Background

 As everyone knows, identity theft and cybercrimes are growing in size and sophistication. As businesses, large and small, become increasingly dependent on computer networks to store sensitive information, they are also increasing their risk for theft and loss.  In response to this trend, Congress passed a law strengthening prosecutors’ tools for penalizing identity theft and cyber criminals and expanding the possible avenues for victim restitution and looked to businesses and the Commission for guidance on these matters.  Business and the Commission recommended increasing penalties for five kinds of identity theft and computer crimes:

Fraud and Related Activity in Connection with Identification Documents, Authentication Features, and Information;

Aggravated Identity Theft;

Fraud and Related Activity in Connection With Computers;

Interception and Disclosure of Wire, Oral, or Electronic Communications Prohibited; and

Unlawful Access to Stored Communications.

Just a little background on what the sentencing guidelines do.  They are supposed to serve as a reference for federal judges when determining the level of penalties to impose for federal crimes.  The guidelines outline a range of 1 to 43 possible base offense levels that are assigned to various crimes.  The more serious the crime, the higher the offense level.  For each offense level, the Commission provides a range of months for which an offender can be imprisoned for committing a crime at that offense level.  And within each offense level, the range of imprisonment can also vary, depending on the person’s criminal history, which is rated from I to VI.

For example assigning the Range of Imprisonment at Each Offense Level.

A first-time offender (Criminal History Category I) whose crime is at a base offense level of 5 can be subject to anywhere from 0 to 6 months of imprisonment. A more experienced offender, in Criminal History Category IV, who commits a crime at the same offense level can be subject to 4 to 10 months of imprisonment.

Versus Increasing the Base Offense Level

When determining the base offense level of a crime, judges can increase or decrease the level based on various characteristics of the crime.  Theft, for example, often starts at a base offense level of 7 but can increase depending on the amount of monetary loss involved.

Criteria for Amending Penalties for Cyber and ID Theft Crimes

Business and the government identified 13 key factors including how sophisticated the crime is, whether the crime was intended to disrupt a critical infrastructure, whether the crime involved a computer associated with national security, among others.  These factors must be considered when increasing or decreasing the offense levels assigned to the five identity theft and cybercrimes.  The 13 criteria are as follows:

1. The level of sophistication and planning involved in the offense.

2. Whether the offense was committed for commercial advantage or private financial benefit.

3. The potential and actual loss resulting from the offense including a) the value of information obtained from a protected computer, regardless of whether the owner was deprived of use of the information; and b) where the information obtained constitutes a trade secret or other proprietary information, the cost to the victim incurred developing or compiling the information.

4. Whether the defendant acted with intent to cause either physical or property harm in committing the offense.

5. The extent to which the offense violated the privacy rights of individuals.

6. The effect of the offense upon the operations of a U.S. government agency or that of a state or local government.

7. Whether the offense involved a computer used by the U.S. government, state or local government in furtherance of national defense, national security or the administration of justice.

8. Whether the offense was intended to, or had the effect of, significantly interfering with or disrupting a critical infrastructure.

9. Whether the offense was intended to, or had the effect of, creating a threat to public health or safety, causing injury to any person, or causing death.

10. Whether the defendant purposefully involved a juvenile in the commission of the offense.

11. Whether the defendant’s intent to cause damage or intent to obtain personal information should be disaggregated and considered separately from the other factors set forth.

12. Whether the term “victim” should include individuals whose privacy was violated because of the offense in addition to those who suffered monetary harm as a result of the offense.

13. Whether the defendant disclosed personal information obtained during the commission of the offense.

As you can see many of the offenses are related to commercial activity or individual privacy.

The U.S. judiciary looked to the private sector for input on how to strengthen penalties for committing identity theft crimes and other computer related acts.  Small businesses, in particular, are becoming frequent targets for hackers and cyber criminals because they lack the information security defenses in which large enterprises have invested significant time and resources.  According to a Verizon study, 33 percent of all data breaches in 2008 were directed at businesses with 100 employees or less.  By comparison, large businesses with more than 10,000 employees sustained fewer data breaches in 2008, totaling 25 percent.  Furthermore, industry leaders conclude that almost 20 percent of small businesses do not even use antivirus software, more than half do not use encryption and two-thirds do not even have information security plans in place.

The U.S. Sentencing Commission’s request for input on sentencing guidelines provided an opportunity for businesses to review current penalties for such crimes and suggest increasing the severity of fines or prison sentences.  Whether or not greater penalties result in greater deterrence of identity theft and other computer crimes is yet to be seen.  However, the changes to the guidelines represented a significant opportunity for businesses to have their voices heard in an area typically dominated by the federal government.

III. Non-Tax Benefits of Forming an LLC.

There a number of non-tax benefits that stem from formation of an LLC. Chief among these non-tax benefits are the following:

• . LLC members are shielded from personal liability. This is an advantage enjoyed by corporate shareholders and limited partners in a limited partnership. However, unlike in a limited partnership, where one general partner has to be designated to be personally liable for partnership debts and obligations, no such restriction exists in an LLC.
• . LLCs may be managed and directed in their day-to-day operations by their members or owners. This provides great governance and control flexibility and eliminates the need for a board of directors. Management may be concentrated or decentralized.
• . LLCs are not as formal as corporations. For example, LLCs are allowed to dispense with annual meetings which are often required for corporations.
• . LLCs may have an unlimited number of members. For example, S corporations may have no more than seventy-five shareholders. Further, an S corporation may not have any foreign shareholders or investors. Additionally, shareholders in S corporations may only be individuals or certain types of trusts. LLC members may be individuals, trusts, corporations, or partnerships.
• . LLCs may issue multiple classes and series of stock and equity. S corporations are limited to the issuance of a single class or series of stock.
• . In a number of states one person may form an LLC. This is much like a sole proprietorship, but with limited liability. A partnership requires two or more individuals.
• . Employee benefits programs otherwise unavailable to a sole proprietor or partnership may be available to the LLC to attract and retain the services of key employees.

IV. Tax Treatment.

State law plays a large role in determining how an LLC will be taxed. In the 1990s, the Internal Revenue Service (IRS) adopted so-called check-the-box regulations that govern the tax treatment of LLCs. If state law does not require classification and treatment like a corporation, an LLC with two or more members may elect to be treated as either a corporation or a partnership. Where corporate status is chosen, the LLC prepares a separate entity tax return and is taxed like a corporation. If partnership status is chosen, the LLC is treated like a pass-through entity and taxes are reported on the individual owners tax returns. In states that allow single member LLCs, the LLC may be treated as a corporation or a pass-through entity and taxed like a sole proprietorship. As a default rule, if the LLC does not elect how it wants to be taxed (as a corporation or partnership) IRS regulations mandate tax treatment as a partnership.

The ability to elect partnership taxation is a great benefit to LLCs. Corporations are subject to double taxation. The corporation pays separate entity taxes. Shareholders pay individual taxes on dividends and distributions. However, when taxed as a partnership, with pass-through treatment, the LLC avoids the double taxation problem corporations present.

V. Tax Benefits Associated with LLCs.

A number of tax benefits are associated with the formation and operation of an LLC. Chief among these tax benefits are the following:

• . LLCs may allocate profits and losses on a basis other than ownership percentages.
• . According to § 754 of the Internal Revenue Code (IRC) an LLC may make an election to adjust the tax basis of assets after a change in ownership. Further, § 754 allows for the use of debt to increase the basis in determining an owners share of ownership.
• . Where restrictions are placed on LLC membership alienability, marketability discounts may be available to offset the basis of member ownership. Marketability discounts are based on the availability, or lack thereof, of a market in which to liquidate the assets and interests of the LLC.
• . Key person discounts may be available for estate planning purposes in order to account for the lack of performance of services of a key member of the LLC who has been rendered disabled, incapacitated, or dead.
• . Minority discounts may be available for LLCs where the minority-interest holding members, if any exist, lack the ability to manage the LLC.

VI. Family and Estate Planning Guidance: Using LLCs to Benefit the Small Business Owner.

Due to their flexibility and non-tax and tax advantages, LLCs can be useful tools in the hands of wise estate planners to assist in answering business continuity and succession planning issues long before they become problematic and potentially catastrophic. In general, LLCs are useful in diminishing family dramas and rivalries if care is taken in their formation and structuring. The LLCs Articles of Organization or Bylaws hold the key in merging family and estate planning into business planning. The Articles of Organization should and must definitively speak to the issues of disability, incapacity, resignation, retirement, death, divorce or other domestic disturbance, debt, and creditors and bankruptcy. In terms of planning guidance, the Articles of Organization should outline and provide procedures and protocol to address the following issues as they arise:

• . Resignation or retirement of members or key employees;
• . The distribution of LLC assets upon the settlement of a legal separation, divorce or dissolution;
• . The effect of a foreclosure of debt and the personal bankruptcy of a member;
• . Qualifications to hold LLC offices; and
• . The disability, incapacity, retirement, and death of an LLC member.

Finally, with an LLC in place, the small business owner is wise to consider the stand-alone adoption of a Buy-Sell agreement. Legally, a Buy-Sell agreement is a contractual agreement that would speak to the sale of LLC membership interests upon the happening of a specified condition or event. In essence, it would bind the LLC interest holder and the LLC itself to repurchase interests in the LLC upon the occurrence of a triggering event. This triggering event could be the disability, incapacity, resignation, retirement, or death of an LLC member. Offers by outsiders or others to purchase assets or interests in the LLC could very well trigger such an agreement. The Buy-Sell agreement would assure that all LLC interests are accounted for and are being used properly. The Buy-Sell agreement provides a further crutch to ensure that the LLC is not crippled further by the disability, incapacity, resignation, retirement, and death of a member or other specified events.

Disability, incapacity, retirement, and death most certainly make business continuity and succession planning difficult or impossible. Families are often faced with the seminal question: Is it worth keeping this business in the family, or should we just let it go? The next question is often the following: If we decide to keep the business going who is going to manage the business? Establishment of an LLC long before these issues arise gives the small business owner time to groom and train replacements within the family. If this effort fails, the LLC may serve as a useful vehicle to look outside the family to attract and retain key leaders to carry on the business and legacy. Employee benefits and opportunities to own equity in the LLC may go a long way towards attracting the leaders to guide the business beyond the capabilities or earthly limitations (i.e., sickness and death) of the founding member(s).

VII. Conclusion.

Some people say that sometimes business and family do not mix. Sometimes this is true. Business and family can mix quite well if thought and planning take place on the business side of the equation. LLCs as outlined above hold special appeal to small business owners concerned about business continuity and succession planning. LLCs offer many non-tax and tax advantages over other forms of business that small business owners and their advisors alike should strongly consider. LLCs are excellent entity choices to address the recurring issues of risk and liability, capital formation and financing, governance and control, and business continuity and succession planning. Finally, the tax benefits and impact of LLC ownership, due to the hybrid nature of an LLC, are tremendous.

I.          Introduction.

For small business owners, a number of factors come into play in deciding what type of entity to choose for conducting their business. Entity choice is often one of the key initial decisions a business owner must make. Often, this is a critical decision that must be made before the first goods are manufactured and sold, or the first services are provided to patrons or clients. In order to make the proper entity choice, the business owner must consider a number of non-tax and tax factors. In terms of the non-tax considerations that come to mind, four primary considerations affect the calculus of entity choice: (1) risk and liability issues; (2) capital formation and financing options; (3) governance and control of the entity; and (4) continuity and succession planning.

There are primarily four main choices to pick from in operating a business and choosing an entity: (1) a sole proprietorship; (2) a partnership (whether general or with limited liability); (3) a corporation (whether a subchapter C or S corporation); and (4) a limited liability company. The decision to choose one of these types of entities over another creates a whole host of considerations geared around liability and risk aversion, capital formation, governance and control, and continuity and succession. Especially, for small business owners, these core considerations are highly magnified and take on great significance. As their small businesses succeed and grow, becoming large businesses, business owners and key executives/employees become most worried and concerned about disability and incapacity planning, retirement, and death. Certainly, where business owners and key executives/employees are concerned, disability, incapacity, retirement, and death can ravage and destroy even the best businesses virtually overnight.

II. Limited Liability Companies.

Sole proprietorships, partnerships, and corporations all address the issues of risk and liability, capital formation and financing, governance and control, and continuity and succession in varying ways. Indeed, sole proprietorships and partnerships (particularly general partnerships) generally are not the best choices where business owners run a high risk of being sued as they do not shield their owners from personal liability. Corporations are excellent in high-risk situations where owners seek limited liability. Sole proprietorships and general partnerships are limited in capital formation and financing by their owners creditworthiness. Corporations allow greater options for capital formation through the sale of shares of stock and other equity. Sole proprietorships and general partnerships allow for direct control and management by owners. Corporations are formal and bureaucratic in that officers and agents have to answer to shareholders and boards of directors. Sole proprietorships and general partnerships die and cease to exist when their owners die. Corporations are advantageous in that they have perpetual life and existence.

In the not so distant past, those wishing to start a business essentially had only three options for the form of that business sole proprietorship, general partnership, or corporation. As demonstrated, each of these business types brought with it a number of factors to be weighed and considered when viewing risk and liability, ease of capital formation, internal control and governance, and continuity. There existed very little room for the proverbial happy medium. However, in the 1970s, this changed when Wyoming enacted the first limited liability company (LLC) statute, creating a business form that blended features of sole proprietorships, general partnerships, and corporations. Essentially, LLCs are hybrid entities that limit personal liability, have equity features like corporations that assist in capital formation, provide flexibility in governance and control structure, and exhibit almost unlimited life and duration. Currently, all fifty states and the District of Columbia have LLC statutes in place. LLCs are formed quite easily through filings of forms with the appropriate state official, usually the Secretary of State.

When cyber crime makes the headlines, it usually involves a large business, such as TJ Maxx http://www.msnbc.msn.com/id/17871485/, which is thought to have suffered the largest data breach to date. A company of this size manages large volumes of customer information, allowing a single security breach to expose the privacy of millions. It was only a matter of time before cyber criminals targeted small businesses to steal credit card numbers, social security numbers and other important personal information.

If you think about it, small businesses are an easy and attractive target for cyber criminals. Simply put, they lack many of the high-priced cyber defenses in large enterprises can implement.

According to an April, 2009 Verizon study, 33 percent of all data breaches in 2008 were directed at businesses with 100 employees or fewer. http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf. By comparison, large businesses with more than 10,000 employees sustained fewer data breaches in 2008, totaling 25 percent.

As small businesses increasingly find themselves the victim of cyber crime, they have a duty to ensure they implement the programs to protect their information. Using appropriate safeguards is critical to inspire consumer confidence in at least two respects:

1) Ensuring Customer Confidence. Acquiring and maintaining the trust of employees, customers, vendors and suppliers is indispensable for a successful business. Cyber crime can ruin a company’s reputation and impact sales, which only reduces confidence and trust among those who do business with the company. Having a quality cyber-security framework and compliance program firmly in place can help companies prevent cyber crimes and, in the event they do occur, help the company minimize damage and restore services quickly.

2) Managing Liability Risk. Failing to develop and implement an effective cyber-security framework could lead to serious civil penalties for a business and even personal criminal liability for officers and company directors. When determining a company’s accountability, courts assess whether the company had an adequate compliance plan in place and if it was followed.

Information Security Program – The Fundamentals

As cyber criminals shift their focus to “Main street” companies, small businesses need to play catch-up with their larger counterparts to maximize protection of sensitive information.

To help small businesses develop a more reliable data security plan, I offer the following ideas that help to comprise an optimal security and liability prevention program. These ideas made use of several sources, including current legislation, standards, guidelines and regulations. Because no cyber-security program provides 100 percent protection against a data breach, businesses must work to minimize their risk. If properly implemented performed and followed, these suggestions provide protection from most legal claims for negligence.

1. Management must be involved

Under the law, the company’s managers have a duty of care to ensure that the company safeguards legally protected information. Management must develop and follow adequate security procedures and systems.

2. Identify and Manage Threats

The use of information technology creates a high level of communication with vendors and others. As a result, vendors and others may assess your existing security and confidence in these systems is critical to a small business. Three major steps in assessing your risk often involve:

Step 1: Identify and analyze threats

A threat assessment focuses on common threats that include hackers, possible inside-employee illegal/improper activity, and error or neglect from within that exposes cyber networks.

Step 2: Identify and analyze your vulnerabilities

Assessing your technological weaknesses in the company’s network and security infrastructure examines the ability of your system to deter or prevent breached under the existing security procedures and controls. Vulnerability assessments are used to (1) identify weaknesses that could be exploited and (2) predict the effectiveness of additional security measures in protecting information.

Step 3: Assess your risks

Assessing your risks is the final step for the business to perform and is based on the analysis of threats, vulnerabilities, services, and other tangible factors. The analysis informs management about possible risks to the company’s data and what is (or is not) being done about it.

3. Test Your Own Security

Penetration testing should take place to find gaps and holes in your system so you can fix any areas that are found to be unprotected.

4. Demand that Employees Understand Cybersecurity Policies

Employees and independent contractors must be made aware the importance of improving the company’s security. Training should include employees’ legal and policy duties for reporting intrusions and suspicious activities to management. Company policy should also address appropriate use of e-mail, use of bandwidth, and downloading activity and systems protection against virus attacks via e-mail attachments;

5. Use Encryption Technology

Encryption is an important tool in improving cybersecurity and reducing liability. You should consider encrypting electronic customer information while it is in transit or in storage on networks.

6. Transfer Risk Where Possible: Insurance

As cybersecurity risks continue to grow, insurance has become a critical measure in protecting companies against the costs of cyber incidents such as malware, phishing, insider thieves and hackers. Insurance can protect against losses resulting from theft of money or assets due to a data breach. Insurance can also mitigate other costs, including incident management, notification of affected parties, and legal defense. The more appropriate measures a company takes, the better position it will be in to negotiate coverage.

Conclusion

As cyber criminals set their eyes on smaller targets, small businesses owners and managers must be prepared to protect themselves, their employees and their customers. Many small businesses overlook the importance of a reliable data security plan in ensuring three core aspects of their business: 1) the ability to maintain the confidence of a solid customer base, 2) prevention of liability for failing to protect customer data, and 3) the potential for growth as the economy and consumers adapt to increasingly-advanced technologies that require increasing levels of security. To protect these elements, small business owners must take concerted steps to assess the security of their cyber assets and educate their employees about company security policies.

Now I don’t begrudge these software makers for making a product that fills a need.  What I am telling you is that bankers and any other investors worth their salt can spot these so-called business plans a mile away and these canned plans materially decrease your credibility in their eyes.  And who can blame them?  If you were about to land or invest money into an enterprise run and/or founded by someone who wouldn’t even take the time or the effort to create their own work, what would you think?  I’ll tell you what they think; they think you’re a joker.  A business plan is meant to focus its writers on their vision of how the venture will work, benchmark its goals and explain the need their business will fill now and in the future.

A business plan is not something that “couldn’t be easier.  Just answer a series of straightforward questions, and the software determines the next steps based on your specific answers.”  Good business plans are hard to write, require much thought and considerable effort.  Moreover, if you think a banker or an investor wants to read 40 pages of the same crap they’ve been handed over and over by lazy entrepreneurs, think again.  Most lenders and investors want your business plan to be no more than 10 and at the most 15 pages after that they just lose interest.  The surest way to get your loan, SBA financing, or investment capital denied is to walk into their office and hand them one of these canned documents.

So please, I’m begging you: stop using that software and sit down and write and I mean actually write your business plan. Writing will force you to think about your business, give you credibility, and save everyone a lot of time and effort by not having to redo it.

When you are paying for advice listen to it! Recently I had a client who was working as a pharmacist for huge retail chain and just could not stand it any more so he wanted to buy a pharmacy. We came across what initially looked like a great deal—the seller had just been through a divorcee, was desperate to sell and was willing to finance the entire purchase price. The seller made numerous representations to that business was operating just fine and that it would be a turn key operation. Despite the rosy picture the Seller was painting after some digging we discovered that the store was almost 6 months behind in its rent, was in default to it main vendor who had initiated litigation and the ex-spouse would need to sign off on the deal since she was still part owner of the company. I don’t know what more could have been wrong with the deal.

Though my guy was anxious to leave his current employer, he did the right thing he listened to his team when we told him he would be crazy to move forward with this transaction. Too many times though a buyer gets a case of the “first time home owners syndrome.” The syndrome often afflicts first time home buyers who are so desperate to close on that first house that they will overlook any problems with the property—only to have buyers’ remorse down the road.

Just like buying a house, often buyers who are unhappy with their present situation and are longing to move on will catch the syndrome and overlook material problems with the deal just to close or leave or whatever. They always regret the day they decided to move forward instead of listening to the people they hired to look out for them. Buying a business is one of the most significant steps than a person can take. The transition from employee to owner is stressful enough without the added headaches of a company rife with problems from day one.

How do you know if you have the “first time home owners’ syndrome”? One test I use is to see if the client can get up and walk away from the table without looking back. If you can’t get up and walk away, then you’ve probably got the syndrome since and will probably do something you will regret down the line. What is the cure? Simple, listen to the people you’ve hired to guide you through the process—they have an objective perspective and can see more clearly than you.