canadian treasurer magazine summer 2015

Summer 2015 • www.canadiantreaSurer.com

canada’S magazine of corporate finance

PM40050803

HR Management:Savings through healthcare debit cards

16

Compliance:Initiating cross-border payments

18

STAKEHOLDER REPORTBest practices for managing investor relations

Regulatory: VAT Place of Supply changes

Gary

Tan

nyan

3Summer 2015 CANADIAN TreASurer

Departments & Columns

4 Industry Watch

25 Events

Stakeholder Report

A look at best practices for managing stakeholder relations relating to such things as crowdfunding trust issues and privacy breaches

8 Stakeholders Relations:The Top Five Equity Crowdfunding Trust Barriers

12 Protecting Stakeholders Through a Privacy BreachHow communication can boost resilience

15 Stakeholder ImpactFor a successful enterprise, cultivate investor relations

Features

16 HR ManagementHealthcare debit cards can unlock savings for employers

18 ComplianceA look at the challenges of initiating cross-border payments

20 RegulatoryVAT: What you need to know about 2015 Place of Supply changes

22 Risk ManagementHandling the risks of disruptive technology

24 Your TeamToday’s must-have finance and accounting skills

26 Tax MattersFive tips to simplify taxes

Summer 2015 • www.canadiantreaSurer.com

canada’S magazine of corporate finance

In the next issue:A look at the cross-functional CFO, why security has become a C-suite issue, and the top tax mistakes that SMBs make.

Table of Contents

8

12 24

Gary

Tan

nyan

CANADIAN TreASurer Summer 20154

Summer 2015Volume 25 Number 15

Publisher / Corporate Sales Mark [email protected]

EditorKaren Treml [email protected]

ContributorsChris Byrd, President and Chief Operating Officer at Evolution1, Inc.

Rick Byun, Vice-President, Strategy & Business Development at Maverick

Jill Grenier, Lead Tax Counsel, Tax Research Department at Sovos Compliance

Nancy Harris, Senior Vice-President and General Manager for the Canadian market at Sage

Ben Hunter, Director of Technology & Clean Technology at Chubb Commercial Insurance

Neil Platt, Chief Revenue Officer at Payoneer

Natalia Smalyuk, Vice-President, Corporate & Public Affairs at Maverick

Alex Todd, Principal at Trust2Pay

Creative Direction / ProductionJennifer O’[email protected]

PhotographerGary Tannyan

PresidentSteve Lloyd [email protected]

For subscription, circulation and change of address information, [email protected]

Publications Mail Agreement No. 40050803Return undeliverable Canadian addresses to:

Circulation Department302-137 Main Street NorthMarkham ON L3P 1Y2t: 905.201.6600 • f: [email protected]

Subscriptions available for $40.00 year or $60.00 two years.©2015 Lloydmedia Inc. All rights reserved. The contents of this publication may not be reproduced by any means, in whole or in part, without the prior written consent of the publisher. Printed in CanadaReprint permission requests to use materials published in Canadian Treasurer should be directed to the publisher.

Ontario Interactive Digital Media Tax Credit

Made possible with the support of the ontario media development corporation

induStry watch

Improper reporting of taxable benefits tops CRA audit adjustments listOne of the most common compliance issues identified by the Canada Revenue Agency (CRA) and Revenu Québec (RQ) in organizational audits is improper assessment of taxable benefits and allowances, or excluding taxable benefits from employment income. In fact, on the most recent list of top ten CRA audit adjustments, 7 out of 10 of the most commonly requested adjustments to an employer’s payroll are related to taxable benefits not being correctly reported (see the Canadian Payroll Association’s Payroll Tips at payroll.ca).

Under legislation, these taxable amounts must be included in an employee’s income. They also impact the calculation of statutory source deductions, workers’ compensation premiums and other provincial payroll taxes and levies, and may have GST/HST implications. Employers are responsible for determining whether the benefits they offer are taxable to their employees, adding the value of those benefits to reportable income, and then withholding, remitting and reporting the required statutory deductions to the CRA and RQ.

Many employers and employees are surprised at the depth and breadth of items considered to be taxable employment benefits. For example, many may not be aware that under statutory requirements most gifts received by employees from their employer must be accounted for as taxable benefits, except under the $500 gifts and awards exemption, where these may be given tax-free. Other common examples of taxable benefits include automobile benefits and allowances, parking and transit passes, employee loans and stock options, travelling expenses for a spouse or partner, and many other fringe benefits that may be received by an employee in the course of employment.

To enable employers and employees to stay compliant in this complex area of payroll compliance, the Canadian Payroll Association offers a comprehensive one-day seminar on assessing taxable benefits for finance, payroll, accounting, and human resources professionals. This seminar provides detailed information on more than 40 of the most common taxable benefits, including how to determine which benefits are taxable, current legislation and administrative policy requirements, calculation methods and reporting obligations, and related sales tax issues. The Taxable Benefits and Allowances seminar addresses all of these issues in plain language, with exercises to reinforce learning for those benefits that are more challenging to calculate. It fosters the opportunity to network and learn from colleagues who may be facing similar challenges in assessing benefits.

“The taxable benefits seminar is one of the Canadian Payroll Association’s most attended offerings. It is designed for those who need to be aware of the payroll implications for the full range of taxable and non-taxable benefits and allowances in remuneration packages, including changing taxable benefits values, policies and regulations,” said Janet Spence, Manager of Compliance Services and Programs for the Canadian Payroll Association.

The Association’s Taxable Benefits & Allowances seminars are being held at locations across Canada from March through October, along with a range of other topics to help employers comply with the over 190 federal and provincial legislative and regulatory requirements that impact payroll. A complete listing of seminar dates can be found at payroll.ca.

6 CANADIAN TreASurer Summer 2015

For breaking news and in depth new features, visit our website at www.canadiantreasurer.com

Reval hires Mark Johnson as managing director, EMEA salesReval, a leading global provider of a scalable and integrated cloud solution for Treasury and Risk Management (TRM), has hired Mark Johnson as Reval Managing Director, EMEA sales. Johnson will lead his team in helping companies realize their vision for more effective management of treasury and risk.

“Mark is a consummate leader with razor sharp focus,” says Reval executive vice-president of global sales John Mitchell. “He is results driven, a natural team builder, and brings deep experience in financial technology. I am thrilled to have him leading our EMEA team,” Mitchell says.

“I’m excited to become part of an organization that has focused on serving the needs of corporates over the past 15 years, and in doing so, has grown into the largest cloud-based SaaS provider in the corporate treasury space,” Johnson says. “Reval is proven to scale from the most basic use case to the most advanced. This makes the future bright for any company wanting to stay competitive using modern treasury and risk technology that can grow with them.”

Mark has 20 years of experience in financial technology with strong front line sales and sales management experience. He has held senior roles in the EMEA and APAC regions, most recently as Head of Sales at Broadridge Financial Solutions. Prior to Broadridge, he was Vice President of Global Sales at Asset Control, where he spent nine years building and managing the client base in EMEA and APAC. He became a member of the executive management team at Asset Control and took an active role in securing a new investor for the company in August 2013. Prior to joining Asset Control Mark held senior sales positions at Misys, Rolf & Nolan and Sybase.

A new global study on alternative channels for capital from shadow banking – a broad activity relating to all nonbank credit intermediation – provides a unique investor perspective on what it will take for these financing vehicles to take hold and support economic growth. ‘Shadow Banking: Policy Frameworks and Investor Perspectives on Markets-Based Finance (Shadow Banking)’ makes recommendations for improved transparency and simplification in securities financing, including management of collateral and reforming the securitization market. The study finds that 55 per cent of professional investor respondents globally identified a need for greater standardization and simplification of issuance structures in securitization markets.

Shadow Banking is unique in its global analysis of regulation as it applies to the different entities and activities within the shadow banking system across regions, and its subsequent exploration of risks and investor perspectives.

Rhodri Preece , CFA, head of Capital Markets Policy EMEA at CFA Institute and author of the study, commented: “Amid the myriad of shadow banking policy initiatives, the challenge facing regulators is to achieve coherence in the implementation of these measures and to minimize regulatory gaps and overlaps. Shadow banking feeds directly into the capital markets union agenda because there is a desire from the policy perspective for markets-based finance to flourish and deepen the sources of finance available for European companies. Nonbank finance has the potential to deliver many benefits to the financial markets in Europe and indeed globally if the right measures are put in place to stimulate demand and justify investor confidence.”

Shadow Banking is informed by a CFA Institute member survey which identifies the perspectives of more than 600 investment professionals globally on the risks and policy priorities surrounding shadow banking. Key findings include:

55 per cent of survey respondents globally identified a need for greater standardization ◉and simplification of issuance structures in securitization markets47 per cent of survey respondents globally agree that the risks associated with securities ◉financing transactions would be mitigated most effectively with greater transparency, through reporting of transactions to trade repositories and to investors.Improving the coherence of the various regulatory measures related to securitization ◉is important; differences in regulation between Europe, the United States and other jurisdictions may impose additional costs without corresponding benefits to financial stability or investor protection.

About ‘Shadow Banking: Policy Frameworks and Investor Perspectives on Markets-Based Finance’Shadow Banking examines the perimeter of shadow banking – the entities, activities and components within the shadow banking system – and how they vary across different jurisdictions. The analysis covers the United States, the European Union, and Asia-Pacific (focusing on China) and illustrates that the concept of shadow banking differs across regions. In developed financial markets, the term is synonymous with “markets-based finance” such as certain types of investment funds and securitization vehicles, as well as activities such as securities financing transactions, whilst in other jurisdictions, “shadow banking” largely comprises alternative lending channels such as peer-to-peer lending and other forms of nonbank direct loan provision.

InDuSTRy wATcH

Study calls for standardization, simplification and transparency


Insurance solutions designed to meet the evolving needs of technology companies.With the frequency of security breaches and privacy violations on the rise, technology companies can face a variety of lawsuits. Increased and integrated intellectual property and media exposures expands the technology risk spectrum.

Backed by our financial strength and superb claims service, Chubb has a long history of helping your company manage critical risks as your business grows from an emerging start-up to an industry giant. In fact, 68 of the largest 100 Canadian technology companies in Canada are clients of Chubb Insurance.

For more information, visit our website or contact your insurance broker today.www.chubbinsurance.com

Chubb refers to Chubb Insurance Company of Canada

Chubb Creates Certainty.TM

Solution helps banks gain clarity on risk modelsBanks continue to juggle growing demands to aggregate and analyze risks, stress test overall balance sheets, and assess the capital adequacy and variety of performance and regulatory measures. Since performance depends on many complex models, banks must develop and demonstrate a robust risk model governance strategy to regulators. Failure to actively manage business and regulatory models can expose banks to uncertainty and possibly lead to higher capital requirements.

Today, SAS is rolling out SAS® Model Risk Management, a new model-governance solution that provides a complete and detailed view of all models within the bank, so that the associated model risks and related findings can be precisely monitored and managed. The solution caters to the needs of all the interested parties of various models and provides transparency on any model weaknesses or results produced by model usage.

“Model governance must become a

fundamental element – a standard operating procedure – for chief risk and compliance officers in our industry,” said Michael Versace, Global Research Director for Risk and Digital Strategy at IDC Financial Insights. “An enterprise approach to model risk management that supports all risk categories is an innovation necessity for regulated entities in all financial sectors and for firms of all sizes.”

Banks are increasingly finding that effective management of their analytic model inventory – including understanding model relationships and bank-specific workflows – is a critical component to meeting regulatory requirements and meeting business needs. SAS relieves banks from reliance on disparate ad hoc solutions, providing a comprehensive, aggregated view of model risk to manage model lifecycle workflow.

The new solution centralizes model-inventory management, including document management and source code control, with decentralized access and a complete model-

validation process. The solution’s dashboards bring together an aggregated view of a bank’s entire system of models to pinpoint areas of concern and opportunity.

With SAS Model Risk Management, institutions can organize and manage their models, assist in the complete validation cycle, and manage change requests, usage tracking, ad hoc correspondence and model-related issues. Banks can also perform policy and exception management for effective challenge and remediation plans with thorough documentation and customizable workflows to meet any business need.

“Regulators as well as executive management teams are increasingly scrutinizing how banks develop, validate, approve and implement risk performance models,” said Troy Haines, Senior Vice President of Risk Research and Quantitative Solutions at SAS. “SAS Model Risk Management helps firms address both regulatory and business-as-usual model governance requirements.”

InDuSTRy wATcH

9

REguLATORy nEwS

Summer 2015 CANADIAN TreASurer

Stakeholder report

Stakeholder Relations: The Top Five Equity Crowdfunding Trust Barriers

By Alex Todd

Early stage companies now have a whole new way of raising vast sums of money for their ventures. Crowdfunding is

the newest vehicle for financing anything from a cause to a business. To date, most crowdfunding has been for charitable causes, such as the famous ALS Ice Bucket Challenge that raised $88.5 million. Recently, businesses have adopted rewards-based crowdfunding campaigns, the most notable being Pebble Time Smartwatch that raised $20.3 million in discounted pre-orders. However, equity (including debt) crowdfunding, which is the newest form of crowdfunding, promises to be the most significant. Barely two years old, early, high profile success already has Neil

Young’s PonoMusic Player raising $4 million in total financing, even after having turned away millions of dollars from investors who failed to satisfy regulatory requirements; on the heels of already having raised $6.2 million from a pre-order rewards-based crowdfunding campaign.

It is the people who were turned away, the same category of individuals who, to date, have been funding cause and rewards campaigns at ten times the value of the largest equity crowdfunding campaigns, who will be the key to unlocking the full potential of this new digital medium for business investment. It is these non-accredited investors, namely ordinary people like you and me, those not deemed to be high net worth individuals, who hold the keys to the ultimate promise of equity crowdfunding. They Ga

ry T

anny

an


will be the game-changers that fuel future new business creation. They are also the people who are currently barred from investing through equity crowdfunding in most jurisdictions around the world. This is about to change, as newly proposed regulations, most notably in the U.S. Jobs Act, are going to give the rest of us an opportunity to also participate in this super-high-returns asset class.

Major change, such as this, will be disruptive for all concerned, from issuers, to investors, to all traditional intermediaries that facilitate the early stage venture investment process. Change is difficult, fraught with well-founded fears, as well as inevitable misconceptions that foster resistance. Despite the promise, issuers and their chosen crowdfunding portals will need to adopt innovative new ways to overcome significant barriers inhibiting investor acceptance. Many so-called, early adopters are bound to experience remorse and rouse public indignation before norms and common understandings are established. Already, a high profile example has emerged from the Oculus Rift (virtual reality headset) rewards crowdfunding campaign that provided a preview of the implications of unmet expectations, when ‘crowdfunders’ expressed public outrage over a perceived betrayal of trust upon hearing of the company’s sale to Facebook for $2 billion, because their ‘donated’ funds would no longer be needed (fueled by underlying remorse that they had not had an opportunity to invest in company’s shares instead). Equity crowdfunding initiatives must be diligent not to fall into similar expectation traps.

Sophisticated investors, such as angel investors and venture capitalists will also need to adapt to the new realities of equity crowdfunding that threaten to disrupt established business models and open opportunities for new ways to create value. Portal-supporting ecosystems of 3rd party services providers (e.g. lawyers, accountants, consultants, technologies, marketing, governance, compliance, insurance, derivatives, secondary markets, etc.), regulators, and broker/dealers will need to evolve to support simplified, low cost, volume-based transaction flows.

More than ever, issuers’ stakeholder relations practitioners will become a critical success factor. In addition to traditional investor relations, which deals primarily with matters of corporate governance, corporate social responsibility, and shareholder management

and communications, for crowdfunding, stakeholder relations becomes event-based, more akin to an initial public offering than steady state relationship management. Crowdfunding demands new, high standards for stakeholder “engagement” that progresses investors through the entire transaction lifecycle (discovery and evaluation, negotiation and fulfillment, commitment, settlement and compliance, and exit), helping smooth all friction that could impede capital (or debt) deal flow. The most significant areas of abrasion reside with the novel aspects of equity crowdfunding:

Limited liquidity 1. By definition, unlike publicly listed companies, private companies cannot easily sell their shares on secondary markets. That means investors in private companies can neither buy nor sell their shares without involving the issuer. Private equity investors are therefore considerably more committed to their investments than those holding publicly listed shares that trade on a stock market. To mitigate their liquidity risk, equity investors typically get very close to the business and its owners. In most cases, start-up investors are the founders themselves, together with their families and friends. Founders are held to account through their strong personal and community ties. Subsequent rounds of financing come from increasingly distant circles of trust. These include angel investors who establish close relationships with the founders of the business, followed by sophisticated venture capitalists who rely both on familiarity with the founders and management, and the critical success criteria for the business and their investment. The latter pay particular attention to how they will realize their return on investment (their exit strategy), either by selling their shares to an acquiring company, or by taking the company public. By contrast, crowdfunding investors primarily fund angel rounds, with limited ability to know the founders. Although digitally intermediated crowdfunding opens new opportunities for enhancing stakeholder relations effectiveness, it also introduces special challenges, since they also need to bridge the requisite investor-to-founder familiarity gaps that could otherwise give suitors cold feet when contemplating the

STAKEHOLDER REPORT

“Issuers and their chosen crowdfunding portals will need to adopt innovative new ways to overcome significant barriers inhibiting investor acceptance …”


STAKEHOLDER REPORT

reality of being locked into prenuptials that largely preclude them from initiating future divorce proceedings – namely selling their shares.

Novice crowdfunding investors2. Accredited investors are accustomed to relying on investment dealers to provide professional investment advice. However the Exempt Market Dealers, who once played an advisory role and now run the neutral and transparent equity crowdfunding portals, can no longer advise their former clients. In crowdfunding, even sophisticated investors will need to learn new, non-traditional ways of assessing their investment options, which could retard the investment transaction process even for those who are most qualified to invest. For the first time, non-accredited investors, those deemed less capable of making informed investment decisions, will also have access to these early stage investment opportunities (already available in some provinces under the Offering Memorandum Exemption), although likely with some protective restrictions. However, their prior investment experience, if any, would likely only have been with publicly traded shares, which they could sell, at will. Stakeholder relations will need to find new ways of connecting both classes of investors with resources that appropriately help them navigate new crowdfunding-related risks and provide mechanisms to render any residual uncertainties acceptable (e.g. escrow, insurance, guarantees, warranties, derivatives, etc.)

Empowered digital crowds 3. Social-media savvy, online investors are likely to have non-traditional investment expectations. They are accustomed to having direct, bidirectional communication with decision-makers via direct, online channels of communication, such as blogs and social networks, and are likely to have elevated expectations for issuer responsiveness. They also

feel entitled to reinforce their views by mobilizing similarly minded activist “crowds” to drive change by creating collectives and aggregations that amplify their voice. Digital crowds also tend to trust and rely on the opinions and support of like individuals, more than traditional so-called “experts”. These new dynamics have implications beyond issuer-investor relations that include cultivating healthy engagement among critical stakeholders themselves, including investors, opinion leaders, and the influential portal ecosystem of services providers.

Shotgun deal 4. Traditional private equity investors have some control over the investment agenda, timing their investment commitments to coincide with their confidence and comfort thresholds. In other words, they take their time to build trust in the company before finalizing the deal. Similarly, public company shareholders choose when to buy and sell their shares based on individually selected criteria, such as personal preferences and market conditions. Crowdfunding takes away much of that ability to time investment decisions, since crowdfunding campaigns typically run within time-limited, 30 to 60 days windows of opportunity. Stakeholder relations will need to adjust their engagement strategies to satisfy the needs of diverse investors in order to maximize participation.

Ambiguous shareholder rights 5. Experienced private equity investors rely on established practices for post-investment decision-making. Typically, if they hold a significant stake in the company, they are entitled to a seat on the board of directors, or at least can influence the selection of board members. Unaccredited investors, by contrast, might only be accustomed to exercising their proxy voting rights in publicly listed companies, with marginal, if any, influence over director

selection, but they can always sell their shares if they become unhappy with corporate decision-making. Decision-making at early-stage private companies usually resides with the founders alone, with some influence from founder-selected, family and friends board members. Their corporate governance practices tend to be less well defined, if not non-existent, and therefore generally unknown to shareholders. While all have equally locked-in investments, only majority shareholders have the power to force management to initiate a liquidity event, which tend usually to be the founders themselves. Equity crowdfunding inherently attracts larger numbers of less-empowered, minority shareholders, therefore mitigating their liquidity risk will become a major consideration. Post-campaign, the new capital stockholders (as distinct from secondary market shareholders) are likely to feel a unique sense of company entitlement. This poses an added challenge for issuers; to optimize their investors’ participation in company decision-making.

Before equity crowdfunding can realize its promise, portals will need to develop new, crowdfunding-optimized corporate governance standards for issuers and introduce other means of protecting shareholders from becoming disillusioned with their investment. Stakeholders relations needs to play a proactive role in engaging with the crowdfunding community and helping portals devise effective and practical trust enabling practices, such as promoting the proliferation of secondary markets (e.g. TMX and Aequitas). ‘Particivesting’ (participatory investing) that establishes equitable decision-making rights for its capital stockholders will be critical for equity crowdfunding success, and promises to ultimately become its distinguishing quality.

alex todd, principal at trust 2 pay, delivers game-

changing insights to financial technology ventures.


STAKEHOLDER REPORT

Protecting Stakeholders Through a Privacy BreachHow communication can boost resilience

By Natalia Smalyuk and Rick Byun

Big Data means big opportunities and big risks. According to a 2015 Association of Corporate Counsel study, one in four

chief legal officers reported their organization had experienced a data breach over the past two years. That’s 25 per cent of businesses. Could yours be one of them? Guidelines below will help you work through what to do and how to communicate if your organization is hit with an information security breach.

Ask the right questionsEvery company dealing with sensitive stakeholder information must proactively prepare for privacy breaches. In reality, many

organizations are only starting to awaken to the massive business, legal, regulatory and ethical implications of the risks inherent in how they do business in a fast-evolving information economy.

When a breach hits, there is no one-size-fits-all solution. While each situation is unique, the first step is always asking the right questions:

How many records or sets of data have been – or ◉may have been – compromised? What type of sensitive information has been or ◉may potentially be exposed? How many people – customers, employees, ◉business partners or other stakeholders – are affected? What’s the damage created by the breach – ◉


STAKEHOLDER REPORT

actual or potential? What do you need to do immediately to ◉stop the breach, contain the damage, and protect those affected?

At this early stage, the answers may be uncertain. To make the right decisions, anchor your actions in a firm commitment to the well-being of your stakeholders.

Activate your breach response teamNext, escalate the issue to your crisis or breach response team. If your organization doesn’t have one, build it now. Integrate different areas of expertise, including the heads of IT, security,

operations, legal, human resources, and communications. If the breach is significant, the CEO needs to be on the team, and you may have to notify the board, too. No one on the leadership team should be caught off-guard. Seek their input and advise them on a locked-down internal and external communications protocol.

Set your narrativeTake the precious few hours for high-level consultation with your organization’s key leaders to create the blueprint of your mitigation strategy. If you don’t do this now, you may waste valuable time later

fixing mistakes. Questions below will help lay out the narrative – your organization’s definition of the truth of what’s happening and what should be done:

What’s the truth? What’s the right thing ◉to do, based on that truth and your values? What’s the right thing to say? How do you want your stakeholders to ◉think and feel about your organization?

Activate the responseYour narrative sets the context for all management decisions. If you get it right, this may make all the difference between success and failure in your breach response effort. Questions below will help


map out the what, who, how, where and when of the response:

Does your organization have ◉existing breach response and crisis communications strategies?What are the relevant laws and ◉regulations in the jurisdictions your organization operates in – and where the breach occurred?What are your organization’s existing ◉proactive notification obligations and compliance requirements?What are potential liability implications? ◉

Now, act. Set up a breach response centre. If online files are exposed, pull them down. If there’s a risk that other data could be compromised, close any open portals to avert further breaches. If your customers’ financial information has been exposed, offer credit monitoring and fraud protection. Set up a hotline where stakeholders can get essential information.

Err on the side of proactive disclosureWhile working to solve the problem, you also need to communicate. Silence is toxic in any crisis. Here’s one of the toughest judgment calls: should you proactively communicate about the breach with external audiences? If in doubt, err on the side of full and speedy disclosure. Your stakeholders don’t want to be left in the dark or learn about your breach from the news or tweets.

Talk to those directly affected first. Tell them what you know. Acknowledge what you don’t. Tell them what you are doing to investigate and solve the problem – and how they can protect themselves. Commit to providing updates.

Notify federal or provincial regulators in the jurisdictions where you do business. Speak to the privacy commissioner’s office as soon as you know enough about what happened and what it means. Provide enough detail. Keep the regulator updated throughout your response effort.

There may be others you’d be wise to communicate with, such as your payment and technology partners. Third-party experts might be called to comment on your crisis. Consider giving them your side

of the story, too. Last but not least, never forget your employees. If you keep them informed, chances are, they will be on your side.

communicate in proportion to the scale and nature of the breach Another judgment call: should you proactively communicate with the media once those directly affected have been notified? If the breach is severe (for example, involving millions of compromised credit and debit cards), the answer is yes. Data and privacy breaches make headlines. Get ahead of them and own your story without feeding the media frenzy.

Word of caution: When in doubt about the seriousness of the breach, don’t jump the gun. Communicating too much or too soon may derail the response as much as talking too little or too late. Not every incident warrants proactive notification. If your employee lost a portable USB device with a company document possibly containing some non-sensitive customer information, would anyone benefit from proactive disclosure? To make the right decision, put yourself in your customers’ shoes. If the risks of any damage are negligible, will alarming them cause more harm or good? Trust your instinct.

choose the right spokespeopleYour spokespeople in a crisis should be intimately familiar with the issue, available, and able to inspire confidence and trust.

Who can best communicate what your ◉stakeholders need to know? Who can best communicate how you want ◉your organization to be perceived?

If the breach is massive, consider bringing in the top executive. It shows the CEO cares. A CIO might be your best choice for questions that require technical knowledge. If you get lots of calls, have back-ups to relieve the pressure. Make sure all spokespeople are media-trained and on message.

Don’t overlook your employees. They are your spokespeople, too, as they will talk to their networks and, potentially, the media. While you can remind them of your

company’s communications protocols, you can’t gag them. Instead, engage them in your mitigation strategy. Empower them to tell your story – their story.

Show leadership Who’s responsible for the breach? Is your organization a victim or a perpetrator? Stakeholders will be looking for answers. Who or what caused the breach? Storing sensitive customer information in an unprotected environment? Leaving firewalls open? Was the breach easily preventable? Should there be an apology? Confusing and painful as these questions are, you need to address them. Here are some guidelines:

If people suffered, express concern. ◉If your organization is at least partially ◉responsible, apologize. Owning up to your responsibility in the court of public opinion is not the same as the admission of guilt in the court of law. If you apologize, fix the error and ◉demonstrate a commitment that it will never happen again.

Learn from the breachHidden in every breach is a gift of learning. As the crisis reaches the resolution phase, think about how it played out. What worked well? What didn’t? Take a hard look at your organization. How can you prevent similar events in the future? How can you deal with them better when they occur? Now is the time to dot the ‘i’s and cross the ‘t’s.

natalia Smalyuk is Vice-president, corporate &

public affairs at maVerick, a toronto-based full-

service communications firm that provides a full

scope of reputation management services. natalia

is passionate about helping organizations navigate

change and build capacity in managing crises and

reputation risk.

rick Byun is Vice-president, Strategy & Business

development at maVerick. with a rich background

in corporate communications, politics, and

journalism, rick provides strategic counsel to clients

on issues management, corporate narrative and

brand development.

STAKEHOLDER REPORT


STAKEHOLDER REPORT

Stakeholder ImpactFor a successful enterprise, cultivate investor relations

Although investor and stakeholder relations can’t be measured or calculated on a spreadsheet,

their value can significantly impact your company’s bottom line. Your brand’s reputation and success are contingent upon effective relationships not just with clients, but also with others affected by how you do business. In short, healthy stakeholder and investor relations are crucial for running a sustainable enterprise. Here’s a quick how-to guide and best practices in stakeholder management.

Identifying key playersYour stakeholders will vary depending on your enterprise. There are two main categories of constituents who can affect outcomes.

Internal: ◉ owners, managers, and employeesExternal: ◉ current and potential clients/customers, suppliers, investors/shareholders (if you’re a publicly traded company), government regulators (depending on your industry), professional associations and industry analysts. Even competitors are considered stakeholders because they have a legitimate interest in the outcome – success or failure – of your company.

Rank your stakeholdersAfter you’ve made a list of stakeholders, it’s time to determine who gets how much of your company’s resources. While all constituents are important in their own way, not all deserve the same amount of attention. To rank them, put each of your stakeholders in a power-interest matrix. This allows you to categorize project stakeholders with increasing power and interest in the project, and focus on the key stakeholders that can make or break your project – thereby helping you with stakeholder prioritization.

Where to focus your energy depends on your business model. If your company touts the sustainability of its products, you’ll need to cultivate deeper relationships with suppliers with a low carbon footprint and whose raw materials are ethically sourced; vendors

who stray from this goal will become liabilities rather than assets. In consulting companies, the ‘products’ are the analysts and strategists and the advice they give. The linchpin of such enterprises is creating and managing a dream team, so employees would be considered high power and high interest. In addition to human capital, financial services have to give priority to government regulators, considering the increase in compliance and reporting mandates in this sector.

You should closely manage those with high influence and high interest, while stakeholders with low power and low interest simply require monitoring.

Best practices for stakeholder relationsOnce you’ve decided how much attention each party should get, it’s time to strengthen stakeholder relations.

Trust: ◉ The foundation of solid stakeholder relations is transparency. To build trust, good leaders practice regular open communication and keep stakeholders in the loop, especially when there’s bad news. The more constituents know, the better they can understand your business issues and make informed decisions. In the case of investors, you can cultivate trust – and minimize the chances of a proxy contest – by listening to their issues. Delivering on promises: ◉ To keep stakeholders happy, prioritize customer service and quality products. Consistently meeting expectations, including quarterly performance targets, is also a good way to connect meaningfully with external stakeholders such as industry analysts and potential investors. Integrity: ◉ Operate an organization that stands for something positive and conducts business in an ethical way. Some investors and corporations that practice philanthropy fund only socially responsible companies. Prioritizing integrity is also a smart way to stay in the good books with government regulators. Mutually beneficial relationships: ◉ The best connections are ones in which both sides

are satisfied. Everyone wants a fair deal and to be treated respectfully. Employee stakeholders, for one, feel valued when you offer more than just a competitive salary for their hard work and dedication. Profit sharing creates loyalty and improves retention, and so do career development and leadership training opportunities. Social media: ◉ Nowadays, investor relations comprise much more than just annual reports, shareholder meetings, and press releases. Not only can social media provide a regular stream of information to stakeholders, platforms such as Twitter, Facebook, and LinkedIn – when used correctly – encourage meaningful two-way conversations and bolster stakeholder relations. Tracking social media is also a great way to stay on top of rumours and gather market intelligence, says Sandra Novakov, investor relations director at the UK-based PR agency Citigate Dewe Rogerson.Investor relations professional: ◉ With investor relationships growing in scope and relevance for publicly traded companies, perhaps your organization could benefit from the guidance of a professional. The Canadian Investor Relations Institute (CIRI), partnering with the Ivey Business School, has created a program to certify practitioners who desire a formal education in this field. Taking 10 months to complete, the Certified Professional in Investor Relations (CPIR) designation covers capital markets and regulations, communications, corporate governance, finance, securities law, and more.

Smart leaders don’t take stakeholder engagement for granted. They understand the importance of developing a solid strategy, communicating their company’s story and cementing relationships with top constituents.

this article is provided courtesy of robert half

canada, parent company of accountemps, robert

half finance & accounting and robert half

management resources.


Healthcare Debit Cards – Key to Unlocking Savings for Employers

hr management

The concept is still relatively new and debit card use is not widespread – yet …

By Chris Byrd

Healthcare costs continue to escalate, and not only for the provincial plans.

According to the Canadian Institute for Health Information, over the past ten years per capita private sector health spending grew at nearly twice the rate of inflation. Sixty-five per cent of Canadians have some form of supplementary private health insurance, and much of this is provided by their employer. So the cost pressures are increasing on employers as well as individuals.

As employers continue to grapple with this cost challenge, an established, oft-overlooked benefit plan product deserves a closer look. Healthcare Spending Accounts (HSAs) are used by employers to help their employees and eligible dependents pay for healthcare expenses not covered by the provincial plans. HSAs can be a superior alternative to traditional insurance and a way for employers to not only control costs, but also improve employee satisfaction. And when these accounts are combined with a debit card to make it easy for the employee to access the plan to pay for healthcare, employees respond enthusiastically.

About HSAsAn HSA is an account with a maximum benefit funded by the employer. The funds must be used for qualified expenses and are not taxable to the employee. The employer retains control of unused funds, and employees forfeit unused benefit if they leave the employer. Each employer can define the amount of benefit and what expenses can be paid from the HSA, and can even set sub-limits for different types of expenses. For example, Employer A may decide to provide $750 for any combination of prescription drug, dental, vision, or paramedical expenses (the most popular uses of HSA funds). Employer B may opt to provide a richer benefit

of $1,000 for the same expenses, while Employer C provides the same $1,000 but does not cover paramedical. And Employer D may provide a $1,000 benefit, with $500 sub-limits for each type of expense. The key word is flexibility, enabling the employer to align the benefit with both its strategy and the wants and needs of its particular employee population.

Advantages of HSAsFor the employer, HSAs offer several important advantages over traditional insurance plans:

The benefit is fixed and determined by the employer based on its budget capacity.

The employer has a hedge against employee ◉turnover – once the employee leaves, all unused benefit is forfeited.The employer has significant flexibility to design ◉its own plan strategy – how much and what to cover.Employees tend to treat the benefit as their ◉own funds and spend carefully, turning them into engaged, cost-conscious consumers whose incentives are aligned with those of the plan sponsor.Employees like HSAs for the flexibility they ◉offer, giving the employer a powerful employee-relations tool.


HR MAnAgEMEnT

That last point deserves some more discussion. The 2014 ‘Sanofi Canada Healthcare Survey’ asked employees what kind of healthcare benefit they received from their employer. Not surprisingly, the majority – 74 per cent – had a traditional plan, while 26 per cent had an HSA (some undoubtedly had both). But when asked what type of benefit plan they preferred, the results were strikingly different – 37 per cent responded that they prefer an HSA compared to only 15 per cent who prefer a traditional plan. By moving to an HSA, an employer can increase flexibility and control while better responding to the preferences of its employees – a win/win if there ever was one.

Adding a debit card unlocks the value of the benefitHSAs have been around for some time now. Traditionally, they have been administered in a cumbersome, inefficient manner that is inconvenient to the employee, diminishing the value of the benefit. The traditional process involves the employee paying the provider out of pocket, submitting a claim for reimbursement, and waiting for a check or EFT. A little more than three years ago, an attractive new alternative was introduced broadly in the Canadian market – a debit card to access the HSA. Under this approach, the participant receives a special purpose debit card to pay the provider directly from the HSA. There is no need for the employee to incur the negative float of paying out of pocket, and no claim form to fill out and submit – a simple and efficient solution.

How does the card work? It is a Visa or MasterCard-branded card that can be used at any qualified healthcare merchant that accepts those card brands. Sophisticated

technology limits where the card can be used, and most importantly, where it can’t (no restaurants or electronics stores); rules can be customized to fit each employer’s specific benefit plan design. Additional technology can limit what is purchased at a specific merchant – for example, in a pharmacy or drug store, the card can be limited so that it is only usable to purchase prescription drugs. This ensures that the

card is used for qualified healthcare goods and services and that the employer’s plan funds are protected.

These special-purpose healthcare debit cards have been used in the U.S. for over fifteen years and have become mainstream. It is estimated that there are over 40 million Americans who benefit from account-based healthcare plans that use a debit card – over a quarter of the employer-based healthcare market. They have proven widely popular with both employers and employees. In Canada, the concept is still relatively new and debit card use is not widespread – yet. Great-West Life introduced the first national program, and it is still the only one of its kind in the market. But that appears poised to change.

Plan members love the cardDespite the fact that this is a relatively new and unfamiliar product that works very differently from a traditional bank debit card, Canadian consumers have reacted with strong enthusiasm. Eighty-

one per cent of card users surveyed are very satisfied with it, 85 per cent said accessing their HSA is easier or significantly easier, and 84 per cent said the card helps them manage the cash flow of their benefits. Of particular interest to employers, nearly 80 per cent of surveyed employees said the card had a positive impact on the overall group health experience, indicating a halo effect on the employee’s perception of the employer’s broader benefit program. These are powerful satisfaction scores for a brand new product and are directionally consistent with results in the U.S., where satisfaction scores have grown to 90 per cent. As one Canadian consumer said, the card is “a 10 out of 10.”

In the ever-changing landscape of employer healthcare benefits, where companies are struggling to meet the often-conflicting challenges of increased cost pressure and employee satisfaction and engagement, a healthcare spending account with a debit card may be just the answer. It gives the employer flexibility in plan design, makes budgeting easy, is highly valued by employees, and provides a halo effect on the employer’s overall health benefit offerings. It is a great example of how an old product can be made new by applying advanced technology, making this combination an idea whose time has come.

chris Byrd is president and chief operating officer

of evolution1, inc., a weX company. evolution1

is a provider of software and payment solutions

to the employee benefit market, with a focus

on healthcare benefits. the company’s solutions

simplify the administration of benefit plans that

include consumer accounts and are in use in over

100,000 employer plans covering over 11 million

individuals across north america. chris oversees the

daily execution of evolution1’s business and leads

the company’s business development, m&a, and

industry and government relations efforts. he is a

frequent speaker on emerging trends in financial

services and employee benefits.

“Eighty-one per cent of surveyed Canadian consumers are very satisfied with the card, and nearly 80 per cent say it has a positive impact on the overall group health experience – a powerful halo effect …”


Five Challenges Businesses Face When Initiating Cross-Border Payments

compliance

By Neil Platt

The Internet has fundamentally changed the way we do business globally. Businesses everywhere are now able to

tap into the growing consumer markets and freelance resources in virtually all corners of the world.

Unfortunately, traditional banking systems haven’t been able to keep pace with the change in international business when it comes to facilitating cross-border payments. The international correspondent banking network is both decentralized and non-standardized, with inherent problems that can create friction for businesses and professionals attempting to send or receive cross-border payments.

The challenges facing senders and receiversTo help businesses and professionals better determine whether they’re sending or receiving cross-border payments via traditional bank systems is right for them, some of the challenges facing initiators of cross-border payments are outlined below:

1. Exorbitant time and costDepending on the method correspondent banks use to send and receive cross-border payments, the transaction can take days or weeks to clear. In most cases, the time is unknown in advance by both the initiator and the beneficiary, and it can be very difficult to find out what step of the

process the transaction is in once it has begun. Additionally, throughout the transactions, multiple intermediaries are involved, each charging a fee and/or taking some share of the foreign exchange revenue. Often, end users do not know whether costs are also assessed to their counterparties. The World Bank estimates that globally, sending remittances costs an average of 7.99 percent of the amount sent – quite a large chunk of the payment.

2. Lack of standards and absence of direct relationships

National payments systems do not generally support direct participation by banks in other countries, so in cases where one particular bank in a country does not belong to the payment system, a domestic correspondent bank is used to act on its behalf. Unfortunately, there’s no standardization as to how each bank sends, receives and settles payments, which can cause confusion and blurriness in moving cross-border payments from an initiator in one country to a beneficiary in another. Cross-border payments involve multiple intermediaries, which can make it incredibly difficult to relay data regarding reconciliation, payment tracking and straight-through processing (STP) to the receiving party. If a problem occurs (for example, a payment is not received by the beneficiary), the initiator may not be able to trace the transaction quickly or reliably due to the absence of direct


relationships with downstream banks.

3. Lack of transparency in currency conversions

There is very little transparency within traditional cross-border payment systems. It is often unclear which party is responsible for exchanging currency and what margin is being added above the inter-bank rate.

4. compliance with regional regulatory environments

Regulatory environments can vary quite drastically across different regions. Depending on the country the correspondent bank is located in, there will likely be different regulations for preventing money laundering, controlling currency flows and enforcing sanction regimes. In fact, new anti-money laundering (AML) directives are currently making their way through the European Union’s legislature that will create more red tape for banks by eliminating some exemptions that have allowed simplified customer due diligence. These types of regulations can impact the type and size of transactions that can be completed, as well as the optimal method of payment. Being unaware of these country-specific limitations can result in failed payments.

5. Difficulty maintaining end-to-end customer support and determining regional preferences

Maintaining end-to-end customer support for exception handling and addressing operational issues encountered by

beneficiaries that reside in different countries and speak different languages is an extremely complex task. Additionally, many businesses initiating cross-border payments are unaware of the regional preferences of their beneficiaries, making it difficult to determine the optimal choice of payment method. For example, while beneficiaries living in un-banked regions prefer prepaid cards, freelancers contracting out work may prefer electronic wallets as they provide a closed loop stored value system allowing them to easily receive payments and pay sub-contractors.

Although the banking system may not be evolving quickly enough to match the globalization of businesses requiring cross-border payments, there are alternative payment methods that address many of the challenges arising in the traditional correspondent bank system. These include:

Debit cards, ◉ which facilitate daily net settlement of funds between participants, address the data transport requirements accompanying the transaction and perform any currency conversions that may be required. Low-value payment networks (LVPN), ◉which act as gateways facilitating the absorption of cross-border payments into a particular region’s low-value payment system.Electronic wallets, ◉ which facilitate the initiation of payments and money transfers via online channels. These enable customers to send, receive

and hold funds in different currencies worldwide and to make financial transactions online by transferring funds electronically between individuals and businesses.

It might make sense for a company to make use of multiple payment methods, based on the particular situation so it’s valuable to have a single provider that can support all payment methods and geographies. Cross-border payments providers such as Payoneer offer businesses the convenience and benefits of using a single unified interface for initiating, tracking and reconciling payments regardless of beneficiary location, payment method or currency. Payoneer’s service enables beneficiaries worldwide to receive funds quickly, easily and cost-effectively no matter where they are located. For payers and payees alike, Payoneer removes geographical borders and ensures smooth, secure, cost-effective transactions.

neil platt is the chief revenue officer of payoneer.

prior to joining payoneer, platt served as SVp,

payments at fiserv and eVp of cashedge. in more

than 10 years at cashedge, he grew the company

from a pre-revenue startup to an industry leader,

serving most of the large banks in the u.S., including

seven of the top 10. after fiserv acquired cashedge

in 2011, platt stayed on at fiserv as SVp, payments,

where he led the integration and roll-out of

cashedge products to thousands of fiserv clients.

earlier in his career, platt was a consultant with

mckinsey & company.

cOMPLIAncE

The customer experience: the journey from good to great

Direct Marketing invites you to a Free Breakfast Brie� ng Presented by

During this interactive discussion on business outcomes derived from improving the customer experience we’ll show you why the key to overall success is providing choices that match customers’ expectations.

Visit our website for date details

www.dmn.ca FREE to register www.dmn.ca You must be registered in advance to attend.


regulatory

Dramatic 2015 Place of Supply Changes for Electronically Supplied Services in the European Union

By Jill Grenier

As of January 1, 2015, new VAT rules apply to the supply of digital services

within the European Union (EU). This change is the final

phase of the EU VAT Package that progressively introduced new place of supply of services rules in 2010, 2011, 2013 and now in 2015. This final phase of changes dramatically impacts both EU as well as non-EU suppliers of e-services to private individuals and non-business customers within the EU (B2C).

Services in scopeThe law change effective January 1, 2015 covers the following three categories of services:

Telecommunication Services: includes the ◉services of sending or receiving signals by wire, radio, optical, or other systems. This includes fixed and mobile telephone services, video phone services, and access to the internet.Broadcasting services: includes the supply of ◉television and radio programs transmitted over a radio or television network and live broadcasts over the internet.Electronically supplied services: services which ◉are delivered over the internet or an electronic network and the nature of which renders their supply essentially automated and involving minimal human intervention, and impossible to ensure in the absence of information technology.

For purposes of this article, the focus will be on the rule change as it applies to electronically supplied services (i.e. e-services). Some common examples of such services include:

Database access ◉Downloaded or remotely accessed software ◉Downloading or accessing music, books, films, ◉or games

Website design and related services ◉Video on demand ◉

In some cases, the determination of whether a particular supply is considered an e-service can be quite tricky. For example, pursuant to the law, live training conducted over the internet would not be considered an electronically supplied service since the nature of live teaching involves more than minimal human intervention and is possible to ensure in the absence of information technology.

what rules have changed?

VAT determination for B2C suppliesThe main change relates to supplies of e-services by EU based suppliers to EU based consumers. Pre-2015, the VAT for these intra EU supplies was determined by the location of the EU supplier. As of January 1, 2015, the VAT for these intra EU supplies is determined by the location of the non-taxable EU customer. A major reason for this change was to level the playing field by removing the competitive advantage of EU member states with lower rates of VAT (EU VAT rates currently range from 17 per cent to 27 per cent).

The following chart compares sample results pre-2015 and post-2015:

VAT registration requirement and the new “mini one stop shop” (MOSS)In order to comply with the new rules, suppliers are required to either register for VAT in each applicable customer’s country, or alternatively to register under the new

Supplier establishment

Consumer Location

result Pre-1/1/2015

result from 1/1/2015

Luxembourg Hungary 15% Luxembourg VAT

27% Hungarian VAT


REguLATORy

“Union Scheme” in a country where the supplier is established. Under this new Union Scheme simplification (i.e. mini one stop shop or “MOSS”), the supplier would still be collecting the VAT of the customer’s country, but reports and files the VAT collected in the country where it registered via the Union Scheme.

For purposes of registering under the Union Scheme, a supplier that has a business establishment (i.e. principal place of business or head office) in the EU must be identified for the mini one stop shop in the country of its business establishment. If the supplier does not have its business establishment in the EU, but has a fixed establishment (i.e. sufficient degree of permanence in terms of human and technical resources) in the EU and decides to register under the Union Scheme, the Member State of identification must be a Member State in which the supplier has the fixed establishment. Where such a supplier has more than one fixed establishment, it can choose any Member State in which it has a fixed establishment to be its Member State of identification. Suppliers can only be registered under the Union Scheme in one Member State.

what are the challenges?At first blush, the above changes may seem relatively straightforward and understandable. However, there are several challenges to consider:

Required evidencing of location of customer: ◉Suppliers must obtain and keep two pieces of non-contradictory evidence specifying the location of the customer (assuming a legal presumption doesn’t apply) Examples include billing address, IP address of the device used by the customer, location of the bank, the country code of SIM card used, or other commercially relevant information;Invoicing: ◉ The supplier must issue invoices in accordance with any applicable local requirements at the customers location. In some Member States, no invoice is required while others allow for a simplified invoice. Further, several Member States have specific requirements with respect to wording, language and currency. Audits and record keeping: ◉ MOSS audits

can stretch back 10 years, creating a substantial record keeping obligation. Businesses may opt to maintain their existing VAT registrations or create new ones across the EU. There are pros and cons to each compliance option which should be carefully considered. The European Commission has recommended the use of a standard audit file for MOSS (SAF-MOSS), in .xml format. Most Member States have indicated that they will accept the SAF-MOSS format.Input VAT recovery: ◉ The MOSS return only allows the supplier to pay the output VAT on the sales of digital services to consumers in the EU. If the supplier also incurs input VAT on its purchases, it is reclaimed through either the domestic periodic VAT return or the electronic cross-border VAT refund scheme.

consequences of non-compliancePenalties and interest are applied by local tax authorities in each Member State for VAT not accounted for, failure to properly register, incorrect record keeping, etc. This means that suppliers are subject to 28 different penalty regimes, with penalties as high as 200 per cent of the VAT not accounted for. Needless to say, the potential cost of non-compliance can be substantial.

How is Sovos compliance addressing the 2015 place of supply changes in the Eu?

VAT reportingIn April 2014, Sovos Compliance acquired VAT Resource, a European company based in the Netherlands which focuses on tax technology and VAT compliance outsourcing services. VAT Resource offers VATware, a web-enabled VAT reporting and analysis solution that:

Analyzes the VAT treatment of purchases ◉and salesValidates VAT identification numbers ◉and ratesReconciles VAT amounts and other ◉relevant VAT dataCompletes VAT reports, analysis reports, ◉customized reports

In response to these changes, VATware

has adopted a specific MOSS return for preparation and submission purposes. The return data can be extracted in an Excel, csv or .xml format, depending on the business requirements and ensuring automatic upload to the Web portals of the EU Member States. In addition, there is a standard audit file for MOSS (SAF-MOSS), based on the transaction data uploaded in the application and is extractable from the application in the required XML format.

Taxware enterpriseTaxware Enterprise includes functionality to address these transactions by providing users with an option to select a new registration status to indicate where they are identified for the Union Scheme. With this new functionality, users will only be able to select one country of identification, which is the required result under the law. The new functionality also includes:

New place of supply rules to calculate the ◉correct tax effective January 1, 2015Updated logic to determine customer type ◉(Business vs. Consumer)System messaging to validate the new ◉registration requirementsAdditional audit information to identify ◉MOSS transactions

More informationFor more detailed information regarding the complexity surrounding the 2015 place of supply rules and the new reporting requirements, please see the European Commission’s VAT MOSS portal at the following link: http://ec.europa.eu/taxation_customs/taxation/vat/how_vat_works/telecom/index_en.htm

Jill grenier is a lead tax counsel in the tax research

department at Sovos compliance. Jill joined the

Sovos compliance team in 2006 and focuses her

work on understanding and supporting the Vat rules

in the european union, while also keeping abreast

of sales and use tax changes in a number of u.S.

states. She is a member of the massachusetts Bar

and admitted to practice before the united States

district court for the district of massachusetts. Jill

has a Ba from Boston college and a Jd from Suffolk

university law School. She is a member of the

massachusetts Bar association and is proficient

in french.


riSk management

Handling the Risks of Disruptive Technology

By Ben Hunter

Pervasive new and evolving technologies are causing all companies – not just

technology firms – to reevaluate their risk management strategies.

Today, businesses of all kinds collect and store ever-growing mountains of data, send private and confidential client information over the Internet via the ‘cloud’, and stream sensitive data wirelessly to a host of mobile devices. As these trends transform commerce, however, they’re also reshaping risk management. When it comes to cloud computing, ‘big data’, and mobile technology, here are some key risks that companies of all kinds shouldn’t overlook.

cloud risks First, let’s demystify the cloud. It’s simply how individuals and enterprises access shared computing resources, such as networks, servers, and applications, on demand, over the Internet. Cloud services range from Web-based personal email accounts to business software (software as a service) all the way to countless servers located throughout the world utilized to store vast amounts of data for research purposes (infrastructure as a service). By 2017,

research firm Gartner estimates about half of all enterprises will have hybrid clouds, that is, use a mix of on-premise and public cloud services. Goldman Sachs predicts that spending on cloud computing infrastructure and platforms will grow at a 30 per cent annual rate, or six times faster than overall enterprise IT spending.

For companies that provide cloud services and those that use them, a variety of risks need to be recognized. From a privacy perspective, companies offering ‘software as a service’ solutions become custodians of their clients data, and may be responsible for maintaining its confidentiality. Private and confidential data should be encrypted not only when it is in transit or being processed, but also when it is at rest. Companies that offer ‘infrastructure as a service’, such as storage and processing systems, have to not only address cyber risks that are often in the news these days, but the physical risks tied to their data centres, such as fire and earthquakes. They also need to provide the right levels of redundancy and resiliency – or ‘fail over’ capability – to make sure a client’s business can continue uninterrupted if a server or data centre goes down because of physical damage or a cyber attack. These redundancies, and the steps necessary to execute a company’s

Services in the cloud involve risks


RISK MAnAgEMEnT

response to such incidents, should be clearly articulated in a business continuity and incident response plan.

Renting the cloudBefore they make use of cloud services, companies should decide which data and functions are best kept in-house, such as trade secrets and intellectual property, and those that can be handled outside the corporate firewalls. Companies may want to keep mission-critical supply-chain management and accounting functions in-house, for instance, while using the cloud to perform customer relationship management tasks.

Companies should assess the physical security of a cloud vendor’s site as well as the network security. ‘Boundary defences’ should include firewalls, the monitoring and control of access, and the level of user authentication required, such as biometric identification. Resiliency and redundancy of data centres are critical considerations, with levels ranging from Tier 1, or less resilient, to Tier 4 with multiple redundancies to provide nearly 100 per cent uptime.

While the services may be in the cloud, the physical location of back-up servers and data centres should not be overlooked. Canadian firms handling personal, health, or financial data may want this information to remain in Canada, and not copied to an out-of-country data centre.

Big data, big risksBy some estimates, roughly 90 per cent of the world’s data has been created in the last two years, reflecting the ability to record and store just about everything digitally. Big data refers to the massive amounts of data corporations are collecting, creating, and storing. Some of that data is useful, but much of it may just add risk.

Storage of non-essential data can pose a threat of a devastating breach, if unnecessary personal information or proprietary customer information is exposed. The loss of consumer information carries potentially severe reputational risks, as illustrated by a number of massive data breaches at large companies in recent years.

To avoid the costs and risks of keeping

huge quantities of unusable information, companies have to make some strategic decisions. Data collection rules should govern the kind of data that will be retained and its utility. Data management applications, such as analytics software, can derive useful intelligence out of the collected data, but if it cannot be interpreted or is of questionable veracity, it may be best discarded.

Companies should use data separation capabilities to identify important information that should be kept in-house or on a ‘private-cloud’, that is, on specifically designated servers. Crucial data should be replicated and backed up daily to offsite remote locations. Data decisions rules should cover which employees may access which levels of data, which data should be retained, and which information should be destroyed.

Companies need to address data theft by outsiders as well as the risks posed by disgruntled employees who may provide access to outsiders or even steal data themselves. Risk controls include monitoring employee data use for anomalies. Companies should not underestimate simple carelessness by employees as a security threat.

Data goes mobileNot only are corporations collecting massive amounts of data, they are sending much of it over wireless networks. Current ‘4G’ networks make it easier to stream video and perform other data-intensive tasks. Coming ‘5G’ networks promise even greater power and almost-instantaneous connectivity. As more work goes wireless, companies need a mobile risk management strategy.

More employees are clamoring to use their own devices to avoid having to carry multiple ones, and Canada has been a leader in this trend. Research firm Ovum found in a 2013 studyi that more than 75 per cent of Canadian firms support the use of employee-owned devices. The proliferation of mobile devices adds risks and companies need to decide whether to provide access only on corporate devices or to a broader spectrum of personal devices.

People, however, do remain the weakest link. Security considerations include

which apps employees can download and how data will be encrypted. For instance, if employees working in a coffee shop send unencrypted data wirelessly, that data may be intercepted. Small devices that hold very large amounts of data can easily be misplaced. Companies should have the capability to remotely wipe data from lost devices. Visitors to a company site may pose risks if they are able to use the corporate Wi-Fi network as an entry point to more sensitive systems.

Companies should establish an inventory of authorized and unauthorized devices, have secure configurations for hardware and software on mobile devices and laptops, and install multiple firewalls between wireless access and the corporate networks. Privacy policies should include mobile vulnerabilities and employees should be trained in proper procedures for mobile device use to protect sensitive information and corporate networks.

Managing virtual risksEven though much of business now takes place virtually, the risks remain very real. While the proper security procedures and training can help to mitigate the risks that these disruptive technologies bring, they cannot eliminate them. Computer hackers continually find new ways to break into networks, and employees still make careless mistakes. Even the most resilient computer systems may crash. Losses tied to electronic activities or loss of data are typically excluded from general liability policies. For that reason, even non-technology companies should consider cyber insurance to protect against those risks. Technology companies should also consider errors and omissions policies with cyber coverage included for the risks that may arise from providing technology products and services. Even though information technology often runs in the corporate background, risk managers should keep today’s cyber related risks front and center.

Ben hunter is a director of technology & clean

technology, chubb commercial insurance, for chubb

insurance company of canada in toronto. he can be

reached at [email protected].

i http://www.itworldcanada.com/article/canadian-firms-leading-world-in-byod-study/47616

24

REguLATORy nEwS

CANADIAN TreASurer Summer 2015

Beyond Technical Expertise:Today’s Must-Have Finance and Accounting Skills

The roles of accounting and finance professionals have changed drastically over the years. They

are no longer mere “number crunchers,” working in dimly lit rooms out of sight of other employees. In today’s workplace, accountants and financial experts are expected to master much more than just spreadsheets. They’re problem-solvers and trusted advisers, and play more of a strategic role in the workplace than ever before. Here’s a look at some of the newer talents finance professionals need beyond technical accounting skills in order to thrive in today’s workplace.

general business knowledgeThe evolving roles and responsibilities of finance professionals require them to understand how the entire company operates – not just their own silos. They need to be able to examine and explain complex data to give their employers and clients a better understanding of how the numbers and projections affect their business.

Financial professionals also use this data to provide strategic recommendations, from finding ways to trim costs and grow profits to helping operations and human resources with important decision-making.

EthicsAccounting and finance professionals are responsible for analyzing and reporting very sensitive and privileged information, such as budgets and financial statements. As a result, it’s vital that your financial team not only has accounting skills but also the highest ethical standards. Employees with a strong moral sense are also more apt to toe the line in regards to regulatory and compliance matters.

Managers need to make sure there is an ethics policy in place and that employees are familiar with the guidelines. Carefully check references, and don’t rely exclusively on those that job applicants give you; these contacts tend to be too subjective and uncritical. When speaking to candidates’ former employers, ask for

names of other individuals you might call for information before you conclude the conversation.

You may also want to do a background check before making your final selection. Be aware, however, that performing a background check is rarely a simple proposition, despite what many third-party vendors claim. While technology facilitates these processes to some degree, obtaining reliable information can be much more difficult than is commonly understood.

Analytical and problem-solving skillsThe ability to think critically and to solve problems is as important as having finance skills. If financial professionals run into a snag, they should know how to analyze the situation, draw upon their experiences and come up with a sound solution. In addition, they should be able to communicate effectively and defend their stance, if necessary. An employee who has analytical-thinking and problem-solving skills is better equipped to aid in the development and implementation of complex financial plans, as well as to offer counsel to help prevent crises from erupting.

Soft skillsSenior management realizes how important it is for employees to have excellent interpersonal skills. When asked if they had to choose between two similarly qualified applicants interviewing for an accounting or finance position, 34 per cent of Canadian CFOs polled in a Robert Half Accountemps survey said they would select the person with the better personality or people skills – the top choice. Having industry-specific experience and IT skills ranked second and third, respectively.

Why do people skills rank so high? Members of accounting and financial teams have to interact with all departments on a regular basis. Moreover, they are often responsible for explaining complex information to individuals with

little or no financial background. In addition to solid accounting skills, today’s finance professionals need to know how to communicate and get along with a wide range of people. A sense of humour and an appreciation for diversity also go a long way toward good team dynamics and office morale.

FlexibilityToday’s accounting world is far from static. With each year bringing about more complex regulatory and compliance issues, finance professionals should be flexible enough to adapt to the myriad of changes in their field. Rules, regulations and even techniques go through constant changes nowadays, and accounting staff need to be able to apply their foundational knowledge to different environments, sometimes without much advance notice.

IT skillsIn addition to Microsoft Office software and QuickBooks, today’s accountants need to be savvy about enterprise resource planning (ERP) modules, automated payroll services and enterprise applications. Experts in the proper software can help your company save time and money by streamlining processes and speeding up the generation of intricate budget and financial reports. Employees who can keep current with the latest innovations in financial software and can talk peer-to-peer with their IT department colleagues are assets on any team.

Whether you are seeking to fill positions or to round out the training of existing staff, being aware of the new must-haves – beyond just accounting and finance skills – can help your company grow and thrive in today’s marketplace.

this article is provided courtesy of robert half

canada, parent company of accountemps, robert

half finance & accounting and robert half

management resources.

your team


Vendor claSSified

May 5-7 Cartes North America 2015Las Vegas, NVwww.cartes-america.com

May 11-12FC Business IntelligenceAnalytics for Insurance Canada SummitToronto, ONwww.analytics-for-insurance.com/canada/

May 11-13 WB ResearcheTail Canada 2015Toronto, ONetailcanada.wbresearch.com/

May 17-19FEI Leadership SummitFinancial Executives InternationalBoca Raton, FLwww.financialexecutives.org

June TBAATMIA CanadaAnnual Canadian Conference 2015 Montreal, QC www.atmiaconferences.com

June TBAPayments Awards 2015Toronto, ONwww.paymentseXchange.ca

June 8-10CFO ExchangeNashville, TN www.aba.com

June 10-12 FEI CanadaAnnual ConferenceWinnipeg, MB www.feicanada.org

June 11-13AFP of CanadaTreasury Management ForumToronto, ONwww.afponline.ca

June 16-17 ACT CanadaCardware 2015: Payment InsightsNiagara Falls, ONwww.actcda.com

July 12-15WOCCUWorld Credit Union CongressDenver, COwww.woccu.org

August 2-5Retail Solutions Providers AssociationRetailNOW 2015Orlando, FL www.gorspa.org

August 11-13 tppEXPO 2015 The Pre Paid Press ExpoLas Vegas, NVwww.prepaidpressexpo.com

August 20-22CAIRPAnnual Conference 2015Whistler, BCwww.cairp.ca

September 14-16IFO CanadaAnnual Canadian Financial Operations SymposiumVancouver, BC www.financialops.org/canada2015

September 21-23CUMACUMA Ontario Annual ConferenceCollingwood, ONwww.cuma.ca

CoM

ing

ev

enTS

inTegRATed PAyMenTS SoluTionS

PRinTing

Over 60% of Fortune 500 companies use Wdesk and love our world-class customer experience.

Complex reports are hard. We make them easy.

visit us online www.canadiantreasurer.com

wOuLD yOu LIKE TO SEE yOuR cOMPAny

nAME HERE?

please contact:

mark henry,

[email protected]

2015 EVEnTS

CMS PRINTING SERVICE.For all your printing needs.

Call 416-755-7761 ext. [email protected]

NEW LOWER PRICING!!!


Five Tips to Simplify TaxesOrganized chaos is never a good idea …

By Nancy Harris

F iling taxes can be stressful, especially for small business

owners who already have a lot of responsibilities to

juggle. If you find yourself overcome with anxiety as you reach for a shoebox filled with a year’s worth of receipts, know there is help out there. Here are a few simple steps you can follow to make tax time a little more tolerable.

Keep paperwork organizedOrganized chaos is never a good idea. It’s easy to collect a pile of deductable receipts and important financial documents in a drawer, shoebox or glove compartment of your car but it’s not so easy to find or sort through the mess at tax time. Many accounting solutions offer a digital shoebox option, or a place to organize receipts. Taking the time during the year to enter and keep track of receipts will save you time during tax season. If you don’t already have a detailed filing system for all of your business paperwork, now is the time to start one.

Do your homeworkPart of what makes tax time so nerve-wracking for many is that they don’t fully understand all of the rules and regulations that pertain to them. Trying to complete any task with minimal understanding of how it works is stressful in any situation, not just taxes. Do your part to take back the power of the unknown by educating yourself on the basics, as well as the latest tax code changes that apply to you.

Even if you have a trusted tax advisor filing for you, it pays to be prudent by developing a clear understanding of your tax liability. For instance, you could uncover a deduction that your tax advisor did not realize you were eligible for that could save you substantially. Use online resources such as the CRA website for all you need to know about filing taxes as a small business owner.

Make a list of eligible deductions and creditsPlan ahead and make a list of potential deductions and credits you may want to take advantage of at tax time. Keep in mind, donations you’ve made through the year or contributions made to your Registered Retirement Savings Plan (RRSP) are eligible for deductions. Review any outstanding debt and deduct any interest expense to the maximum extent possible. However, it is important to note that debt is only deductible if it was used to earn business or property income. Therefore, it is recommended to pay off non-deductible debt as quickly as possible.

consult an expert As a business owner, it’s important to recognize the limitations of your skill set and take advantage of available technology to fill the gaps. An accounting software solution will help to centralize, organize and streamline your bookkeeping and records. It will also enable you to store your financial statements and manage and access your records quickly . Consider using Sage 50 Accounting, an accounting software solution that comes fully

equipped with built-in Canadian tax regulation compliancy.

It’s recommended to have an accountant or tax advisor review your bookkeeping and tax data every few years so that you avoid any problems and save money along the way. Having computerized records will speed up their review process and make it easier for them to give you advice on how you can make your operations more profitable.

Time it rightBe vigilant about deadlines. Tax deadlines are the same every year so don t let them sneak up on you. Educating yourself about filing due dates will help you avoid paying interest or late penalties, ultimately saving your business money on avoidable expenses. Being aware of deadlines can also leave you time to thoroughly review your return. Check it twice for small errors such as missing signatures or misspelled addresses. Mistakes like these are so common that the CRA has a voluntary disclosures program, which allows you to come forward and correct inaccurate or incomplete information.

as senior vice-president and general manager for

the canadian market, nancy is responsible for

building the Sage brand and growing market share

in canada. her responsibilities include driving the

strategy and day-to-day operations for the small

business portfolio, including Sage 50 accounting—

canadian edition and Sage one—canadian edition.

for more than 25 years, nancy has been leading

product marketing and strategy. She’s also worked

for technology companies that specialize in software

as a service for more than 15 years.

taX matterS

To advertise or get more information and media kits:905-201-6600 | 1-800-668-1838 | 302-137 Main Street North, Markham ON L3P 1Y2

Reach marketers & � nancial executivesOur magazines are must-reads for key executives in core corporate competencies.

We can help you tap into the ecosystem at the points that will drive your campaigns.

Visit our websites:Direct Marketing magazine, www.dmn.caContact Management magazine, www.contactmanagement.caPayments Business magazine, www.paymentsbusiness.ca

Canadian Treasurer magazine, www.canadiantreasurer.comCanadian Equipment Finance magazine, www.canadianequipmentfi nance.comFinancial Operations magazine, www.fi nancialoperations.ca.

Can you help our readers:• Create a strong fi nancial structure and healthy economic

ecosystem to ensure capital and cash fl ow keep their engines running?

• Determine who their customers should be, how they can reach them most effectively, and how they can turn data-driven marketing into profi table sales?

• Build effi cient and effective fi nancial systems to enhance payments and billings between their companies and their customers and vendors?

• Convert all the data and information they collect from every contact point into tangible benefi ts that increase revenue and reduce costs?

• Equip their companies with the tools, technology, systems and hardware needed to manage their operations, to create new services or products, and deliver them to their market?

• Manage their customers with smoothly functioning support departments that are properly staffed and equipped to solve problems, foster loyalty and retain customers?

• Make any or every step in that chain better, faster, cheaper, and more profi table?

MOVE FORWARD WITH ACTIONABLE INSIGHTSBusiness today isn’t about just getting ahead; it’s about confidently rising above. Join 3,000+ financial services leaders at the premier retail banking event to engage in conversations and get the trusted information, powerful tools, and actionable insights to prepare for tomorrow, while performing better today.

MOVE FORWARD WITH POWERFUL CONTENTThrough powerful content from industry experts you’ll be equipped with actionable insights and gain confidence to make a difference in your organization. This year’s agenda tackles the top industry issues and addresses your greatest business challenges. Our newly designed summits are more compelling than ever and feature best-in-class experts that will focus on new trends and ideas that directly impact your business.

October 13 – 15 | Las VegasBAIRetailDelivery.com

#RETAILDELIVERY

REGISTER NOW TO START MOVING FORWARD TODAY | BAIRETAILDELIVERY.COM

canadian treasurer magazine summer 2015

Documents