by PATRICIA GUADALUPE
There are more than 800,000 Latina-owned businesses in the United States, and they represent the fastest-growing segment of small business owners. Yet many Latina business owners and would-be entrepreneurs are unaware of the many programs and services available to help them launch and successfully continue their business endeavors.
That is why the U.S. Small Business Administration and Latina media mogul and entrepreneur Nely Galán are joining forces and signing a first-ever agreement to help start, maintain, and expand Latina-owned businesses. The partnership will include providing information, training, and resources for aspiring Latina entrepreneurs.
Galán, the former President of Entertainment for the Telemundo network, is a founder of the non-profit group Adelante Movement, which trains and empowers Latinas to become entrepreneurs. She also has her own real estate development and investment company.
"The future is in women and small business and entrepreneurship. There is a lot of hidden money in America and we're going to help you find it through the SBA," said Galán during a ceremonial agreement signing in Washington, D.C.
"We all have an information gap. We don't know all the money that's out there for us. I myself didn't know about SBA loans," said Galán. "I didn't realize that so many non-profits provide training and the SBA partners with them. There is money out there but we don't know how to get it and it can be intimidating. Entrepreneurship is not grandiose; it's step by step and getting connected."
SBA Administrator María Contreras-Sweet says the agency can be a fountain of resources and information for Latina entrepreneurs. "The SBA has a great panoply of services that have proven successful to the community. We zeroed-out fees on loans under $150,000, we have recruited more credit unions, and we have changed the rules on underwriting to relax some of the underwriting. We have increased lending to the Hispanic community. We are at record-lending levels. The U.S. government had never been able to reach a simple goal of 5 percent contracting (to Latina-owned businesses), but we came in, hunkered down, put in more streamlining, and we've reached that goal and exceeded it. So now the five percent is the floor, not the ceiling. The numbers speak for themselves," said Contreras-Sweet, herself a Latina entrepreneur and business executive before joining the Obama administration two years ago.
"All of this work is building on each other and we think this initiative is going to be one more of those endeavors. This will be a significant partnership. We're going to create more jobs and have more impact and transform communities and brighten up lives."
WASHINGTON, D.C. (JULY 14, 2016)
BY BILLY HOUSE
(Bloomberg) House conservatives launched an effort Thursday to force a vote to impeach the IRS commissioner, but action on the motion could be delayed until September.
Representative John Fleming of Louisiana offered a privileged resolution to impeach John Koskinen, the Internal Revenue Service commissioner, after Republicans accused him of impeding an investigation into whether the tax agency improperly targeted conservative non-profits.
House leaders now have two legislative days to rule on whether the motion will indeed receive a vote, which could delay any action until September, when the House returns from its lengthy summer recess.
Fleming said on the House floor that his resolution has four separate articles of impeachment. Those include one accusing Koskinen of "engaging in a pattern of conduct showing he is unfit," including false statements to Congress. The Louisiana Republican said Koskinen’s false statements confused the investigation.
Republican leaders did not immediately comment on whether the resolution would receive a vote.
But moments before Fleming offered the resolution, Speaker Paul Ryan made a plea for the country to work toward healing.
"Our country is hurting, and needs to come together," he said on the House floor.
It is highly unusual for Congress to impeach an appointed administration official. The last time it happened was 140 years ago.
Senate leaders have also indicated they didn’t favor an effort to impeach Koskinen.
BY LISA NAGELE-PIAZZA
2016 is expected to be the most expensive year for businesses complying with the Affordable Care Act (ACA), said David Lindgren, senior manager of compliance and public affairs for Flexible Benefit Service Corporation, a benefit administrator headquartered in Rosemont, Ill.
It’s the first year for dealing with ACA reporting, which many employers will have to complete by the end of June, Lindgren said during a concurrent session at the Society for Human Resource Management 2016 Annual Conference & Exposition.
There are more than 30,000 pages of guidance about the law, but Lindgren said the ACA is fairly easy to comprehend. “Of course, many people would disagree with me,” he noted.
“It’s not necessarily easy to comply with the ACA, and it’s not financially inexpensive, but most of the rules aren’t overly complicated,” he said.
The federal agencies that regulate the ACA have said they intend to monitor all businesses for compliance. This may not be realistic, but employers should keep in mind that more auditing can be expected.
Lindgren identified 30 penalties associated with noncompliance and provided insight on how to avoid them.
Employers can choose to pay the penalties for noncompliance, but steep fines are often attached, he said. For example, market reform violations carry a penalty of $100 per participant per day, up to $500,000 for each violation.
Employees Must Receive Notices
Some noteworthy penalties to avoid are those associated with the failure to provide required notices to plan participants, including a written notice of patient protections.
Lindgren said sometimes employers aren’t clear about who has been designated to provide this notice. “A lot of times the insurance company thinks the employer provided it and the employer thinks the insurance company did,” he said. “So it’s important to double check who is in fact giving the notice.”
Participants must also be provided with a summary of benefits and coverage in a standardized format. Lindgren likened this format to a nutrition label on a can of soup.
A participant should be able to easily compare the benefits to other plans, such as a spouse’s plan, just as the nutrition facts for two cans of soup can be easily compared.
There is a standardized template for the summary of benefits and coverage on the Department of Labor website.
The requirement to provide a summary of benefits and coverage applies to medical plans, but not to dental or vision plans.
The summary should be distributed at the time of open enrollment and special enrollments related to qualifying events, as well as at the request of participants and when a material modification has been made to the plan.
Although there is no penalty attached for noncompliance, employers must also provide written notice about the health insurance marketplace to new hires within 14 days of their start date.
This applies even for organizations that don’t offer benefits and even to those employees who aren’t eligible for benefits, Lindgren said.
There are some exceptions. For example, if an employer isn’t subject to the Fair Labor Standards Act, then it doesn’t have to provide the marketplace notice.
Exceptions for Grandfathered Plans
Grandfathered plans aren’t subject to some of the requirements under the ACA. This includes plans purchased on or before March 23, 2010, that haven’t made certain material changes.
Lindgren noted that employers with grandfathered plans must provide written notice to participants notifying them that it is a grandfathered plan and describing what that means for participants.
If participants aren’t provided this information, the plan will lose its grandfathered status, Lindgren said.
HR Takes the Lead
Benefits compliance isn’t just a human resources issue anymore, but HR often takes the lead in compliance efforts, according to Lindgren.
However, other departments, such as finance, legal and information technology, are increasingly getting more involved.
Lisa Nagele-Piazza, SHRM-SCP, J.D., is the senior legal editor for SHRM.
What to Do When You've Been Hacked Featured
Written by Jon Baron
Imagine this. Your firm starts receiving calls and emails from clients saying they've been the victim of tax refund identity theft. Sure, you've seen a few of these cases and have a process in place to assist clients, but this appears to be different. The volume of victims is far more than what you'd ever expect.
When you explore the activity on your network, you discover that access has occurred at odd times. Or, some of your partners or staff recall "kicking someone off" the network before they could log in. The client calls and emails begin to accelerate. You ask your staff and partners if they've responded to an odd email or opened an unusual file that seemed to be from a trusted source. You find that they have.
Your firm has been the victim of a spear phishing attack and someone—or a group of people—have all of your firm's data. Don't think it can happen to you? Think again. This doomsday scenario is happening to firms of all shapes and sizes, and the number of occurrences is rising.
How it happens
In many instances, malware that can track keystrokes is residing on an office PC or on your firm's network. The result? The hacker(s) now have legitimate credentials from one or more of your staff. They go freely in and out of your system like legitimate users.
And they know what to look for—full tax returns or W-2s from your payroll services, as well as business financial data. To tax refund thieves, this is a gold mine because it's real data—employers, addresses, dependent names, ages, Social Security numbers, etc. With this data, producing W-2s that look legitimate and then filing fraudulent tax returns is fast and easy for a hacker. And all this happened on your internal network!
The entire existence of your firm depends on what you do, or don't do, directly following the discovery of a cyber-attack. Yes, you have to move fast—the future of your firm is at stake.
What to do immediately
If your systems have been compromised, there are a number of steps to take immediately. These actions should be outlined in your firm's incident response plan. If you don't have one, you should work with your legal counsel and other specialists to develop one immediately. At a minimum, your Incident Response Plan should require that you immediately take or at least consider the following actions.
Note that I'm not a lawyer, so this is not intended as legal or tax advice if you find your firm in this situation. Instead, view these as general guidelines.
1. Your information security team and forensics specialists should quickly determine if you must quarantine any or all of your PCs or other devices, and your network. Because the malware is residing somewhere in your system(s) and will still track keystrokes, simply changing passwords is pointless. If you don't eliminate the root cause, the process can start all over again. The malware essentially "owns" your technology until you hire a professional to remove it. It is also important to note that once you know there's been a security breach, you should assume that the thieves accessed all of your client's data (and employee data, if you do payroll).
2. Contact your attorney and request a reference for someone familiar with data breach regulations. Your insurance carrier may be able to assist with this as well. Legal counsel is a very valuable resource in assisting with the overall management of the incident and engaging with third-parties like law enforcement, forensics, insurance, etc.
3. Have the computer forensics expert assess what was accessed and when.
4. Notify all staff that until a communication plan is established, and you truly understand what occurred, that the situation is to remain confidential.
5. From the known access point, start compiling the list of clients and/or employees whose personal or confidential information may have been accessed. Also determine the states in which these clients and/or employees reside as that will help your legal advisors determine whom must be notified of the incident and by when. It is critical to get the notification process and timing right, and the requirements and timing differ from state to state.
6. Contact your insurance company and inform them of the security breach.
7. Begin to draft an "incident report" that tells the story of what occurred and when, including which parties were engaged to assist (e.g., counsel, forensics, law enforcement) and what remediation efforts you took.
8. Contact the FBI, local law enforcement, and state criminal investigation units of all states where impacted individuals reside.
9. Contact the I They will have a number of questions about how this occurred.
10. Contact the state regulatory authorities if required.
11. Develop your plan for personal contact of key clients, including an escalation process if you receive a negative reaction.
12. Ensure that all partners and staff have the same script for all related client interactions.
13. Assign one person to be the external spokesperson for the firm—your press relations person—and ensure that person has a solid script for any comments. You may also need to draft a press release.
Once again, this list is not intended as legal advice—it is merely a list of suggestions that illustrate some of the action items involved in responding to a data breach. This list is not all inclusive, but rather a general guideline. You should contact an attorney for advice on legal matters.
While this list of action items may seem intimidating, the situation calls for immediate action and total focus. The keys are quarantining your technology, bringing in the forensic experts to assess the damage, contacting your attorney who should be able to assist with engaging with third parties, including managing any notification process and its timing, and building the internal and external communication plans. Remember to remain calm.
If you can show that you took immediate, direct action, documented the incident and remediation steps, and engaged the appropriate third parties for assistance, your outcome will likely be the best possible. If you hesitate, or resist what needs to be done, the outcome may not be as good.
Obviously, the firm needs to continue operating while all this activity is going on. In parallel with the forensics analysis, have new stand-alone PCs up and running with the applications you need to serve your clients and to run the practice. The forensics results will determine what occurs next with your environment and network.
How to protect your firm against hacking
While this scenario is quite disconcerting, the best thing you can do to protect your firm against hacking is to educate your staff about the risk and provide them with tips to avoid being hooked by a phishing scheme. Remind them to be vigilant. If something doesn't quite right, they should question it.
Further, ensure you have the best protection available to avoid malware taking hold of your data. Tools that employ "targeted threat protection"—and there are several good ones—should be in place in your firm. This type of protection defends against malicious links in email, attachments and social-engineering attacks. So, if you haven't asked your internal IT staff or your outside consultant about targeted threat protection, you should do so ASAP.
Unfortunately, cybersecurity is now a priority for all of us, particularly those of us in the accounting profession who hold so much personal and financial data for our clients. You owe it not only to your clients, but to your employees and yourself, to take this threat seriously and protect your firm in every way possible.
This column originally appeared on the Thomson Reuters Tax and Accounting Blog