OUTLOOK: Fears of a double dip recession are quietly receding

Page created by Ruben Daniels
 
CONTINUE READING
OUTLOOK: Fears of a double dip recession are quietly receding
{Community Bank Advisor}

                                                                                                                                                                    Winter 2013
                                                         News & views for the banking executive.

              OUTLOOK: Fears of a double dip
              recession are quietly receding
                                                      According to most reports, the threat of a double-         It is a complex question and you need to take a com-
  brian.pollice@plantemoran.com

                                                      dip recession is fading and there are signs that the       prehensive approach.
                                                      economy is moving from a slow to a moderate rate of
                                                      growth. Recovery, however, is coming slowly to com-        The sweetest spot is close to home
                                                      munity banks. They are being squeezed. Low demand          This year just like in years past community banks need
                                                      for loans translates into less revenue while increased     to operate in their sweet spot. They can compete most
                                                      compliance costs mean higher expenses.                     successfully in their local markets where their service
                                                                                                                 and knowledge give them an edge. Bankers should be
                                                      In a recent Plante Moran survey, 48 percent of financial
                                      Brian Pollice                                                              ready to help the business leaders in their communities
                                                      institutions anticipated their regulatory compliance
                                                                                                                 build on their optimism.
  kristine.hoefler@plantemoran.com

                                                      costs would increase 25 to 50 percent this year added
                                                      to a 25 to 50 percent increase over the past several       Data collected by the National Center for the Middle
                                                      years.                                                     Market (NCMM) in mid-December 2012 and comments
                                                                                                                 from business leaders who reviewed the findings before
                                                      Bankers are faced with many challenges going into
                                                                                                                 they were printed in mid-January were moderately
                                                      2013. They must successfully deal with constantly
                                                                                                                 optimistic about 2013. “It appears we are slowly recov-
                                                      changing margins, manage risk, and balance the appeal
                                                                                                                 ering from the Great Recession,” a distributor, with 40
                                                      of online services with information security concerns.
                                                                                                                 employees and $10 million in annual sales, described.
                                      Kris Hoefler    Like all businesses, they also have to develop a compre-
                                                      hensive response to the healthcare reform play-or-pay      Responses regarding investment decisions, which often
brady.nitchman@plantemoran.com

                                                      mandate that goes into effect Jan. 1, 2014.                indicate how companies feel about the future, show
                                                                                                                 that 41 percent of executives continue to keep their
                                                      The debate among many is whether to drop or keep
                                                                                                                 money in cash or securities rather than use it for growth,
                                                      offering benefits. McKinsey and Company researchers,
                                                                                                                 expansion, or acquisitions. However some are spend-
                                                      however, insist there are other options and indicate
                                                                                                                 ing. “We’re trying to invest in advanced equipment to
                                                      that after employers better understand the economic
                                                                                                                 increase our capacity and reduce our manual workforce
                                                      and social incentives embedded in the law they may
                                                                                                                 to help offset the increasing costs of healthcare and
                                                      dramatically restructure their benefits.
                                     Brady Nitchman                                                                                                     Continued on pg. 2

                                     Inside This Issue
                                      Troubled debt restructurings:                                    The irs delays the effective date of new tangible
                                         A quick update — PG. 3                                           property regulations — pg. 8
                                      Proposed changes to allowance for                                First-time abatement penalty relief — Pg. 8
                                         loan losses – Comments due April 30, 2013 —
                                                                                                       Lessons learned from hurricane sandy — PG. 9
                                         PG. 5
                                                                                                       What’s with these recent password hacks? —
                                      How much risk are you taking? — PG. 7
                                                                                                         pg. 10
OUTLOOK: Fears of a double dip recession are quietly receding
{Community Bank Advisor}

    OUTLOOK: Fears of a double dip
    recession are quietly receding
    Continued from front cover

        pensions,” explained a $100 million         Revenue growth                               from 1.9 percent in 2012 to 3.5 percent
        manufacturer with 625 employees.            In 2012, middle-market companies             this year, and the wholesale industry
                                                    posted average gross revenue growth          anticipates doubling its job growth
        Number one challenge:                                                                    over last year, up from 0.7 percent to
                                                    of 7 percent and predict a 5.2 percent
        Healthcare costs                            increase in 2013. According to NCMM          1.2 percent.
        In every industry, the cost of healthcare   Academic Director Anil Makhija middle-
        is the top challenge. More than 90 per-                                                  Confidence is low, but
                                                    market business leaders are often
        cent of the respondents to the NCMM         cautious in their forecasts.
                                                                                                 improving
        fourth quarter survey found healthcare                                                   According to NCMM polling, confi-
        costs to be somewhat or highly chal-        Jobs growth                                  dence among middle-market leaders
        lenging. That has remained unchanged        The middle market added 1.17 million         remains depressed, but they are slowly
        through most of the year and is a           jobs in 2012 for a 2.7 percent gain,         becoming more optimistic. Of the firms
        constant across size and industry.          compared to a 2.1 percent gain for           surveyed roughly half are at least some-
                                                    large U.S. firms. Small businesses were      what confident in the U.S. economy
        As employers begin planning for the
                                                    at the low end of the scale with only        with the largest companies showing the
        play-or-pay mandates that will go into
                                                    1.2 percent job growth according             biggest increase.
        effect in 2014, 47 percent will be recon-
        sidering staffing. Thirty percent said      to ADP data. The middle market               The economists at the NCMM say
        they would freeze hiring and 17 percent     anticipates a slight drop in job creation,   the fourth quarter results suggest “a
        said they would be laying off workers.      down from 2.7 percent in 2012 to             notable change in trends that point to
                                                    2.3 percent in 2013.                         increasing expansion in the broader
        Growth profit pressures                     Looking more closely at job creation         economy after a year of mostly tepid
        continue                                    last year, the service industry topped       GDP growth.” And they conclude: “Talk
        Besides healthcare costs, executives in     the list with 5.5 percent growth in          and fears of a double dip recession are
        the NCMM report are concerned about         jobs according to fourth quarter             quietly receding.”
        their ability to continue revenue growth    figures. Health care was second with         We thank the National Center for the
        and indicate that margins are under         3.4 percent growth, retail was third with    Middle Market (NCMM) at The Ohio
        pressure moving into 2013. Commodity        2.8 percent. The wholesale industry          State University for sharing its data with
        prices rose significantly last year, and    was at the bottom with only 0.7 percent      us. The NCMM surveys 1,000 c-suite
        they might impact the cost of doing         growth, followed by manufacturing with       executives of middle-market companies
        business and the ability of middle-         1.7 percent.                                 in a range of industries each quarter.
        market companies to maintain margins.                                                    The middle market is defined as com-
                                                    Looking ahead in 2013, the service
        Unlike large firms, middle market firms                                                  panies with annual revenue between
                                                    industry will continue to outpace the
        don’t have the leverage to control price                                                 $10 million and $1 billion.
                                                    other industries, but anticipates job
        swings. One way to grow revenues is to
                                                    growth will decline 1.5 percent to
        go abroad, but middle-market compa-
                                                    4 percent. Construction jobs will grow
        nies view this as risky.

2
OUTLOOK: Fears of a double dip recession are quietly receding
Plante moran | Winter 2013

 Troubled Debt Restructurings:
 A Quick Update
                                                   At the risk of further wearing out an already    and lender concessions, the two elements that need to be pres-
steve.schick@plantemoran.com

                                                   well-worn topic, it seems worth a few            ent in order for a loan modification to be considered a TDR. As
                                                   moments to review what was new in the            such, most institutions have found that the TDR policies they
                                                   world of Troubled Debt Restructurings (TDRs)     previously had in place are still relevant and accurate (albeit, in
                                                   during 2012 and provide some thoughts on         need of some clarification and expansion, in many cases). The
                                                   how best to interpret and implement the new      most significant changes brought about by the new guidance
                                                   FASB and regulatory guidance. For some           have been within the detailed documentation that institutions
                                                   time now, the industry has been working to       use to support the TDR decision and to calculate required
                                Steve Schick       interpret and implement Accounting Stan-         specific reserves and charge-offs, particularly when interest
                                                   dards Update (ASU) 2011-02 — A Creditor’s        rate concessions have been made. True, the new guidance has
scott.misch@plantemoran.com

                                                   Determination of Whether a Restructuring is      made it more difficult for a troubled loan modification to avoid
                                                   a Troubled Debt Restructuring. SEC regis-        the TDR designation; and some old standbys that were previ-
                                                   trants were required to implement the new        ously called upon to refute the TDR presumption, such as the
                                                   guidance during the second quarter of 2011,      debtor’s effective interest rate test, are now prohibited. Yet, in
                                                   and non-public institutions were required to     working through TDR issues with our clients over the past 12–18
                                                   adopt it for fiscal years ending after Decem-    months, it seems the most significant new burdens on institu-
                                                   ber 15, 2012 (essentially, for December 31,      tions are the nature and level of documentation required by the
                                                   2012, financial reporting for calendar-year      guidance and in practice by regulators and auditors.
                                SCOTT MISCH
                                                   institutions). Along with the new accounting
                                                                                                    A review of ASU 2011-02 will quickly prove that some of the
                                                   guidance from the FASB, the Office of the
                                                                                                    subjectivity has been taken out of the TDR identification pro-
                               Comptroller of the Currency (OCC) issued contemporaneous
                                                                                                    cess. Circumstances that are now considered strong indicators
                               regulatory guidance in April 2012. It is safe to assume that other
                                                                                                    of borrower financial difficulty and the types of lender actions
                               regulators will likely apply TDR guidance that is very similar to
                                                                                                    that qualify as concessions (as well as insignificant actions that
                               that put forth by the OCC.
                                                                                                    do not qualify as concessions) are more clearly defined. Despite
                               One of the most important facts to keep in mind is that neither      this, the identification of TDRs and the overall accounting
                               the new accounting nor regulatory guidance amended the               treatment for modified loans is still a highly subjective exercise.
                               definition of what constitutes a TDR. Instead, the new guidance      Whether determining if a payment delay is “insignificant,”
                               attempts to clarify what constitutes borrower financial difficulty   attempting to decide if a revised interest rate is akin to a

                                                                                                                                                  Continued on pg. 4

                                                                                                                                                                          3
OUTLOOK: Fears of a double dip recession are quietly receding
{Community Bank Advisor}

    Troubled Debt Restructurings:
    A Quick Update
    Continued from pg. 3

        “market rate,” or if a loan structure is comparable to that        In conclusion, it’s worth mentioning that a complex process
        which would be offered by another institution, the path is         like TDR identification and measurement can always benefit
        indeed perilous. The nature of lending and loan structuring,       from a “second look,” particularly if that look comes from an
        particularly to small businesses and real estate ventures,         independent source. We’ve heard some clients and friends in
        makes the challenge even greater, as each deal has its own         the industry bemoan the fact that despite their best and most
        nuances that make it difficult to compare it to another deal —     meticulous efforts related to TDRs, they still feel that they’ll
        if only it were that easy.                                         be (or have been) second guessed and have their conclu-
                                                                           sions unreasonably challenged by regulators and auditors.
        The solution, or at least the most successful solution seen
                                                                           Unfortunately, there’s no magic bullet to completely defend
        to date, has been to significantly enhance the nature and
                                                                           against that reality. However, some additional credibility has
        volume of documentation supporting the TDR determina-
                                                                           been gained by institutions that call upon internal auditors
        tion. Logically, when dealing with a highly subjective matter,
                                                                           (whether outsourced or in-house) to execute a targeted audit
        the more one can explain and support their decision with
                                                                           of TDR processes, documentation, and conclusions. In cases
        empirical data and tie it to the applicable guidance and rules,
                                                                           where this additional level of review and internal challenge
        the more likely one’s argument and position are to stand in
                                                                           has been performed, external auditors have been able to
        the face of challenge. Those institutions whose TDR identi-
                                                                           rely, to varying degrees, on the internal audit work product
        fication processes and documentation have passed muster
                                                                           and regulators have considered the results of the review and
        with the regulators and auditors tend to have the following in
                                                                           modified their approach accordingly. To date, a review of this
        common:
                                                                           nature seems to be the best insurance policy an institution
           1.	Clear TDR identification and measurement policies            can buy regarding TDRs.
              and procedures have been established and are clearly
              followed. Don’t forget the importance of the mechani-
              cal procedures; deciding who will analyze the data,
              prepare the documentation, and review and approve
              the final decisions is critical.
           2. Proper personnel have been included in the process.
              For better or worse, the TDR identification and mea-
              surement process is a multidisciplinary activity. Lenders
              and accountants must work together so that the facts
              are presented completely and accurately and those
              facts are properly interpreted in light of the applicable
              guidance. Processes that reside exclusively in the lend-
              ing or accounting areas will almost certainly fall short.
           3. Quality tools are available to aid those involved in
              the process. Whether using a detailed TDR checklist
              to document if a modification qualifies as a TDR or
              relying on an accurate discounted cash flow calculation
              template, implementing and consistently using stan-
              dard tools is imperative. There are myriad quality tools
              publicly available, and your Plante Moran advisors are
              always happy to provide a template if you need one or
              would like to consider alternatives. Please don’t hesitate
              to ask.
           4.	Senior management must dedicate the necessary
              resources to make sure the process is completed
              properly and timely. As previously mentioned, working
              with TDRs is a time-consuming and highly subjective
              process. The tone at the top of the institution must
              be supportive of personnel doing the detail work and
              provide them with the time and materials necessary to
              do the job right.

4
OUTLOOK: Fears of a double dip recession are quietly receding
Plante moran | Winter 2013

    Proposed Changes to Allowance for
    Loan LossES – Comments due April 30, 2013
                                                  After the worst recession since the Great     The proposed standard has gone through multiple transfor-
marc.doerr@plantemoran.com

                                                  Depression, financial institutions have       mations, including potential convergence with IASB after its
                                                  had to reassess the adequacy of their         initial exposure document in November 2009. For its part, the
                                                  allowance for loan and lease losses           IASB had proposed a three-bucket approach to accounting
                                                  (ALLL). This reevaluation has included        for the expected losses. The IASB approach includes Bucket 1
                                                  questions, such as: (1) Should I shorten or   whereby an entity would recognize expected losses for which a
                                                  extend the historical loss period? (2) Are    loss event is expected in the next 12 months. Bucket 2 includes
                                                  my qualitative factors enough to adjust       assets that have been affected by the occurrence of observ-
                                 Marc Doerr       the historical loss factor? (3) And, most     able events that indicate a direct relationship to possible future
                                                  importantly, is the allowance sufficient      defaults within the lifetime of the credit. Bucket 3 consists of
scott.phillips@plantemoran.com

                                                  to cover the losses included in my loan       loans where information is available that specifically identifies
                                                  portfolio? The International Accounting       that credit losses are expected to, or have, occurred on
                                                  Standards Board (IASB) and the Financial      individual credits within the credit’s lifetime. A transfer from
                                                  Accounting Standards Board (FASB) have        Bucket 1 to Bucket 2 would occur when the deterioration in
                                                  been developing a new ALLL methodol-          credit quality has been more than insignificant and at least
                                                  ogy to include estimates of future losses     some or all of the contractual cash flows may not be collected.
                                                  in addition to the losses inherent in the     The FASB, as part of its movement toward convergence with
                                                  loan portfolio.                               international standards, was considering the IASB model. How-
                                 Scott PhiLlips                                                 ever, due in part to concerns over transfers between buckets,
                             On December 20, 2012, FASB issued
                                                                                                the FASB broke away from convergence with the IASB.
    Proposed Accounting Standards Update No. 2012-260,
    Financial Instruments – Credit Losses (Subtopic 825-15). The                                The CECL model was introduced in August 2012 and, now
    proposed standard introduces a Current Expected Credit Loss                                 with this recent exposure draft, may replace the five existing
    (CECL) model. The CECL model requires an entity to impair                                   impairment models (FAS 5, FAS 114, SOP 03-3, FAS 115, EITF
    its existing financial assets on the basis of the current estimate                          99-20) for debt instruments in current U.S. GAAP, with a single
    of contractual cash flows not expected to be collected. The                                 expected credit loss measurement objective for the allowance
    significant difference from current GAAP would be to eliminate                              for credit loss. The CECL model focuses on “expected credit
    the “probable” initial recognition threshold and replace it with                            loss and the current recognition of the effects of credit dete-
    the current estimate of expected credit loss. It is believed the                            rioration on collectability expectations.” This estimate should
    CECL model will likely result in increased reserves as compared                             reflect the future contractual cash flows that the entity does not
    to current accounting.                                                                      expect to collect using current probabilities of default, current
                                                                                                                                             Continued on pg. 6

                                                                                                                                                                     5
{Community Bank Advisor}

    Proposed Changes to Allowance for
    Loan Losses – Comments due April 30, 2013
    Continued from pg. 5

        historical loss rates, changes in credit risk (risk rates, credit   between fair value and amortized cost for debt instruments
        scores), and other changes in reasonable and supportable            classified at fair value with qualifying changes in fair value
        forecasts.                                                          recognized in other comprehensive income, (5) past-due
                                                                            status, (6) nonaccrual status, (7) purchased credit-impaired
        In theory, as the level of risk inherent in loans increases, the
                                                                            financial assets, and (8) collateralized financial assets. The
        expected loss would increase and require a commensurate
                                                                            FASB has proposed the transition be a cumulative-effect
        level of allowance. In order to fully substantiate the estimate
                                                                            approach, where the cumulative-effect adjustment would be
        of expected credit losses, all assumptions will have to be
                                                                            recorded in the beginning of the first reporting period for
        based on supportable information that is relevant in making
                                                                            which the guidance is effective, with appropriate transition
        the forward-looking estimates.
                                                                            disclosures detailing the transition.
        Disclosures and transition guidance included in the new
                                                                            The exposure draft has a comment period that ends April
        exposure draft for the CECL model include: (1) credit-quality
                                                                            30, 2013. All interested parties are encouraged to read the
        information, (2) allowance for expected credit losses,
                                                                            exposure draft and provide a comment letter to the FASB
        (3) roll forward for certain debt instruments, (4) reconciliation
                                                                            for consideration.

6
Plante moran | Winter 2013

    How Much Risk Are You Taking?
    The Case for Developing Enterprise Risk
    Management at Community Banks…NOW
                                                     How would you answer the question,                TASK 2: Map Your Inventory
robert.bondy@plantemoran.com

                                                     “How much risk are you taking?” In years          Each one of the areas, risks, policies, and monitoring activi-
                                                     past, the common response was, “Only              ties should correlate to one of the CAMELS components. If
                                                     enough to generate an adequate return.”           it doesn’t, create a group of “other strategic initiatives” to
                                                     Most responses came “from the gut”                include, such as compliance, information technology, etc.
                                                     versus any formal analysis. After all,            Now, organize them:
                                                     most financial institutions correlate risk
                                                     with asset underwriting or asset-liability          1. Rate each area from 1–10 (or however many you have)
                                   Rob bondy         management practices and, perhaps,                     on importance.
                                                     believe enterprise risk management (ERM)            2.	Limit the focus to the top three areas from each of the
michael.stearns@plantemoran.com

                                                     to be a “big bank” task.                               CAMELS components (we’ll provide some leniency
                                                   To help guide the focus of directors and                 here).
                                                   senior managers, some institutions have             As a result, you’ve identified up to 20 of the riskiest areas.
                                                   attempted to tackle an ERM system,                  The important policies are inventoried, and a monitoring plan
                                                   only to find the devil is in the details. It’s      is in place. A great starting point! Now, it’s time to take it to
                                                   important to view ERM as an opportunity to          the next level.
                                                   embrace each component of the organiza-
                                   mike stearns    tion and apply a consistent methodology             TASK 3: Begin to Manage the Model and
                                                   and reporting structure. To start down the          Plan for the Next Level
                                  road of an ERM system, formulate a roadmap to get some
                                                                                                       The next level of managing the ERM model will integrate
                                  momentum.
                                                                                                       financial results, budgeting, internal/external risk indicators,
                                  Task 1: Take Inventory                                               determining base cases, and stress tests. Definitions, toler-
                                                                                                       ances, and activities will be further defined. Ultimately, the
                                  The following steps are critical in developing an ERM model
                                                                                                       ERM system becomes a tool that’s consulted when strategic
                                  and will put the scope of an ERM system in perspective:
                                                                                                       initiatives are contemplated. That’s a lot to cover in one
                                    1.	Identify areas most important to providing a return to          article, but until a framework is formulated, ERM is really
                                       stakeholders.                                                   a non-starter.
                                    2.	For each of the identified areas, identify the most             Your financial institution likely has a strong front-line risk man-
                                       significant risks to providing that return.                     agement system; however, the concept of ERM requires us to
                                                                                                       consider a broader risk appetite and risk profile when making
                                    3.	Now, align existing policies with each risk.
                                                                                                       strategic decisions. Details can be overwhelming and might
                                    4. Determine what you already do to monitor                        be a deterrent to establishing an ERM program. We’ve found
                                       those policies.                                                 integrating a simple program to monitor the key risk indica-
                                                                                                       tors can be highly effective in overcoming the challenge.
                                  After completing the above activity, it’s likely that there are up
                                  to a dozen areas considered important with five to 10
                                  corresponding risks from each to monitor and track. You
                                  likely have a book full of policies and have a lot of money
                                  devoted to monitoring and testing against these policies.
                                  Your list probably has more than 100 items on it. Now what?

                                  Develop a System (Or Take One From
                                  an Existing Concept)
                                  An ERM system should have a consistent reporting struc-
                                  ture and definitions to measure against. Thankfully, in the
                                  financial institution industry, we’ve been trained well, and
                                  regulators have already formulated a concept to measure us
                                  against. Approaching risk management along the lines of
                                  the CAMELS components has been proven to be the most
                                  efficient way to consistently define and measure risk.

                                                                                                                                                                             7
{Community Bank Advisor}

        The IRS delays the effective date of
        new tangible property regulations
                                                          The IRS has deferred the effective date of new tan-
    mariann.krieger@plantemoran.com

                                                          gible property regulations from tax years beginning
                                                          on or after January 1, 2012, to tax years beginning on
                                                          or after January 1, 2014. The new regulations were
                                                          issued in December 2011 to guide taxpayers on how
                                                                                                                        First-time
                                                          to account for amounts paid to acquire, produce, or           abatement
                                                          improve tangible property. Below is a summary of the

                                       MAriann Krieger
                                                          new guidance.                                                 penalty relief
                                                          The new guidance (as published in Notice 2012-73)
                                                          delays the mandatory effective date of the tangible
    brian.howe@plantemoran.com

                                                          property regulations to tax years beginning on or           According to the IRS, the purpose of
                                                          after January 1, 2014. The guidance also notifies           penalties is to deter noncompliance, not
                                                          taxpayers that final regulations will likely be issued in   to raise revenue. Certain penalties can be
                                                          2013, which will apply to taxable years beginning on        waived or abated if the taxpayer has a past
                                                          or after January 1, 2014. For taxable years beginning       history of compliant behavior. In effect,
                                                          on or after January 1, 2012, taxpayers may apply the        the IRS rewards taxpayers with a history
                                                          provisions of either the already existing temporary         of compliant behavior with a one-time
                                         Brian Howe       regulations or the anticipated final regulations.           penalty amnesty.

                                                           Recognizing that taxpayers are expending resources           •   For individuals, First-Time Abate-
                                        to comply with the temporary regulations, the IRS also indicated that               ment (FTA) applies to the failure-
                                        certain sections of the temporary regulations may be revised and in                 to-file and failure-to-pay penalties.
                                        certain cases simplified when the regulations are issued in final form.             Estate and gift tax returns do not
                                        The areas below were specifically noted by the IRS.                                 qualify for FTA waivers.

                                          •   De Minimis Rule – Under the current regulations, taxpayers with           •   For businesses and payroll returns,
                                              an applicable financial statement, such as a certified audited                FTA applies to the failure-to-file,
                                              statement, may claim a current deduction for the cost of acquiring            failure-to-pay, and/or the failure-to-
                                              items, including materials and supplies. The amount that may                  deposit penalties. S corporation and
                                              be expensed annually under a taxpayer’s policy is subject to a                partnership late-filing penalties also
                                              limitation based on the greater of 0.1 percent of gross receipts or           qualify under FTA.
                                              2 percent of book depreciation and amortization.                        FTA applies only to certain penalties and
                                          •   Rules Related to Asset Disposition – The new regulations per-           certain returns filed. The taxpayer must
                                              mit taxpayers to claim a loss deduction for the retirement of a         also satisfy the clean compliance criteria
                                              structural component. The regulations allow a taxpayer to use a         rules:
                                              reasonable method in determining the basis of an asset for the            •   Clean three-year penalty history.
                                              purpose of determining the deduction.                                         The taxpayer cannot have penalties
                                          •   Safe Harbor for Routine Maintenance – A taxpayer may deduct an                of a “significant” amount assessed
                                              amount paid to keep a property in its ordinary operating condition            in the prior three years on the same
                                              if the taxpayer reasonably expects to perform the activities more             type of tax return.
                                              than once during its life when it is placed in service.                   •   Required returns filed. The taxpayer
                                        Taxpayers who choose to apply the temporary regulations to the 2012                 must have filed all tax returns for the
                                        tax year may continue to obtain automatic consent to change their                   past three years, as required.
                                        methods of accounting under previous guidance.                                FTA does not apply to the estimated
                                        In light of these and other potential planning and implementation             tax and accuracy-related penalties. The
                                        issues, taxpayers have the opportunity to early adopt either the entire       assertion of an accuracy-related penalty is
                                        regulations or select provisions depending on each taxpayer’s unique          based on the facts and circumstances of
                                        tax situation. Regardless of whether taxpayers decide to early adopt or       each taxpayer and each tax year.
                                        wait until 2014, they should begin to analyze how they will be affected
                                        and start to develop the necessary systems to track the information
                                        needed for the eventual implementation of the final regulations.

8
Plante moran | Winter 2013

    Lessons Learned From Hurricane Sandy
                                                   On October 30, 2012, Hurricane Sandy               Although disasters are hardly created equal, there are common
colin.taggart @plantemoran.com

                                                   launched a 13-day devastating drive across         issues from which the entire country can learn. For example,
                                                   the East Coast, disrupting families and busi-      any large natural disaster could potentially affect the commu-
                                                   nesses caught in her path. The destruction         nication infrastructure in the area. Whether cell phone towers
                                                   included damages in excess of $70 billion, a       are toppled or power is simply knocked out, you may not be
                                                   crippled mass transit system, gas shortages,       able to rely on cell phones to connect with your staff. (With
                                                   and more than 8 million customers without          approximately 32 percent of adults living in households with
                                                   power. According to an article posted on the       only wireless telephones, you may have no alternate landline to
                                 Colin Taggart     Centers for Disease Control Prevention web-        use.) In addition, staff may not be able to make it into the office.
                                                   site, “FEMA has estimated that nearly 72,000       Whether the office no longer exists, travel is unsafe, or staff
joe.oleksak@plantemoran.com

                                                   homes and businesses in New Jersey alone           prefer to manage the effects of the disaster at home, organiza-
                                                   were damaged. An analysis of aerial imagery        tions need to consider how they’ll recover without full, onsite
                                                   by the agency showed more than 500 build-          recovery teams.
                                                   ings were destroyed outright or reduced to
                                                                                                      It’s also important to note, however, that each disaster has
                                                   debris, another 5,000 suffered major damages
                                                                                                      unique features. For example, the advance warning time for a
                                                   from flooding or high winds, about 24,000
                                                                                                      hurricane differs from that of a tornado. Therefore, no overall
                                                   had minor damage, and tens of thousands of
                                                                                                      plan can cover all possibilities. While an organization may cover
                                                   others were affected by floodwaters.”
                                 Joe Oleksak                                                          the backup data restoration process in an overall plan, there
                                                   Hurricane Sandy was only one of many events        should also be unique staff evacuation procedures documented
                                                   that impacted businesses directly or indirectly    for each disaster possibility. It’s important that companies
                                 during 2012, which taught businesses two things: (1) all disasters   complete a risk assessment to identify the most likely incidents
                                 are not created equal, and (2) it’s critical to be prepared. Inte-   and their specific impacts (such as water damage, staff safety,
                                 gral to preparation is developing a disaster recovery plan (DRP).    and power redundancy).

                                 ALL DISASTERS ARE NOT CREATED EQUAL                                  DO YOU HAVE A DISASTER RECOVERY PLAN?
                                 Although there are a variety of natural disaster possibilities,      Ideally your DRP will never need to be used, but that doesn’t
                                 most organizations only concern themselves with those that           mean it’s not important to have one. In the event of a disas-
                                 have affected nearby areas in the past. Your organization will       ter, your team’s expertise with day-to-day procedures will be
                                 need to tailor its disaster recovery planning efforts to align       helpful; however, with unavailable staff and resources, you’ll
                                 with the most probable disasters. This is not to say organiza-       need to modify existing procedures to accommodate a disaster
                                 tions outside Tornado Alley should ignore the possibility of a       scenario. Being able to rely on a useful DRP in this situation
                                 tornado; however, based on a probability assessment, planning        is a critical timesaver, eliminating the need to invent new
                                 for a volcano in the Midwest may not be necessary. Further-          procedures mid-disaster. Training key team members on their
                                 more, while your organization may not operate in Tornado             responsibilities and workaround procedures under the plan will
                                 Alley, violent storms resulting in property damage, flooding and     greatly help to reduce confusion and wasted time.
                                 power outages can happen anywhere.
                                                                                                      A major misconception included in typical DRPs pertains to
                                                                                                                                                      Continued on pg. 10

                                                                                                                                                                             9
{Community Bank Advisor}

          Lessons learned from hurricane sandy
            Continued from pg. 9

                                            the number of key staff who will be available to assist in the       ARE YOU PREPARED?
                                            recovery process. Results of a survey completed after a              The first steps toward developing a DRP are the most impor-
                                            1994 Los Angeles area earthquake confirmed that the most             tant and most difficult, as they’ll shape the entire recovery
                                            common reason for a business interruption was staff attend-          program for your organization. Our business continuity
                                            ing to personal matters. Even if the disaster doesn’t destroy        planning team has assisted clients in a variety of industries
                                            the office or roads, the disaster could lead to multiple staff       in navigating this important process. We start by meeting
                                            having family crises to attend to. If the technology is func-        with key team members to identify the organization’s unique
                                            tioning, this can be slightly alleviated by allowing staff to work   environment and explain the DRP process. To develop a
                                            remotely from home. For those who do come into work, the             comprehensive plan, our IT specialists will consult with all
                                            organization will also need to be sensitive to the personal          departments in your organization to determine which data
                                            effects of the disaster, such as setting up a temporary office       and applications are most critical and need to be recovered
                                            daycare if there are related school closings and power out-          most quickly after a disaster. These discussions will all be
                                            ages. As staff will be the toughest “resource” to replace            focused on the organization’s “pain threshold” for system
                                            during a disaster, it’s also critical that DRP efforts include       downtime related to lost income, industry image, customer
                                            cross-training initiatives from front-line staff to executive        confidence, and other key impacts.
                                            members of the organization.
                                                                                                                 Once the critical system recovery goals have been identi-
                                            Another mistake to avoid in the recovery planning process is         fied, we’ll work with your IT department to identify the key
                                            ignoring the importance of regularly testing recovery capa-          resources required to meet these goals. At the end of our
                                            bilities. Generators, redundant communication lines, and             engagement, your team will have a plan in place to recover
                                            backup drives all need to be tested to confirm you can rely          key resources following a disaster and re-establish business
                                            on them when necessary. Relying on an untested secondary             operations at an acceptable level and time frame to ensure
                                            critical vendor connection is an improvement over having no          the well-being of your organization. We’ll also assist with
                                            redundancy at all; however, it could lead to a similar recovery      long-term goals to ensure the continuity plan evolves with
                                            delay if the organization waits until a disaster to realize there    your organization by being periodically revisited, updated,
                                            needs to be additional changes to firewall settings for the          and tested.
                                            connection to function. Additionally, the organization should
                                            continue to complete tests as the organization grows and
                                            changes to ensure implemented controls can still support the
                                            organization.

            What’s With These Recent Password Hacks?
                                                               In June 2012, a large dump of around 6.5          that the vulnerability that led to their compromise has been
     tom.ervin@plantemoran.com

                                                               million LinkedIn password hashes were             discovered and closed.
                                                               posted on an online forum by a hacker
                                                                                                                 Formspring and Yahoo, on the other hand, confirmed their
                                                               requesting help in reversing the hashes into
                                                                                                                 password breaches and applied fixes within 24 hours. Form-
                                                               valid passwords. This was followed, appar-
                                                                                                                 spring went further and provided details on how the breach
                                                               ently by the same hacker, by passwords
                                                                                                                 was fixed.
                                                               from the dating website eHarmony. Then,
                                                               in July, Formspring and Yahoo passwords           Blogs, news agencies, and Internet resources everywhere
                                              Tom Ervin        were compromised. Is this a wake-up               responded by reporting these events and dispensing text-
                                                               call for businesses to get serious about          book advice about how to respond to a password compro-
     jennifer.whiteside@plantemoran.com

                                                               password security?                                mise. Unfortunately, in their rush to publish these stories,
                                                                                                                 they missed some important details. In the case of LinkedIn,
                                                               After LinkedIn acknowledged the com-
                                                                                                                 only the password hashes were posted online. They weren’t
                                                               promise, they still haven’t confirmed if
                                                                                                                 posted alongside the corresponding email addresses. This
                                                               there was, in fact, a compromise or if it
                                                                                                                 means that even though a large list of encoded passwords
                                                               was simply a false alarm. Even after finally
                                                                                                                 was posted publicly, the information required to log in
                                                               acknowledging the compromise, they
                                                                                                                 under those accounts is only available to the hacker(s) that
                                                               still haven’t confirmed that they’ve deter-
                                                                                                                 posted the encoded passwords. Since these passwords
                                          Jennifer whiteside   mined when and how hackers accessed
                                                                                                                 were encrypted using the SHA-1 algorithm, they couldn’t
                                                               the account information of their users.
                                                                                                                 be read without using time-consuming, password-cracking
                                                               More importantly, they haven’t announced
                                                                                                                                                         Continued on pg. 11
10
Plante moran | Winter 2013

                            techniques. By now, hundreds of thousands of the passwords            These breaches will continue to occur, so where does that
                            have been reversed by security researchers to help gain statis-       leave the end user? Vulnerable … but that vulnerability can be
                            tics about password complexity and use.                               decreased by following these three tips:
                            Most companies immediately sent internal emails to employees            •   Use tiered passwords.  Don’t use the same password
                            to change their LinkedIn or Yahoo passwords, which missed the               for all sites. The key to your office door shouldn’t open
                            real intent of the hack. Hackers never wanted the LinkedIn pass-            the front door of your house or safe, so why should one
                            words, as access to those accounts simply isn’t very valuable. So           password access different sites/systems? Just like you
                            what were they after? Email addresses and account passwords.                have different keys for different doors, you need to use
                            They hope you, like so many others, reuse the same password                 different passwords for different sites (especially financial
                            across many or all of the sites you use.                                    and email sites).
                            If you used the same password to log into LinkedIn as you do            •   Change your passwords more frequently. When was the
                            for your email account, stop reading, and change your email                 last time you changed your password for your online
                            password now. Access to your email provides a hacker with the               banking account or your Facebook account? Ideally, you
                            ability to view all the other sites you’ve signed up for using that         should change passwords to sensitive accounts at least
                            email address. This means they can locate accounts like your                every 30 days.
                            online banking sites, online shopping (particularly sites where
                                                                                                    •   Set strong passwords.  Setting long passwords that con-
                            you’ve stored your credit card information), and online payment
                                                                                                        tain letters, numbers, and characters for numerous web-
                            sites like Google Checkout or PayPal. Using the information
                                                                                                        sites can be difficult to memorize. So what can a user do?
                            they originally gained from accessing LinkedIn, they can then
                                                                                                        Use paraphrases. For example “MyBirthDate?June15,60.”
                            purchase goods and sell them for cash. Often, large compro-
                                                                                                        It’s long, it has all the letters, numbers, and characters,
                            mises of username/email and password combinations would
                                                                                                        and it’s easy to remember.
                            be sold off on hacker sites leaving cyber criminals with smaller
                            chunks of user data they could take advantage of in whatever          These best practices can be the difference between security
                            way they see fit.                                                     and vulnerability.
raj.patel@plantemoran.com

                                                Check Out More Technology Features at
                                                Banks.plantemoran.com
                                               From the 2012 Community Bank Technol-              Cyber Attacks: Is Your Bank at High Risk?
                                               ogy Survey to whitepapers helping banks            Large financial institutions continue to make the front page
                                               guard against cyber attacks, leveraging            in the ongoing onslaught of cyber attacks. However, small
                              Raj Patel
                                               smart phones as the wallets of the future,         and medium-sized banks may be just as vulnerable, if not
                                and going green, we have a number of great resources on           more so.
                                our website. Here’s a quick overview.
                                                                                                  On September 19, the Financial Services Information Shar-
                                ICBA Community Bank Technology                                    ing and Analysis Center (FS-ISAC) issued an alert notifying
                                Survey Results                                                    U.S. financial institutions that they’re now at high risk of
                                For more than a decade, the Independent Community                 cyber attacks. What does this mean? Learn more at
                                Bankers of America (ICBA) and Plante Moran have con-              banks.plantemoran.com.
                                ducted the Community Bank Technology Survey. The survey
                                                                                                  Smart Phones: The Wallet of the Future
                                is designed to track community bank trends and strategies
                                in technology. A total of 530 community banks responded.          Smart phones offer us a means of convenience. We can
                                Key findings include:                                             share our lives, experiences, and adventures through social
                                                                                                  media apps or travel to places near and far guided by GPS
                                  •   Community banks are embracing mobile technology.            navigation. In addition, several technologies are emerging
                                  •   Mobile apps have core functionality comparable to           that will allow us to use the chips in our phones to make
                                      online banking.                                             purchases, making that smartphone all the more invaluable.
                                                                                                  Technologies like Google Wallet, ISIS Mobile Commerce
                                  •   Regulatory compliance is community banks’ top               Network, and Venmo are here—and they’re changing the
                                      technology concern, followed by data security and           way we look at our phones. Learn more at
                                      systems availability.                                       banks.plantemoran.com.
                                Learn more at banks.plantemoran.com.

                                                                                                                                                                        11
{Community Bank Advisor}
               National Tax Office

Illinois Locations                                                           Ohio Locations                       China
Chicago–W. Washington                  Flint                                 Cincinnati                           Shanghai
312.899.4460                           810.767.5350                          513.595.8800                         86.21.52131026
FAX 312.726.3262                       FAX 810.767.8150                      FAX 513.595.8806                     FAX 86.21.52131025
Chicago–Riverside Plaza                Grand Rapids                          Cleveland
312.207.1040                                                                                                      Mexico
                                       616.774.8221                          216.523.1010
FAX 312.207.1066                       FAX 616.774.0702                                                           Monterrey
                                                                             FAX 216.523.1025
                                                                                                                  52.81.1477.5151
Northwest Chicago                      Kalamazoo                                                                  FAX 248.233.9040
847.697.6161                                                                 Columbus
                                       269.567.4500
FAX 847.697.6176                                                             614.849.3000
                                       FAX 269.567.4501                                                           India
                                                                             FAX 614.221.3535
                                       Macomb                                                                     Mumbai
Michigan Locations                                                           Toledo                               91.22.3953.7241
                                       586.416.4900
Ann Arbor                              FAX 586.416.4901                      419.843.6000                         FAX 91.22.3953.7200
734.665.9494                                                                 FAX 419.843.6099
                                       St. Joseph

                                                                                                         { }
FAX 734.665.0664
                                       269.982.8000
Auburn Hills                           FAX 269.982.2800
248.375.7100                                                                                                       Client Feedback Is
FAX 248.375.7101                       Southfield                                                                  Important to Us!
                                       248.352.2500
Detroit                                FAX 248.352.0018                                                               Access our client
313.876.1630                                                                                                        satisfaction survey at
East Lansing                           Traverse City                                                                  clientsatisfaction.
517.332.6200                           231.947.7800                                                                 plantemoran.com to
FAX 517.332.8502                       FAX 231.947.0348                                                               share your input.

This publication is distributed with the understanding that Plante & Moran, PLLC is not rendering legal, accounting, or other professional
advice or opinions on specific facts or matters and, accordingly, assumes no liability whatsoever in connection with its use. Please send
change of address or additions/corrections to the mailing list to theresa.zimmerman@plantemoran.com.
You can also read