From McKonly & Asbury

In recent years, employee benefit plans (EBPs) and their service providers have fallen victim to cyber schemes to steal participant data, make fraudulent transfers of participant assets (through direct transfers and fraudulent plan loans), and carry out ransomware attacks. Why are EBPs so vulnerable to this type of cyber activity? Here are a few of the most compelling reasons:

• EBPs operate in a highly electronic environment. Electronic benefit plan information includes large amounts of sensitive employee information that is shared with multiple third parties, including outsourced service organizations that also maintain and electronically share sensitive employee and asset information.
• EBPs often fall outside the scope of a sponsor organization’s cybersecurity planning with regard to ongoing business activities.
• Unlike other businesses that handle personal information, EBPs are not regulated for cybersecurity purposes.
• Plan sponsors and administrators may be under the false impression that anti-virus and anti-spam software adequately protect them from these risks.
• Plan sponsors and administrators may believe that their service organization SOC 1 reports address cyber risks at the service organization when, in reality, they do not.

How Plan Fiduciaries Can Protect Plan Information from Cyberattacks and Respond to Data Breaches

In the EBP world, it is common knowledge that ERISA requires benefit plan sponsors and other fiduciaries to administer their plans for the exclusive benefit of plan participants and beneficiaries, and with the “care, skill, prudence, and diligence under the circumstances that a prudent person acting in a like capacity and familiar with such matters would use.” However, plan fiduciaries also have a duty with respect to the management of the plan – and this includes implementing processes and controls to restrict access to a plan’s systems, applications, and data (including third-party records and other sensitive information). Plan sponsors must also understand how their service providers store and protect the participant data they handle. According to the DOL ERISA Advisory Council Report, Cybersecurity Considerations for Benefit Plans, if (or when) a cybersecurity breach occurs, plan sponsors should have a plan in place for addressing the breach. Specifically:

• The plan should establish procedures for how the sponsor and its service providers will communicate with plan participants who may be worried about the breach and protecting their data.
• Sponsors should have a process for determining how a breach will be corrected and what remedies will be used.
• Sponsors should document both their overall process for responding to cybersecurity breaches and any steps they take in correcting an actual breach. This documentation will help show that they acted prudently in the face of the breach.
• Sponsors should vet their service providers and negotiate contract provisions to lower or mitigate the costs of correcting a possible cyberattack on a plan.
• Sponsors should review and understand the limitations of their business insurance coverage, and consider cyber insurance to address possible coverage gaps.

Additional Cybersecurity Considerations When a Third-party Service Provider is Used

Many plan sponsors use third-party service providers such as plan administrators, actuaries, auditors, trustees, insurers and consultants for plan management and administration. These providers regularly collect and maintain sensitive employee data, such as SSNs, addresses, dates of birth, account balance information, beneficiary information, and bank account details in order to deliver their services. Some service providers also maintain systems that allow employees to initiate transactions online, such as obtaining loans and/or account withdrawals. Given this, a cybersecurity breach within a service provider could result in participants’ identities, personal information, or plan assets being compromised. Plan sponsors should have discussions with the plan’s third-party service providers regarding policies and procedures relating to data security, including passwords, use of social media, document retention, internet privacy, and other relevant issues. Plan sponsors should also understand the providers’ procedures for breach notification, including any obligations they may have to notify participants or governmental authorities. This information can be obtained through discussions with those providers and by reviewing the service provider agreements.

Does a SOC 1 Report Address a Plan’s Internal Control over Cybersecurity Controls and Risk?

For plans that utilize service organizations for most (or all) of their electronic records and investment transactions, a common misconception may be that those plans have relatively little cybersecurity risk if the service organization’s SOC 1 report identifies no issues. However, a SOC 1 report addresses only a plan’s internal control over financial reporting; it does not address broader entity cybersecurity controls and risk. A SOC 2 report, on the other hand, specifically addresses the cybersecurity controls and risks in the system used by the service organization to provide such services to the plan. The report may also address controls relevant to the service organization’s ability to maintain the confidentiality or privacy of the information processed by the system. As such, a SOC 2 report can help plan management assess and manage risks associated with outsourcing a function to a service organization by providing information about the effectiveness of controls at the service organization and how those controls integrate with the plan’s controls.

Effective Practices and Policies to Protect Against Cyberattacks

To help plans address their cybersecurity risks, the DOL Advisory Council Cybersecurity Report (discussed above) included information for plan sponsors and fiduciaries to utilize when developing a cybersecurity strategy and program. The report identified four major areas that sponsors and fiduciaries should focus on:

1. Data management – Protect and control data
2. Technology management – Maintain up-to-date technology
3. Service provider management – Perform due diligence on plan data security of service providers
4. People issues – Properly train and manage personnel

The report also includes information for plan sponsors to assist them in establishing a cybersecurity strategy for employee benefit plans and contracting with service providers, as well as a list of resources for plan sponsors and service providers that addresses considerations for managing EBP cybersecurity risks. We encourage you to review the report and use it to strengthen your organization’s cybersecurity practices, particularly as they relate to your EBPs.

You can learn more about Employee Benefit Plan services by visiting our website and don’t hesitate to contact Dan Sturm, Partner & Director of ERISA Services at dsturm@macpas.com.

The Columbia Montour Chamber of Commerce is partnering with the Pennsylvania Chamber of Business & Industry and the Pennsylvania Association of Chamber Processionals on this year’s spring legislative event. Key state lawmakers and agency representatives will discuss issues of importance to job creators and Pennsylvania’s communities. 

The program will be held over a 2-day period, June 17th & 18th via Zoom. The cost is $15 for one day and $25 for both days and participants will have the opportunity to ask questions directly.  Register for the event online or by calling the Chamber office at 570-784-2522.  The Zoom meeting link will be emailed upon registration confirmation.

Agenda  
Thursday, June 17, 2021 
2:00 – 3:00pm Welcome Remarks from PACP, PA Chamber, and State Lawmakers 
– Majority Whip Representative Donna Oberlander
– Majority Whip Senator John Gordner 
 
3:00 – 4:00pm Recovery Discussion 
– Senator Ryan Aument, Senate Republican Caucus Secretary and Prioritize PA leader 
– Representative Aaron Kaufer, House Economic Recovery Task Force leader 
 
4:00 – 5:00pm Budget / Fiscal Policy Discussion 
-  Matthew Knittel, Executive Director, Pennsylvania Independent Fiscal Office 
–  Representative George Dunbar, House Republican Caucus Chair 

 
Friday, June 18, 2021 
9:00 – 9:30am Conversation with Gene Barr and Gov. Tom Wolf 

9:30 – 10:30am State / Federal Transportation Discussion 
– Representative Mike Carroll, Democratic Chair, House Transportation Committee 
– Robert Latham, Executive Vice President, Associated PA Constructors 
– Ed Mortimore, Vice President, Transportation and Infrastructure, U.S. Chamber of Commerce  
 
10:30 – 11:30 am State / Federal Energy Discussion 
– Senator Gene Yaw, Majority Chair, Environmental Resources and Energy Committee 
– Representative Pam Snyder, Environmental Resources and Energy Committee member, Democratic Southwest Delegation chair 
– Christopher Guith, Senior Vice President, U.S. Chamber of Commerce’s Global Energy Institute  
 
11:15am – 12:00pm PA Chamber & US Chamber Updates  
– Gene Barr, President & CEO, PA Chamber 
– Kevin Courtois, Executive Director, Congressional and Public Affairs Great Lakes Region, U.S. Chamber of Commerce 

The new Unemployment Compensation system will be launching in June and is designed to simplify and speed up the claims process. The new system will make sure people will get the benefits they need while also reducing the opportunity for fraud.

Visit here for details.

United Way to launch Day of Action to Benefit Local Community

The United Way of Columbia and Montour Counties is launching their Day of Action. On and around June 21, volunteers will go into Columbia and Montour Counties to help local nonprofits in their areas of need. The goal is to provide local residents with the opportunity to make a difference in their community.

“Due to COVID-19, many partner agencies had to put off projects due to safety concerns or because their focus was on running the organization,” said Adrienne Mael, President/CEO of United Way of Columbia and Montour Counties. “With restrictions easing, it felt like the perfect year to support our agencies in a new way. We hope this Day of Action will grow into an annual tradition.”

United Way reached out to their partner agencies to see where they needed support, and if they could fulfill any “wish lists” for their organizations. Seven nonprofits responded with twelve different projects they are looking to complete. The projects range from planting and weeding gardens, sanding, staining, and painting projects, building planter boxes, organizing storage units, and even some longer-term data entry projects.

Any individual interested in participating in United Way’s Day of Action can sign-up at https://cmcuw.org/volunteer-signups. Simply select your areas of interest, and United Way will match you to a project!

There are three different opportunities to participate in a Day of Action starting Saturday, June 19, 2021, through Monday, June 21, 2021. Volunteers are welcome to sign-up for one or all three days depending on your capacity and availability. Children under 14 years of age are welcome to participate but must be accompanied by a parent or guardian.

As a new initiative, the hope is this will grow into an annual volunteer opportunity for community residents to come alongside our local nonprofits to be part of solutions that have a real impact on people’s lives.

 

Montour Area Recreation Commission Adds to Team

 

Pictured from left to right: Dennis Piatt (Senior Maintenance Technician), Lesley Yeich (Maintenance Technician), Craig Reinard (Seasonal Maintenance Technician), Hannah Reavy (intern), Doug Fought (Seasonal Maintenance Technician), and Bob Stoudt (Director). Not pictured: Jon Beam (Assistant Director/Naturalist)

 Montour Area Recreation Commission (MARC) is pleased to announce the addition of three new individuals to our team. MARC welcomes aboard Doug Fought and Craig Reinard as new Seasonal Maintenance Technicians and Hannah Reavy, from Bloomsburg University’s Department of Environmental, Geographical, and Geological Sciences, as a summer intern.

More than 430 businesses and organizations belong to the Chamber to receive benefits and support efforts to strengthen their businesses and the region. Increased membership allows the Chamber to offer additional programs and benefits, have a stronger voice in advocacy and be involved in more activities and initiatives. The Chamber welcomes Hinerfeld Commercial Real Estate.

Continuously operating in Northeast Pennsylvania since 1934, the company is a leader in the brokerage of all types of commercial and industrial real estate in the NEPA Market, serving international, national, regional, and local clients.  Its primary service area includes Pike, Wayne, Susquehanna, Wyoming, Lackawanna, Luzerne, and Monroe Counties. 

For more information on Hinerfeld Commercial Real Estate visit its website, Facebook page or call 570-207-4100.

From PA Chamber of Business & Industry

In a statement, PA Chamber President and CEO Gene Barr noted that over the past several months, despite Pennsylvania’s high unemployment rate and rising wages, a large number of employers – across a broad spectrum of industries – have reported difficulties filling open positions.  As a result, employers have been forced to reduce hours or even close operations.  Many are pointing to policies related to unemployment compensation exacerbating these challenges, including the continued waiving of the work search requirement and the additional $300 in weekly federal benefit payments.  Barr referenced a recent study by the American Action Forum found that an estimated 40 percent of unemployment compensation claimants are making more in benefits than they were in wages.  To date, 24 states have ended their participation in the enhanced federal benefit program in order to encourage the transition of individuals back into the workforce.

“Despite claims to the contrary, the impacts of the enhanced federal unemployment benefits are not negligible,” Barr said.  “Rather than just continuing these policies that have outlived their purpose, we encourage the Wolf administration to follow the lead of other states that are implementing innovative solutions to help encourage employment and connect unemployed Pennsylvanians with hiring employers.  House Bill 508, for example, would phase out federal benefit enhancements and create a return-to-work grant for workers who transition back into the workforce.”

As part of the Bringing PA Back initiative, the PA Chamber is asking the business community to provide testimonials describing the challenges they are facing trying to fill open positions.  We encourage you to participate in this effort.  Click here to access the online form. 

Department of Health Acting Secretary Alison Beam announced that the commonwealth’s mask order will be lifted by June 28.  

“After reviewing the vaccination data for people 18 and over and discussing it with the COVID-19 Vaccine Legislative Task Force, we have determined that the commonwealth’s mask order can be lifted on June 28 or when 70 percent of adults get their second dose, whichever comes first,” Acting Secretary Beam said. “Pennsylvanians are realizing that they have the power to stop COVID-19 and they are stepping up to get vaccinated.”  

“Yesterday we hit a milestone with 70 percent of adults receiving at least one dose of vaccine,” she said. “That’s a strong indicator that we are on track to get at least that many getting both doses by the end of June.” 

“The Department of Health will continue to make getting a vaccine as convenient as possible by making it widely available and supporting equitable and effective efforts to reach every Pennsylvanian who wants it.” 

All Pennsylvanians age 12 and older are eligible to schedule a COVID-19 vaccine. People can find vaccination locations near them using Vaccines.gov, also known as Vaccine Finder.

Once the statewide masking order is lifted, Pennsylvania will continue to follow the CDC guidance for wearing a mask where required by law, rule, and regulations, including local business and workplace guidance. The CDC requires individuals to wear a mask on planes, buses, trains, and other forms of public transportation traveling into, within, or out of the United States, and in U.S. transportation hubs, such as airports and stations. In addition, all individuals should still follow guidance at workplaces, local businesses, long-term care facilities, hospitals, prisons and homeless shelters.  

1st Annual Kathleen Deegan Hughes Memorial Golf Tournament Raises Over $50,000 to help fight Adrenocortical Carcinoma (ACC)

 On Saturday May 8th, friends and family gathered at Frosty Valley Resort in Danville, for the 1st Annual Kathleen Deegan Hughes Memorial Golf Tournament. Service 1st Federal Credit Union was honored to be the primary sponsor for the event. The golf outing raised over $50,000 to fund research to one day find a cure for Adrenocortical Carcinoma (ACC).

“Our family is beyond grateful for the generosity and support from this amazing community,” said John Deegan, Kathleen’s brother. “The outpouring of love is a true testament to the impact that Kathleen had on every single person that she met.”

In addition to raising funds, the tournament celebrated Kathleen’s resilience and charismatic spirit. Kathleen, the youngest of four siblings, grew up in Danville and was a graduate of Bloomsburg University and a member of Service 1st. Kathleen died in January 2020 at the age of 29 after battling ACC.

John also shared Kathleen’s message, “Abnormal symptoms in your body are not something you should ignore. Seeing a doctor right away is worth your time. Following up on your health can change your life. Be proactive and make your health your top priority. Please share this message with your loved ones, because you never know… you could end up saving their life.”

Over 108 volunteers and golfers participated in the inaugural golf outing.

ACC is a rare cancer affecting less than one per one million people in the United States per year.

All proceeds from the Tournament benefited the ACC Warriors Fund.

If you would like to make a donation, payments may be made via check to the ACC Warriors, and mailed to: ACC Warriors c/o The Deegans, 30 N Glenbrook Ave., Danville PA 17821. To learn more visit: https://www.kathleenhughes.org/acc-awareness.

For more information, contact Service 1st today at 800.562.6049 or visit www.service1.org.

CPWDC Rebrands to Advance Central PA

 The Central Pennsylvania Workforce Development Corporation (CPWDC), the local Workforce Development Board (WDB) for the Central Pennsylvania region, announced today that it has rebranded to Advance Central PA. The rebrand to Advance Central PA reflects a very positive, forward-thinking organization that expresses how the local Workforce Development Board works tirelessly to move the Central Pennsylvania region forward.

As the premiere workforce development resource for jobseekers and employers, Advance Central PA’s mission is to be the leading vehicle for regional unification, coordination, integration, and alignment of workforce activities, resources, and initiatives to support economic sustainability, improve education systems, and develop and retain a quality labor force.

“We are excited about the new name and the new resources that we will provide as Advance Central PA,” said Erica Mulberger, Executive Director. “Our new name and identity reflects our commitment to leading a market-driven workforce system that meets the needs of employers and workers, and helps Central Pennsylvanians prosper.”

Along with the name change, Advance Central PA released a new logo design and new website that echo the Workforce Development Board’s continued progress in cultivating emerging industries, supporting existing businesses, and enhancing the skills development of the Central Pennsylvania workforce while taking advantage of strategic opportunities provided by swift economic change.

Visit www.AdvanceCentralPA.org to explore the new website, brand, and logo design.

Public comment welcome on transportation priorities plan

Starting May 24 through June 22, those living or working in eight counties have the opportunity to comment on a draft plan thatcentra prioritizes transportation investments in the region from now until 2045.

The SEDA-Council of Governments (SEDA-COG) Metropolitan Planning Organization (MPO) has created the draft 2021-2045 Long-Range Transportation Plan on behalf of its eight member counties: Clinton, Columbia, Juniata, Mifflin, Montour, Northumberland, Snyder, and Union.

Through SEDA-COG, counties and municipalities in central Pennsylvania have a voice in the state’s transportation plans. Working together with SEDA-COG, groups and individuals representing local government, the business community, and non-profit organizations help to establish the region’s transportation priorities.

There will be a special opportunity to comment and ask questions at a 1-hour virtual public meeting and information session starting at 7 p.m. on June 3.

The meeting can be joined via teleconference or videoconference using the following credentials:

Teleconference: 312-626-6799; Conference ID: 963 9794 1377
Videoconference: https://zoom.us/j/96397941377

If accommodations are needed for those with special needs related to language, sight, or hearing, please contact the SEDA-COG MPO at 570-524-4491 a minimum of five days prior to the scheduled meeting date to allow sufficient time to arrange accommodations. 

Those who want to submit comments may send them via email to lrtp@seda-cog.org; fax to 570-524-9190; submitted online through https://bit.ly/345O8UQ; or mailed or dropped off at SEDA-COG, 201 Furnace Road, Lewisburg, PA 17837 (in care of Don Kiel).

Comments must be received by 4 p.m. June 22 and must include the name and address of the individual submitting the comment(s) to be considered in the update process by the SEDA-COG MPO.

The SEDA-COG MPO will consider adoption of the plan at a public meeting at 9:30 a.m. June 25 via teleconference and videoconference.

An electronic version of the draft plan is available at http://bit.ly/sedalrtp. Hard copies of the document are also available for review during normal business hours at the SEDA-COG MPO office, and other locations throughout the MPO’s eight-county region. A listing of these locations and their addresses may be viewed at http://bit.ly/sedalrtp, or may be requested by email at lrtp@seda-cog.org or 570-524-4491.

As a community and economic development agency, SEDA-COG enhances the quality of life and economic advantage for residents and businesses in 11 central Pennsylvania counties through its vital partnerships and initiatives. SEDA-COG also is an advocate for the interests of communities at the state and federal levels. For more information, visit www.seda-cog.org.

From PA Chamber of Business & Industry

Last week, Pennsylvania became the first state to put limits on gubernatorial emergency powers in order to restore checks and balances between the branches of government.  In the wake of the COVID-19 pandemic, state legislatures across the country have been considering restricting the scope and reach of gubernatorial powers during states of emergency.

In a ballot referendum, voters approved two changes to the state’s constitution as it relates to a governor’s emergency powers.  The first measure gives the General Assembly the ability to end or extend an emergency disaster declaration by a simple majority vote. The second measure would limit emergency disaster declarations to 21 days, but would allow the General Assembly to approve an extension via a concurrent resolution.  Prior to these changes, governors could issue an emergency declaration for up to 90 days and extend it indefinitely and the General Assembly could only end a declaration by a 2/3 majority vote.

Over the past year, the Republican majorities in the House and Senate were often at loggerheads with Gov. Tom Wolf over his administration’s handling of the COVID-19 pandemic.  The administration’s mitigation efforts – including the business shutdown order and subsequent waiver process; targeted restrictions for the hospitality industry and closure of in-person schooling – had been heavily criticized by legislative Republicans, who also accused the governor of acting unilaterally and without sufficient consultation of legislative and local leaders.  After several attempts to circumvent the governor’s orders legislatively – which resulted in vetoes by the governor – the General Assembly moved forward with the proposed changes to the constitution.  In order to amend the state constitution, the exact same legislative language must be passed by the General Assembly in two consecutive legislative sessions before going before the voters in a ballot referendum. 

The PA Chamber had supported the constitutional amendments as a way to restore checks and balances to the emergency declaration process.  In addition, The Columbia Montour Chamber of Commerce Board of Directors had joined with groups across the state in encouraging people to vote yes.

The governor had strongly opposed the constitutional amendments, but acknowledged last week the majority of voters disagreed with him.

“There’s no question that I opposed this…But the voters have spoken, and Pennsylvania wants to change the rules. And I think it’s incumbent upon us to the best we possibly can to make those rules work,” he said in an interview with the Associated Press.

This past Thursday the governor renewed his COVID-19 emergency declaration for the fifth time, but said he was engaged in conversations with the legislative leaders on a path forward.

rabbittransit has initiated a new designated stop service for the counties of Union, Snyder, Montour, Columbia and Northumberland. There are designated stops along currently traveled routes for rabbittransit’s shared ride public transportation. The cost is only $2.00 per trip.

Designated stops travel along the following routes: Bloomsburg-Danville, Bloomsburg-Bloomsburg Walmart, Danville-Northumberland, Mifflinburg-Lewisburg, Orangeville-Berwick, the Selinsgrove area, Selinsgrove-Lewisburg, and Sunbury-Selinsgrove.

Riders are required to schedule an advance reservation to ride. Reservations must be made by 12:00 pm the business day prior to the date of travel. To schedule a reservation, call the rabbittransit Call Center at 1-800-632-9063.

More information can be found here.