Orem Utah Co. UT asset protection advisors

Asset Protection Lawyer: The New Asset Protection Strategy in Divorce Cases

Asset Protection Attorney

Go Back

Information Security Policies: Foundations of Asset Protection

Information security policies, whether corporate policies, business unit policies, or regional entity policies provide the requirements for the protection of information assets. An information security policy is often based on the guidance provided by a frame work standard, such as ISO 17799/27001 or the National Institutes of Standards and Technology's (NIST) Special Publication (SP) 800 series standards. The Standards are effective in providing requirements for the "what" of protection, the measures to be used, the "who " and "when" requirements tend to be organization-specific and are assembled and agreed based on the stakeholders' needs.

Governance, the rules for governing an enterprise are addressed by security-relevant roles and responsibilities defined within the policy. Decision making is a key governance activity performed by individuals acting in roles based on delegated authority for making the decision and oversight to verify the decision was properly made and appropriately implemented. Aside from requirements for protection measures, policies carry a variety of basic concepts throughout the entire document. Accountability, isolation, deterrence, assurance, least privilege and separation of duties, prior granted access, and trust relationships are all concepts with broad application that should be consistently and appropriately applied.

Policies should ensure compliance with applicable statutory, regulatory, and contractual requirements. Auditors and corporate counsel often provide assistance to assure compliance with all requirements. Requirements to resolve stakeholder concerns may be formally or informally presented. Needs for the integrity of systems and services, the availability of assets when needed, and the confidentiality of sensitive information can vary significantly based on cultural norms and the perceptions of the stakeholders.

The criticality of the business processes supported by specific assets presents protection issues that must be recognized and resolved. Risk management requirements for the protection of especially valuable assets or assets at special risk also present important challenges. NIST advocates the categorization of assets for criticality, while asset classification for confidentiality is a long standing best practice.

Requirements for policy may arise from a contractual source or from a partner's request, the Payment Card Industry's Data Security Standard (PCI DSS) requires a policy addressing the Standard's requirements that applies to all assets within the scope of the standard. DSS requirements can be integrated into a single corporate policy but given the stringency of the requirements an enterprise may elect to segregate protection domains with separate dedicated policies so that less stringent requirements are applied to assets outside the scope of the DSS, saving resources and tailoring protection based on the lesser perceived threat/risk to the assets.

Risk assessments are an important source of policy requirements that are specific to the environment and assets to be protected. Risk mitigation measures based on an assessment of risk and the assets at risk allows managers the opportunity to weigh investment against potential damage to reach a level of risk acceptable to the decision makers.

Attacks targeting online applications and their data have become an issue of well-founded concern, policy should focus on risks in this area by specifically addressing the software development lifecycle and measures to ensure bespoke applications are sufficiently robust to withstand common attacks.

Policies should be reviewed and accepted at senior levels, ensuring the policy's authorizing authority has the stature necessary to make policy compliance mandatory. An authorization process to document and approve instances of noncompliance should also be provided. Often a compliance window is granted to allow time for the implementation of the policy by all applicable organizational entities.

Auditors often provide assurance of compliance as a result of their activities. The senior Auditor is also an important stakeholder and reviewer of policy drafts and amendments. Policies should be reviewed on an agreed schedule, often every two or three years. Changes in technology, evolution of business objectives and changes to the organization's goals and processes all act to invalidate and outdate a policy. Keeping the policy fresh and relevant is essential to providing appropriate protection to important assets and supporting mission performance.

ISO 17799/27001 and NIST SP800-53A Revision3 both provide a long list of information protection best practices. There is frequently an inclination to declare one of the documents to be the corporate standard and demand policy comply with the corporate standard. Ignoring cost issues, there are several important things wrong with this approach, first and most importantly, it ignores risk realities. Best practices are the average, where extraordinary risks exist, they are too weak and where risk is significantly below average they are too strong, wasting resources. Policy should be based on reality, not an idealized set of homogenized requirements. Arguably the correct approach is to begin with a standard and bend it to fit the shape of the enterprise. There is one exception to this rule, shops that run an absolutely standard architecture can benefit from the simplicity and straightforward nature of a standardized policy. Governance issues remain and should be dealt with quickly and cleanly as exceptions.

Security guidelines, component configuration standards, and standard operating procedures are based on and build on the information security policy. Care should be exercised that the documents are consistent with each other and are reviewed and exercised for correctness and reliability. Security training is often based on the detailed documents ultimately leading to repeatable processes and a predictable level of protection being realized.

An information security policy is a necessary first step in securing an environment and providing appropriate protection to all information assets. Building consensus around a policy is an effective approach to resolving concerns and resistance to the idea of mandated controls. Listening to and involving stakeholders while ensuring the policy reflects their issues will go a long way in gaining acceptance of the program of protection.

Go Foward

All Articles

Home

Orem Utah Co. UT elder law attorney

Asset Protection Attorney explains Asset Protection Systems

Asset Protection Attorney

Go Back

A major goal of asset protection planning is to substantially diminish and reduce your financial profile. If you can restructure your assets in such a way so as to place them beyond the reach of future potential creditors, while at the same time maintaining a beneficial interest in those assets, you have succeeded in substantially reducing your financial profile. Accordingly, you are a far less attractive target for litigation because of issues of doubt of collectability, thus reducing the likelihood that you will be sued; or if you are sued, increasing the likelihood of a favorable settlement.

A trust can be an effective foundation for your asset protection planning. Trusts have been utilized for centuries as a means of conserving and protecting property for the beneficiaries of the trust. However, most domestic trusts do not provide protection from creditors. The typical revocable living trust, wherein the trustors are the lifetime beneficiaries and retain the power to revoke, amend and invade the principal of the trust, provides no protection whatsoever against the creditors of the trustors. Accordingly, absent specific legislation to the contrary, self created or self settled trusts are ineffective for asset protection planning purposes.

As was stated previously, most self settled trusts are not protected from creditors. However, recently, several states have provided various degrees of asset protection legislation for a self settled trust. The trust legislation in Alaska, Delaware, Missouri, Oklahoma, Nevada, Utah and Rhode Island is similar in many respects to the asset protection trust legislation found in several offshore jurisdictions. It should be noted, however, that the courts have not had an opportunity to pass muster on this type of legislation because of its recent enactment and because the statute of limitations in most cases has not expired. Depending on the timeline involved with respect to when the claim has arisen, these trusts can be and should be considered in appropriate circumstances, but only by an attorney who understands all of the ramifications.

Offshore asset protection planning normally involves the utilization of offshore trusts and other entities. Offshore planning generally raises justifiable concerns with respect to asset security and tax issues. The most efficacious manner to address these concerns is to make certain that you are receiving the best advice and counsel from a qualified expert in the area. You must be sure that the attorney with whom you are dealing has expertise in the field and is recognized in this regard by his peers.

A FAPT is a trust that is set up in an offshore jurisdiction which has enabling trust legislation providing for substantial protection against creditors of the trustor. One of the greatest advantages of the FAPT is the fact that by its very nature any legal attacks against its assets are transferred abroad to a different legal system. The FAPT is generally much more expensive to set up and create than a domestic trust and requires a certain willingness on the part of the Trustor to deal with offshore jurisdictions and trust entities. The FAPTs' greatest value is for asset protection planning well in advance of any potential creditor problem. Moreover, many times FAPTs are only used when the client already has some international connections and networking. Recent cases have emphasized the need for careful planning in the structuring of the FAPT if it is to be legally efficacious and successful in meeting the purposes and objectives of the trustor.

Most foreign jurisdictions do not recognize US judgments. This may force a trial de novo on the merits under the laws of foreign situs in order for the creditor to impose liability on the trustor and reach the assets of the FAPT. Obviously, the fees and expenses of this trial de novo and the burden of having to select offshore counsel can be substantial. Moreover, the FAPT jurisdiction, generally, requires plaintiffs to employ attorneys who are licensed in that jurisdiction.

Most foreign situs jurisdictions require that the burden of proof in challenging asset transfers to a FAPT is on the creditor and does not shift to the trustor. Moreover, many foreign jurisdictions impose a higher standard of proof upon civil litigation plaintiffs such as the "beyond the reasonable doubt" standard. This is in sharp contrast to the "preponderance of the evidence" principle utilized in US domestic civil cases.

The FAPT legislation of many jurisdictions establishes a statute of limitations for challenging asset transfers to a FAPT that begins to run on the date of transfer. This is contrary to US law where the statute may begin to run the date the transfer is "discovered" by someone with a claim against the trustor. Additionally, the statute of limitations of many FAPT jurisdictions is much shorter than the typical four year statute found under US law.

Manifestly, it is going to be much more expensive and inconvenient to prosecute a claim offshore. Think of the inconvenience of having to pursue a claim out of state and then multiply that by two to three times the cost to pursue the matter in a foreign jurisdiction. Many foreign jurisdictions prohibit contingency fee arrangements forcing the claimant to finance a litigation process entirely on his/her own. Creditors may think twice about having to deal with a completely different legal system out of the country. This unfamiliarity, plus the additional expenses and costs, and the entire uncertainty with respect to the process, adds a substantial element of protection to the FAPT.

The FAPT may assist the trustor in achieving several other objectives and planning goals independent of asset protection planning. Traditional estate planning issues such as the orderly transfer of property at death, the avoidance of probate, the strengthening of spendthrift provisions, greater privacy w, the management of offshore assets and businesses and premarital planning can all be addressed by the FAPT.

The easiest way to understand how a FAPT protects cash and securities is to focus on the process by which a claimant would try to reach trust assets. A claimant must either bring his case in a court that has jurisdiction over the trustee so that the court can order the trustee to give up the assets or initiate litigation in the court that has jurisdiction over the assets themselves so that the court can attach or seize the assets. However, if the client's offshore planning strategy is properly structured and implemented, no domestic court can successfully attack the plan because it would not have the ability to force the offshore trustee to expatriate or return the assets nor would it have the ability to levy on assets properly held outside of the United States.

Protecting non liquid assets like real estate, accounts receivable and business equipment involves the process of equity stripping. Although some of these assets can be put in charging order protected entities that may provide some limited protection, the most effective strategy available to protect a domestic illiquid asset is to strip that asset of its value by encumbering it as collateral for a loan and protecting the loan proceeds with your other liquid assets in the FAPT. Creditors are going to be very discouraged attempting to levy on an asset that may have substantial value, but has very little equity because of a loan encumbrance or lien.

Generally speaking, the establishment of the offshore asset protection plan will be tax neutral. The FAPT will either be a US grantor trust or a foreign grantor trust with a US grantor for US income tax purposes. It will be necessary to file various forms with the Internal Revenue Service in either case, but these forms will only demonstrate that the taxpayer is a responsible and law abiding citizen.

One very typical arrangement with respect to a possible offshore strategy would be for the client to establish the offshore asset protection trust utilizing an offshore trustee. The trust would then set up an offshore limited liability company which would be entirely owned by the offshore trust. You could be the manager of the LLC with direct signature control over bank accounts and securities accounts. In the event of a crisis, you would obviously resign as a manager and appoint a trusted friend, relative or a management company. There are modular variations to this strategy that can be worked out with your professional advisors.

The proliferation of plaintiff lawsuits and the expanding concept of liability that has become second nature in our court system have engendered much concern and anxiety about the preservation of wealth in the United States. Many professionals like doctors and lawyers as well as business owners, corporate executives, real estate developers and investors, contractors and others operate in an environment of high risk. Many such people lack confidence that they will be treated fairly by the US legal system and are desirous of reducing their financial profile and eliminating their liability potential. For these individuals, the offshore planning alternative may very well be the best planning device available for maximum comfort and piece of mind.

Go Foward

All Articles

Home