Skip to Main Content

insightsarticles

A victory for Maine nonprofits: Blanket exemption from sales and use tax

06.10.24

Read this if you are a nonprofit organization or NFP healthcare organization operating in the state of Maine.

On April 22nd, Maine Governor Janet Mills signed a bill that includes a blanket sales and use tax exemption for all 501(c)(3) organizations. This exemption, effective January 1, 2025, will provide relief to nonprofits and bring clarity to Maine's sales and use tax laws. Prior to the blanket exemption, only specific exemptions were provided for different kinds of nonprofit organizations, such as hospitals, schools, churches, libraries, etc., and this has caused confusion for some Maine nonprofits who are unsure if they meet the requirements for these exemptions.

The blanket tax exemption was propelled by the lobbying efforts of the Maine Association of Nonprofits as well as hundreds of other organizations across the state. This new exemption brings Maine up to speed with all other states in New England that currently provide a blanket sales tax exemption to nonprofits. Maine Revenue Services estimates that over 5,000 organizations will be eligible for the new exemption.  

What to know about the sales and use tax exemption

This exemption will not be granted automatically. Organizations will still need to apply for an exemption certificate. Maine Revenue Services is currently developing the new application form, which will be made available through their website.

Part of this new tax law will include a safeguard to prevent any misuse of the exemption. All exempt purchases made by these charities must be used primarily toward supporting the organization’s mission or exempt purpose.

The exemption will be broadened to include all 501(c)(3) organizations, regardless of whether they are incorporated in Maine. Therefore, 501(c)(3) organizations from other states should be eligible to apply for an exemption certificate for purchases made in Maine, as long as these purchases are used to primarily support their mission.

IRS Determination Letter

Maine Revenue Services has hinted that the only additional documentation needed from the applicants will be a copy of their IRS Determination Letter. All organizations interested in applying for the new exemption should make sure they have a copy of their IRS Determination Letter on hand. If you cannot locate this letter, a copy can be obtained from the IRS through the filing of Form 4506-B.

What about sales made by a 501(c)(3) organization in the state of Maine?

The new law does not provide any sales tax exemptions to sales made by a nonprofit organization. If the nonprofit makes sales to the public on a regular basis, the items sold are still likely subject to sales tax. It is the responsibility of the organization to register with the state of Maine as a retailer and collect and remit sales tax on any items sold.

There are exceptions to collecting and remitting sales tax for the sale of items that are not regularly carried on. For example, if an organization is holding a fundraising event and has a booth set up where they are selling merchandise to attendees, this may qualify as casual or infrequent sales. In this case, the organization would not be required to collect and remit sales tax on the merchandise sold at the event.

Sales and use tax exemption: Conclusion

The blanket sales and use tax exemption for all 501(c)(3) organizations marks a significant and long-awaited victory for Maine nonprofits. Once developed, the new application should streamline the process of applying for the exemption and relieve any uncertainty around eligibility requirements to receive the exemption.

We will continue to monitor any new developments with the exemption and will provide an update once the application is made available. In the meantime, if you have any questions regarding sales and use tax for nonprofits, please contact a member of our NFP Tax Team.

Related Services

Related Professionals

Principals

BerryDunn experts and consultants

Benchmarking doesn’t need to be time and resource consuming. Read on for four simple steps you can take to improve efficiency and maximize resources.

Stop us if you’ve heard this one before (from your Board of Trustees or Finance Committee): “I wish there was a way we could benchmark ourselves against our competitors.”

Have you ever wrestled with how to benchmark? Or struggled to identify what the Board wants to measure? Organizations can fall short on implementing effective methods to benchmark accurately. The good news? With a planned approach, you can overcome traditional obstacles and create tools to increase efficiency, improve operations and reporting, and maintain and monitor a comfortable risk level. All of this can help create a competitive advantage — and it  isn’t as hard as you might think.

Even with a structured process, remember that benchmarking data has pitfalls, including:

  • Peer data can be difficult to find. Some industries are better than others at tracking this information. Some collect too much data that isn’t relevant, making it hard to find the data that is.
     
  • The data can be dated. By the time you close your books for the year and data is available, you’re at least six months into the next fiscal year. Knowing this, you can still build year-over-year trending models that you can measure consistently.
     
  • The underlying data may be tainted. As much as we’d like to rely on financial data from other organization and industry surveys, there’s no guarantee that all participants have applied accounting principles consistently, or calculated inputs (e.g., full-time equivalents) in the same way, making comparisons inaccurate.

Despite these pitfalls, benchmarking is a useful tool for your organization. Benchmarking lets you take stock of your current financial condition and risk profile, identify areas for improvement and find a realistic and measurable plan to strengthen your organization.

Here are four steps to take to start a successful benchmarking program and overcome these pitfalls:

  1. Benchmark against yourself. Use year-over-year and month-to-month data to identify trends, inconsistencies and unexplained changes. Once you have the information, you can see where you want to direct improvement efforts.
  2. Look to industry/peer data. We’d love to tell you that all financial statements and survey inputs are created equally, but we can’t. By understanding the source of your information, and the potential strengths and weaknesses in the data (e.g., too few peers, different size organizations and markets, etc.), you will better know how to use it. Understanding the data source allows you to weigh metrics that are more susceptible to inconsistencies.
  1. Identify what is important to your organization and focus on it. Remove data points that have little relevance for your organization. Trying to address too many measures is one of the primary reasons benchmarking fails. Identify key metrics you will target, and watch them over time. Remember, keeping it simple allows you to put resources where you need them most.
  1. Use the data as a tool to guide decisions. Identify aspects of the organization that lie beyond your risk tolerance and then define specific steps for improvement.

Once you take these steps, you can add other measurement strategies, including stress testing, monthly reporting, and use in budgeting and forecasting. By taking the time to create and use an effective methodology, this competitive advantage can be yours. Want to learn more? Check out our resources for not-for-profit organizations here.

Article
Benchmarking: Satisfy your board and gain a competitive advantage

Do you know what would happen to your company if your CEO suddenly had to resign immediately for personal reasons? Or got seriously ill? Or worse, died? These scenarios, while rare, do happen, and many companies are not prepared. In fact, 45% of US companies do not have a contingency plan for CEO succession, according to a 2020 Harvard Business Review study.  

Do you have a plan for CEO succession? As a business owner, you may have an exit strategy in place for your company, but do you have a plan to bridge the leadership gap for you and each member of your leadership team? Does the plan include the kind of crises listed above? What would you do if your next-in-line left suddenly? 

Whether yours is a family-owned business, a company of equity partners, or a private company with a governing body, here are things to consider when you’re faced with a situation where your CEO has abruptly departed or has decided to step down.  

1. Get a plan in place. First, assess the situation and figure out your priorities. If there is already a plan for these types of circumstances, evaluate how much of it is applicable to this particular circumstance. For example, if the plan is for the stepping down or announced retirement of your CEO, but some other catastrophic event occurs, you may need to adjust key components and focus on immediate messaging rather than future positioning. If there is no plan, assign a small team to create one immediately. 

Make sure management, team leaders, and employees are aware and informed of your progress; this will help keep you organized and streamline communications. Management needs to take the lead and select a point person to document the process. Management also needs to take the lead in demeanor. Model your actions so employees can see the situation is being handled with care. Once a strategy is identified based on your priorities, draft a plan that includes what happens now, in the immediate future, and beyond. Include timetables so people know when decisions will be made.  

2. Communicate clearly, and often. In times of uncertainty, your employees will need as much specific information as you can give them. Knowing when they will hear from you, even if it is “we have nothing new to report” builds trust and keeps them vested and involved. By letting them know what your plan is, when they’ll receive another update, what to tell clients, and even what specifics you can give them (e.g., who will take over which CEO responsibility and for how long), you make them feel that they are important stakeholders, and not just bystanders. Stakeholders are more likely to be strong supporters during and after any transition that needs to take place. 

3. Pull in professional help. Depending on your resources, we recommend bringing in a professional to help you handle the situation at hand. At the very least, call in an objective opinion. You’ll need someone who can help you make decisions when emotions are running high. Bringing someone on board that can help you decipher what you have to work with and what your legal and other obligations may be, help rally your team, deal with the media, and manage emotions can be invaluable during a challenging time. Even if it’s temporary. 

4. Develop a timeline. Figure out how much time you have for the transition. For example, if your CEO is ill and will be stepping down in six months, you have time to update any existing exit strategy or succession plan you have in place. Things to include in the timeline: 

  • Who is taking over what responsibilities? 
  • How and what will be communicated to your company and stakeholders? 
  • How and what will be communicated to the market? 
  • How will you bring in the CEO's replacement, while helping the current CEO transition out of the organization? 

If you are in a crisis situation (e.g., your CEO has been suddenly forced out or asked to leave without a public explanation), you won’t have the luxury of time.  

Find out what other arrangements have been made in the past and update them as needed. Work with your PR firm to help with your change management and do the right things for all involved to salvage the company’s reputation. When handled correctly, crises don’t have to have a lasting negative impact on your business.   

5. Manage change effectively. When you’re under the gun to quickly make significant changes at the top, you need to understand how the changes may affect various parts of your company. While instinct may tell you to focus externally, don’t neglect your employees. Be as transparent as you possibly can be, present an action plan, ask for support, and get them involved in keeping the environment positive. Whether you bring in professionals or not, make sure you allow for questions, feedback, and even discord if challenging information is being revealed.  

6. Handle the media. Crisis rule #1 is making it clear who can, and who cannot, speak to the media. Assign a point person for all external inquiries and instruct employees to refer all reporter requests for comment to that point person. You absolutely do not want employees leaking sensitive information to the media. 
 
With your employees on board with the change management action plan, you can now focus on external communications and how you will present what is happening to the media. This is not completely under your control. Technology and social media changed the game in terms of speed and access to information to the public and transparency when it comes to corporate leadership. Present a message to the media quickly that coincides with your values as a company. If you are dealing with a scandal where public trust is involved and your CEO is stepping down, handling this effectively will take tact and most likely a team of professionals to help. 

Exit strategies are planning tools. Uncontrollable events occur and we don’t always get to follow our plan as we would have liked. Your organization can still be prepared and know what to do in an emergency situation or sudden crisis.  Executives move out of their roles every day, but how companies respond to these changes is reflective of the strategy in place to handle unexpected situations. Be as prepared as possible. Own your challenges. Stay accountable. 

BerryDunn can help whether you need extra assistance in your office during peak times or interim leadership support during periods of transition. We offer the expertise of a fully staffed accounting department for short-term assignments or long-term engagements―so you can focus on your business. Meet our interim assistance experts.

Article
Crisis averted: Why you need a CEO succession plan today

Read this if your CFO has recently departed, or if you're looking for a replacement.

With the post-Covid labor shortage, “the Great Resignation,” an aging workforce, and ongoing staffing concerns, almost every industry is facing challenges in hiring talented staff. To address these challenges, many organizations are hiring temporary or interim help—even for C-suite positions such as Chief Financial Officers (CFOs).

You may be thinking, “The CFO is a key business partner in advising and collaborating with the CEO and developing a long-term strategy for the organization; why would I hire a contractor to fill this most-important role?” Hiring an interim CFO may be a good option to consider in certain circumstances. Here are three situations where temporary help might be the best solution for your organization.

Your organization has grown

If your company has grown since you created your finance department, or your controller isn’t ready or suited for a promotion, bringing on an interim CFO can be a natural next step in your company’s evolution, without having to make a long-term commitment. It can allow you to take the time and fully understand what you need from the role — and what kind of person is the best fit for your company’s future.

BerryDunn's Kathy Parker, leader of the Boston-based Outsourced Accounting group, has worked with many companies to help them through periods of transition. "As companies grow, many need team members at various skill levels, which requires more money to pay for multiple full-time roles," she shared. "Obtaining interim CFO services allows a company to access different skill levels while paying a fraction of the cost. As the company grows, they can always scale its resources; the beauty of this model is the flexibility."

If your company is looking for greater financial skill or advice to expand into a new market, or turn around an underperforming division, you may want to bring on an outsourced CFO with a specific set of objectives and timeline in mind. You can bring someone on board to develop growth strategies, make course corrections, bring in new financing, and update operational processes, without necessarily needing to keep those skills in the organization once they finish their assignment. Your company benefits from this very specific skill set without the expense of having a talented but expensive resource on your permanent payroll.

Your CFO has resigned

The best-laid succession plans often go astray. If that’s the case when your CFO departs, your organization may need to outsource the CFO function to fill the gap. When your company loses the leader of company-wide financial functions, you may need to find someone who can come in with those skills and get right to work. While they may need guidance and support on specifics to your company, they should be able to adapt quickly and keep financial operations running smoothly. Articulating short-term goals and setting deadlines for naming a new CFO can help lay the foundation for a successful engagement.

You don’t have the budget for a full-time CFO

If your company is the right size to have a part-time CFO, outsourcing CFO functions can be less expensive than bringing on a full-time in-house CFO. Depending on your operational and financial rhythms, you may need the CFO role full-time in parts of the year, and not in others. Initially, an interim CFO can bring a new perspective from a professional who is coming in with fresh eyes and experience outside of your company.

After the immediate need or initial crisis passes, you can review your options. Once the temporary CFO’s agreement expires, you can bring someone new in depending on your needs, or keep the contract CFO in place by extending their assignment.

Considerations for hiring an interim CFO

Making the decision between hiring someone full-time or bringing in temporary contract help can be difficult. Although it oversimplifies the decision a bit, a good rule of thumb is: the more strategic the role will be, the more important it is that you have a long-term person in the job. CFOs can have a wide range of duties, including, but not limited to:

  • Financial risk management, including planning and record-keeping
  • Management of compliance and regulatory requirements
  • Creating and monitoring reliable control systems
  • Debt and equity financing
  • Financial reporting to the Board of Directors

If the focus is primarily overseeing the financial functions of the organization and/or developing a skilled finance department, you can rely — at least initially — on a CFO for hire.

Regardless of what you choose to do, your decision will have an impact on the financial health of your organization — from avoiding finance department dissatisfaction or turnover to capitalizing on new market opportunities. Getting outside advice or a more objective view may be an important part of making the right choice for your company.

BerryDunn can help whether you need extra assistance in your office during peak times or interim leadership support during periods of transition. We offer the expertise of a fully staffed accounting department for short-term assignments or long-term engagements―so you can focus on your business. Meet our interim assistance experts.

Article
Three reasons to consider hiring an interim CFO

Read this if your company is considering outsourced information technology services.

For management, it’s the perennial question: Keep things in-house or outsource?

For management, it’s the perennial question: Keep things in-house or outsource? Most companies or organizations have outsourcing opportunities, from revenue cycle to payment processing to IT security. When deciding whether to outsource, you weigh the trade-offs and benefits by considering variables such as cost, internal expertise, cross coverage, and organizational risk.

In IT services, outsourcing may win out as technology becomes more complex. Maintaining expertise and depth for all the IT components in an environment can be resource-intensive.

Outsourced solutions allow IT teams to shift some of their focus from maintaining infrastructure to getting more value out of existing systems, increasing data analytics, and better linking technology to business objectives. The same can be applied to revenue cycle outsourcing, shifting the focus from getting clean bills out and cash coming in, to looking at the financial health of the organization, analyzing service lines, patient experience, or advancing projects.  

Once you’ve decided, there’s another question you need to ask
Lost sometimes in the discussion of whether to use outsourced services is how. Even after you’ve done your due diligence and chosen a great vendor, you need to stay involved. It can be easy to think, “Vendor XYZ is monitoring our servers or our days in AR, so we should be all set. I can stop worrying at night about our system reliability or our cash flow.” Not true.

You may be outsourcing a component of your technology environment or collections, but you are not outsourcing the accountability for it—from an internal administrative standpoint or (in many cases) from a legal standpoint.

Beware of a false state of confidence
No matter how clear the expectations and rules of engagement with your vendor at the onset of a partnership, circumstances can change—regulatory updates, technology advancements, and old-fashioned vendor neglect. In hiring the vendor, you are accountable for oversight of the partnership. Be actively engaged in the ongoing execution of the services. Also, periodically revisit the contract, make sure the vendor is following all terms, and confirm (with an outside audit, when appropriate) that you are getting the services you need.

Take, for example, server monitoring, which applies to every organization or company, large or small, with data on a server. When a managed service vendor wants to contract with you to provide monitoring services, the vendor’s salesperson will likely assure you that you need not worry about the stability of your server infrastructure, that the monitoring will catch issues before they occur, and that any issues that do arise will be resolved before the end user is impacted. Ideally, this is true, but you need to confirm.

Here’s how to stay involved with your vendor
Ask lots of questions. There’s never a question too small. Here are samples of how precisely you should drill down:

  • What metrics will be monitored, specifically?
  • Why do the metrics being monitored matter to our own business objectives?
  • What thresholds must be met to notify us or produce an alert?
  • What does exceeding a threshold mean to our business?
  • Who on our team will be notified if an alert is warranted?
  • What corrective action will be taken?

Ask uncomfortable questions
Being willing to ask challenging questions of your vendors, even when you are not an expert, is critical. You may feel uncomfortable but asking vendors to explain something to you in terms you understand is very reasonable. They’re the experts; you’re not expected to already understand every detail or you wouldn’t have needed to hire them. It’s their job to explain it to you. Without asking these questions, you may end up with a fairly generic solution that does produce a service or monitor something, but not necessarily all the things you need.

Ask obvious questions
You don’t want anything to slip by simply because you or the vendor took it for granted. It is common to assume that more is being done by a vendor than actually is. By asking even obvious questions, you can avoid this trap. All too often we conduct an IT assessment and are told that a vendor is providing a service, only to discover that the tasks are not happening as expected.

You are accountable for your whole team—in-house and outsourced members
An outsourced solution is an extension of your team. Taking an active and engaged role in an outsourcing partnership remains consistent with your management responsibilities. At the end of the day, management is responsible for achieving business objectives and mission. Regularly check in to make sure that the vendor stays focused on that same mission.

Article
Oxymoron of the month: Outsourced accountability

More and more emphasis is being put on cybersecurity by companies of all sizes. Whether it’s the news headlines of notable IT incidents, greater emphasis on the value of data, or the monetization of certain types of attacks, an increasing amount of energy and money is going towards security. Security has the attention of leadership and the board and it is not going away. One of the biggest risks to and vulnerabilities of any organization’s security continues to be its people. Innovative approaches and new technology can reduce risk but they still don’t prevent the damage that can be inflicted by an employee simply opening an attachment or following a link. This is more likely to happen than you may think.

Technology also doesn’t prepare a management team for how to handle the IT response, communication effort, and workforce management required during and after an event. Technology doesn’t lessen the operational impact that your organization will feel when, not if, you experience an event.

So let’s examine the human and operational side of cybersecurity. Below are three factors you should address to reduce risk and prepare your organization for an event:

  1. People: Create and maintain a vigilant workforce
    Ask yourself, “How prepared is our workforce when it comes to security threats and protecting our data? How likely would it be for one of our team members to click on a link or open an attachment that appear to be from our CFO? Would our team members look closely enough at the email address and notice that the organization name is different by one letter?”
     

    According to the 2016 Verizon Data Breach Report, 30% of phishing messages were opened by the target across all campaigns and 12% went on to click on the attachment or link.

    Phishing email attacks directed at your company through your team range from very obvious to extremely believable. Some attempts are sent widely and are looking for just one person to click, while others are extremely targeted and deliberate. In either case, it is vital that each employee takes enough time to realize that the email request is unusual. Perhaps there are strange typos in the request or it is odd the CFO is emailing while on vacation. That moment your employees take to pause and decide whether to click on the link/attachment could mean the difference between experiencing an event or not.

    So how do you create and cultivate this type of thought process in your workforce? Lots of education and awareness efforts. This goes beyond just an annual in-service training on HIPAA. It may include education sessions, emails with tips and tricks, posters describing the risk, and also exercises to test your workforce against phishing and security exploits. It also takes leadership embracing security as a strategic imperative and leading the organization to take it seriously. Once you have these efforts in place, you can create culture change to build and maintain an environment where an employee is not embarrassed to check with the CFO’s office to see if they really did send an email from Bora Bora.
  1. Plan: Implement a disaster recovery and incident response plan 
    Through the years, disaster recovery plans have been the usual response. Mostly, the emphasis has been on recovering data after a non-security IT event, often discussed in context of a fire, power loss, or hardware failure. Increasingly, cyber-attacks are creeping into the forefront of planning efforts. The challenge with cyber-events is that they are murkier to understand – and harder for leadership – to assist with.

    It’s easier to understand the concept of a fire destroying your server room and the plan entailing acquiring new equipment, recovering data from backup, restoring operations, having good downtime procedures, and communicating the restoration efforts along the way. What is much more challenging is if the event begins with a suspicion by employees, customers, or vendors who believe their data has been stolen without any conclusive information that your company is the originating point of the data loss. How do you take action if you know very little about the situation? What do you communicate if you are not sure what to say? It is this level of uncertainty that makes it so difficult. Do you have a plan in place for how to respond to an incident? Here are some questions to consider:
     
    1. How will we communicate internally with our staff about the incident?
    2. How will we communicate with our clients? Our patients? Our community?
    3. When should we call our insurance company? Our attorney?
    4. Is reception prepared to describe what is going on if someone visits our office?
    5. Do we have the technical expertise to diagnose the issue?
    6. Do we have set protocols in place for when to bring our systems off-line and are our downtime procedures ready to use?
    7. When the press gets wind of the situation, who will communicate with them and what will we share?
    8. If our telephone system and network is taken offline, how we will we communicate with our leadership team and workforce?

By starting to ask these questions, you can ascertain how ready you may, or may not be, for a cyber-attack when it comes.

  1. Practice: Prepare your team with table top exercises  
    Given the complexity and diversity of the threats people are encountering today, no single written plan can account for all of the possible combinations of cyber-attacks. A plan can give guidance, set communication protocols, and structure your approach to your response. But by conducting exercises against hypothetical situations, you can test your plan, identify weaknesses in the plan, and also provide your leadership team with insight and experience – before it counts.

    A table top exercise entails one team member (perhaps from IT or from an outside firm) coming up with a hypothetical situation and a series of facts and clues about the situation that are given to your leadership team over time. Your team then implements the existing plans to respond to the incident and make decisions. There are no right or wrong answers in this scenario. Rather, the goal is to practice the decision-making and response process to determine where improvements are needed.

    Maybe you run an exercise and realize that you have not communicated to your staff that no mention of the event should be shared by employees on social media. Maybe the exercise makes you realize that the network administrator who is on vacation at the time is the only one who knows how to log onto the firewall. You might identify specific gaps that are lacking in your cybersecurity coverage. There is much to learn that can help you prepare for the real thing.

As you know, there are many different threats and risks facing organizations. Some are from inside an organization while others come from outside. Simply throwing additional technology at the problem will not sufficiently address the risks. While your people continue to be one of the biggest threats, they can also be one of your biggest assets, in both preventing issues from occurring and then responding quickly and appropriately when they do. Remember focus on your People, Your Plan, and Your Practice.

Article
The three P's of improving your company's cybersecurity soft skills

IRS Notice 2018-67 Hits the Charts
Last week, in addition to The Eagles Greatest Hits (1971-1975) album becoming the highest selling album of all time, overtaking Michael Jackson’s Thriller, the IRS issued Notice 2018-67its first formal guidance on Internal Revenue Code Section 512(a)(6), one of two major code sections added by the Tax Cuts and Jobs Act of 2017 that directly impacts tax-exempt organizations. Will it too, be a big hit? It remains to be seen.

Section 512(a)(6) specifically deals with the reporting requirements for not-for-profit organizations carrying on multiple unrelated business income (UBI) activities. Here, we will summarize the notice and help you to gain an understanding of the IRS’s thoughts and anticipated approaches to implementing §512(a)(6).

While there have been some (not so quiet) grumblings from the not-for-profit sector about guidance on Code Section 512(a)(7) (aka the parking lot tax), unfortunately we still have not seen anything yet. With Notice 2018-67’s release last week, we’re optimistic that guidance may be on the way and will let you know as soon as we see anything from the IRS.

Before we dive in, it’s important to note last week’s notice is just that—a notice, not a Revenue Procedure or some other substantive legislation. While the notice can, and should be relied upon until we receive further guidance, everything in the notice is open to public comment and/or subject to change. With that, here are some highlights:

No More Netting
512(a)(6) requires the organization to calculate unrelated business taxable income (UBTI), including for purposes of determining any net operating loss (NOL) deduction, separately with respect to each such trade or business. The notice requires this separate reporting (or silo-ing) of activities in order to determine activities with net income from those with net losses.

Under the old rules, if an organization had two UBI activities in a given year, (e.g., one with $1,000 of net income and another with $1,000 net loss, you could simply net the two together on Form 990-T and report $0 UBTI for the year. That is no longer the case. From now on, you can effectively ignore activities with a current year loss, prompting the organization to report $1,000 as taxable UBI, and pay associated federal and state income taxes, while the activity with the $1,000 loss will get “hung-up” as an NOL specific to that activity and carried forward until said activity generates a net income.

Separate Trade or Business
So, how does one distinguish (or silo) a separate trade or business from another? The Treasury Department and IRS intend to propose some regulations in the near future, but for now recommend that organizations use a “reasonable good-faith interpretation”, which for now includes using the North American Industry Classification System (NAICS) in order to determine different UBI activities.

For those not familiar, the NAICS categorizes different lines of business with a six-digit code. For example, the NAICS code for renting* out a residential building or dwelling is 531110, while the code for operating a potato farm is 111211. While distinguishing residential rental activities from potato farming activities might be rather straight forward, the waters become muddier if an organization rents both a residential property and a nonresidential property (NAICS code 531120). Does this mean the organization has two separate UBI rental activities, or can both be grouped together as rental activities? The notice does not provide anything definitive, but rather is requesting public comments?we expect to see something more concrete once the public comment period is over.

*In the above example, we’re assuming the rental properties are debt-financed, prompting a portion of the rental activity to be treated as UBI.

UBI from Partnership Investments (Schedule K-1)
Notice 2018-67 does address how to categorize/group unrelated business income for organizations that receive more than one partnership K-1 with UBI reported. In short, if the Schedule K-1s the organization receives can meet either of the tests below, the organization may treat the partnership investments as a single activity/silo for UBI reporting purposes. The notice offers the following:

De Minimis Test
You can aggregate UBI from multiple K-1s together as long as the exempt organization holds directly no more than 2% of the profits interest and no more that 2% of the capital interest. These percentages can be found on the face of the Schedule K-1 from the Partnership and the notice states those percentages as shown can be used for this determination. Additionally, the notice allows organizations to use an average of beginning of year and end of year percentages for this determination.

Ex: If an organization receives a K-1 with UBI reported, and the beginning of year profit & capital percentages are 3%, and the end of year percentages are 1%, the average for the year is 2% (3% + 1% = 4%/2 = 2%). In this example, the K-1 meets the de minimis test.

There is a bit of a caveat here—when determining an exempt organization's partnership interest, the interest of a disqualified person (i.e. officers, directors, trustees, substantial contributors, and family members of any of those listed here), a supporting organization, or a controlled entity in the same partnership will be taken into account. Organizations need to review all K-1s received and inquire with the appropriate person(s) to determine if they meet the terms of the de minimis test.

Control Test
If an organization is not able to pass the de minimis test, you may instead use the control test. An organization meets the requirements of the control test if the exempt organization (i) directly holds no more than 20 percent of the capital interest; and (ii) does not have control or influence over the partnership.

When determining control or influence over the partnership, you need to apply all relevant facts and circumstances. The notice states:

“An exempt organization has control or influence if the exempt organization may require the partnership to perform, or may prevent the partnership from performing, any act that significantly affects the operations of the partnership. An exempt organization also has control or influence over a partnership if any of the exempt organization's officers, directors, trustees, or employees have rights to participate in the management of the partnership or conduct the partnership's business at any time, or if the exempt organization has the power to appoint or remove any of the partnership's officers, directors, trustees, or employees.”

As noted above, we recommend your organization review any K-1s you currently receive. It’s important to take a look at Line I1 and make sure your organization is listed here as “Exempt Organization”. All too often we see not-for-profit organizations listed as “Corporations”, which while usually technically correct, this designation is really for a for-profit corporation and could result in the organization not receiving the necessary information in order to determine what portion, if any, of income/loss is attributable to UBI.

Net Operating Losses
The notice also provides some guidance regarding the use of NOLs. The good news is that any pre-2018 NOLs are grandfathered under the old rules and can be used to offset total UBTI on Form 990-T.

Conversely, any NOLs generated post-2018 are going to be considered silo-specific, with the intent being that the NOL will only be applicable to the activity which gave rise to the loss. There is also a limitation on post-2018 NOLs, allowing you to use only 80% of the NOL for a given activity. Said another way, an activity that has net UBTI in a given year, even with post-2017 NOLs, will still potentially have an associated tax liability for the year.

Obviously, Notice 2018-67 provides a good baseline for general information, but the details will be forthcoming, and we will know then if they have a hit. Hopefully the IRS will not Take It To The Limit in terms of issuing formal guidance in regards to 512(a)(6) & (7). Until they receive further IRS guidance,  folks in the not-for-profit sector will not be able to Take It Easy or have any semblance of a Peaceful Easy Feeling. Stay tuned.

Article
Tax-exempt organizations: The wait is over, sort of

Over the course of its day-to-day operations, every organization acquires, stores, and transmits Protected Health Information (PHI), including names, email addresses, phone numbers, account numbers, and social security numbers.

Yet the security of each organization’s PHI varies dramatically, as does its need for compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Organizations that meet the definition of a covered entity or business associate under HIPAA must comply with requirements to protect the privacy and security of health information.

Noncompliance can have devastating consequences for an organization, including:

  • Civil violations, with fines ranging from $100 to $50,000 per violation
  • Criminal penalties, with fines ranging from around $50,000 to $250,000, plus imprisonment

All it takes is just one security or privacy breach. As breaches of all kinds continue to rise, this may be the perfect time to evaluate the health of your organization’s HIPAA compliance. To keep in compliance and minimize your risk of a breach, your organization should have:

  • An up-to-date and comprehensive HIPAA security and privacy plan
  • Comprehensive HIPAA training for employees
  • Staff who are aware of all PHI categories
  • Sufficiently encrypted devices and strong password policies

HIPAA Health Check: A Thorough Diagnosis

If your organization doesn’t have these safeguards in place, it’s time to start preparing for the worst — and undergo a HIPAA health check.

Organizations need to understand what they have in place, and where they need to bolster their practice. Here are a variety of fact-finding methods and tools we recommend, including (but not limited to):

  • Administrative, technical, and physical risk analyses
  • Policy, procedure, and business documentation reviews
  • Staff surveys and interviews
  • IT audits and testing of data security

Once you have diagnosed your organization’s “as-is” status, you need to move your organization toward the “to-be” status — that is, toward HIPAA compliance — by:

  • Prioritizing your HIPAA security and privacy risks
  • Developing tactics to mitigate those risks
  • Providing tools and tactics for security and privacy breach prevention and minimization
  • Creating or updating policies, procedures, and business documents, including a HIPAA security and privacy plan

As each organization is different, there are many factors to consider as you go through these processes, and customize your approach to the HIPAA-compliance needs of your organization.

The Road to Wellness

An ounce of prevention is worth a pound of cure. Don’t let a security or privacy breach jump-start the compliance process. Reach out to us for a HIPAA health check. Contact us if you have any questions on how to get your organization on the road to wellness.

Article
How healthy is your organization's HIPAA compliance?

As we begin the second year of Uniform Guidance, here’s what we’ve learned from year one, and some strategies you can use to approach various challenges, all told from a runner's point of view.

A Runner’s Perspective

As I began writing this article, the parallels between strategies that I use when competing in road races — and the strategies that we have used in navigating the Uniform Guidance — started to emerge. I’ve been running competitively for six years, and one of the biggest lessons I’ve learned is that implementing real-time adjustments to various challenges that pop up during a race makes all the difference between crossing — or falling short of — the finish line. This lesson also applies to implementing Uniform Guidance. On your mark, get set, go!

Challenge #1: Unclear Documentation

Federal awarding agencies have been unclear in the documentation within original awards, or funding increments, making it hard to know which standards to follow: the previous cost circulars, or the Uniform Guidance?

Racing Strategy: Navigate Decision Points

Take the time to ask for directions. In a long race, if you’re apprehensive about what’s ahead, stop and ask a volunteer at the water station, or anywhere else along the route.

If there is a question about the route you need to take in order to remain compliant with the Uniform Guidance, it’s your responsibility to reach out to the respective agency single audit coordinators or program officials. Unlike in a race, where you have to ask questions on the fly, it’s best to document your Uniform Guidance questions and answers via email, and make sure to retain your documentation.  Taking the time to make sure you’re headed in the right direction will save you energy, and lost time, in the long run.    

Challenge #2: Subrecipient Monitoring

The responsibilities of pass-through entities (PTEs) have significantly increased under the Uniform Guidance with respect to subaward requirements. Under OMB Circular A-133, the guidance was not very explicit on what monitoring procedures needed to be completed with regard to subrecipients. However, it was clear that monitoring to some extent was a requirement.

Racing Strategy: Keep a Healthy Pace

Take the role of “pacer” in your relationships with subrecipients. In a long-distance race, pacers ensure a fast time and avoid excessive tactical racing. By taking on this role, you can more efficiently fulfill your responsibilities under the Uniform Guidance.

Under the Uniform Guidance, a PTE must:

  • Perform risk assessments on its subrecipients to determine where to devote the most time with its monitoring procedures.
  • Provide ongoing monitoring, which includes site visits, provide technical assistance and training as necessary, and arrange for agreed-upon procedures to the extent needed.
  • Verify subrecipients have been audited under Subpart F of the Uniform Guidance, if they meet the threshold.
  • Report and follow up on any noncompliance at the subrecipient level.
  • The time you spend determining the energy you need to expend, and the support you need to lend to your subrecipients will help your team perform at a healthy pace, and reach the finish line together.

Challenge #3: Procurement Standards

The procurement standards within the Uniform Guidance are similar to those under OMB Circular A-102, which applied to state and local governments. They are likely to have a bigger impact on those entities that were subject to OMB Circular A-110, which applied to higher education institutions, hospitals, and other not-for-profit organizations.

Racing Strategy: Choose the Right Equipment

Do your research before procuring goods and services. In the past, serious runners had limited options when it came to buying new shoes and food to boost energy. With the rise of e-commerce, we can now purchase everything faster and cheaper online than we can at our local running store. But is this really an improvement?

Under A-110, we were guided to make prudent decisions, but the requirements were less stringent. Now, under Uniform Guidance, we must follow prescribed guidelines.

Summarized below are some of the differences between A-110 and the Uniform Guidance:

A-110 UNIFORM GUIDANCE
Competition
Procurement transaction shall be conducted in a manner to provide, to the maximum extent practical, open and free competition.
Competition
Procurement transaction must be conducted in a manner providing full and open competition consistent with the standards of this section.
 
Procurement
Organizations must establish written procurement procedures, which avoid purchasing unnecessary items, determine whether lease or purchase is most economical and practical, and in solicitation provide requirements for awards.
Procurement
Organizations must use one of the methods provided in this section:
  1. Procurement by Micro Purchase (<$3,000)
  2. Procurement by Small Purchase Procedures (<$150,000)
  3. Procurement by Sealed Bids
  4. Procurement by Competitive Proposal
  5. Procurement by Noncompetitive Proposal

While the process is more stringent under the Uniform Guidance, you still have the opportunity to choose the vendor or product best suited to the job. Just make sure you have the documentation to back up your decision.

A Final Thought
Obviously, this article is not an all-inclusive list of the changes reflected in the Uniform Guidance. Yet we hope that it does provide direction as you look for new grant awards and revisit internal policies and procedures.

And here’s one last tip: Do you know the most striking parallel that I see between running a race and implementing the Uniform Guidance? The value of knowing yourself.

It’s important to know what your challenges are, and to have the self-awareness to see when and where you will need help. And if you ever need someone to help you navigate, set the pace, or provide an objective perspective on purchasing equipment, let us know. We’re with you all the way to the finish line.

Grant Running.jpg

Article
A runner's guide to Uniform Guidance, year two