Say hello to

Amber

CPA | Shareholder

Eleven years of remodeling activity can test the patience of a saint, especially with kids and a pet underfoot. However, when the remodeler is your husband, you’re willing to cut him a little slack.

Occupational fraud doesn’t always translate to hard cash leaking out of the company’s bank account. This article from the Rochester Democrat & Chronicle discusses an ongoing case about the alleged employee theft of over $2 million worth of diabetes test strips, illustrating how noncash fraud can be very lucrative in the right circumstances.

Enabling Factors

First of all, for a noncash fraud scheme like this to work, there has to be a market for the stolen goods. If the product is too bulky or can only be sold to a limited group of buyers, the risks of this type of fraud reduce. However, the risks don’t necessarily go away.

In this case, authorities state the alleged offender was able to procure medical supplies and had identified a handful of buyers to complete the cycle. When considering your internal control plan, the “street value” of a company‘s product needs to be considered in the risk assessment process. Inventory that carries a greater street value needs to have a more robust internal control plan.

Secondly, more often than not, the perpetrator needs access to the receiving department. This article mentions that the alleged offender “intercepted” the medical supplies. Ideally, the roles of purchasing and receiving should never overlap. Those roles align too well and provide the perpetrator both the opportunity to gain access to the inventory and the potential to cover it up.

Detection Methods

The article also illustrates some very effective detection techniques that can and should be deployed to combat against this risk.

Clearly, the data analysis being performed by a function/department in the company was key. The company knew that the volume of diabetes test strips was far too great for their needs. They also knew that the orders of the test strips came from one secure user ID. The article isn’t clear on whether the company came to know these facts during the scheme or after the fact, but regardless, data analysis of key functions within a company is an extremely effective fraud detection tool. A simple report of purchased quantity by SKU would highlight unusually large volumes of purchases. That, coupled with a query to understand the sales of that same SKU, far less than the purchases, would shine a bright light on this issue.

It also seems likely to me that the company distributed some fraud training materials on things to look out for. After the internal audit system flagged the strip purchases, an employee was directed to look for inventory discrepancies. The article mentions that an employee noticed a box without a company logo on it, which appeared unusual. They also noticed it was purchased from a company they didn’t use very much, if at all, which was also unusual. Lastly, they noticed the return address matched the accused employee; again, this was unusual. Fraud training materials are critical to share with the front-line workforce. They are the ones in a position to notice this type of behavior.

Conclusion

Fraud is not an ordinary part of a business’s operations. By its nature, it is unusual and creates unusual pieces of data. The job of an internal control architect is to construct a series of controls that help the business identify and resolve unusual observations. You have to start with an informed approach based on a tailored assessment of the unique risks facing the business. Once that assessment is in place, the controls needed will start to align from there.

© Clark Nuber PS and Focus on Fraud, 2019. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Clark Nuber PS and Focus on Fraud with appropriate and specific direction to the original content.

Keep Reading

Articles and Publications

Complying with Consumer Use Tax Notifications

Here is what you need to know concerning the notice: A change in state tax law, effective January 1, 2018, requires out-of-state sellers and marketplace facilitators (e.g., Amazon.com) with sales of $10,000 or more to Washington consumers to send annual notices to customers. These notices must detail any taxable purchases made in the preceding calendar year where Washington sales tax was not collected. This information is also required to be sent to the Department of Revenue. The notice will direct the recipient to the Department of Revenue’s website to file and pay the required use taxes due on the purchase of taxable items. The recipient has the option of filing the use tax return online or by mail. While you can pay use tax anytime (pay as you go), the deadline for all 2018 use tax reporting is April 1, 2019. Use tax is due on goods and certain services when sales tax was not paid, such as when an out-of-state seller ships taxable items to a customer in Washington. Use tax is a compensatory tax, so either sales tax is due or use tax is due, but not both. The sales tax and use tax rates are the same. The use tax rate applicable to a particular purchase is dependent on the location where the items are first used in this state; in this case, it’s likely the address where the items are received. The Department of Revenue is tasked with auditing and collecting tax from those who do not voluntarily file a consumer use tax return and pay the tax. These notices are a new process for the Department with little formal guidance as of yet, but the Department has implied that interest and penalties will apply to any outstanding unpaid tax. This does not affect the sales and use tax compliance process for Washington businesses. Businesses should continue to report any use tax obligations on their excise tax returns. Please contact a member of our State and Local Tax group for assistance with filing or to address any questions you may have. Nicole Lyons is a manager in Clark Nuber's State and Local Tax team.
© Clark Nuber PS, 2019. All Rights Reserved

Advice for Clients Selling or Buying Bulk Assets

In retail sales, at least one type of sales transaction where the application of sales or use tax isn’t obvious or always occurs is when a seller makes a bulk sale of all, or nearly all, the assets of a business. A bulk sale occurs outside the normal course of business of a seller. It may involve the sale of inventory, other assets of a business or both. In the context of commercial law, bulk sales are more specifically defined and regulated with the laudable purpose of preventing debtors from liquidating assets to avoid creditors. In the sales tax realm, the term “bulk sale” is used to describe a broader slice of transactions; however, the sales all share a consistent theme: a bulk sale is a sale outside a seller’s normal course of business and generally involves a large portion of a business’ assets.

States View Bulk Sales in Different Ways

For accountants who offer services in sales tax compliance and reporting to their clients, it comes as no surprise that the states are not uniform in the manner they address bulk sales. Yet, one area where there is some agreement is on sales of inventory for resale. In this type of bulk sale, a purchaser who provides evidence of their reseller’s exemption makes the bulk purchase of inventory free of tax, just like any other sale for resale. On the other hand, states view bulk sales of business assets, including inventory, for purposes other than resale in different ways. In the interest of keeping it brief, here are a few examples of the ways states view these sales to help you sort out the appropriate rules in your state. Remember, facts and circumstances are always important – and that is certainly true with bulk sales, so be cautious to avoid making blanket assumptions about any bulk sale.

Florida:

A sale is exempt when an entity, required to be registered as a dealer, either distributes tangible personal property in exchange for the surrender of a proportionate interest in an entity, or transfers all, or substantially all, of the property of a person's business, or a division thereof. See Fla. Admin. Code Ann. §12A-1.037(2).

Virginia:

A bulk sale is exempt if the sale consists of substantially all the assets of a business, where the seller has essentially liquidated its business operation, and where the nature of the sale is not within the course of activities for which the taxpayer is registered to collect sales tax. See Virginia Public Document Ruling No. 05/19/1983, 05/19/1983. On the other hand, a sale where less a third of a business’ assets were sold in a bulk sale was not exempt since the sale did not include substantially all of the business assets. See Virginia Public Document Ruling No. 89-307, 11/07/1989.

Washington:

Bulk or isolated sales of property are not exempt from sales tax if the seller is engaged in a business and so is required to be registered with the Department of Revenue. See Wash. Rev. Code §82.08.0251.

What About Purchasing Bulk Assets?

In a sale of the majority of a business’ assets, in most states, the purchaser is required to inform the state’s revenue authorities of the sale. The notice provisions also serve to protect the purchaser from “successor liability,” where a purchaser can step into the shoes of a seller in terms of outstanding taxes owed by the seller. The bottom line is a purchaser of the bulk assets of a business wants to avoid any tax obligations associated with the seller. In addition, state notice requirements provide this assurance under most circumstances. Besides the actual content of the required notices, purchaser notice requirement rules establish important deadlines. For example, a notice to a state must likely be made by a purchaser within a certain number of days prior to the sale. In turn, the state often has only a certain amount of time to respond. In some cases, it’s wise to consider an escrow or similar hold back of sale proceeds until the issue of successor liability for sales taxes is settled. New York State is a great example. Here, a purchaser in a bulk sale must notify the Department of Taxation and Finance of a proposed sale by registered mail at least 10 days before taking possession or payment. Failure to give timely or proper notice may subject the purchaser, transferee or assignee to personal liability for taxes due from the seller. The Department must notify the seller and purchaser of the amount of tax due within 90 days from receipt of notice of the sale. If the Department fails to provide this notification, the purchaser will be released from any further obligation to withhold consideration. Note the state kindly limits the potential tax bill to the amount paid for the assets or their fair market value, so even given this concession by the state, a buyer who does not notice the state of the sale can find themselves owing more for sales tax than the actual purchase price of the assets. See New York Sales Tax Bulletin, No. TB-ST-70, 06/24/2013N.Y. Tax Law §1141(c).

Your Takeaway

Given the right circumstances, selling or buying in a bulk sale scenario can be very beneficial for both parties, but these types of sales can expose sales tax traps for the unwary. Be careful of potholes and consider each sale or purchase carefully for your clients.
© Clark Nuber PS, 2019. All Rights Reserved

Cryptocurrency Gift Strategies for Not-for-Profits

Before deciding whether your not-for-profit organization should accept cryptocurrency for gifts, you must understand what it is. A cryptocurrency, or virtual currency, is a digital medium of exchange that can be used for purchasing, selling, and storing value, but it is not backed by a sovereign government. In that light, bitcoin, ether, syscoin, and litecoin are among the best-known cryptocurrencies, but there are more than 2,000 cryptocurrencies listed on Coinmarketcap.com, with varying degrees of popularity. The U.S. Treasury currently classifies cryptocurrency as intangible property or a commodity. Despite the name, it is not a currency and does not have legal tender status in any jurisdiction. The technology underpinning cryptocurrencies is blockchain, which is a "distributed ledger technology." This decentralized general ledger system in theory removes the need for banks and governments for security and regulation. Technically, cryptocurrencies are one of several types of digital tokens that have caught on with the public and caught the eye of regulators. For example, the two digital tokens, aka cryptoassets, with the largest market capitalization are bitcoin, a true cryptocurrency, and ether, which is defined by the SEC as a utility token. However, the most prominent class of digital tokens is cryptocurrencies and while there are differences among types of digital tokens, they are not essential in understanding the issues raised in this article. Thus, for the sake of simplicity, the blanket term cryptocurrency will be used. The authors are not advocating for or against accepting cryptocurrency. This article focuses on the key decisions needed once the not-for-profit organization determines it will accept this type of gift. After the decision is made, the organization must decide whether it will accept the asset directly or indirectly through a third-party facilitator and, if accepting this asset class directly, how to do so safely and securely. The four steps organizations may take to get ready to accept this new class of asset are:
  • Review and update the organization's gift acceptance policy;
  • Set up systems, accounts, policies, and procedures to accept and secure this class of asset;
  • Adopt accounting policies and adjust the chart of accounts as necessary to properly account for this class of asset if it cannot be readily converted to cash (this article does not address accounting practices, as accounting guidance for cryptocurrency is being evaluated by an AICPA working group); and
  • Understand and implement systems for gathering information needed to comply with all reporting requirements associated with accepting this class of asset.

Gift Acceptance Policy Update

The first decision is whether the organization wants to accept this class of asset as a charitable gift (see the sidebars "The Case for Accepting Cryptocurrency Gifts" and "The Case Against Accepting Cryptocurrency Gifts" at bottom of page). Not-for-profit boards have fiduciary responsibilities for donated assets, and some may decide that cryptocurrencies offer enough uncertainties and unknowns to make exercising that fiduciary duty difficult. The decision to accept this class of asset is a board decision that should be reflected in board minutes and then implemented by the organization's management. If you determine the organization does not want to accept this class of asset directly, the organization can still encourage donors to use a donation-facilitating organization acting as an agent of either the donor or the organization. If the facilitator is acting on behalf of the donor, this could be a donor-advised fund (DAF) sponsor. Many DAF sponsors are equipped to accept most types of property, including cryptocurrency. There may be a delay between the time the donor makes the gift to the DAF sponsor and the time the gift is ultimately advised to your organization because, as noted above, it can take time to convert this type of property to cash depending upon the cryptocurrency donated and its liquidity. This could affect the gift's value. Alternatively, your organization can contract with a facilitating organization to act as its agent to accept cryptocurrency on its behalf, convert this type of property to cash, and remit the cash net of fees. This relationship is like using an agency to accept donated used automobiles. The donor receives a donor acknowledgment letter from the charity. However, the facilitating organization conducts the transaction on behalf of the charitable organization.

Safeguarding Gifted Assets

Once the board decides to accept cryptocurrencies, here are some quick implementation tips and safeguards to protect this asset. As a form of digital currency (classified as "property"), bitcoin and other cryptocurrencies exist only electronically. The crypto donation will arrive in the form of an email or Quick Response (QR) code that the organization will need a "digital wallet" to decipher. A "wallet" is software or an application downloaded to either a phone (mobile device) or a desktop computer that stores the public and private keys used to send and receive digital currency. The wallet is like a bank account for cryptocurrency, and you must have one before accepting the asset. If someone sends you cryptocurrency before you have a wallet, those tokens may not be recoverable. Using a secure computer with two-factor authentication is a good practice. Cryptocurrency is not actually "stored" in a wallet. Instead, a private key (secure digital code known only to the organization and its wallet) is stored that shows ownership of a public key (a public digital code connected to a certain amount of currency). The public and private keys have a mathematical connection to each other, allowing you to share your wallet address without sharing all of your wallet information. The public/private key pair enables verification, as a transaction includes the public keys of the sender's and recipient's wallets, with the connection to the respective private keys being used to verify. The organization's wallet stores its private and public keys, allowing it to send and receive cryptocurrency (coins or tokens). The wallet acts as a personal ledger of all transactions to which it is a party. The organization must have systems in place for protecting these keys so they are not lost, stolen, or misappropriated. When your organization sets up its wallet, it must share some sensitive data elements such as email addresses; cellphone numbers; identifying information for U.S. bank accounts, credit cards, or another similar payment service such as PayPal; tax identification number; and other forms of identification. A data classification policy, which provides the level of security and controls required to share these data outside of the organization, is a necessity. Risks to be taken into account include the vulnerability of wallets when keys aren't adequately protected or are stolen in a cyberattack. Because banks have been known to freeze accounts with cryptocurrency activity, the organization might set up a separate bank account or related credit card account for the sole purpose of receiving and processing the crypto donations into cash. It's important to apply security features such as dual approval and restricted access as a requirement for these accounts. Cryptocurrencies are vulnerable like any other data asset on the organization's network, especially systems that have access to the internet. This includes online wallets, exchanges, wallets on employee computers, cloud storage of private keys, and mobile applications. To prevent theft of cryptocurrencies, the use of cold storage (an offline archive of private keys) is recommended. This means basically taking them off the network. Top cold storage methods include an offline hardware wallet (a specialized device), a USB drive, or a paper wallet. Per the organization's gift acceptance policy, your organization will want to liquidate crypto donations as soon as possible, reducing the need for storage and the risk of loss. Alternatively, if the organization makes the conscious decision to hold on to the donation in cryptocurrency, then investment policy, storage, and security procedures around accessing this digital asset need to be established. This would be addressed under investment and asset control policies. Some wallet providers, such as Coinbase, act like a brokerage account, meaning you never have to worry about the private keys. However, you do want to use cold storage if you're using a traditional wallet. Because cryptocurrency operates on open blockchain networks and is facilitated over wallets and exchanges that require two-factor authentication, the person responsible for managing these items will receive various notifications and verification requests. Appropriate security awareness training over these procedures and alertness for phishing emails or smishing text messages (which allow hackers to attack your cellphone) are crucial. Additionally, protect your organization by:

Using multiple wallets:

There is no restriction on the number of wallet addresses an organization can use. Some holders of cryptocurrency generate a new address every time they send or receive cryptocurrency, to reduce the risk ofloss.

Keeping only small amounts in a web wallet:

Web wallets are targets for hackers. Keep only a small amount of cryptocurrency protected by a password in each wallet. Wallets held on computers are also vulnerable. Use cold storage to hold large amounts of cryptocurrency.

Obeying a no-share policy: 

Never share your organization's private keys for your cryptocurrency with anyone. Doing so gives them full access to your organization's funds.

Reporting Issues

Generally, for tax purposes, a contribution of cryptocurrency will be treated as a noncash contribution, and the cryptocurrency must be valued at the time of the contribution. If the asset is immediately converted to cash upon receipt, the contribution and the conversion to cash are treated as two separate transactions for tax reporting purposes. The conversion transaction will be treated as a sale of property. The organization will likely be asked to sign a Form 8283, Noncash Charitable Contributions, acknowledging receipt of the asset. The organization should also provide a signed donor acknowledgment letter providing the donor (or the donor's agent) with the required items necessary to take a federal deduction for a charitable contribution (see the sidebar "What Should Be in a Donor Acknowledgment Letter" at bottom of page). Although the organization does not value the gift for donor acknowledgment purposes, the organization must value the gift for its own internal financial reporting and tax reporting purposes. This is not information the organization should share with the donor, as it could impact the donor's preparation of his or her income tax return. If the donor relied upon this information, it could cause the organization to incur penalties if the donor used the information and it resulted in the incorrect overstatement of an income tax deduction later disallowed by the IRS.

A New Asset with Staying Power

Like other assets, such as marketable securities just a few years ago, cryptocurrency is likely to be with us into the future. Therefore, organizations should consider if they want to accept it as a class of asset, either as a gift directly or through a facilitator. If a not-for-profit decides to directly accept this class of asset, implementing policies and procedures is necessary to safely propel the organization into the future.

The Case for Accepting Cryptocurrency Gifts

Arguments in favor of accepting cryptocurrency include:
  • This is a type of property that is likely to be with us for the long term. Therefore, organizations may find they need to accept the asset either directly or indirectly through a facilitator.
  • Donors want to make gifts of appreciated assets without recognizing gain on the appreciation. Cryptocurrency fits this class of asset.
  • Once you understand the basics, this is just another type of property. It is not a particularly special type of property. It is more a matter of having a system in place to convert it to cash so you can put the gift to use as quickly as possible.
  • If you have systems in place making it easy for donors to transfer assets to your organization, you will be an attractive recipient of gifts from sophisticated donors.

The Case Against Accepting Cryptocurrency Gifts

Some arguments against accepting cryptocurrency are:
  • More than 2,000 cryptocurrencies are listed on Coinmarketcap.com. Accommodating them all would be a logistical challenge, and their rapidly changing values make them a risky asset class to hold even briefly.
  • Some cryptocurrencies may not be readily convertible to cash. Therefore, the organization must determine if it will accept the asset if it cannot convert it to cash and put it to use for the organization's charitable purpose. The accepting charity should be cautious and aware that it may need to use other assets of the charity pending liquidation of the cryptocurrency.
  • The charity may want to limit the amount of this class of asset it is willing to accept or hold at any time within its overall portfolio to help mitigate the risk of loss of value due to the current volatile nature of the asset class. However, limiting concentrations of any specific asset class applies generally to all portfolios.
  • This class of asset is an anonymous asset. The organization may have a policy of not accepting anonymous gifts. The organization may not be able to vet every donor. However, if the donor is known to the organization, the gift is not anonymous. If both the donor and the asset are anonymous, the organization may want to have a policy strictly for public relations purposes. An anonymous gift could be a fine gift. However, it could be a gift from a donor with an "image problem" who may not stay anonymous. What are your organization's terms for accepting an anonymous gift? Must the donor commit to staying anonymous? What if the money came from ill-gotten gains? Experts say ransomware hackers, for example, often demand to be paid in cryptocurrency, which can be used as an exchange for many criminal endeavors. Many gift acceptance policies do not address this issue because it has never arisen. Your policy does not need to address every possible hypothetical if it is currently considered unlikely or remote. It is acceptable to wait until a specific circumstance arises or is likely to arise. However, addressing the issue of anonymous gifts may be general enough to cover cryptocurrencies.

What Should be in a Donor Acknowledgement Letter

Final regulations issued by the IRS on July 30, 2018, for documenting noncash contributions will apply to donations of cryptocurrency (see the chart, "IRS Noncash Contribution Documentation Rules"). The regulations make clear that for gifts exceeding $5,000, a donor acknowledgment letter; a signed Form 8283, Noncash Charitable Contributions; and a qualified appraisal will be required for a donor to substantiate a charitable contribution deduction. The signed Form 8283 is not a substitute for the donor acknowledgment letter from the charity. A donor acknowledgment letter is required for any contributions of $250 or more and must include:
  • Date of donation.
  • Name of the donor (or the agent managing the gift on behalf of the anonymous donor).
  • Description of the donated asset (but not the value).
  • Name and tax status of the recipient organization.
  • Any restrictions on the gift that might affect the gift's value.
  • The value and a description of any goods or services provided in exchange for the gift or, alternatively, a statement that no goods or services were provided in exchange for the contribution of the gift.
The Form 8283 is prepared by the donor and must be attached to a tax return for any noncash gift valued at more than $500 for which a donor wishes to take a charitable deduction. For gifts with a value of $501 to $5,000, donors need only complete Section A of Form 8283; a qualified appraisal is not required. The Form 8283 must be attached to the tax return for which a charitable contribution deduction is claimed. For gifts valued over $5,000, barring a few limited exceptions including marketable securities but not cryptocurrencies, donors must obtain a qualified appraisal and complete Section B of Form 8283 and attach the qualified appraisal to the tax return on which the charitable deduction is claimed. The rules for what constitutes a qualified appraisal are detailed and complex. Donors should pay careful attention to the regulations if noncash contributions of substantial value are made. In addition, the new regulations make clear that for any tax filings made after July 30, 2018, if the donor is not able to use the full charitable contribution deduction in the year the gift is made and is using the five-year carryover, the donor must attach the Form 8283 (whether Section A or Section B is used), and for gifts over $500,000, the qualified appraisal must also be attached to the tax return for any year in which the carryover deduction is claimed.

IRS Noncash Documentation Rules

Final IRS regulations issued July 30, 2018, have different requirements for documenting noncash contributions, depending on the value and type of noncash gift: ©2019 Association of International Certified Professional Accountants. 

Featured Resources