By: Stephanie O’Rourk, CPA, Partner, Hospitality, CohnReznick With application portals now open for Paycheck Protection Program (PPP) loan forgiveness and many borrowers still working out how to best spend and account for their funds, the Small Business Administration (SBA) and the Treasury Department continue to release additional guidance on the program’s complex loan forgiveness eligibility and application. Read on for a summary of current insights on the COVID-19 business relief program, in areas including:
All information is from the SBA/Treasury FAQ first released Aug. 4 unless otherwise noted. We will continue to add to this page as new information becomes available, so check back for updates. PAYROLL COSTS Types of eligible payroll costs: The Aug. 4 FAQ confirms whether certain types of costs are counted as payroll costs and eligible for loan forgiveness. See the full document for examples of select types of costs or situations.
“If the borrower uses a biweekly or more frequent (e.g., weekly) payroll cycle, the borrower may elect to calculate eligible payroll costs using the eight-week (for borrowers that received their loans before June 5, 2020, and elect this Covered Period length) or 24-week period that begins on the first day of the first payroll cycle following the PPP Loan Disbursement Date (referred to as the Alternative Payroll Covered Period). However, if a borrower pays twice a month or less frequently, it will need to calculate payroll costs for partial pay periods. The Covered Period or Alternative Covered Period for any borrower will end no later than Dec. 31, 2020. “Example: A borrower uses a biweekly payroll cycle. The borrower’s 24-week Covered Period begins on Monday, June 1, and ends on Sunday, Nov. 15. The first day of the borrower’s first payroll cycle that starts in the Covered Period is June 7. The borrower may elect an Alternative Payroll Covered Period that starts on June 7 and ends on Nov. 21 (167 days later). Payroll costs incurred (i.e., the pay was earned on that day) during this Alternative Payroll Covered Period are eligible for loan forgiveness if the last payment is made on or before the first regular payroll date after Nov. 21.” Owner compensation: “The amount of compensation of owners who work at their businesses that is eligible for forgiveness depends on the business type and whether the borrower is using an eight-week or 24-week Covered Period,” SBA says. “In addition to the specific caps described below, the amount of loan forgiveness requested for owner-employees and self-employed individuals’ payroll compensation is capped at $20,833 per individual [or $15,384 for borrowers that received their loan before June 5, 2020, and choose an eight-week Covered Period] in total across all businesses in which he or she has an ownership stake.” If their total compensation across PPP loan-receiving businesses exceeds the cap, “owners can choose how to allocate the capped amount across different businesses.” Note that owner-employees with less than a 5 percent ownership stake in a C or S Corporation are not subject to these caps, according to an SBA Interim Final Rule released Aug. 24. “This exemption is intended to cover owner-employees who have no meaningful ability to influence decisions over how loan proceeds are allocated,” the rule states. They are, however, still subject to the general limitation of $100,000 in forgivable cash compensation per employee on an annualized basis. The Aug. 4 FAQ provided the following limitation examples for a borrower using a 24-week Covered Period:
NON-PAYROLL COSTS Types of eligible non-payroll costs: As with payroll costs, the Aug. 24 FAQ confirms whether certain types of costs are counted as non-payroll costs and eligible for loan forgiveness. See the full document for examples.
Note, however, that while borrowers must provide documentation of mortgage interest to substantiate these rent and lease payments, mortgage interest payments to a related party are not eligible for forgiveness. “PPP loans are intended to help businesses cover certain non-payroll obligations that are owed to third parties, not payments to a business’s owner that occur because of how the business is structured,” the Aug. 24 interim final rule states. “This will maintain equitable treatment between a business owner that holds property in a separate entity and one that holds the property in the same entity as its business operations.” Alternative Payroll Covered Period: “The Alternative Payroll Covered Period applies only to payroll costs, not to non-payroll costs,” the Aug. 4 FAQ states. To be eligible for loan forgiveness, non-payroll costs must be paid or incurred during the Covered Period, which always starts on the date the lender makes a disbursement of the PPP loan. Distribution of transportation: The CARES Act includes in covered utility payments a “payment for a service for the distribution of … transportation.” The FAQ clarifies: “A service for the distribution of transportation refers to transportation utility fees assessed by state and local governments. Payment of these fees by the borrower is eligible for loan forgiveness.” (For more information on transportation utility fees, see this Department of Transportation page.) Electricity supply charges: SBA confirmed in the FAQ that electricity supply charges that are charged separately from electricity distribution charges are eligible for forgiveness: “The entire electricity bill payment is eligible for loan forgiveness (even if charges are invoiced separately), including supply charges, distribution charges, and other charges such as gross receipts taxes.” LOAN FORGIVENESS REDUCTIONS The FAQ clarifies two potential reductions to borrowers’ forgiveness amounts: Forgiveness reductions for reductions in FTE employees
Forgiveness reductions for reductions in employee salary or hourly wage: SBA previously established that unless certain safe harbors were met, “if the salary or hourly wage of a covered employee is reduced by more than 25% during the Covered Period or the Alternative Payroll Covered Period, the portion in excess of 25% reduces the eligible forgiveness amount.” The FAQ provides three thorough examples for determining these reductions, and also notes that for purposes of this calculation, the borrower should take into account decreases only in salaries or wages, not all forms of compensation. GENERAL APPLICATION INFORMATION Eligibility for the EZ application form: SBA confirmed that “sole proprietors, independent contractors, and self-employed individuals who had no employees at the time of the PPP loan application and did not include any employee salaries in the computation of average monthly payroll in the Borrower Application Form” automatically qualify to – and should – use the simplified Loan Forgiveness Application Form 3508EZ (or their lender’s equivalent). Electronic signatures and documentation: PPP lenders are allowed to accept scanned copies of signed loan forgiveness applications, as well as of documents containing the information and certifications that the application requires. They also may accept “any form of E-consent or E-signature that complies with the requirements of the Electronic Signatures in Global and National Commerce Act (P.L. 106-229).” SBA advises that “if electronic signatures are not feasible, then when obtaining a wet ink signature without in-person contact, lenders should take appropriate steps to ensure the proper party has executed the document.” (SBA cautions, however, that “This guidance does not supersede signature requirements imposed by other applicable law, including by the lender’s primary federal regulator.”) Loan payments prior to SBA remitting the forgiveness amount: “As long as a borrower submits its loan forgiveness application within ten months of the completion of the Covered Period, the borrower is not required to make any payments until the forgiveness amount is remitted to the lender by SBA,” the FAQ states. If the loan is fully forgiven, the borrower is not responsible for any payments; if only a portion is forgiven, or if the forgiveness application is denied, any remaining balance due must be repaid on or before the maturity date of the loan. During the time between loan disbursement and SBA remittance of the forgiveness amount, interest will accrue, and the borrower is responsible for paying that interest on any unforgiven amount of the loan. “The lender is responsible for notifying the borrower of remittance by SBA of the loan forgiveness amount (or that SBA determined that no amount of the loan is eligible for forgiveness) and the date on which the borrower’s first payment is due, if applicable,” the FAQ states. Appealing an SBA decision on the forgiveness amount: In mid-August, SBA released an interim final rule establishing guidelines for appealing SBA decisions that a borrower was ineligible for all or part of the amount approved (or not approved) by their lender. Read our full alert for details. For more information, access the full Aug. 4 FAQ or the Aug. 24 interim final rule, or contact our PPP Loan Forgiveness Assistance team for guidance specific to your business and needs.
0 Comments
By: Joseph Imperato, Sr., Partner, XSolutions Consulting Services, LLC There has been a recent wave of marketing emails and posts on how you should backup Office 365 to keep your data safe. They are correct―you should, because Microsoft does not keep point-in-time backups of your data. But, there is more to Office 365 safety than just Backup. For some time, businesses have been moving toward the Cloud. However, the pandemic forced a rushed, mass migration as companies scrambled to find viable options during the shutdown. When things are done quickly, and in a panic, essential elements are often missed. Backing up Office 365 is essential, but don’t forget to increase security to fend off cyber-criminals that have targeted the Cloud and, in particular, Office 365. Privacy And Security Practices Are Directly Related To Vulnerability When people think of the Cloud, they envision their data locked away in some secure vault in the sky under the ever-watchful eye of a giant, benevolent Service Provider. Not exactly true. In simple terms, cloud computing means storing and accessing data over the internet. The Cloud itself is made up of offsite physical data centers which are just as vulnerable to cyber-attack. One errant click from a well-meaning employee is all it takes to start an attack on your Cloud data that can have dire consequences. Simply put, Cloud Service Providers do not protect your data from:
Osano, a data privacy company, did a recent study of the relationship between a company’s data privacy and security practices and the likelihood of data breaches. They found that they are directly related. The weaker the security―the higher the probability. If you do not have proper security mechanisms in place to protect your Cloud data, you risk losing it the same way you would on site. In short, businesses need to protect their data wherever it is stored―onsite or in the Cloud. Office 365 Is The #1 Target of Cyber-criminalsBeing the best productivity suite in the world has its advantages and disadvantages. The most significant drawback is that Office 365 is the top target of hackers. By breaching a single account via email, hackers can move freely throughout Outlook, SharePoint, OneDrive, and Teams. Criminals can copy, download, and share files, and conduct additional attacks within the system. Office 365’s native security has issues detecting sophisticated email attacks. To protect your company, you must up your game! Sophisticated Threats Require Sophisticated ProtectionOne axiom of cyber-security is “Defence In-Depth (DiD).” DiD is a series of defense mechanisms that are layered on top of one another that protects data. To get to your information, cyber-criminals must pass through these security filters, making it harder to penetrate the system. If they successfully get past one mechanism, they must deal with the next layer, and so on. To fully protect your Office 365 application, you need a supported and managed Cloud Data Protection (CDP) platform that includes:
These three components are critical to strengthening Office 365’s native security and keeping your company safe. People don’t realize the enormous amount of vital information they have in Office 365―until they lose it. Protection of Office 365 includes two aspects: Security and Backup. Real protection involves both. Having one without the other is playing with fire. Don’t play with fire―protect your company now. By: Rachel Lau, Social Media, Arts, and Design, Guardian Data Destruction This is a valid question for any decision maker responsible for ensuring that their IT equipment, specifically hard drives, are completely scrubbed of all data before returning a leased device, re-marketing or recycling. You’re not alone. A recent study highlighted in e-Scrap news found that “enterprises remain hesitant to move away from physical device destruction.” Let’s walk through the variables so that you can confidently select the option that’s best for your organization, budget and equipment. Regulations rule If you have a government contract or dealing with high security information, you may have no choice in your data destruction method. Typically, high security projects require a 2mm pulverization of solid-state drives. Other industries accept a 10mm shred size of SSD. In all other cases, standard hard drives are shred to 30mm. Some shredders have larger cutters so the shred size can be up to 70mm. And, of course, there are other regulations that apply to specific industries such as Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act of 2002, FACTA (The Fair and Accurate Credit Transactions Act of 2003) and Payment Card Industry Data Security Standards (PCI DSS) and more. Bottom line, if your industry and market dictate data destruction methods for retired assets, the shred vs. erasure decision has been made for you! Age and expectations If there aren’t regulatory mandates, knowing the age and value of the retired equipment is imperative. When equipment is at end of life and bound for disposal or recycling, go with the least costly data destruction solution: shred. If the equipment is a lease return or destined for re-marketing, or has a large storage capacity, your best option to retain value is erasure. Your ITAD or VAR will likely expect the equipment to come back to them with a hard drive so erasure is less costly than a shred-plus-replace combination. Once again, check your contact or talk to your VAR/ITAD partner to see if there is a contractual obligation. Security Erasure and shredding are both secure methods of data destruction. Three important points:
The study found that 52% of surveyed organizations are physically destroying rather than selling, reusing, or donating their end-of-life IT equipment, because they believe it is “more secure than other data sanitization solutions.” Blancco’s study suggests the physical destruction preference comes down to a lack of education, lack of communication within companies on data destruction policies, and dearth of robust regulations covering data destruction. -e-Scrap News Quoted costs If you’ve determined that there are no regulatory or contractual restrictions, it’s time to compare raw costs. Ask your ITAD or VAR to provide you with an estimate for both erasure and shredding (or pulverization for SSD). What you’ll likely find is: Cost of shred (or pulverization for a solid-state drive) is a combined cost of pulling the hard drive (some are neatly tucked away on motherboards) from the device and shredding it. In the end, you’ve got a nice pile of metal scrap (or dust) that is guaranteed destroyed. Don’t forget that the hard drive is now missing so you may have to add back in the cost of a replacement hard drive if you want to reuse or re-sell the equipment. Cost of erasure (or wiping or sanitizing, depending on who you talk to) is the perfect solution for lease returns or large storage hard drives or high value equipment. The downside is that the erasure of each hard drive (depending on the size and the DOD/NIST erasure protocol) can range from one to 24 hours per item. For desktop equipment (including laptops, tablets, etc.), each piece of equipment is erased one by one. Enterprise equipment can be securely erased in batches of over 200 simultaneously. Eliminating risk isn’t rocket science The objective of data destruction is to ensure that data that may be harmful never hitches a ride with any retired IT equipment (hard drives, USB drives, laptops, printers, copiers, POS, servers, etc.) so that it becomes an embarrassing and harmful data breach. It shouldn’t be complicated. If it is, talk to us and we’ll help you figure it out. Without obligation. We’re happy to give you a quick evaluation so that you can make the best decision possible. (Whatever your data destruction conundrum is, rest assured, you won’t stump us.) And, we can refer you to a VAR or ITAD if you need one. To learn more about shred vs erasure, download our Data Destruction 101 guide or read our data destruction services section of the website. By: Raymond G. Lahoud, Esq., Member, Norris McLaughlin, P.A., Chair, Immigration Practice Group The United States Citizenship and Immigration Services (USCIS) has announced an extension of flexibility in complying with the Form I-9 requirements. This was originally extended on March 19, 2020, due to the COVID-19 national emergency. The Department of Homeland Security (DHS) has decided to extend this policy once again for an additional period of 30 days. The DHS temporarily halted the requirement that employers physically review employee identification and employment authorization documents when completing Form I-9. The revised policy appears in detail in our March 22, 2020, blog post, “Form I-9 Coronavirus (COVID-19) Alert: USCIS Announces Temporary Modifications to Employment Eligibility Verification Process and E-Verify Program.” Form I-9 Compliance Flexibility for Employers The DHS, using its prosecutorial discretion, announced this policy as a precautionary measure implemented by the employers and employees due to COVID-19. This provision applies only to employers who are operating remotely. Employers who are eligible to verify remotely and elect to do so will be able to inspect Section 2 documents remotely by video, fax, or email, and must retain copies of the documents. The timeline for Form I-9 completion remains in effect. Section 1 of the I-9 must be completed by the employee’s start date and Section 2 must be completed within the business days of the start date. It should be noted that the DHS’s remote verification policies are not mandatory. Employers can choose to follow the standard Form I-9 procedures, including the use of hired agents to complete the verification. Further, United States Immigration and Customs Enforcement (ICE) announced that there is a final 30-day extension for employers’ Notices of Inspection (NOIs). ICE also announced that after July 19, 2020, no additional extensions will be granted to employers served with an NOI. These employers have already received a 60-day extension from the original order. The DHS will continue to monitor the ongoing national emergency and issue timely guidelines. Post-COVID-19 National Emergency After the national emergency is lifted, employers will have to physically inspect documents within three business days for all employees on board and those who have been verified remotely. Under the “Additional Information” field in Section 2, employees must enter “COVID-19” as the reason for physical inspection. Once the physical inspections are complete, the employer should add “documents physically examined” and the date of inspection in the “Additional Information” field in Section 2. To learn more about this blog post or if you have any other immigration concerns, please feel free to contact me at [email protected] or (484) 544-0022. For other topics related to COVID-19, visit our Coronavirus Thought Leadership Connection. The information contained in this post may not reflect the most current developments, as the subject matter is extremely fluid and constantly changing. Please continue to monitor this site for ongoing developments. Readers are also cautioned against taking any action based on information contained herein without first seeking advice from professional legal counsel. |
Guest Blog
Archives
September 2024
Categories |