Chrisley, Other Felony Tax Prosecutions Highlight Growing Tax Criminal Prosecution Risks


Businesses, their owners, management and tax adviser and others using or contemplating using aggressive federal income, employment or other tax practices should heed the warning sent by the recent grand jury indictment and continuing Justice Department prosecution of cable reality television show Chrisley Knows Best stars Todd and Julie Chrisley on multiple counts of conspiracy, bank fraud, wire fraud, and tax evasion and companion indictment and prosecution of the Chrisley’s accountant, Peter Tarantino, on tax-related offenses.

On August 13, 2019, the Justice Department announced the grand jury indictment of the Chrisley son charges of cheating taxpayers by actively evading paying federal taxes on the money they earned and defrauding a number of banks by fraudulently obtaining millions of dollars in loans.

While the indictment and prosecution of the high profile Chrisleys has dawn extensive media coverage, the expanding aggressiveness of the Internal Revenue Service and Justice Department to zealously investigate and prosecute individuals and businesses that cheat on their tax obligations and the growing number of individuals ordered imprisonment for their conviction on these charges.  Amid this aggressive enforcement climate, businesses or individual taxpayers, their management, operators, investors and advisors should think twice before using illegal or inappropriately aggressive tax minimization strategies or other practices that could violate federal corporate, income, employment or other tax laws.

Chrisley Charges & Prosecution

Among other things, the grand jury indictment charges the Chrisleys and their accountant, Peter Tarantino, of conspiring to defraud the IRS by failing to timely file income tax returns or pay income taxes for the 2013, 2014, 2015, and 2016 tax years.  Although Todd Chrisley publicly claimed on a 2017 national radio program “obviously the federal government likes my tax returns because I pay 750,000 to 1 million dollars just about every year so the federal government doesn’t have a problem with my taxes,” the Justice Department and IRS allege the Chrisleys did not file or pay tax returns for 2013, 2014, 2015, and 2016 but instead, with the aid of Tarantino, allegedly took steps to obstruct IRS collection efforts including hiding income, lying to third parties about their tax returns, and – in Tarantino’s case – lying to FBI and IRS-CI Special Agents.

In addition to the tax fraud charges, the indictment and related information presented in court by the Justice Department also charge Todd and Julie Chrisley with conspiring to defraud numerous banks by providing the banks with false information such as personal financial statements containing false information, and fabricated bank statements when applying for and receiving millions of dollars in loans from as early as 2007 to 2012..

After fraudulently obtaining these loans, the Justice Department says the Chrisleys allegedly used much of the proceeds for their own personal benefit.  In 2014, two years after the alleged bank fraud scheme ended, the Justice Department claims Todd and Julie Chrisley allegedly used fabricated bank statements and a fabricated credit report that had been physically cut and taped or glued together when applying for and obtaining a lease for a home in California.

Other Convictions & Sentencings Show Criminal Tax Prosecution A Real Risk For Overly Aggressive Taxpayers and Tax Advisors

In weighing their own exposure to federal tax prosecution, individual and business taxpayer, their investors, operators, owners, and tax advisors should resist the urge underappreciate their own risk by attributing the prosecution of the Chrisley’s to their celebrity status.  In fact, in announcing the Chrisley indictments, the Justice Department made a point of emphasizing that the Chrisley prosecution is part of a much larger and coordinated effort by the IRS and Department of Justice to aggressively find and crack down on individuals who try to conspire with others to hide their income and then lie to federal agents when confronted. In this respect, Thomas J. Holloman, III, Special Agent in Charge of the Atlanta Field Office, made a point of denying that the Chrisley prosecution was based upon their celebrity status, but rather raises from the IRS’ policy of “zero tolerance for individuals who attempt to shirk their tax responsibilities.”

An already lengthy and quickly mounting list of federal criminal tax prosecutions and prosecutions and convictions certainly lend credence to Holloman’s claim. See, See, e.g., Detroit Area Businessperson Pleads Guilty to Payroll Tax Crime (August 28, 2019);  Former Operators of Michigan Adult Foster Care Homes Sentenced for Income and Employment Tax Crimes (August 27, 2019);  Alabama Man Sentenced to Prison for Filing a False Tax Return (August 27, 2019);  North Carolina Office Manager Sentenced to Prison for Employment Tax Fraud (August 27, 2019); Former CPA Indicted for Failing to Report Foreign Bank Accounts and Filing False Documents with the IRS (August 27, 2019); Former CPA Indicted for Failing to Report Foreign Bank Accounts and Filing False Documents with the IRS (August 14, 2019;  Portland, Maine Tax Return Preparer Pleads Guilty to Preparing False Tax Return (August 13, 2019); Federal Court Shuts Down Palm Beach County, Florida Tax Return Preparers  (August 8, 2019);  Waco Tax Return Preparer Pleads Guilty to Conspiring to Defraud the United States  (August 5, 2019);  Justice Department Announces Resolution with LLB Verwaltung (Switzerland) AG  (August 2, 2019);  Michigan Woman Convicted of Obstructing The IRS  (July 26, 2019);  Brooklyn Business Owner Pleads Guilty in Employment Tax Scheme  (July 26, 2019);  Colorado Tax Defier Convicted Of Tax Evasion  (July 22, 2019);  Michigan Defendant Pleads Guilty to Conspiracy to Steal From an Organization Receiving Federal Funds  (July 22, 2019);  North Carolina Tax Return Preparer Pleads Guilty to Conspiracy to Defraud the IRS  (July 19, 2019);  Virginia Businessman Pleads Guilty to $5 Million Employment Tax Fraud and Illegal Firearm Possession  (July 19, 2019);  Justice Department Announces Addendum to Swiss Bank Program Category 2 Non-Prosecution Agreement with Banque Bonhôte & Cie SA  (July 19, 2019);  Texas Tax Return Preparer Sentenced to Prison in False Tax Return Scheme  (July 16, 2019);  Kansas City, Missouri, Woman Sentenced to Prison for Wire Fraud and Using Stolen Identities to File False Tax Returns  (July 16, 2019);  Federal Court Bars Florida Tax Return Preparer and Her Businesses From Preparing Tax Returns  (July 15, 2019);  Michigan Defendant Pleads Guilty to Conspiracy to Defraud the IRS and Steal From an Organization Receiving Federal Funds  (July 12, 2019);  Property Preservationist Pleads Guilty in $10 Million Dollar Fraud Scheme  (July 8, 2019);  Tulsa Man Pleads Guilty to Payroll Tax Fraud  (July 3, 2019);  Maryland Woman Pleads Guilty to Theft of Government Money and Aggravated Identity Theft  (July 2, 2019);  Engineering Firms’ CPA Sentenced to Prison for Role in Tax Scheme  (July 1, 2019);  North Carolina Tax Return Preparer Sentenced to Prison for Conspiring to File False Tax Returns

Take, for instance, the criminal employment tax fraud prosecution that lead a federal court on August 28, 2019 to sentence adult foster home owner/operator Jeremiah Cheff to 27 month in prison  and his wife Nicolette to two years’ probation.

On August 28, 2019, a federal judge sentenced adult foster home owner and operator Jeremiah Cheff to 27 months in prison, and Nicolette Cheff to two years of probation as punishment for employment tax fraud.  According to court documents and the evidence presented at trial, the Cheffs owned and controlled the financial and business operations of 16 foster care homes that cared for adults with mental illnesses and developmental and physical disabilities.  From September 2010 through September 2014, prosecutors charged the Cheffs withheld payroll taxes from employees’ paychecks, but failed to timely file payroll tax returns and pay over the withheld funds to the Internal Revenue Service (IRS).  Jeremiah Cheff also failed to file several individual income tax returns and, when the IRS attempted to collect unpaid payroll taxes, he sent the IRS a false financial instrument claiming to be worth $80,000 and falsely claimed to a revenue officer that he had paid the taxes due.

On April 11, 2017, Nicolette Cheff pleaded guilty to failing to file an Employer’s Quarterly Federal Tax Return and failing to file an Individual Income Tax Return.  On May 20, 2019, a jury found Jeremiah Cheff guilty of 60 counts of willfully failing to account for and pay over payroll taxes. He was also convicted of corruptly endeavoring to obstruct the IRS, and failing to timely file his 2013 through 2015 individual income tax returns. In addition to the term of imprisonment imposed, United States District Judge Linda V. Parker ordered Jeremiah Cheff to serve two years of probation and ordered both Cheffs to pay restitution in the amount of $199,647 to the IRS.

The Cheffs’ conviction and sentencing resulted from the aggressive investigations and prosecution of businesses and individuals illegally skirting tax liability for tax fraud and related crimes that the IRS and Justice Department that are resulting in an already lengthy and ever-growing list of tax fraud prosecutions and convictions.

Beyond their actual criminal sentencing and payment of restitution, the Cheffs and other business operators with criminal tax convictions or owned or employing others with those convictions can suffer disqualification or restriction of eligibility to serve as providers or contractors to federal and/or state programs and other business opportunities, employee and investor lawsuits, shame and other consequences..

In light of these and other prosecutions and convictions, individuals and businesses that have, are or are considering using, promoting, assisting or advising others, or doing business with others engaged in prohibited or aggressive employment, income or other tax practices, making false or misleading representations to avoid taxes or tax prosecution or engaging in other conduct prohibited by federal tax laws should think twice.  Beyond the potentially painful civil penalties and interests that generally arise from many tax law violations, such actions increasingly could result in criminal prosecution and conviction under the current IRS and Justice Department “zero tolerance” policy.  Tax advisors and preparers also are reminded of their own special heightened tax preparer liability exposure from advising or representing individuals or businesses involved in such actions. Parties who suspect they or someone they do business in has engaged in such practices should contact a qualified attorney admitted to and with extensive experience representing and defending clients in tax fraud and other tax violations before the IRS and Justice Department.  While the investigation and resolution of such concerns likely may require the use of accountants or other consultants, taxpayers and advisors are cautioned the highly sensitive legal nature of the investigations and discussions required to examine and address these issues make it highly advisable for all parties to ensure all communications and dealings are conducted to the extent possible pursuant to and in furtherance of an established legal representation by legal counsel experienced in the tax and other laws involved and within the scope of attorney client privilege.

About The Author

Cynthia Marcotte Stamer is a Martindale-Hubble “AV-Preeminent (Top 1%) rated practicing attorney and management consultant, health industry public policy advocate, widely published author and lecturer, recognized for her nearly 30 years’ of work with business and government clients and their leaders as a LexisNexis® Martindale-Hubbell® “LEGAL LEADER™ and “Top Rated Lawyer,” in Health Care Law and Labor and Employment Law; a D Magazine “Best Lawyers In Dallas” in the fields of “Health Care,” “Labor & Employment,” “Tax: Erisa & Employee Benefits” and “Business and Commercial Law,” a Fellow in the American Bar Foundation, the Texas Bar Foundation and the American College of Employee Benefit Counsel.

Board Certified in Labor and Employment Law by the Texas Board of Legal Specialization, Ms. Stamer serves as outside general counsel and special counsel advice, representation and other legal and operations services on a real-time “on demand,” special project and ongoing basis tailored to the needs of the domestic and multinational insurance, healthcare, energy, consulting, manufacturing and other clients on compliance, risk management and other performance and controls matters.

Best  recognized for her work on labor and employment, employee benefits and compensation, healthcare, insurance and risk management, technology and privacy and data security concerns, her experience encompasses work with management of a diverse array of clients and matters including domestic and multinational employers across many industries, health and other employee benefit plans, payroll, staffing, recruitment, technology, audit, training and coaching, consultin, and other outsourcing service providers, public and private health care providers, health and other insurers, banking and financial services, manufacturing, retail and other sales, hospitality, manufacturing, consulting, engineering bankruptcy, turnaround management restructuring and reengineering,  and other change management, technology and other vendors, nonprofit, government and others domestically and internationally.

Author of a multitude of highly-regarded works and training programs on published by BNA, the ABA and other premier legal and other industry publishers,  she also consults to and trains business and government and their leaders and speaks extensively about a wide range of general and special legal, business process and operations a and other concerns.

Beyond these involvements, Ms. Stamer also is active in the leadership of a broad range of other professional, charitable and civic organizations. Through these and other involvements, she provides hands on leadership, consulting and other support to develop and build solutions, build consensus, garner funding and other resources, manage compliance and other operations, and take other actions to identify promote tangible improvements in health care and other operations and policies.

For additional information about Ms. Stamer, see here or contact Ms. Stamer directly by e-mail here or by telephone at (469) 767-8872.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here.

©2019.  Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc. All other rights reserved.

Advertisements
Posted in bank secrecy act, Board of Directors, CEO, CFO, Compliance, D&O, Director Liability, Employee Benefits, FinCEN, management, Officers, Officers Liability, patriot act, Performance Management, Risk Management, Uncategorized, Workforce | Leave a comment

Rene Augustine Named DOJ Antitrust Division Acting Deputy Assistant Attorney General Responsible for International and Policy


Current Senior Counsel Rene Augustine will serve as Acting Deputy Assistant Attorney General responsible for the Department of Justice Antitrust Division’s international and policy matters. Makan Delrahim, Assistant Attorney General in charge of the Department’s Antitrust Division, announced today that Augustine will replace outgoing Deputy Assistant Attorney General Roger Alford, who will return to Notre Dame Law School as a tenured professor of law.

Augustine previously has served as Senior Counsel in the Antitrust Division’s Front Office, overseeing both the Competition Policy and Advocacy section, and the Media, Entertainment and Professional Services section.  She recently represented the Antitrust Division in Seoul, South Korea, alongside the Office of the U.S. Trade Representative (USTR) in the first-ever consultations on competition-related matters pursuant to the U.S. – Korea Free Trade Agreement. Augustine has served in all three branches of government and in the private sector. 

Before coming to the Antitrust Division at the Department of Justice, she was Special Assistant to the President and Senior Associate Counsel to the President.  She also served as Associate Counsel to the President in the George W. Bush Administration.  Previously, Augustine was Senior Counsel to the U.S. Senate Committee on the Judiciary, where she was responsible for Antitrust, Business Rights and Competition issues, and was a lead counsel to the Chairman on passage of legislation increasing the Hart-Scott-Rodino filing threshold and improving the second request process.  Augustine clerked for Judge John Hargrove of the U.S. District Court for the District of Maryland.  In the private sector, Augustine was an attorney at a national law firm, worked at the Neighborhood Legal Services Program, and was an adjunct faculty member at George Mason University Law School.Augustine earned her bachelor’s degree from Duke University and her J.D. from Vanderbilt University Law School, where she was an editor of the Vanderbilt Law Review, served on the Vanderbilt Moot Court Board, and graduated Order of the Coif.

About The Author

Cynthia Marcotte Stamer is a Martindale-Hubble “AV-Preeminent (Top 1%) rated practicing attorney and management consultant, health industry public policy advocate, widely published author and lecturer, recognized for her nearly 30 years’ of work with business and government clients and their leaders as a LexisNexis® Martindale-Hubbell® “LEGAL LEADER™ and “Top Rated Lawyer,” in Health Care Law and Labor and Employment Law; a D Magazine “Best Lawyers In Dallas” in the fields of “Health Care,” “Labor & Employment,” “Tax: Erisa & Employee Benefits” and “Business and Commercial Law,” a Fellow in the American Bar Foundation, the Texas Bar Foundation and the American College of Employee Benefit Counsel.Board Certified in Labor and Employment Law by the Texas Board of Legal Specialization, Ms. Stamer serves as outside general counsel and special counsel advice, representation and other legal and operations services on a real-time “on demand,” special project and ongoing basis tailored to the needs of the domestic and multinational insurance, healthcare, energy, consulting, manufacturing and other clients on compliance, risk management and other performance and controls matters.Best  recognized for her work on labor and employment, employee benefits and compensation, healthcare, insurance and risk management, technology and privacy and data security concerns, her experience encompasses work with management of a diverse array of clients and matters including domestic and multinational employers across many industries, health and other employee benefit plans, payroll, staffing, recruitment, technology, audit, training and coaching, consulting, and other outsourcing service providers, public and private health care providers, health and other insurers, banking and financial services, manufacturing, retail and other sales, hospitality, manufacturing, consulting, engineering bankruptcy, turnaround management restructuring and reengineering,  and other change management, technology and other vendors, nonprofit, government and others domestically and internationally.Author of a multitude of highly-regarded works and training programs on published by BNA, the ABA and other premier legal and other industry publishers,  she also consults to and trains business and government and their leaders and speaks extensively about a wide range of general and special legal, business process and operations a and other concerns.Beyond these involvements, Ms. Stamer also is active in the leadership of a broad range of other professional, charitable and civic organizations. Through these and other involvements, she provides hands on leadership, consulting and other support to develop and build solutions, build consensus, garner funding and other resources, manage compliance and other operations, and take other actions to identify promote tangible improvements in health care and other operations and policies.  For additional information about Ms. Stamer, see here or contact Ms. Stamer directly by e-mail here or by telephone at (214) 452-8297.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here.  ©2019  Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc. All other rights reserved.

Posted in bank secrecy act, Board of Directors, CEO, CFO, Compliance, D&O, Director Liability, Employee Benefits, FinCEN, management, Officers, Officers Liability, patriot act, Performance Management, Risk Management, Uncategorized, Workforce

$5.1 Million Zurich Life Tax Settlement Highlights International Reporting Noncompliance Risks


A $5.1 million Zurich Life Group international tax settlement agreement highlights the importance for US businesses involved in international transactions of verifying and maintaining compliance with U.S. transaction reporting and other federal tax, financial and other reporting and disclosure requirements.

Zurich Life Insurance Company Ltd (Zurich Life), headquartered in Zurich, Switzerland, and Zurich International Life Limited (Zurich International Life), headquartered in the Isle of Man (collectively Zurich) will pay a $5,115,000 penalty and implement other new procedures and controls under a tax non-prosecution agreement with the Department of Justice Tax Division.

According to the terms of the non-prosecution agreement, Zurich agrees to cooperate in any related criminal or civil proceedings, to implement controls to stop misconduct involving undeclared U.S. accounts, and to pay a penalty in return for the Department’s agreement not to prosecute the insurance providers for tax-related criminal offenses.

“The Tax Division remains steadfast in its goal of ending the use of offshore banking and insurance products when used to commit tax evasion,” said Principal Deputy Assistant Attorney General Zuckerman. “This resolution with Zurich should serve as a strong message to those who use offshore bank accounts and insurance products to evade taxation that the Department of Justice is committed to stopping such fraud.”

Zurich Life was founded in 1922 and operates in Switzerland as an insurance carrier offering life insurance and investment products. As of 2016, Zurich Life had approximately $21.3 billion in assets under management and over 300,000 policies in force. Zurich International Life is based in the Isle of Man and operates as an insurance carrier offering life insurance and investment products. Zurich International Life focuses its business on the international expatriate market. As of 2016, Zurich International Life had approximately $10.6 billion in assets under management and approximately 300,000 policies in force. Zurich Life and Zurich International Life are indirectly owned subsidiaries of Zurich Insurance Group Ltd, a Swiss holding company headquartered in Zurich, Switzerland.

From Jan. 1, 2008, through June 30, 2014, Zurich issued or had certain insurance policies and accounts of U.S. taxpayer customers, who used their policies to evade U.S. taxes and reporting requirements. In particular, Zurich had approximately 420 U.S. related policies, 127 with Zurich Life and 293 with Zurich International Life, with an aggregate maximum value of approximately $102 million, for which the U.S. taxpayer customers did not provide evidence that they had declared their policies to U.S. tax authorities.

To qualify for favorable tax treatment under the U.S. tax code, insurance must meet certain minimal requirements. The policies offered by Zurich Life and Zurich International Life did not meet these requirements. The increase of the principal in these policies was therefore subject to taxation, and the policies were required to be disclosed to the Internal Revenue Service (IRS) on FinCEN Form 114 Foreign Bank Account Report, commonly referred to as an FBAR. In issuing or having undeclared U.S. related policies, Zurich knew or should have known that they were helping U.S. taxpayers conceal from the IRS ownership of undeclared assets, maintained as insurance policies or accounts.

Zurich International Life, in particular, sold insurance products to U.S. taxpayers that were “unit linked,” meaning the cash surrender value and death benefit amount were linked to the value of specified investments. With such policies, the U.S. taxpayer had a suite of specialized investment options, allowing them to access potentially higher returns by taking on the market risk associated with the policies. Some of these unit-linked policies offered a base death benefit that was nearly equivalent to the cost of the policy itself, and in some instances was fully funded by transfers from offshore bank accounts. Upon redemption, the U.S. taxpayer would receive the premium amount plus any investment earnings on the policy less a very small percentage for putative risk and fees.

Despite knowing that some of these policies, which had minimal-to-no risk mitigation function and specialized investment options, were held by U.S. taxpayers, Zurich International Life failed to act appropriately to ensure timely compliance by the policyholders with U.S. tax laws. In at least one instance, uncovered during the course of Zurich Life’s internal review, a former U.S. citizen, who pled guilty to a federal fraud offense after purchasing a Zurich International Life policy, used that insurance policy to hide substantial assets, despite owing approximately $900,000 in restitution to his victims.

Following the commencement of the Department’s Swiss Bank Program, the Zurich Group initiated a global review of the life insurance, savings and pension business sold by all of its non-U.S. operating companies to identify policies or accounts with U.S. indicia. This review prompted an extensive customer outreach to current and former customers with a possible nexus to the United States to confirm the customers’ status as U.S. taxpayers, assess their compliance with applicable U.S. tax and reporting rules, and encourage participation in an IRS voluntary disclosure program.

In July 2015, Zurich contacted the Department to inform it of the initial findings of the self-review. Prior to the self-reporting, Zurich was neither a subject nor a target of any investigation being conducted by the Tax Division. Since this self-disclosure, Zurich has conducted a thorough investigation and reported substantial findings to the Tax Division, including dozens of detailed summaries of account information and comprehensive reports for the U.S. related policies.

In addition to these efforts, the Companies have worked closely with non-U.S. regulators to ensure full disclosure to the Department. For instance, in 2016, Zurich Life applied to the Swiss Federal Department of Finance and received approval to waive Article 271 of the Swiss Criminal Code, which restricted the disclosures that Zurich Life could make to the Department, thereby facilitating Zurich Life’s production of certain information that would have otherwise been prohibited.

Part of a wave of tax prosecutions undertaken by the Trump Administration’s Justice Department, the prosecution and settlement signals the need for insurers, financial and other businesses participating international transactions to verify and maintain compliance with financial reporting and other tax, financial and other reporting, disclosure and other requirements.

About The Author

Cynthia Marcotte Stamer is a Martindale-Hubble “AV-Preeminent (Top 1%) rated practicing attorney and management consultant, health industry public policy advocate, widely published author and lecturer, recognized for her nearly 30 years’ of work with business and government clients and their leaders as a LexisNexis® Martindale-Hubbell® “LEGAL LEADER™ and “Top Rated Lawyer,” in Health Care Law and Labor and Employment Law; a D Magazine “Best Lawyers In Dallas” in the fields of “Health Care,” “Labor & Employment,” “Tax: Erisa & Employee Benefits” and “Business and Commercial Law,” a Fellow in the American Bar Foundation, the Texas Bar Foundation and the American College of Employee Benefit Counsel.

Board Certified in Labor and Employment Law by the Texas Board of Legal Specialization, Ms. Stamer serves as outside general counsel and special counsel advice, representation and other legal and operations services on a real-time “on demand,” special project and ongoing basis tailored to the needs of the domestic and multinational insurance, healthcare, energy, consulting, manufacturing and other clients on compliance, risk management and other performance and controls matters.

Best  recognized for her work on labor and employment, employee benefits and compensation, healthcare, insurance and risk management, technology and privacy and data security concerns, her experience encompasses work with management of a diverse array of clients and matters including domestic and multinational employers across many industries, health and other employee benefit plans, payroll, staffing, recruitment, technology, audit, training and coaching, consultin, and other outsourcing service providers, public and private health care providers, health and other insurers, banking and financial services, manufacturing, retail and other sales, hospitality, manufacturing, consulting, engineering bankruptcy, turnaround management restructuring and reengineering,  and other change management, technology and other vendors, nonprofit, government and others domestically and internationally.

Author of a multitude of highly-regarded works and training programs on published by BNA, the ABA and other premier legal and other industry publishers,  she also consults to and trains business and government and their leaders and speaks extensively about a wide range of general and special legal, business process and operations a and other concerns.

Beyond these involvements, Ms. Stamer also is active in the leadership of a broad range of other professional, charitable and civic organizations. Through these and other involvements, she provides hands on leadership, consulting and other support to develop and build solutions, build consensus, garner funding and other resources, manage compliance and other operations, and take other actions to identify promote tangible improvements in health care and other operations and policies.

For additional information about Ms. Stamer, see here or contact Ms. Stamer directly by e-mail here or by telephone at (469) 767-8872.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here.
©2018.  Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc. All other rights reserved.

ation, audit and enforcement of policies, procedures, systems and safeguards, drafting and negotiation of business associate, chain of custody, confidentiality, and other contracting; risk assessments, audits and other risk prevention and mitigation; investigation, reporting, mitigation and resolution of known or suspected breaches, violations or other incidents; and defending investigations or other actions by plaintiffs, OCR, FTC, state attorneys’ general and other federal or state agencies, other business partners, patients and others; reporting known or suspected violations; commenting or obtaining other clarification of guidance and other regulatory affairs, training and enforcement, and a host of other related concerns.

Best  recognized for her work on labor and employment, employee benefits and compensation, healthcare, insurance and risk management, technology and privacy and data security concerns, her experience encompasses work with management of a diverse array of clients and matters including domestic and multinational employers across many industries, health and other employee benefit plans, payroll, staffing, recruitment, technology, audit, training and coaching, consultin, and other outsourcing service providers, public and private health care providers, health and other insurers, banking and financial services, manufacturing, retail and other sales, hospitality, manufacturing, consulting, engineering bankruptcy, turnaround management restructuring and reengineering,  and other change management, technology and other vendors, nonprofit, government and others domestically and internationally.

Author of a multitude of highly-regarded works and training programs on published by BNA, the ABA and other premier legal and other industry publishers,  she also consults to and trains business and government and their leaders and speaks extensively about a wide range of general and special legal, business process and operations a and other concerns.

Beyond these involvements, Ms. Stamer also is active in the leadership of a broad range of other professional, charitable and civic organizations. Through these and other involvements, she provides hands on leadership, consulting and other support to develop and build solutions, build consensus, garner funding and other resources, manage compliance and other operations, and take other actions to identify promote tangible improvements in health care and other operations and policies.

For additional information about Ms. Stamer, see here or contact Ms. Stamer directly by e-mail here or by telephone at (469) 767-8872.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here.
©2019.  Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc. All other rights reserved.

Posted in bank secrecy act, Board of Directors, CEO, CFO, Compliance, D&O, Director Liability, Employee Benefits, FinCEN, management, Officers, Officers Liability, patriot act, Performance Management, Risk Management, Uncategorized, Workforce | Leave a comment

SBA Urges FMCSA To Exempt Livestock Drivers From Hours Of Service Limits


Livestock haulers troubled by the effects of Federal Motor Carrier Safety Administration (FMCSA) rules limiting driver hours on livestock are getting support for relief from the U.S. Small Business Administration’s (SBA) Office of Advocacy.

Livestock haulers have expressed concern that the FMCSA’s application of the requirements to livestock drivers is harmful and cruel to the livestock by forcing drivers to extend the livestocks’ confinement in trailers to take mandated rest periods.

The SBS has expressed support for an application to exempt livestock drivers from the FMCSA hour restrictions.

The support was expressed in comments submitted in response to the FMCSA’s Request for Comments on Notice of Application for Exemption from Certain Provisions of Hours of Service of Drivers Rule by Livestock and Related Drivers published in the Federal Register on February 6, 2019.

The exemption application was made on behalf of drivers who transport livestock, insects, and aquatic animals with special transportation needs, and was filed by the National Cattlemen’s Beef Association, Livestock Marketing Association, American Farm Bureau Federation, American Beekeeping Federation, American Honey Producers Association and the National Aquaculture Association. The applicants request approval of a sixteen-hour on-duty period during which these drivers would be permitted to drive up to fifteen hours and would only commence after ten consecutive hours off duty. All other aspects of the current Hours of Service of Drivers rules for these drivers would remain unchanged.

Read the SBA’s Comment Letter and Fact Sheet.

About The Author

The author of this update, Cynthia Marcotte Stamer is widely recognized for her nearly 30 years’ work with health care, insurance and financial services and other public and private organizations, publications, presentations, advocacy and other work on cybersecurity and other data and privacy protection and compliance,  risk management and investigation and mitigation.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation; Former Chair of the RPTE Employee Benefits and Compensation Committee, a current Co-Chair of the Committee, and the former Chair of its Welfare Benefit and its Defined Compensation Plan Committees and former RPTE Joint Committee on Employee Benefits Council (JCEB) Representative, Ms. Stamer is a Martindale-Hubble “AV-Preeminent” practicing attorney and management consultant, author, public policy advocate, author and lecturer repeatedly recognized for her 30 plus years’ of work and pragmatic thought leadership, publications and training on leadership and management, and compliance concerns as among the “Top Rated Labor & Employment Lawyers in Texas,” a “Legal Leader,” a “Top Woman Lawyer” and with other awards by LexisNexis® Martindale-Hubbell®; as among the “Best Lawyers In Dallas” for her work in the field of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, in International Who’s Who of Professionals and with numerous other awards and distinctions.

Highly valued for her ability to meld her extensive legal and industry knowledge and experience with her talents as an insightful innovator and pragmatic problem solver, Ms. Stamer provides legal, operational and strategic advice, representational and coaching to organizations and their management.

Ms. Stamer also is active in the leadership of a broad range of other public policy advocacy and other professional and civic organizations and involvements. Through these and other involvements, she helps develop and build solutions, build consensus, garner funding and other resources, manage compliance and other operations, and take other actions to identify promote tangible improvements in health care and other policy and operational areas.

Before founding her current law firm, Cynthia Marcotte Stamer, P.C., Ms. Stamer practiced law as a partner with several prominent national and international law firms for more than 10 years before founding Cynthia Marcotte Stamer, P.C. to practice her unique brand of “Solutions law™” and to devote more time to the pragmatic policy and system reform, community education and innovation, and other health system improvement efforts of her PROJECT COPE: the Coalition on Patient Empowerment initiative.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources at SolutionsLawPress.com.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please provide your current contact information and preferences including your preferred e-mail by creating or updating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2019 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions  Law Press, Inc.™. For information about republication, please contact the author directly. All other rights reserved.

Posted in agriculture, trucking, Uncategorized | Leave a comment

Harris County Disability Settlement Reminder To Properly Accommodate Customer Disabilies


Businesses and government agencies should heed the reminder of the importance of providing proper accommodation from a new Justice Department settlement with Harris County, Texas announced today.

Another in a lengthy series of disability accommodation enforcement settlements, the agreement resolves a Justice Department lawsuit alleging that Harris County violated Title II of the Americans with Disabilities Act (ADA) by failing to provide an accessible voting program to voters with disabilities, including accessible polling places.

Harris County’s voting program—the third largest in the country—includes over 750 polling places. The Justice Department’s complaint alleges that many polling places in Harris County have architectural barriers—such as steep ramps, gaps in sidewalks and walkways, and locked gates along the route barring pedestrian access—that make them inaccessible to voters with mobility impairments or voters who are blind or visually impaired.

Under the agreement, Harris County will create and implement policies, practices, and procedures to bring its voting program into compliance with the ADA, including creating an effective system for selecting accessible facilities for polling places, surveying polling place facilities for accessibility barriers, procuring and implementing temporary accessibility remedies during elections, providing effective curbside voting, and hiring Subject Matter Experts to provide technical assistance and training to the County as well as provide reports to the parties on the County’s compliance with the agreement.

The Harris County settlement is the latest of many enforcement actions including many with substantial recoveries of damages and/or penalties.

About The Author

The author of this update, Cynthia Marcotte Stamer is widely recognized for her nearly 30 years’ work with health care, insurance and financial services and other public and private organizations, publications, presentations, advocacy and other work on cybersecurity and other data and privacy protection and compliance,  risk management and investigation and mitigation.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation; Former Chair of the RPTE Employee Benefits and Compensation Committee, a current Co-Chair of the Committee, and the former Chair of its Welfare Benefit and its Defined Compensation Plan Committees and former RPTE Joint Committee on Employee Benefits Council (JCEB) Representative, Ms. Stamer is a Martindale-Hubble “AV-Preeminent” practicing attorney and management consultant, author, public policy advocate, author and lecturer repeatedly recognized for her 30 plus years’ of work and pragmatic thought leadership, publications and training on leadership and management, and compliance concerns as among the “Top Rated Labor & Employment Lawyers in Texas,” a “Legal Leader,” a “Top Woman Lawyer” and with other awards by LexisNexis® Martindale-Hubbell®; as among the “Best Lawyers In Dallas” for her work in the field of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, in International Who’s Who of Professionals and with numerous other awards and distinctions.

Highly valued for her ability to meld her extensive legal and industry knowledge and experience with her talents as an insightful innovator and pragmatic problem solver, Ms. Stamer provides legal, operational and strategic advice, representational and coaching to organizations and their management.

Ms. Stamer also is active in the leadership of a broad range of other public policy advocacy and other professional and civic organizations and involvements. Through these and other involvements, she helps develop and build solutions, build consensus, garner funding and other resources, manage compliance and other operations, and take other actions to identify promote tangible improvements in health care and other policy and operational areas.

Before founding her current law firm, Cynthia Marcotte Stamer, P.C., Ms. Stamer practiced law as a partner with several prominent national and international law firms for more than 10 years before founding Cynthia Marcotte Stamer, P.C. to practice her unique brand of “Solutions law™” and to devote more time to the pragmatic policy and system reform, community education and innovation, and other health system improvement efforts of her PROJECT COPE: the Coalition on Patient Empowerment initiative.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources at SolutionsLawPress.com.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please provide your current contact information and preferences including your preferred e-mail by creating or updating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2019 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions  Law Press, Inc.™. For information about republication, please contact the author directly. All other rights reserved.

Posted in Uncategorized | Leave a comment

Appeals Court Rules Corporation Can’t Deduct Excise Tax Not Paid As Tax Deduction


Federal corporate taxpayers may not deduct as a cost of goods sold expense an excise tax expense that was never actually incurred or paid according the Federal Circuit Court of Appeals just-released ruling in Sunoco, Inc. v. United States, No. 2017-1402 (November 1, 2018).

In Sonoco, Inc.,  the Federal Circuit Court of Appeals considered the approximately $1 billion deduction in alcohol fuel mixture credits claimed by  Sunoco, Inc., a petroleum and petrochemical company, claimed on its federal excise tax returns to reduce its federal fuel excise tax liability by the same amount. By including the $1 billion in excise tax expenses in its cost of goods sold, Sunoco, Inc. sought to reduce its federal corporate income taxes with an excise tax expense that was never paid. The Federal Circuit held that the plain language of the Internal Revenue Code precluded Sunoco, Inc.’s attempt to obtain a $300 million dollar “windfall” reduction in tax. The court also stated, “We have already established that Congress does not generally allow taxpayers to receive a tax benefit twice.”

The Federal Circuit Court of Appeals issued a precedential opinion today affirming the Court of Federal Claims decision that federal corporate taxpayers may not deduct as a cost of goods sold expense an excise tax expense that was never actually incurred or paid,

About The Author

The author of this update, Cynthia Marcotte Stamer is widely recognized for her nearly 30 years’ work with health care, insurance and financial services and other public and private organizations, publications, presentations, advocacy and other work on cybersecurity and other data and privacy protection and compliance,  risk management and investigation and mitigation.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation; Former Chair of the RPTE Employee Benefits and Compensation Committee, a current Co-Chair of the Committee, and the former Chair of its Welfare Benefit and its Defined Compensation Plan Committees and former RPTE Joint Committee on Employee Benefits Council (JCEB) Representative, Ms. Stamer is a Martindale-Hubble “AV-Preeminent” practicing attorney and management consultant, author, public policy advocate, author and lecturer repeatedly recognized for her 30 plus years’ of work and pragmatic thought leadership, publications and training on leadership and management, and compliance concerns as among the “Top Rated Labor & Employment Lawyers in Texas,” a “Legal Leader,” a “Top Woman Lawyer” and with other awards by LexisNexis® Martindale-Hubbell®; as among the “Best Lawyers In Dallas” for her work in the field of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, in International Who’s Who of Professionals and with numerous other awards and distinctions.

Highly valued for her ability to meld her extensive legal and industry knowledge and experience with her talents as an insightful innovator and pragmatic problem solver, Ms. Stamer provides legal, operational and strategic advice, representational and coaching to organizations and their management.

Ms. Stamer also is active in the leadership of a broad range of other public policy advocacy and other professional and civic organizations and involvements. Through these and other involvements, she helps develop and build solutions, build consensus, garner funding and other resources, manage compliance and other operations, and take other actions to identify promote tangible improvements in health care and other policy and operational areas.

Before founding her current law firm, Cynthia Marcotte Stamer, P.C., Ms. Stamer practiced law as a partner with several prominent national and international law firms for more than 10 years before founding Cynthia Marcotte Stamer, P.C. to practice her unique brand of “Solutions law™” and to devote more time to the pragmatic policy and system reform, community education and innovation, and other health system improvement efforts of her PROJECT COPE: the Coalition on Patient Empowerment initiative.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources at SolutionsLawPress.com.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please provide your current contact information and preferences including your preferred e-mail by creating or updating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2018 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions  Law Press, Inc.™. For information about republication, please contact the author directly. All other rights reserved.

Posted in Board of Directors, CEO, CFO, Compliance, Cyber, data breach, Fraud, Leadership, Privacy, Tax, Uncategorized | Leave a comment

Protect Your Website & Website Data Against Cybersecurity Threats


The United States Computer Emergency Readiness Team of the Department of Homeland Security (US-CERT) is urging all organizations and individuals operating websites to confirm the adequacy of the website security measures and practices of their organizations’ websites to reduce their organizations to the financial, operational and reputational disruptions and risks created by the increasingly persistent ransomware and other hacking, data breach and cybersecurity threats.

Website security refers to the protection of personal and organizational public-facing websites from cyberattacks.

Cyberattacks against public-facing websites—regardless of size—are common. An attack to your website could

  • Cause defacement,
  • Cause a denial-of-service (DoS) condition,
  • Enable the attacker to obtain sensitive information, or
  • Enable the attacker to take control of the affected website.

Depending on the content and functionality of the particular website, organization and personal websites that fall victim to defacement or DoS may experience financial loss, legal liability, operational disruptions, reputational damage and other material costs and disruptions due to eroded user trust or a decrease in website visitors.

Liability can arise from a host of sources.  For instance, a cyberattack that causes a data breach places your company’s intellectual property and users’ personally identifiable information (PII) at risk of theft.  Businesses whose websites collect or receive credit, credit card, or other personal financial information generally are required to monitor and maintain the security of such information under the federal Fair and Accurate Credit Transactions Act (FACTA) and various other federal and state data security, identity theft and other identity theft, electronic crimes and data security laws.  Meanwhile, the Internal Revenue Code and various other federal or state tax and other laws obligate employers, tax advisors and tax prepares and others collecting or maintaining  tax information to take appropriate steps to safeguard tax information they create or maintain electronically against misuse. Beyond these and other commonly applicable data and cybersecurity requirements, certain industries also often face industry specific mandates concerning the security of websites and other electronic systems containing sensitive information.  For instance, the Privacy, Security and Breach Notification rules of the Health Insurance Portability and Accountability Act (HIPAA)  and most states impose detailed requirements for maintaining the security of websites and other operating systems containing electronic protected health information (ePHI) on health care providers, health plans or health insurers,  health care clearing houses and their business associates including affirmative requirements to monitor data and systems for threats or occurrences of unauthorized access and to take corrective action and provide specific notifications within specific timeframes.  Moreover, virtually all organizations maintaining or using websites also are subject to specific requirements to provide notifications about privacy and data security practices under various laws, as well as various contractual obligations concerning the protection of website data. Beyond the liabilities and sanctions that various applicable laws may impose for violations of their applicable requirements, noncompliance with these and other specific legal website and data security responsibilities, breaches of contractual, statutory or regulatory duties, misrepresentations about the adequacy of safeguards, and common law privacy theories also can create substantial damage exposure.  Even where this is not the case, however, organizations websites or website data are breached typically incur substantial operational expense, disruption, public, investor relations and other reputational harm, and other damages as a result of the security breaches.  Consequently, all organizations should tailor and monitor their website security to ensure these requirements are met as well as following other website security best practices.

  • What security threats are associated with websites?

US-CERT says cyber criminals may attack websites because of financial incentives such as the theft and sale of intellectual property and PII, ransomware payouts, and cryptocurrency mining (see Defending Against Illicit Cryptocurrency Mining Activity). Cyber criminals may also be motivated to attack websites for ideological reasons, e.g., to gain publicity and notoriety for a terrorist organization through defacing a government website.

Possible cyberattacks against your website include those commonly reported in the media, such as website defacement and DoS—which make the information services provided by the website unavailable for users (see Understanding Denial-of-Service Attacks). An even more severe website attack scenario may result in the compromise of customer data (e.g., PII). These threats affect all aspects of security—confidentiality, integrity, and availability—and can gravely damage the reputation of the website and its owner.

A more subtle attack—one that may not be immediately evident to the website’s owner or user—occurs when an attacker pivots from a compromised web server to the website owner’s corporate network, which contains an abundance of sensitive information that may be at risk of exposure, modification, or destruction. Once an attacker uses a compromised website to enter a corporate network, other assets may be available to the attacker, including user credentials, PII, administrative information, and technical vulnerabilities. Additionally, by compromising the website platform, an attacker may be able to repurpose the website infrastructure as a platform from which they can launch attacks against other systems.

  • How to improve cybersecurity protection against website attacks?

Organizations covered by affirmative federal or state mandates such as HIPAA, FACTA, the Internal Revenue Code or other federal or state data security, data breach, identity theft or other requirements should ensure that their website security at all times fulfills all of these applicable requirements and maintain clear documentation of these efforts.  Beyond meeting these specific legal mandates, US-CERT recommends that organizations and individuals act to protect their websites by applying the following the best practices to their web servers:

  • Implement the principle of least privilege. Ensure that all users have the least amount of privilege necessary on the web server (including interactive end users and service accounts).
  • Use multifactor authentication. Implement multifactor authentication for user logins to web applications and the underlying website infrastructure.
  • Change default vendor usernames and passwords. Default vendor credentials are not secure—they are usually readily available on the internet. Changing default usernames and passwords will prevent an attack that leverages default credentials.
  • Disable unnecessary accounts. Disable accounts that are no longer necessary, such as guest accounts or individual user accounts that are no longer in use.
  • Use security checklists. Audit and harden configurations based on security checklists specific to each application (e.g., Apache, MySQL) on the system.
  • Use application whitelisting. Use application whitelisting and disable modules or features that provide capabilities that are not necessary for business needs.
  • Use network segmentation and segregation. Network segmentation and segregation makes it more difficult for attackers to move laterally within connected networks. For example, placing the web server in a properly configured demilitarized zone (DMZ) limits the type of network traffic permitted between systems in the DMZ and systems in the internal corporate network.
  • Know where your assets are. You must know where your assets are in order to protect them. For example, if you have data that does not need to be on the web server, remove it to protect it from public access.
  • Protect the assets on the web server. Protect assets on the web server with multiple layers of defense (e.g., limited user access, encryption at rest).
  • Practice healthy cyber hygiene.
    • Patch systems at all levels—from web applications and backend database applications, to operating systems and hypervisors.
    • Perform routine backups, and test disaster recovery scenarios.
    • Configure extended logging and send the logs to a centralized log server.

Beyond these steps, US-CERT also suggests the following steps:

  • Sanitize all user input. Sanitize user input, such as special characters and null characters, at both the client end and the server end. Sanitizing user input is especially critical when it is incorporated into scripts or structured query language statements.
  • Increase resource availability. Configure your website caching to optimize resource availability. Optimizing your website’s resource availability increases the chance that your website will withstand unexpectedly high amounts of traffic during DoS attacks.
  • Implement cross-site scripting (XSS) and cross-site request forgery (XSRF) protections. Protect your website system, as well as visitors to your website, by implementing XSS and XSRF protections.
  • Implement a Content Security Policy (CSP). Website owners should also consider implementing a CSP. Implementing a CSP lessens the chances of an attacker successfully loading and running malicious JavaScript on the end user machine.
  • Audit third-party code. Audit third-party services (e.g., ads, analytics) to validate that no unexpected code is being delivered to the end user. Website owners should weigh the pros and cons of vetting the third-party code and hosting it on the web server (as opposed to loading the code from the third party).
  • Implement hypertext transfer protocol secure (HTTPS) and HTTP strict transport security (HSTS). Website visitors expect their privacy to be protected. To ensure communications between the website and user are encrypted, always enforce the use of HTTPS, and enforce the use of HSTS where possible. For further information and guidance, see the U.S. Chief Information Officer (CIO) and the Federal CIO Council’s webpage on the HTTPS-Only Standard.
  • Implement additional security measures. Additional measures include
    • Running static and dynamic security scans against the website code and system,
    • Deploying web application firewalls,
    • Leveraging content delivery networks to protect against malicious web traffic, and
    • Providing load balancing and resilience against high amounts of traffic.

For additional guidance, US-CERT recomends visiting  the Open Web Application Security Project Top 10 Cheat Sheet on common critical risks to web applications, the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-44: Guidelines on Securing Public Web Servers, and NIST SP 800-95: Guide to Secure Web Services. Subscribe to NCCIC Current Activities to stay current on the latest website technology vulnerabilities.

About The Author

The author of this update, Cynthia Marcotte Stamer is widely recognized for her nearly 30 years’ work with health care, insurance and financial services and other public and private organizations, publications, presentations, advocacy and other work on cybersecurity and other data and privacy protection and compliance,  risk management and investigation and mitigation.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation; Former Chair of the RPTE Employee Benefits and Compensation Committee, a current Co-Chair of the Committee, and the former Chair of its Welfare Benefit and its Defined Compensation Plan Committees and former RPTE Joint Committee on Employee Benefits Council (JCEB) Representative, Ms. Stamer is a Martindale-Hubble “AV-Preeminent” practicing attorney and management consultant, author, public policy advocate, author and lecturer repeatedly recognized for her 30 plus years’ of work and pragmatic thought leadership, publications and training on leadership and management, and compliance concerns as among the “Top Rated Labor & Employment Lawyers in Texas,” a “Legal Leader,” a “Top Woman Lawyer” and with other awards by LexisNexis® Martindale-Hubbell®; as among the “Best Lawyers In Dallas” for her work in the field of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, in International Who’s Who of Professionals and with numerous other awards and distinctions.

Highly valued for her ability to meld her extensive legal and industry knowledge and experience with her talents as an insightful innovator and pragmatic problem solver, Ms. Stamer provides legal, operational and strategic advice, representational and coaching to organizations and their management.

Ms. Stamer also is active in the leadership of a broad range of other public policy advocacy and other professional and civic organizations and involvements. Through these and other involvements, she helps develop and build solutions, build consensus, garner funding and other resources, manage compliance and other operations, and take other actions to identify promote tangible improvements in health care and other policy and operational areas.

Before founding her current law firm, Cynthia Marcotte Stamer, P.C., Ms. Stamer practiced law as a partner with several prominent national and international law firms for more than 10 years before founding Cynthia Marcotte Stamer, P.C. to practice her unique brand of “Solutions law™” and to devote more time to the pragmatic policy and system reform, community education and innovation, and other health system improvement efforts of her PROJECT COPE: the Coalition on Patient Empowerment initiative.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources at SolutionsLawPress.com.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please provide your current contact information and preferences including your preferred e-mail by creating or updating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2018 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions  Law Press, Inc.™. For information about republication, please contact the author directly. All other rights reserved.

Posted in Board of Directors, CEO, CFO, Compliance, Cyber, data breach, Fraud, Leadership, Privacy, Uncategorized | Leave a comment