: explain the ramifications of

a data breach; start with the basics (password policies, risks of opening emails)

• Impose rules for various documents (access controls) based on sensitivity

• Signed acknowledgment of responsibility• Do your employment agreements need to

be updated?

Data Breach Response Plans• Designate key decision makers, including

board of directors, key employees, inside legal, outside counsel, IT staff, and IT vendors • Get together the incident response “team” and

practice• Identify and include outside counsel and IT

vendors in advance to preserve privilege throughout any incident response



Data Breach Response Plans• Provide a decision tree addressing:

contacting outside counsel; investigating and remediating the breach; determining notification obligations; documenting response steps; contacting law enforcement; addressing public relations

Data Breach Response Plans• Five Stages For Data Breach Response

1. Verification of the breach• Forensic investigator to conduct forensic

investigation2. Containment and mitigation3. Investigation and analysis

• Qualified security assessment• McNees has IT vendors to which we can refer

these stages of work and can coordinate the forensic response as necessary

4. Notification of required parties• State data breach notification laws• Coordinate with FBI, Secret Service, local

police as necessary5. Post-response review to improve processes



Risk Transfer• Cyber Insurance

• Traditional insurance coverage is inadequate: insurance industry denies coverage claims related to cyber attacks under traditional insurance policies

• Cyber liability policies will cover the costs of forensic analysis, repair of systems, data breach notifications, offers of credit monitoring, and, if necessary, legal defense of claims arising from a breach. • Application process is critical • Aimed at assessing an applicant's cyber-

related exposures and IT security practices• Claims will be denied if inaccurate or

fraudulent data is supplied on application

Risk Transfer• Vendor Contracts

• Indemnification• Limitations on liability

• Any potential liability pursuant to contract should be matched with cyber insurance coverage

• 35% of security violations involve contracted third parties (call centers, IT consultants)

• Include protections in contracts before permitting access to physical office spaces, computer systems, or stored information, and attempt to negotiate indemnification for any negligence (or intentional acts) that expose data


QUESTIONS?


MCNEES’S PRIVACY & DATA SECURITY PRACTICE GROUP

We develop data security policies and procedures in compliance with laws and industry standards

We assist clients in meeting their legal obligations and avoiding liability when a data breach occurs

Collaborative multi-disciplinary team with varying specialties

Includes attorneys with backgrounds in litigation, business counseling, financial services, intellectual property, and health care practices


CYBERSECURITY: WHAT COMPANIES SHOULD BE DOING TO PREPAREChristopher Mellen, BDO Consulting Director, BDO USA, LLP


WITH YOU TODAY

CHRISTOPHER MELLEN

BDO Consulting Director

+1 215-636-5589 [email protected]


AGENDA

Today’s Landscape Cybersecurity Risk Management Overview Understanding Your Risk Regulatory Requirements Cybersecurity Mitigation Conclusion


TODAY’S LANDSCAPE


CYBERSECURITY TODAY

Internal actors were responsible for

43% of data loss, half of which is intentional, half accidental.

This year, companies that haddata breaches involving less than 10,000 records, the average cost of data breach

was $4.9 million and those companies with the loss or theft of more than 50,000 records had a cost of data

breach of $13.1 million.

2016 Data Breach Study: United States, Benchmark research sponsored by IBM Independently conducted by Ponemon Institute LLCJune 2016

Intel Security Report, Grand Theft Data: Data exfiltration study: Actors, tactics, and detection


CYBERSECURITY TODAY

Intel Security Report, Grand Theft Data: Data exfiltration study: Actors, tactics, and detectionIntel Security Report, Dissecting the Top Five Network Attack Methods: A Thief’s Perspective


CYBERSECURITY TODAY

1.5 million Cyber attacks each year(approx. 4,000 per day)

16,856 Cyber attacks on businesses each year

$2.1 trillion Predicted global cost of data

breaches by 2019

$1 trillion+Predicted global spending on

cybersecurity 2017-2021

$74 billion Current annual spending on

cybersecurity

500 million Yahoo user accounts

hacked

AGC New York, “Keeping Your Transactions Safe”


CYBER INTRUSIONS INCREASING

Rate of breaches increasing since 2005

Cross-industry impact: healthcare, retail, insurance, technology, financial services

Multiple types of breaches/threats

Hottest breaches – phishing and ransomware


LIVE THREAT MAP


CYBERSECURITY RISK MANAGEMENT OVERVIEW


WHAT IS “CYBERSECURITY RISK MANAGEMENT PROGRAM”?

Integrated set of policies, processes, technologies and controls that minimize vulnerabilities and protect against threat to support

Confidentiality – information kept private and secure

Integrity – data not inappropriately modified, deleted or added

Availability – systems/information available to whom requires them


A HOLISTIC APPROACH


UNDERSTANDING YOUR RISK


A set of scenarios based on impacts to Assets by potential Threats and their ability to leverage Vulnerabilities


Three Principles of Digital Asset Valuation

1. Consider who gets value from the asset2. Understand the role your digital assets play in creating economic value / generating revenue3. Look forward – valuing your digital assets requires an outward view (previously invested costs to

create the asset are “sunk”)

Understanding the Value of Digital Assets

Intrinsic – Critical element that allows the digital asset to exist in the first place (e.g. the person, binary data, physical object, legal contract etc.)

Extrinsic – Opportunities to leverage the digital asset making it more useful to prospective users Sum it up – Metadata defines the extrinsic value of your digital assets, informing their value


Identify

PlanClassify

Act

Create classification framework

Develop protection profiles

Review and analyze report(s)

Readjust framework and re-classify data as needed

Data assets Data custodians


MOTIVATIONS AND INCENTIVES


VULNERABILITIES


REGULATORY REQUIREMENTS


Laws imposing civil or criminal liability for hacking

Laws requiring implementation of security measures

Contractual duties re: security and/or breach notification

Regulator enforcement consent decrees, and related requirements

Laws requiring notification of security breaches

Regulator and industry standards, guidelines, and frameworks

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCM3ZvfSt6sYCFQsckAodRncEXw&url=http://money.cnn.com/2013/11/11/technology/security/fight-hackers/&ei=kkCtVc3ILou4wATG7pH4BQ&bvm=bv.98197061,d.Y2I&psig=AFQjCNHaCSJDJZ2j0Dpdd0a5kNhV4U5sQA&ust=1437503691092566http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCM3ZvfSt6sYCFQsckAodRncEXw&url=http://money.cnn.com/2013/11/11/technology/security/fight-hackers/&ei=kkCtVc3ILou4wATG7pH4BQ&bvm=bv.98197061,d.Y2I&psig=AFQjCNHaCSJDJZ2j0Dpdd0a5kNhV4U5sQA&ust=1437503691092566http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCPKB_YOu6sYCFcGUkAodWooF7w&url=http://www.tech-coffee.net/category/security/&ei=s0CtVbLcD8GpwgTalJb4Dg&bvm=bv.98197061,d.Y2I&psig=AFQjCNE2M-bwvagVSsMVX5MzCGyu_reynw&ust=1437504046206052http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCPKB_YOu6sYCFcGUkAodWooF7w&url=http://www.tech-coffee.net/category/security/&ei=s0CtVbLcD8GpwgTalJb4Dg&bvm=bv.98197061,d.Y2I&psig=AFQjCNE2M-bwvagVSsMVX5MzCGyu_reynw&ust=1437504046206052http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCMylkqyu6sYCFQeTDQodGBcAWA&url=http://www.afscmelocal88.org/2014/11/tentative-agreement-reached-on-contract/&ei=B0GtVYyGHoemNpiugMAF&bvm=bv.98197061,d.Y2I&psig=AFQjCNHwU8Rnqlsjh1suCpm_IzHFT3akjA&ust=1437504120413500http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCMylkqyu6sYCFQeTDQodGBcAWA&url=http://www.afscmelocal88.org/2014/11/tentative-agreement-reached-on-contract/&ei=B0GtVYyGHoemNpiugMAF&bvm=bv.98197061,d.Y2I&psig=AFQjCNHwU8Rnqlsjh1suCpm_IzHFT3akjA&ust=1437504120413500https://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0CAcQjRxqFQoTCKyGtuav6sYCFYOggAodkv4GWA&url=https://commons.wikimedia.org/wiki/File:US-SecuritiesAndExchangeCommission-Seal.svg&ei=jkKtVayHCYPBggSS_ZvABQ&bvm=bv.98197061,d.Y2I&psig=AFQjCNFoK9wjlRS0ndk3XAJw4yy7P2fngA&ust=1437504514530595https://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0CAcQjRxqFQoTCKyGtuav6sYCFYOggAodkv4GWA&url=https://commons.wikimedia.org/wiki/File:US-SecuritiesAndExchangeCommission-Seal.svg&ei=jkKtVayHCYPBggSS_ZvABQ&bvm=bv.98197061,d.Y2I&psig=AFQjCNFoK9wjlRS0ndk3XAJw4yy7P2fngA&ust=1437504514530595https://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCN34rJau6sYCFQPigAodCfoASA&url=https://www.iconfinder.com/icons/46847/mailbox_postbox_icon&ei=2UCtVZ2oMIPEgwSJ9IPABA&bvm=bv.98197061,d.Y2I&psig=AFQjCNHOsZGfVp7-C705POZOTk6Ndkxyzw&ust=1437504082161540https://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCN34rJau6sYCFQPigAodCfoASA&url=https://www.iconfinder.com/icons/46847/mailbox_postbox_icon&ei=2UCtVZ2oMIPEgwSJ9IPABA&bvm=bv.98197061,d.Y2I&psig=AFQjCNHOsZGfVp7-C705POZOTk6Ndkxyzw&ust=1437504082161540http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=&url=http://www.clker.com/clipart-envelope.html&ei=CEKtVb-BKMfFwATuibjwBQ&bvm=bv.98197061,d.Y2I&psig=AFQjCNHj9V3SdDxMWYJkaYW5C9aXuPPH3g&ust=1437504392899852http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=&url=http://www.clker.com/clipart-envelope.html&ei=CEKtVb-BKMfFwATuibjwBQ&bvm=bv.98197061,d.Y2I&psig=AFQjCNHj9V3SdDxMWYJkaYW5C9aXuPPH3g&ust=1437504392899852http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCLry6eOu6sYCFcmVDQodYLQAWQ&url=http://mindfulsecurity.com/2009/02/03/policies-standards-and-guidelines/&ei=fEGtVbrEEMmrNuDogsgF&bvm=bv.98197061,d.Y2I&psig=AFQjCNHLzMpvbMgiR1ziDMTTBrY2jWmHDQ&ust=1437504242473432http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCLry6eOu6sYCFcmVDQodYLQAWQ&url=http://mindfulsecurity.com/2009/02/03/policies-standards-and-guidelines/&ei=fEGtVbrEEMmrNuDogsgF&bvm=bv.98197061,d.Y2I&psig=AFQjCNHLzMpvbMgiR1ziDMTTBrY2jWmHDQ&ust=1437504242473432


KEY GUIDANCE PROVIDED


EXISTING AND FORTHCOMING GUIDANCE

Presidential Policy Directive (PPD) on Cyber Incident Coordination

FinCen FAQs on Customer Due Diligence Requirements for Financial Institutions

Proposed Cybersecurity Disclosure Act of 2015

BDO along with the other Big 8 Audit Firms have been working with AICPA as part of the ASEC Cybersecurity Working Group to develop the Cybersecurity Attestation Guideline which will establish a new audit service in the market place.


CYBERSECURITY MITIGATION


BDO CYBERSECURITY FRAMEWORK


LIFE CYCLE OF DATA PRIVACY AND PROTECTION

Creation / Collection

Storage

UseDuration

Disposition


INCIDENT RESPONSE

IDENTIFICATION CONTAINMENT ERADICATION RECOVERY LESSONS LEARNED

Location of the incident

How was it discovered?

Other areas compromised?

Scope of the impact

Have sources been identified?

Business impact

Short-term containment (is problem isolated / are systems isolated?)

System-backup (evidence collection, imaging)

Long-term containment (system off-line)

INCIDENT RESPONSE AND REMEDIATION

Re-image and update patches, harden system(s)

Removal of malware and artifacts from system(s)

When can system(s) come back online?

Have systems been prepared to thwart future attacks?

What testing, monitoring solutions are going to be used for future?

How can we prevent this in the future?

Incident Report • Who?• What?• Why?• How?• Where?• When?

Implement Preventative Measures


CYBER INSURANCE

Once the risk profile is determined and a Cybersecurity program has been established, there is a need to understand residual risk and transferring part of it to insurance. Cybersecurity insurance allows companies to transfer part of their residual financial and legal risk.

Key Policy & Process IT Security Policy and Operational Plan Incident Response and Business Continuity Plans Understanding of ongoing IT security initiatives Relevant current insurance policies (e.g.,

property, cyber)

Interviews Cybersecurity Legal Counsel Risk Management Information Technology

Outcomes Initial observations Recommendations for improvements

Discovery & Analysis

Scenario Development Based on the Discovery phase, develop

appropriate Cybersecurity scenarios to test

Typical Costs Digital investigation, containment and

eradication costs Crisis Management Notification Costs Credit Monitoring Restoration of data Settlements and judgments Defense costs Punitive costs Business interruption Internal Labor costs Overhead Lost productivity

Test & Document Identify exposures and costs associated with

Cybersecurity events and breaches

Scenario Testing

Residual Risk Develop understanding of residual risk and

probability to provide underwriters with appropriate information

Determine if progress over the last 12 months has made material impact to reducing the probability of an event/breach to occur

Draft claim protocols and best practices following a cyber breach and the insurance claim process

Reevaluate the policies and procedures that had been reviewed in Phase I and also assess if additional procedures need to be developed.

Insurance Plan


CONCLUSION


BDO’S CYBERSECURITY SERVICES

Cyber Risk Management Strategy & Program Design

Cyber Risk Assessment & Security Testing

Data Privacy & Protection

Security Architecture & Transformation

Incident Response Planning

Business Continuity Planning & Disaster Recovery

Digital Forensics & Cyber Investigations

Cyber Insurance Claim Preparation & Coverage Adequacy Evaluation


SPEAKER BIO

CHRISTOPHER MELLENBDO Consulting Director

Direct: +1 215-636-5589 [email protected]

Christopher Mellen is a Director in BDO Consulting’s Technology Advisory Services practice, leading data privacy and protection with more than 20 years of experience serving in the United States government and the private sector in various roles in Information Security with top secret clearance. Christopher also has a strong financial services background.

Previously the Director of Information Risk Management of the Executive Office of the President of the United States of America, Christopher was responsible for assisting the CIO with the overall leadership, IT policy and procedures, and management of EOP-wide information security. He has significant experience with SOCs, threat intelligence, Identity Access Management (IAM), including mainframe security administration (ACF2), active directory administration, CyberArk (Password vaulting) and Oracle Identity Manager (OIM) administration.

Prior to joining BDO, Christopher was an SVP for Strategic Security Initiatives, Information Security for PNC Financial Services Group, and Director of Professional Services at SAIC. Christopher is an experienced consultant in technology companies including AccessData, Guidance Software and DDK Technology Group. He is also a veteran of the United States Marine Corps.


RECENT DEVELOPMENTS IN EMPLOYMENT LAW THAT EVERY EMPLOYER SHOULD BE AWARE OFEric Athey, Labor & Employment Member and Co-Chair, McNees Wallace & Nurick LLC


REGULATORY UPDATE: BRIEF OVERVIEW OF FINAL FLSA REGULATIONS

Significant increase to $455 weekly minimum salary requirement• $913 a week or $47,476 a year beginning December 1, 2016• Automatic annual updates to minimum salary requirement every three years to reflect• Number of salaried employees currently qualifying for white-collar OT exemptions will decrease by

over 50%

Increased total annual compensation requirement needed to exempt highly compensated employees to $134,004

No Changes to Duties Tests


TAKEAWAYS

Let's look on the bright side

Will give HR and in-house counsel opportunity to make issue a compliance priority Will give employers "cover" to make changes to employees' exempt status without

conceding potential misclassification Prospective conversion to non-exempt status does not automatically mean greater wage

costs• Can be managed


REGULATORY UPDATE: THE NEW PROTECTED CLASSES

Oncale v. Sundowner Offshore Svcs., (S. Ct. 1998): recognition that same sex sexual harassment is unlawful under Title VII

7/16/15: EEOC rules that denial of promotion based on sexual orientation is equivalent to sex discrimination under Title VII


REGULATORY UPDATE: THE NEW PROTECTED CLASSES

3/1/16: EEOC files two federal lawsuits alleging unlawful sexual orientation discrimination on the part of Scott Medical Center (PA) and Pallet Cos. (MD)

Pallet Cos. settled for $202,200 in June 2016

What will the court do with Scott Medical Center? (Oncale vs. Legislature)


TAKEAWAYS

Gender identity and orientation issues are not new

28 states have employment laws relating to gender ID or sexual orientation

Federal contractors may not discriminate based on gender ID or sexual orientation

Title VII link is gender stereotyping


REGULATORY UPDATE: MANDATORY PAID SICK LEAVE RULES

OFCCP final rules issued September 2016; take effect June 2017

7 days of paid leave for own illness, doctor’s appointments, sick family absences, absences related to domestic violence

Narrower than expected: impacts only Procurement construction contracts under Davis Bacon Service contracts covered by Service Contract Act Concessions contracts on federal property Contracts in connection with land or property leases


WHAT'S NEXT: MEDICAL MARIJUANA IN PENNSYLVANIA

Medical marijuana law effective May 17, 2016

Legalizes the use of marijuana for certain enumerated medical conditions

Requires medical certification



Employment Provisions

Anti-discrimination and retaliation provisions for certified users Does not require accommodation for use on the premises or property of the employer Permits discipline for those "under the influence" in the workplace Permits discipline where use causes employee's performance to "fall below the standard

of care normally accepted" for the position Prohibits employees from performing safety sensitive jobs



Law was effective May 17, but . . .

Unclear when dispensaries will be up and running Unclear when certifications will be issued

Regulations with additional guidance to be issued

What constitutes under the influence? Who decides? What about medical marijuana use prescribed out of state?



Looking ahead, policies may need to be updated

Anti-discrimination and retaliation policies Americans with Disabilities Act policy? Drug and Alcohol testing policies?


WHAT'S NEXT: JOINT EMPLOYER STATUS FOR EVERYONE

Faush v. Tuesday Morning, Inc.Retail employer utilized service of temporary staffing agency to provide temporary employees from time-to-time

African American temps assigned back room cleaning work allegedly due to theft concerns

Temp terminated shortly after complaining



Faush v. Tuesday Morning, Inc.Temp brings claim against temporary staffing agency and retailer

Retailer objects: temps are not our "employees" under Title VII



Faush v. Tuesday Morning, Inc. (3rd Cir. 2015):Factors for "joint employment" status:

Supervision, determining and paying wages, skill required for job, location of work, right of company to assign additional projects, duration of relationship, method of payment, employee benefits



Faush v. Tuesday Morning, Inc. (3rd Cir. 2015):Joint employment exists here because:

Company indirectly pays wages; Company can demand replacement workers; Company assigned and supervised workers; Company provided all training and equipment; Company set work schedule


TAKEAWAYS

Joint employer status is becoming the focus of many state and federal agencies and plaintiff's counsel

NLRB, DOL, EEOC, etc.

Could arise in a number of situations:

Temporary employees, contractors, etc.

A contract alone will not win the day: all facts and circumstances will be evaluatedNow is the time to conduct the cost-benefit analysis


WHAT'S NEXT: NEW WAYS A MOBILE PHONE WILL GET EMPLOYEES IN TROUBLE

Commonwealth v. SpenceAn employee is called into the office to talk to his boss about an ethics complaint that he made

He sees the complaint on the desk and activates the "Voice Notes" app on his IPhone



Commonwealth v. SpenceThe boss finds out and the employee is charged with violating the Pennsylvania Wiretap Act

The employee files a motion to have charges dismissed



The trial court held that the recording was lawful because the recording fell within the telephone exemption to the Wiretap Act

On appeal, the Superior Court held that the recording was unlawful, because the result, the surreptitious recording, was the same no matter the type of recording device utilized



As a result, the employee's conduct did in fact violate the Wiretap Act

Further appeal expected

Stay tuned on our blog!


CASE LAW UPDATE: WRONGFUL DISCHARGE?

Stewart v. Fed Ex (Pa. Super 2015):Facts: Company policy prohibits weapons "on company property“

Employee has license to carry firearm

Co-worker discovers Employee's pistol in glove compartment of Employee's car (while on Company property) and Employee is terminated


TAKEAWAYS

2nd Amendment applies only against government Public Sector caveat

20 states have laws protecting employees' rights to store in vehicles

Employers free to enforce rule in Pennsylvania


QUESTIONS?

Visit us:

www.palaborandemploymentblog.com


BDO is the brand name for BDO USA, LLP, a U.S. professional services firm providing assurance, tax, advisory and consulting services to a wide range of publicly traded and privately held companies. BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. BDO is the brand name for the BDO network and for each of the BDO Member Firms. For more information please visit: www.bdo.com.

Material discussed is meant to provide general information and should not be acted on without professional advice tailored to your firm’s individual needs.

© 2016 BDO USA, LLP. All rights reserved.

Central pennsylvania�business leaders summitUpcoming eventsEvent DetailsMERGERS & ACQUISITIONS��Joseph Burke, Transaction Advisory Services Partner, BDO USA, LLP� �Nicole Stezar Kaylor, Of Counsel, McNees Wallace & Nurick LLC��Bob McCormack, Founder & Managing Partner, Murphy McCormack Capital Advisors� �Moderator: Michael Hund, Member, McNees Wallace & Nurick LLC�ARE YOU PREPARED TO TRANSITION YOUR BUSINESS?��Vance Antonacci, Member, McNees Wallace & Nurick LLC��Joe Burke, Transaction Advisory Services Partner, BDO USA, LLP��Katie Smarilli, Partner, Murphy McCormack Capital AdvisorsagendaKey Business Transition Facts�Key Business Transition Facts (continued)�Consider Your Transition Options Now�Plan for unexpected contingencies�Have you Protected your FAMILY’s WEALTH�PREPARATION TO MAXIMIZE VALUE�Building value10 Steps You Should Take Now �to Prepare for Transitioning Your Business#1 - Getting Started -“Taking Stock”�#2 – Know The value of your company�#2 – Know The value of your company�#3 – Will your leadership team transfer the value of your company?�#4 - Quality Financial Reporting�#5 - Articulate a Strategy for the future of your company�#6 - Customer Concentrations�#7 - Working Capital�#8 - Capital Expenditures�#9 – IS your ‘house’ in order?�# 10 - Family Issues�Understanding The Choices��LUNCH & KEYNOTE PRESENTATIONTHE IMPACT OF THE ELECTION IN THE ECONOMY��Matías Vernengo, Economics Professor, Bucknell University; Co-editor of the Review of Keynesian Economics�Plan of the talkSlow recovery and stagnationEmployment recoveryFiscal austerityUnemploymentCivilian Employment-Population RatioExternal balancespolicy plans and implementationSecular stagnation�FEDERAL TAX POLICY And legislative UPDATE��Kevin Anderson, National Tax Partner, BDO USA, LLP��AgendaFEDERAL TAX UPDATE�Recently Enacted Tax Legislation�Protecting Americans From Tax Hikes Act of 2015 (“PATH Act”)PATH Act/Revenue ImplicationsPATH Act/Research and Development CreditPATH Act/Bonus DepreciationPATH Act/Bonus Depreciation (Cont’d)PATH Act/Other Depreciation ProvisionsPATH Act/Other Business ProvisionsPATH Act/Other Business Provisions (Cont’d)PATH Act/Individual ProvisionsPATH Act/Individual ProvisionsOther Enacted Tax LegislationOther Enacted Tax Legislation (Cont’d)FEDERAL TAX UPDATE�Other Legislative Activity�The Appropriations CalendarCongress and the

Documents

CENTRAL PENNSYLVANIA BUSINESS LEADERS SUMMIT€¦ · Central Pennsylvania Business Leaders Summit / 4. MERGERS & ACQUISITIONS. Joseph Burke, Transaction Advisory Services Partner,