11.27.24

Manufacturing and Distribution Group Newsletter – Fall 2024
Adam J. Pechin, Joyce Carlson

Getting Started with Transfer Pricing

Adam Pechin, CPA, MST

You may associate the term “transfer pricing” with large, multinational corporations, but companies of many sizes may face transfer pricing issues. If your company operates through two or more entities and is dipping its toes in international waters — or even expanding its domestic operations into multiple states — it is important to have a basic understanding of transfer pricing rules.

Transfer pricing in a nutshell

In simple terms, transfer pricing refers to pricing arrangements for transfers of goods or services between related companies in different jurisdictions. Examples of related companies include a parent and its subsidiary or brother-sister companies with common ownership. It also includes cross-border, related-party transactions involving intellectual property, such as patent or trademark licenses. These arrangements may invite scrutiny because they are easily manipulated to reduce a company’s tax liability by potentially shifting income to jurisdictions with lower tax rates.

For example, Parentcorp, a manufacturing company in a high-tax jurisdiction, has a wholly owned subsidiary, Subcorp, in a low-tax jurisdiction. Subcorp manufactures component parts and sells them to Parentcorp, which, in turn, assembles them into finished products. Subcorp sells the components to Parentcorp at inflated prices, increasing Subcorp’s taxable income and reducing Parentcorp’s taxable income. This transfer pricing arrangement essentially shifts income to Subcorp’s low-tax jurisdiction, reducing the enterprise’s overall tax liability.

Regulation of transfer pricing

Transfer pricing regulations are complex. Internal Revenue Code Section 482 empowers the IRS to distribute, apportion or allocate gross income, deductions, credits or allowances between or among related parties to prevent evasion of taxes or to clearly reflect the income of any parties. State tax rules vary from state to state, and may mirror IRS rules.

Generally, the rules aim to prevent manipulation by requiring transactions between related companies to be roughly comparable to arm’s-length transactions between unrelated companies. Depending on the jurisdictions involved and the circumstances, there are several methods for setting appropriate transfer prices. Two common methods are:

  1. Comparable profits
    This analyzes the profitability of comparable transactions involving similar companies.
  2. Cost-plus
    This applies a market-based markup to the “supplier’s” costs to arrive at a suitable profit.

In addition, many jurisdictions require companies to present documentation to support their transfer prices. Even if it is not required, maintaining documentation to back up an enterprise’s transfer pricing is clearly a best practice. The penalties for noncompliance with transfer pricing regulations can be substantial. For example, in the United States, they can be up to 40% of the amount by which federal taxes are underpaid.

Steps to take

If transfer pricing becomes an issue for your company, an audit by the IRS or other tax authorities can result in substantial assessments of back taxes, interest and penalties. So, it is a good idea to take steps to protect your company. The first step is to conduct a risk assessment. Next, be sure that you have transfer pricing policies and procedures in place that are appropriate based on your company’s risk profile, corporate structure and activities. These policies and procedures should incorporate appropriate methods for determining arm’s-length prices.

Finally, document your methodology to help support your position in case your transfer pricing arrangements are challenged. Even if not required, this documentation can smooth the audit process and help avoid or reduce penalties by establishing a good-faith effort to comply with transfer pricing regulations.

Tax planning opportunities

If your company does business with related companies in other countries or states, be sure to stay on top of transfer pricing. Establishing reasonable transfer policies and practices will help your business avoid potential compliance issues. It also may reveal opportunities to reduce your enterprise’s tax bills by adjusting transfer prices within acceptable limits.

For more information, contact Adam Pechin at [email protected] or 312.670.7444. Visit ORBA.com to learn more about our Manufacturing and Distribution Group.


Is Your Company Prepared for a Ransomware Attack? 7 Tips to Protect Your Data

Joyce Carlson

Cyberattacks have become a very real danger for manufacturers and companies need to be prepared.  Ransomware attacks are escalating and becoming more sophisticated with advances in technology, surging in recent years. The financial and reputational costs associated with a ransomware attack can be crippling. This newsletter explains seven best practices that can help manufacturers protect themselves.

Manufacturing was the most common sector affected, accounting for 71% of ransomware incidents last year, according to “2023 Year in Review,” a recent report by cybersecurity firm Dragos.

What is ransomware?

Ransomware is sophisticated malware that can encrypt your company’s data.  This type of attack will in effect lock you out of your files and systems rendering them unusable.  Cybercriminals then demand a ransom payment in exchange for the decryption key needed to unlock your files. Common venues hostile actors use to access your data include phishing emails and fake downloads.  The use of compromised credentials and flash drives or even a careless click on an infected link can also expose your company.

Ransomware attacks are rapidly becoming more sophisticated. Historically, cybercriminals would simply lock you out of your system and stop there. It is now increasingly common for them to engage in a form of “double extortion.” In addition to encrypting your data, they also steal sensitive information (such as intellectual property or customer information) and threaten to release it if you fail to pay the ransom.

There is even a threat of what is now known as “triple extortion”.  This third layer of extortion targets a company’s operational technology, such as smart manufacturing equipment that is connected to the internet and controlled by computers or handheld devices. Running old technology systems make manufacturers more vulnerable since in many cases production lines are not managed by the IT team. Cybercriminals may threaten to launch a distributed “denial of service” attack threatening to shut down operations if you refuse to pay the ransom.

Why are manufacturers vulnerable?

Hostile actors target manufacturers due to ease of accessibility and quicker realization of payout. Since manufacturing operations depend on automated equipment, there is a low tolerance for downtime.  Manufactures will be highly incentivized to pay the ransom to prevent the steep cost of lost production. When it comes to cybersecurity, the manufacturing industry is not subject to the same level of compliance as banking, financial services and health care, prompting less scrutiny by support systems that may be in place.

Manufacturing equipment generally has a longer useful life than its internet-connected components and devices.  Frequently, companies rely on older, unsupported legacy systems. These systems may not have received the latest updates and security patches, rendering them more vulnerable to attacks.

What can your company do?

To help protect your company against ransomware and other cyberattacks, consider the following seven best practices:

  1. Conduct a thorough cybersecurity assessment
    Take inventory of your company’s hardware, software, data and internet connections to identify any vulnerabilities. This includes potential entry points that cyberattacks can exploit to penetrate your system. Prioritize systems to address critical restoration in the event of an attack.
  2. Review your data backup policies and procedures
    Having a recent backup of your files and systems will ensure that you can resume operations as quickly as possible if your data is encrypted, locked out or destroyed. It is critical for backups to be encrypted, stored off-site and segregated from the systems being backed up. Segregated backups prevent a single breach from compromising both active data and the backups you rely on to recover from an attack.
  3. Install updates
    Keep all of your computers and mobile devices current with the latest updates and security patches.
  4. Educate workers
    Be sure your employees and contractors know the dangers of ransomware and how to recognize phishing emails and other threats. Require all personnel to use strong passwords, multifactor authentication and other techniques to prevent unauthorized access. In addition, prohibit the use of workers’ personal devices on your network.
  5. Use software tools that monitor for and prevent intrusions
    Many email filtering programs can spot malicious messages and prevent them from reaching their targets.
  6. Evaluate potential third-party risks
    If any vendors or suppliers have access to your systems, conduct due diligence to ensure they have implemented effective controls to prevent unauthorized access. Any “back door” access should have a professional review for potential security updates.
  7. Administer periodic vulnerability assessments and penetration tests
    Scan for security flaws and weaknesses. Also gauge the effectiveness of your company’s cybersecurity systems, policies and practices. Review and update cybersecurity response plans.

An ounce of prevention

As ransomware and other cyberattacks continue to escalate, all manufacturers should take steps to protect themselves against these attacks. An active plan should be in place that outlines the steps for responding to an attack. Your plan would outline how to evaluate any systems impacted and how to potentially eradicate the threat from the network internally. A professional security review is worth the cost of preventing ransom payment.

Sidebar: Cyberinsurance is not a panacea

In recent years, insurers have begun writing insurance policies to cover certain costs associated with data breaches, ransomware and other cyberattacks. However, while cyberinsurance may offer some protection, it is important not to rely on it too heavily.

For one thing, these policies tend to be expensive. Plus, given a limited loss history and the fact that cyberattacks are continually evolving and becoming more sophisticated, it is difficult for insurance companies to accurately assess their risks. As a result, cyberinsurance policies typically place strict limits on the amount of coverage and the types of risks they insure. So, it is easy for a company to overestimate the amount or quality of protection it has.

Cyberinsurance can provide some peace of mind, but it is no substitute for a comprehensive cybersecurity plan. Indeed, many insurance companies demand that companies implement cybersecurity best practices to qualify for coverage.

For more information, contact Joyce Carlson at [email protected] or 312.670.7444. Visit ORBA.com to learn more about our Manufacturing and Distribution Group.

view all

seminars & events

Guides

ORBA will gladly provide you with hard copies of the useful guides listed below. Select which guides you would like to receive and submit the form below.

  • Tax Pocket Guide
  • Tax Planning Guide
  • Records Retention Schedule
  • Auto, Travel & Business Log

request guide

Close
Forward Thinking
Forward Thinking