Florida New Hire/Independent Contractor Reporting

Date May 25, 2022
Categories

HBK would like to remind employers that Florida expanded its new hire and independent contractor reporting requirements. This legislation took effect on October 1, 2021.

What does it mean for Florida employers?
First, the legislation removed the prior 250-employee threshold for new hire reporting. Now all businesses are subject to new hire reporting. Second, the statute imposes a requirement to report independent contractors paid more than $600 in the calendar year. The reporting of independent contractors should occur within 20 days of the contract start date or date of first payment.

Currently, there are no penalties for non-compliance with the reporting requirements. If employers have not yet reported independent contractors, they should report all contractors who have exceeded the $600 threshold in 2022.

More information on reporting new hires or independent contractors in Florida.

The Florida Department of Revenue maintains FAQ reporting requirements on its website.

Speak to one of our professionals about your organizational needs

"*" indicates required fields



Employee Benefits Security Administrations Cybersecurity Guidance Part I: Hiring a Service Provider

Date April 1, 2022
Article Authors
HBK CPAs & Consultants

Part one of a three-part series on the U.S. Department of Labor’s “Cybersecurity Guidance for Plan Sponsors, Plan Fiduciaries, Record Keepers, Plan Participants.”

Nearly a year ago, in April 2021, the Department of Labor’s (DOL) Employee Benefits Security Administrations (EBSA) announced cybersecurity guidance for retirement plans subject to the Employee Retirement Income Security Act of 1974 (ERISA). The guidance includes best practices for maintaining cybersecurity and tips for protecting workers’ benefits for plan sponsors, plan fiduciaries, record keepers, and plan participants.

As noted in the release, the guidance is provided under three forms:

  • Tips for hiring a service provider – To help plan sponsors and fiduciaries prudently select a service provider with strong cybersecurity practices as required by ERISA
  • Cybersecurity program best practices – To help plan fiduciaries and record-keepers in their responsibilities for managing cybersecurity risks
  • Online security tips – To help participants and beneficiaries reduce the risk of fraud and loss when checking their retirement accounts online.

Tips for hiring a service provider

Business owners often rely on other service providers to maintain plan records and keep participant data confidential and plan accounts secure. And, if the myriad of data breaches and security incidents have taught us anything, it is that we are only as strong as our weakest link. Therefore, to satisfy ERISA guidance and secure confidential data, it is critical that plan sponsors use service providers with stringent cybersecurity practices. The DOL recommends the following:

  • Ask about the service provider’s information security standards, practices and policies, and audit results, and compare them to the industry standards adopted by other financial institutions. Ideally the service provider follows a recognized standard for information security and uses an outside (third-party) auditor to review and validate their cybersecurity practices.
  • Ask the service provider how it validates its practices, and what levels of security standards it has met and implemented.
  • Evaluate the service provider’s track record in the industry, including public information regarding information security incidents, other litigation, and legal proceedings related to vendor’s services.
  • Ask whether the service provider has experienced past security breaches, what happened, and how the service provider responded.
  • Find out if the service provider has any insurance policies that would cover losses caused by cybersecurity and identity theft breaches.
  • When you contract with a service provider, make sure that the contract requires ongoing compliance with cybersecurity and information security standards—and be wary of contract provisions that limit the service provider’s responsibility for IT security breaches..

The first and last of the six tips are particularly noteworthy.

  • The first tip notes: “Ideally the service provider follows a recognized standard for information security and uses an outside (third-party) auditor to review and validate their cybersecurity practices.” This is the most critical tip. A credible service provider should be able to provide a single report issued by an independent auditor (most commonly a “SOC” report) that encompasses the other five tips. The report should include information on the service providers’ data security standards, practices, and policies, and the related audit results. It should disclose recent security incidents, breaches, and whether or not the service provider uses insurance as one of its risk mitigation mechanisms (hopefully they aren’t relying strictly on insurance to mitigate these risks).”
  • According to tip six: “When you contract with a service provider, make sure that the contract requires ongoing compliance with cybersecurity and information security standards …” This tip ensures your service provider will continue to adhere to cybersecurity compliance and best practices, and continue to undergo independent audits of these requirements. As such, your service provider should be incentivized, if not required, to be vigilant of evolving cybersecurity threats and changes in best practices. In our engagements, HBK Risk Advisory Services regularly stresses the importance of third-party risk management as specified by this point of DOL guidance.

While the DOL guidance provides tips for hiring a service provider, your responsibility for managing vendor risk doesn’t stop there. It remains your responsibility to regularly assess and evaluate that service provider. Technology and cyber threats are constantly evolving, and so should your business’s and your service providers’ practices. Assessing a firm at engagement doesn’t satisfy the need to continually improve and adapt to the evolving cybersecurity landscape.

We recommend that to meet the needs of this guidance you establish a third-party risk management program. The program will set policies and procedures for managing third-party providers from pre-hire evaluation, contracting, and on-boarding, throughout their tenure as a service provider, and upon termination.

HBK Risk Advisory Services can help you design, implement and execute a third-party risk management program that meets compliance demands and manages the third-party risks unique to your organization. If you have any questions or concerns regarding this topic, please reach out to me at 724-934-5300 or email at mschiavone@hbkcpa.com.

Next: Third-party risk management is a component of “Cybersecurity Program Best Practice,” the subject of the next of our three-part series on the U.S. Department of Labor’s “Cybersecurity Guidance for Plan Sponsors, Plan Fiduciaries, Record Keepers, Plan Participants.”

Speak to one of our professionals about your organizational needs

"*" indicates required fields



New Economic Relief Options for Ohio Businesses

Date June 8, 2020
Categories
Article Authors

Ohio Governor Mike DeWine and Lieutenant Governor Jon Husted have announced three new economic relief programs to support Ohio businesses:

Appalachian Growth Capital Loan Program
The Ohio Development Services Agency and Governor’s Office of Appalachia are providing $10 million to help small businesses in the 32-county Appalachian region of Ohio, including Mahoning, Trumbull, Columbiana, Ashtabula, Holmes, Tuscarawas, and Carroll counties, and others in East, Southeast, and Southern Ohio.

Funding will be provided to Appalachian Growth Capital, which as a community development financial institution (CDFI), is dedicated to providing credit and financial services to underserved markets and populations. Appalachian Growth Capital will use the funds to create a loan program to support businesses affected by COVID-19. The program will provide loans of up to $500,000 at 2 percent interest with a repayments deferred for up to six months.

To be eligible, a business must have less than $40 million in annual sales in the most recently completed tax year and maintain 13-week cash flow projections.

To learn more or apply visit www.appcap.org.

Ohio Minority Micro-Enterprise Grant Program
The Ohio Minority Micro-Enterprise Grant Program is intended to support small minority- and women-owned businesses in Ohio that have been heavily impacted by the COVID-19 crisis. The program, offered by the Ohio Development Services Agency, provides $10,000 in grant funding to eligible businesses. Grants will be awarded on a first-come, first-served basis. According to Governor DeWine, the program can fund up to 500 businesses.

Eligible business must meet the following criteria:

  • Be certified as a Minority Business Enterprises or women-owned EDGE-certified business as of February 29, 2020
  • Have 10 or fewer employees
  • Have no more than $500,000 in annual revenue
  • Be current on all taxes
  • Be current on all private and public loans
  • Not be a recipient of funding under the Coronavirus Aid, Relief, and Economic Security (CARES) Act

For more information, or to apply, visit https://development.ohio.gov/bs/bs_mmegp.htm.

Ohio PPE Retooling and Reshoring Grant Program
The Ohio Development Services Agency is offering a total of $20 million dollars in grants, at up to $500,000 per facility, to eligible manufacturers or nonprofit organizations to retool their facilities to make PPE (personal protective equipment) or reshore PPE production to Ohio.

To be eligible, a business must be:

  • A small business under SBA guidelines or a registered nonprofit organization
  • In good standing with the Ohio Department of Taxation and Ohio Environmental Protection Agency and registered with the Ohio Secretary of State
  • Able to produce eligible PPE solely at an Ohio facility that is wholly owned and operated by the applicant
  • Agreeable to making its best efforts to sell PPE made through this grant program in Ohio before pursuing out-of-state buyers

For more information about this program or to apply visit https://development.ohio.gov/bs/bs_ppe-rrgpg.htm.

To discuss these or other economic relief programs available to your business, contact your HBK Advisor.

Speak to one of our professionals about your organizational needs

"*" indicates required fields