SBA Re-Opens Paycheck Protection Program to Small Lenders on January 15 and All Lenders on January 19

The U.S. Small Business Administration, in consultation with the U.S. Treasury Department, re-opened the Paycheck Protection Program (PPP) loan portal to PPP-eligible lenders with $1 billion or less in assets for First and Second Draw applications on Friday, January 15, 2021.  The portal will fully open on Tuesday, January 19, 2021 to all participating PPP lenders to submit First and Second Draw loan applications to SBA.

Earlier in the week, SBA granted dedicated PPP access to Community Financial Institutions (CFIs) which include Community Development Financial Institutions (CDFIs), Minority Depository Institutions (MDIs), Certified Development Companies (CDCs), and Microloan Intermediaries as part of the agency’s ongoing efforts to reach underserved and minority small businesses.

On Friday, SBA continues its emphasis on reaching smaller lenders and businesses by opening to approximately 5,000 more lenders, including community banks, credit unions, and farm credit institutions.  Moreover, the agency also plans to have dedicated service hours for these smaller lenders after the portal fully re-opens next week.

“A second round of PPP could not have come at a better time, and the SBA is making every effort to ensure small businesses have the emergency financial support they need to continuing weathering this time of uncertainty,” said SBA Administrator Jovita Carranza. “SBA has worked expeditiously to ensure our policies and systems are re-launched so that this vital small business aid helps communities hardest hit by the pandemic. I strongly encourage America’s entrepreneurs needing financial assistance to apply for a First or Second Draw PPP loan.”

“We are pleased to have opened PPP loans to CDFIs, MDIs, CDCs, and Microloan Intermediaries.  The PPP is already providing America’s small businesses hardest hit by the pandemic with vital economic relief,” said Secretary of the Treasury Steven T. Mnuchin. “As the Program re-opens for all First and Second Draw borrowers next week, the PPP will allow small businesses to keep workers on payroll and connected to their health insurance.”

First Draw PPP Loans are for those borrowers who have not received a PPP loan before August 8, 2020. The first round of the PPP, which ran from March to August 2020, was a historic success helping 5.2 million small businesses keep 51 million American workers employed.  

Second Draw PPP Loans are for eligible small businesses with 300 employees or less, that previously received a First Draw PPP Loan and will use or have used the full amount only for authorized uses, and that can demonstrate at least a 25% reduction in gross receipts between comparable quarters in 2019 and 2020. The maximum amount of a Second Draw PPP loan is $2 million. 

Updated PPP Lender forms, guidance, and resources are available at and  

Member News- January 13, 2021


McKonly & Asbury Expands Leadership Team

McKonly & Asbury – a regional accounting and business advisory services firm – announced the addition of two new partners and a new principal to their leadership team. The firm’s dedication to provide superior, personalized service to their clients is a testament to their leadership. The partners and principals lead by example and are recognized experts in their areas of specialty, serving as their clients’ most trusted advisors.

David Hammarberg, CPA, CFE, CISSP, GSEC, MCSE, CISA – Partner
David joined McKonly & Asbury in 2000 and has been an integral part of the firm for over 20 years, serving clients in a variety of information technology and accounting capacities. His expertise and service focus areas include SOC for Service Organizations, SOC for Cybersecurity, forensic accounting, internal controls and security testing, data extraction, and improved efficiency through the application of technology.

David’s specialized IT experience not only serves their clients, but the team as well. He has maintained advanced certifications and has experience with various server operating systems including server 2016 and server 2019; VMware, Microsoft Exchange, and enterprise accounting systems; as well as core networking experience at the switch and router level. He also supports the firm’s remote access capabilities using Citrix and VPN.

Jim Shellenberger, CPA – Partner
Jim is a key leader of the firm’s Audit & Assurance segment. He joined McKonly & Asbury in 2002 and has nearly 20 years of public accounting experience, leading many of the firm’s core audit and attest engagements. Jim serves clients in a variety of industries, focusing primarily on nonprofit and affordable housing organizations.

Jim provides technical expertise on audit and accounting standards; with a concentration on the requirements of Government Auditing Standards (Yellow Book) and the Uniform Guidance, to his clients and to the firm; and is a frequent instructor on these and other related technical and leadership topics. He also performs external peer reviews for accounting firms around the country.

Charles Eisenhart, CPA – Principal
Charlie has been with McKonly & Asbury since 2015, and over the past 5 years has specialized in providing tax compliance and consulting services for our clients, including corporations, partnerships, trusts, and individuals.

Since joining the firm, Charlie has more narrowly focused his expertise to serve individual and trust tax clients. He has taken on a leadership role in managing the individual and trust tax practice and works with the entire tax team on continually serving clients by maintaining tax compliance while identifying and acting on tax planning opportunities. Charlie is also in the process of studying to become a Certified Estate and Trust Specialist.

McKonly & Asbury’s newest partners and principal represent the firm’s Advisory & Business Consulting, Audit & Assurance, and Tax segments and provide strong leadership and expertise across the firm’s industry practices and service lines. McKonly & Asbury Managing Partner, Michael Hoffner, commented, “It is with great excitement that we welcome Dave and Jim as new Partners and recognize Charlie as a new Principal at McKonly & Asbury. Each of these individuals has demonstrated an unwavering commitment to serving their clients and supporting their colleagues, and the marketplace is better because of what they do. We’ve seen over the course of the last year how critical our profession is in times of economic crisis, and as we turn the page to 2021, we are optimistic about what the future holds for our firm and our entire team!”

Apprenticeship Program Coming to Area

Boulder Landscape, LLC based out of Berwick, PA will be offering a new U.S. Department of Labor Registered Apprenticeship Program. Apprentices for the Landscape Management Apprenticeship Program, administered by Tyler Bloom Consulting, will receive over 2,000 hours of on-the-job training and additional professional development offerings, providing the equivalent of a college-level education at no charge. The apprenticeship program covers mastery of landscape maintenance, installation, design/build, hardscaping and turf management.  Contact Boulder Landscape for more information. 

The Zoo Comes to You!

The Peaceable Kingdom Zoo will be at the Bloomsburg Children’s Museum presenting an educational, interactive zoo experience with live animals. TICKETS ARE REQUIRED. Registration can be found here

Due to the Pennsylvania Department of Health guidelines, tickets will be sold in advance to the Zoo Comes To You event on Sunday, February 14th. There will only be a limited number of tickets sold. TICKET ARE REQUIRED FOR ENTRY, EVEN FOR MUSEUM MEMBERS.


Make Employees Your First Line of Cybersecurity Defense

From InnoTek Computer Consulting, Inc.

For any organization, its employees are its biggest assets. But what happens when your biggest assets turn out to be your greatest threats or liabilities? That is how cybercrime can change the game. In a recent study, it came to light that employee actions account for about 70% of the data breaches. This article offers advice on what organizations can do to better prepare employees to identify and mitigate cyber threats.

A top-down approach to IT security
First things first–change your organizational mindset. IT security is not ONLY your IT department, chief technology officer, or Managed Service Provider’s (MSP) responsibility. You need to truly believe that IT security is everyone’s business, and that includes everybody working in your company, from the C-level execs to the newly hired intern. Everybody needs to understand the gravity of a cyberattack and its impact. Only then, will they take cybersecurity seriously.

The next step is to formulate IT policies and lay down the best practices for your staff to follow. Ideally, your IT policy should cover the following:


  1. Rules regarding password setting
  2. Password best practices
  3. The implications of password sharing
  4. Corrective actions that will be taken in the event the password policy is not followed

Personal devices

  1. Rules regarding the usage of personal devices at work or for work purposes. Answer questions like a. Are all employees allowed to use personal devices for work or do you want to limit it to those handling lesser sensitive data, or to those higher in the corporate hierarchy as you assume they will need to be available 24/7? Regardless, you should spell out the regulations that they must follow. For example, requiring a weekly or monthly check for malware and updates to anti-malware software, etc., If only certain kinds of devices, software or operating systems may be approved as they are presumed to be more secure, then that should be addressed in the policy
  2. Discuss best practices and educate your employees on the risks related to connecting to open internet connections (Free WiFi) such as the ones offered at malls or airports.

Cybersecurity measures

  1. Document the cybersecurity measures that you have in place for your business. This should include your digital measures such as the software you have deployed to keep malware out–like anti-virus tools, firewalls, etc., and also the physical measures such as surveillance systems, biometric access controls, etc.,
  2. Another example of a good practice is how you handle employee turnover. When someone quits your organization or has changed positions, how is the access issue addressed? Spell out the rules and regulations regarding the removal of a user from the network, changing passwords, limiting access, etc.,

 Employee Training
Employee training will form a big part of the cybersecurity initiative that you will take on as an organization. You need to train your employees to identify and respond correctly to cyberthreats. Here are some employee training best practices that you can make a part of your cybersecurity training program.

Create an IT policy handbook
Make sure you have a handbook of your IT policy that you share with every new employee, regardless of their position in the company. This IT policy handbook must be provided to everyone-right from the CEO to the newest intern in your organization. Also, ensure this handbook is consistently updated. IT is evolving at great speed and your handbook must keep up.

Make cybersecurity training a part of your official training initiatives
Cybersecurity training should be a part of your corporate training initiatives for all new employees. You can also conduct refresher sessions once in a while to ensure your existing employees are up-to-date on the latest cyberthreats. At the end of the training session, conduct tests, mock drills, certification exams. Good training includes assessment. Provide follow up training for those who need it. This strong emphasis on training will ensure your employees take cybersecurity seriously.

Day zero alerts
As discussed, the cybercrime landscape is constantly evolving. Every day, cybercriminals are finding new vulnerabilities to exploit, and new methods to steal your data or to hack into your system. Day zero alerts are a great way to keep your employees updated. Has a new security threat been discovered or an important plug-in released for the optimal functioning of a browser? Send an email to everyone spelling out clearly what the threat is and what they can do to mitigate it. Then, follow up to verify they took the necessary steps.

Let your employees know who to contact in the event of any IT related challenges. This is important because someone troubleshooting on the internet for a solution to something as simple as a zipping up a file could end up downloading malware accidentally.

Being a victim of cyber-attack can prove disastrous for your business as it has the following repercussions.

  • Affects your brand image negatively: Business disruption due to downtime or having your important business data including customer and vendor details stolen reflects poorly on your brand.
  • It can cause you to lose customers: Your customers may take their business elsewhere as they may not feel safe sharing their Personally Identifiable Information (PII) with you.
  • Can cost you quite a bit financially: Data breach makes you liable to follow certain disclosure requirements mandated by the law. These most likely require you to make announcements on popular media, which can prove expensive. Plus, you will also have to invest in positive PR to boost your brand value.
  • It makes you vulnerable to lawsuits: You could be sued by customers whose PII has been compromised or stolen.

In light of such serious ramifications, it makes sense for organizations to strengthen their first line of defense against cybercriminals–their own employees.

PA Department of Health Releases Updated COVID-19 Interim Vaccination Plan

After receiving additional prioritization recommendations from the Centers for Disease Control’s Advisory Committee on Immunization Practices, the Pennsylvania Department of Health released an updated COVID-19 Interim Vaccination Plan on Friday, January 8, 2021, that reflects those additional federal recommendations. 

Below is a summary from the Wolf Administration of the updated Phases 1A, 1B, 1C (which is new) and Phase 2.  Full details, including all CDC-designated essential industry categories, are listed in the plan itself, which is available here.

Phase 1A remains centered on healthcare workers as defined by ACIP as paid and unpaid persons serving in health care settings who have the potential for direct or indirect exposure to patients or infectious materials.  These include, but are not limited toemergency medical service personnel, nurses, nursing assistants, physicians, dentists, dental hygienists, technicians, chiropractors, therapists, phlebotomists, pharmacists, health professions students and trainees, direct support professionals, clinical personnel in school settings or correctional facilities, contractual HCP not directly employed by the health care facility, and other persons when working in health care settings, such as regulatory staff who perform on-site assessments in hospitals and 1A long-term care facilities, long-term care ombudsmen, Older Adult Protective Services, Adult Protective Services, and Child Protective Services staff that are required to do on-site assessments in hospitals and 1A long-term care facilities, and volunteer personnel not directly involved in patient care but potentially exposed to infectious material that can transmit disease among or from health care personnel and patients.

Phase 1B now includes all adults aged 75 and older, residents of non-1A congregate care facilities, and additional front-line essential workers, defined by CDC as “essential workers who perform duties across critical infrastructure sectors and maintain the services and functions that U.S. residents depend on daily and likely at highest risk for work-related exposure to SARS-CoV-2, the virus that causes COVID-19, because their work-related duties must be performed on-site and involve being in close proximity (<6 feet) to the public or to coworkers”.  These include, but are not limited to, law enforcement, fire/rescue personnel, PA National Guard not included in 1A, emergency services personnel, corrections officers and other staff of non-1A congregate care settings, public transit workers, grocery store workers, education workers, manufacturing workers, and childcare workers.

Phase 1C has been newly created to include adults aged 65-74, adults 18-64 with a serious underlying condition that puts them at increased risk if they contract COVID-19, and essential workers in critical industries not covered under 1B.  Per ACIP guidance, these industries include, but are not limited to, water and wastewater, finance, information technology, energy, food service, and federal/state/county/local government. As with Phase 1B, CDC defines essential workers as those “who perform duties across critical infrastructure sectors and maintain the services and functions that U.S. residents depend on daily and are likely at highest risk for work-related exposure to SARS-CoV-2, the virus that causes COVID-19, because their work-related duties must be performed on-site and involve being in close proximity (<6 feet) to the public or to coworkers.”

Phase 2: On December 22, 2020, the CDC adopted the recommendations of the ACIP to vaccinate any individual over the age of 16 who agrees and does not have a contraindication for vaccine. Note that at this time, only the Pfizer-BioNTech product is approved for those ages 16 and 17. 

According to the Department of Health:
The DOH’s goals while the vaccine supply remains limited are to maximize benefits and minimize harms caused by the virus, promote justice, mitigate health inequities, and promote transparency and prioritize populations accordingly.  DOH continues to receive feedback on this plan regarding prioritization, and the CDC indicates an intention to publish additional information on essential workers.  DOH will review and incorporate as necessary into future versions of the plan. 


Guidance on New Paycheck Protection Program Announced

The U.S. Small Business Administration and U.S. Treasury Department have provided guidance on the re-opening of the Paycheck Protection Program (PPP) for small businesses. Member accounting firm McKonly & Asbury provides updated details of the program. The Chamber will be partnering with McKonly & Asbury on a webinar to help members understand this and other relief programs this month.

PPP First Draw Loans

For the most part, the rules for PPP First Draws Loans have not changed. The requirements around applying for loans, maximum loan amount, use of the funds (minimum 60% payroll and maximum 40% other eligible costs), covered periods and the forgiveness factors remain relatively unchanged. However, there are a few key adjustments that the Economic Aid Act incorporate into the program that further assist those business that either a.) Have not applied for a loan and would like to; b.) Are applying for forgiveness of the PPP First Draw Loan; or c.) Would like to apply for a PPP Second Draw loan.

Key Changes for PPP First Draw Loans

  • Period to apply for a PPP First Draw Loan is extended to March 31, 2021
  • New borrowers may calculate maximum loan amount using 2019 or 2020 payroll data
  • Eligibility has been extended to:
    • Section 501(c)(6) and destination marketing organizations.
      • Not more than 300 employees
      • Lobbying activities do not comprise more than 15% of activities
      • Cost of lobbying did not exceed $1 million in most recent tax year that ended prior to February 15, 2020
    • News organizations that are majority owned and controlled by a NAICS code of 511110 or 5151 business/non-profit and employ no more than 500 employees per location
  • Acceptable use of funds now includes:
    • Operations expenditures – Cloud computing services, human resources, payroll functions and accounting related functions for sales, billing, tracking supplies, inventory, records and expenses.
    • Property damage costs due to vandalism or looting from public disturbances in 2020 not covered by insurance.
    • Supplier costs for essential operations, pursuant to a contract in effect at any time before the covered period of the loan or with respect to perishable goods.
    • Worker protection expenditures incurred beginning March 1, 2020, to the end date of the current National Emergency.
  • Expanded guidance for seasonal employers
    • Expands definition of eligible seasonal business that was dormant or not fully operating on February 15, 2020, to allow for PPP First Draw Loan eligibility to calculate their maximum loan amount on any 12-week period between February 15, 2019, and February 15, 2020.
    • Defines a seasonal employer as a business that does not operate for more than 7 months in a calendar year and had gross receipts for any 6 months of that year that were not more than 33.33 percent of the gross receipts for the other 6 months of that same year.
  • Use of “Alternative Covered Period” has been eliminated
  • Loan requests for less than $150,000 will not require submissions of documentation at time of application
  • Economic Injury Disaster Loan (EIDL) advances will no longer be deducted from the borrower’s forgiveness amount
  • Loans received before December 27, 2020 can be revised to receive increased amounts due to changes from the Economic Aid Act. Requirements would be:
    • If the borrower returned all of a PPP loan, the borrower may reapply for a PPP loan in an amount the borrower is eligible for under current PPP rules.
    • If a borrower returned part of a PPP loan, the borrower may reapply for an amount equal to the difference between the amount retained and the amount previously approved.
    • If the borrower did not accept the full amount of a PPP loan for which it was approved, the borrower may request an increase in the amount of the PPP loan up to the amount previously approved.
    • All increase requests must be submitted on or before March 31, 2021.

PPP Second Draw Loans

PPP Second Draw Loans (PPP2) give businesses that took a PPP First Draw Loan a second bite at the apple. For the most part, the terms, conditions, and requirements of a PPP2 loan are the same as those outlined for a PPP First Draw Loan. The PPP2 loans also include all of the new legislative changes, as outlined above, from the PPP First Draw loans. While many of the requirements around the use of the funds, covered periods and forgiveness matters are the same, there are a few nuances to PPP2. 

Key Changes and Requirements of PPP2

  • Eligible business with 300 or fewer employees
  • Experienced a revenue reduction of 25% in 2020 relative to 2019
  • PPP2 loans may only be made to an eligible borrower that
    • Has received a First Draw PPP Loan
    • Has used, or will use, the full amount of the First Draw PPP Loan on or before the expected date which the Second Draw PPP Loan is disbursed to the borrower
    • Full amount is defined as the PPP First Draw Loan and any increases to such loan
  • Loan amount is equal to the lesser of two-and-a-half months of the borrowers average monthly payroll costs or $2 million
    • For borrowers assigned a NAICS code beginning with 72 at the time of disbursement, the Economic Aid Act provides that the maximum loan amount is equal to three-and-a-half (3.5) months of payroll costs
  • PPP2 Loan is calculated using either the twelve-month period (calendar year 2020) prior to when the loan is made or calendar year 2019

Revenue Reduction Requirement

One of the key features to qualification for this loan is that an eligible business must prove a revenue reduction of 25% or greater in 2020 relative to 2019. The borrowers must calculate this revenue reduction by comparing the borrower’s quarterly gross receipts for one quarter in 2020 with the borrower’s gross receipts for the corresponding quarter of 2019. There are other general requirements for businesses that were not in business for all quarters in 2020 or 2019. For more clarity on that please feel free to reach out to McKonly & Asbury.

The IFR provides a little caveat for simplicity that states that a borrower that was in operation in all four quarters of 2019 is deemed to have experienced the required revenue reduction if it experienced a reduction in annual receipts of 25 percent or greater in 2020 compared to 2019 and the borrower submits copies of its annual tax forms substantiating the revenue decline. This provision will allow a borrower to provide annual tax return forms to substantiate its revenue reduction.

SBA’s Definition of Gross Receipts

The IFR generally defines gross receipts to include all revenue in whatever form received or accrued (in accordance with the entity’s accounting method) from whatever source, including from:

  • Sales of products or services
  • Interest, dividends and investment income
  • Rents, royalties, fees, or commissions, reduced by returns and allowances

Other items such as subcontractor costs, reimbursements for purchases a contractor makes at a customer’s request, and employee-based costs such as payroll taxes are included in gross receipts.

Generally, receipts are considered “total income” (or in the case of a sole proprietorship, independent contractor, or self-employed individual “gross income”) plus “cost of goods sold,” and excludes net capital gains or losses as these terms are defined and reported on IRS tax return forms.

Gross receipts do not include:

  • Taxes collected for and remitted to a taxing authority if included in gross or total income (such as sales or other taxes collected from customers and excluding taxes levied on the concern or its employees)
  • Proceeds from transactions between a concern and its domestic or foreign affiliates
  • Amounts collected for another by:
    • Travel agent
    • Real estate agent
    • Advertising agent
    • Conference management service provider
    • Freight forwarder or customs broker
  • First Draw PPP Loans

Loan Documentation Requirements

The documentation required to substantiate an applicant’s payroll cost calculations is generally the same as documentation required for First Draw PPP Loans. However, no additional documentation to substantiate payroll costs will be required if the applicant (i) used calendar year 2019 figures to determine its First Draw PPP Loan amount, (ii) used calendar year 2019 figures to determine its Second Draw PPP Loan amount (instead of calendar year 2020), and (iii) the lender for the applicant’s Second Draw PPP Loan is the same as the lender that made the applicant’s First Draw PPP Loan.

For loans with a principal amount greater than $150,000:

  • The applicant must also submit documentation adequate to establish that the applicant experienced a revenue reduction of 25% or greater in 2020 relative to 2019
  • Documentation may include relevant tax forms, including annual tax forms, or, if relevant tax forms are not available, quarterly financial statements or bank statements.

For loans with a principal amount of $150,000 or less:

  • Documentation is not required at the time the borrower submits its application for a loan
  • Documentation must be submitted on or before the date the borrower applies for loan forgiveness.

What to Do Now

Some banks have already opened up portals for submissions of information for continued First Round PPP loans or PPP2 loans. The easiest option would be to do a PPP2 loan with the same bank or lender that you worked with in the first round based upon the documentation and qualification requirements. For those that are now considering a first round loan, be prepared with the needed documentation as outlined above for calculating the loan.

Contact McKonly & Asbury’s COVID-19 team at [email protected] with any questions you may have.