State Revenue Collections Strong Heading into Last Month of Fiscal Year

From PA Chamber of Business & Industry

With less than one month remaining in the state’s 2020-21 Fiscal Year and negotiations on the upcoming year’s budget beginning in earnest, the Commonwealth continues a strong fiscal showing. May’s revenue collections totaled $3.9 billion – representing a staggering 65.4 percent increase over official estimates.

Last month, the state’s Independent Fiscal Office forecasted the Commonwealth would finish the fiscal year with a $3.16 billion revenue surplus. The state is on track to realize that number with revenue collections to date totaling $36.6 billion, or $2.9 billion over estimates.

The higher than anticipated revenues come as welcome news for state government officials. With the fiscal year nearing an end, June historically marks a period of intense negotiations over the upcoming year’s state budget. Adding another dynamic to budgetary discussions is the influx of more than $7 billion in federal stimulus aid.

While strong revenues help to alleviate pressures on the General Fund brought forth by the COVID-19 pandemic, there are still several areas of disagreement between the Wolf administration and Republican majorities in the General Assembly – including the final spend number and the allocation of the stimulus dollars.

Lawmakers on both sides of the aisle have expressed interest and optimism in finalizing the 2021-22 budget plan well ahead of the June 30 constitutional deadline.

State System Hosting Public Hearings on Integration Plans

Pennsylvania’s State System of Higher Education is hosting public hearings in June to review the proposed integration of six universities into two institutions, doubling the number of opportunities the public has to directly voice their feedback.

The virtual hearings are part of a transparent, consultative process outlined in state law that has guided the System toward its goal of expanding student opportunities through integrations. The proposed plans would create two combinations of three co-equal campuses: California-Clarion-Edinboro universities in the western region and Bloomsburg-Lock Haven-Mansfield in the northeast.

“Feedback from the public is an integral part of our efforts to creatively reimagine the structure of public higher education in a way that expands student opportunities, supports their success, and sets these campuses for sustainability deeper into the 21st century,” Board chair Cindy Shapira said. “The hearings are not only part of the process outlined in state law, they are also the right thing to do because these efforts are in support of public higher education in the Commonwealth.”

The hearing schedule will be:

• June 9, 8-9:30 a.m. (western plan)
• June 9, 4:30-6 p.m. (western plan)
• June 10, 8-4:30 a.m. (northeastern plan)
• June 10, 4:30-6 p.m. (northeastern plan)

Each hearing will include brief presentations by system leaders as well as opportunity for the public to voice their feedback on the proposed integrations. The public can view the hearings, participate, or submit comments here.

“By hosting morning and late-afternoon hearings, the public will have greater opportunity and choice for when they would like to participate,” Chancellor Dan Greenstein said. “We made a commitment when this journey began almost a year ago to be consultative and transparent because we are doing nothing less than reimagining how public higher education is delivered in Pennsylvania. This is historic. This can profoundly support students by giving them access to academic programming and other activities across three campuses, more than a single campus can offer. And if successful it will mean serving these regional economies deeper into the 21st century by maintaining and expanding quality, affordable higher education.”

The process involves organizing public comments submitted through email and other means by subject matter and their potential as actionable items. The comments are reviewed and evaluated daily by subject matter experts at the System.

“We’re committed to documenting and showing any improvements to the integrations plans based on public comment before final plans are presented to the Board for their consideration,” Greenstein said. “Transparency is key to the success of integrations. So too is the involvement of stakeholders from the grassroots all the way to university and System leadership. We are the public’s higher education system, and as such, we’re committed to continuing to be consultative and transparent to stakeholders across the Commonwealth.”

Integrations are possible through Act 50 of 2020, legislation passed by near-unanimous vote in the General Assembly and signed by Gov. Tom Wolf. It proposes at both California-Clarion-Edinboro and Bloomsburg-Lock Haven-Mansfield single leadership teams, faculty cohorts, enrollment management, and budgets while opening academic program at the co-equal campuses to all students. It also places priority on maintaining unique identities and experiences at the six campuses and, while maintaining traditional residential education experiences, expanding into potential growth areas – non-degree credential and non-credential upskilling programs in the northeast and affordable, Pennsylvania-based fully online programming in the west.

Chamber’s Business Insurance Program Declares Dividend

The Columbia Montour Chamber of Commerce and Chambers of Commerce Service Corporation (CCSC) are pleased to announce that Penn National Insurance has declared a 5% dividend for the ChamberChoice Business Insurance program. Members who placed their insurance coverage with Penn National Insurance during the 2019/2020 program year and remained active Chamber members and policyholders through the end of the program year will receive a dividend check during the month of June. This year’s dividend totaled over $1.3 million. Since the program’s inception, total dividends returned to business communities throughout Pennsylvania nears $11.1 million.

The ChamberChoice Business Insurance program is just one of many benefits of that CCSC offers Chamber members. The partnership between Penn National Insurance and CCSC was designed to provide a value-added membership benefit. An important aspect of this group insurance program is preventing loss and controlling claims costs. Because dividends are based on the group’s collective loss experience, a business that may have had a significant loss may still be eligible to receive a dividend.

The program is sold exclusively through local, independent agents who can offer chamber members a variety of coverages and pricing on property and casualty insurance, including businessowners, commercial auto, property, general liability, inland marine and workers’ compensation. Dividends are paid on all of these coverages. In addition, through safety consulting, Penn National Insurance and local independent insurance agencies encourage member businesses to develop safety practices to substantially reduce or eliminate workplace injuries.

For more information, including a list of member agents, click here.

Welcome Montour Solar One

More than 430 businesses and organizations belong to the Chamber to receive benefits and support efforts to strengthen their businesses and the region. Increased membership allows the Chamber to offer additional programs and benefits, have a stronger voice in advocacy and be involved in more activities and initiatives. The Chamber welcomes Montour Solar One.

Montour Solar One is a joint venture project between Pattern Energy and Talen Energy, which will provide cost-effective renewable energy to the region. The project, located on land owned by Talen Energy, will utilize undeveloped land adjacent to Talen’s Montour Steam Electric Station.  Using undeveloped land, the solar farm will generate ~100 MW of installed solar energy generating capacity, enough to power 20,000 homes per year.

For more information on Montour Solar One visit its website, Facebook page or call 570-218-5868.

Cybersecurity and Employee Benefit Plans

From McKonly & Asbury

In recent years, employee benefit plans (EBPs) and their service providers have fallen victim to cyber schemes to steal participant data, make fraudulent transfers of participant assets (through direct transfers and fraudulent plan loans), and carry out ransomware attacks. Why are EBPs so vulnerable to this type of cyber activity? Here are a few of the most compelling reasons:

  • EBPs operate in a highly electronic environment. Electronic benefit plan information includes large amounts of sensitive employee information that is shared with multiple third parties, including outsourced service organizations that also maintain and electronically share sensitive employee and asset information.
  • EBPs often fall outside the scope of a sponsor organization’s cybersecurity planning with regard to ongoing business activities.
  • Unlike other businesses that handle personal information, EBPs are not regulated for cybersecurity purposes.
  • Plan sponsors and administrators may be under the false impression that anti-virus and anti-spam software adequately protect them from these risks.
  • Plan sponsors and administrators may believe that their service organization SOC 1 reports address cyber risks at the service organization when, in reality, they do not.

How Plan Fiduciaries Can Protect Plan Information from Cyberattacks and Respond to Data Breaches

In the EBP world, it is common knowledge that ERISA requires benefit plan sponsors and other fiduciaries to administer their plans for the exclusive benefit of plan participants and beneficiaries, and with the “care, skill, prudence, and diligence under the circumstances that a prudent person acting in a like capacity and familiar with such matters would use.” However, plan fiduciaries also have a duty with respect to the management of the plan – and this includes implementing processes and controls to restrict access to a plan’s systems, applications, and data (including third-party records and other sensitive information). Plan sponsors must also understand how their service providers store and protect the participant data they handle. According to the DOL ERISA Advisory Council Report, Cybersecurity Considerations for Benefit Plans, if (or when) a cybersecurity breach occurs, plan sponsors should have a plan in place for addressing the breach. Specifically:

  • The plan should establish procedures for how the sponsor and its service providers will communicate with plan participants who may be worried about the breach and protecting their data.
  • Sponsors should have a process for determining how a breach will be corrected and what remedies will be used.
  • Sponsors should document both their overall process for responding to cybersecurity breaches and any steps they take in correcting an actual breach. This documentation will help show that they acted prudently in the face of the breach.
  • Sponsors should vet their service providers and negotiate contract provisions to lower or mitigate the costs of correcting a possible cyberattack on a plan.
  • Sponsors should review and understand the limitations of their business insurance coverage, and consider cyber insurance to address possible coverage gaps.

Additional Cybersecurity Considerations When a Third-party Service Provider is Used

Many plan sponsors use third-party service providers such as plan administrators, actuaries, auditors, trustees, insurers and consultants for plan management and administration. These providers regularly collect and maintain sensitive employee data, such as SSNs, addresses, dates of birth, account balance information, beneficiary information, and bank account details in order to deliver their services. Some service providers also maintain systems that allow employees to initiate transactions online, such as obtaining loans and/or account withdrawals. Given this, a cybersecurity breach within a service provider could result in participants’ identities, personal information, or plan assets being compromised. Plan sponsors should have discussions with the plan’s third-party service providers regarding policies and procedures relating to data security, including passwords, use of social media, document retention, internet privacy, and other relevant issues. Plan sponsors should also understand the providers’ procedures for breach notification, including any obligations they may have to notify participants or governmental authorities. This information can be obtained through discussions with those providers and by reviewing the service provider agreements.

Does a SOC 1 Report Address a Plan’s Internal Control over Cybersecurity Controls and Risk?

For plans that utilize service organizations for most (or all) of their electronic records and investment transactions, a common misconception may be that those plans have relatively little cybersecurity risk if the service organization’s SOC 1 report identifies no issues. However, a SOC 1 report addresses only a plan’s internal control over financial reporting; it does not address broader entity cybersecurity controls and risk. A SOC 2 report, on the other hand, specifically addresses the cybersecurity controls and risks in the system used by the service organization to provide such services to the plan. The report may also address controls relevant to the service organization’s ability to maintain the confidentiality or privacy of the information processed by the system. As such, a SOC 2 report can help plan management assess and manage risks associated with outsourcing a function to a service organization by providing information about the effectiveness of controls at the service organization and how those controls integrate with the plan’s controls.

Effective Practices and Policies to Protect Against Cyberattacks

To help plans address their cybersecurity risks, the DOL Advisory Council Cybersecurity Report (discussed above) included information for plan sponsors and fiduciaries to utilize when developing a cybersecurity strategy and program. The report identified four major areas that sponsors and fiduciaries should focus on:

  1. Data management – Protect and control data
  2. Technology management – Maintain up-to-date technology
  3. Service provider management – Perform due diligence on plan data security of service providers
  4. People issues – Properly train and manage personnel

The report also includes information for plan sponsors to assist them in establishing a cybersecurity strategy for employee benefit plans and contracting with service providers, as well as a list of resources for plan sponsors and service providers that addresses considerations for managing EBP cybersecurity risks. We encourage you to review the report and use it to strengthen your organization’s cybersecurity practices, particularly as they relate to your EBPs.

You can learn more about Employee Benefit Plan services by visiting our website and don’t hesitate to contact Dan Sturm, Partner & Director of ERISA Services at [email protected].