Orem Utah Co. UT asset protection advisors

Asset Protection Attorney explains Asset Protection Systems

protect your money

Go Back

These potential scenarios should concern any entrepreneur or investor: You get sued personally and lose; the judgment creditor (the entity that won the suit and was awarded a judgment against you) decides to go after your business and investment assets. Or you have a retail store plus several real estate investments; you get sued for something related to the store and the judgment creditor decides to attach your real estate. You can cry, "Unfair!" all day long and it won't matter if you haven't taken the appropriate asset protection steps.

An asset protection tool you need to understand is the charging order. By definition, a charging order is an order issued by a court to a judgment creditor which essentially compels an entity of which the debtor is a partner or member to direct to the creditor until the judgment is satisfied any distributions that would otherwise have been made to the debtor (from Asset Protection: Concepts & Strategies for Protecting Your Wealth by Jay Adkisson and Christopher M. Riser, McGraw-Hill, 2004).

What this means is that if you have an interest in a Charging Order Protected Entity (COPE) [entities for which creditors are limited to using charging orders as remedies in collecting debt, such as a Limited Partnership (LP), a Limited Liability Company (LLC), and certain others] and a creditor obtains a charging order, the entity is ordered to pay the creditor any money that would have gone to you until the judgment is paid in full. In most states, the creditor has no rights with respect to the ownership or management of the entity and cannot force the entity to make a distribution. The idea is to balance the rights of creditors with those of the non-debtor partners.

Charging orders do not come into play with assets such as stock in a corporation or personal property. But in an entity such as an LLC, legislators have taken steps to prevent creditors from attaching partnership or membership interests and essentially becoming partners or members themselves because such a change in ownership could disrupt the operations of the entity. Where you are not protected by state law, discuss this issue with your attorney because you may be able to create a comparable level of protection through your operating agreement.

How you are protected

As long as the creditor has the charging order, the LLC can simply not make any distributions and the creditor should not receive any money. For example, let's say a visitor to your home slipped on the sidewalk, sued you, and won. As a judgment creditor, he decides to go after all of your assets and gets a charging order against the LLC that owns your real estate investments. He typically can't collect anything until the LLC makes a distribution, and you and the other members of the LLC are perfectly within your rights to decide to not make any distributions for as long as you like. Because of this, creditors with charging orders are often willing to negotiate a settlement to get at least a portion of their money and be done with the situation.

Another issue that often prompts judgment creditors to settle charging orders quickly is the potential for tax liability. If the creditor is entitled to the distribution when it is made, he may also be obligated to pay the taxes. It's possible for the members of the LLC to issue a K-1, which is the tax form used to report a member's share of an LLC's income, potentially making the creditor liable for taxes on profits even though he hasn't received any money.

As of January 2007, there were no known cases where the IRS has held a judgment creditor holding a charging order liable for taxes--but nor are there any cases where the IRS has specifically relieved a judgment creditor of such liability. Until case law becomes definitive on the issue, creditors may be reluctant to take a chance that they could be held liable for taxes on profits they haven't received and may never receive.

The protection offered by charging orders may be circumvented in a number of ways, depending on the state in which the entity operates and your individual circumstances.

Be aware that simply forming a partnership or LLC is not going to automatically protect your assets. Charging order protected entities are some of the strongest and most acceptable asset protection tools available, but to be effective, they must be properly structured and carefully drafted according to your particular requirements and the laws of your state.

Go Foward

All Articles

Home

Orem Utah Co. UT elder law attorney

Asset Protection Attorney: What Are The Advantages Of An Asset Protection Trust or DAPT?

Asset Protection Attorney

Go Back

Information Security Policies: Foundations of Asset Protection

Information security policies, whether corporate policies, business unit policies, or regional entity policies provide the requirements for the protection of information assets. An information security policy is often based on the guidance provided by a frame work standard, such as ISO 17799/27001 or the National Institutes of Standards and Technology's (NIST) Special Publication (SP) 800 series standards. The Standards are effective in providing requirements for the "what" of protection, the measures to be used, the "who " and "when" requirements tend to be organization-specific and are assembled and agreed based on the stakeholders' needs.

Governance, the rules for governing an enterprise are addressed by security-relevant roles and responsibilities defined within the policy. Decision making is a key governance activity performed by individuals acting in roles based on delegated authority for making the decision and oversight to verify the decision was properly made and appropriately implemented. Aside from requirements for protection measures, policies carry a variety of basic concepts throughout the entire document. Accountability, isolation, deterrence, assurance, least privilege and separation of duties, prior granted access, and trust relationships are all concepts with broad application that should be consistently and appropriately applied.

Policies should ensure compliance with applicable statutory, regulatory, and contractual requirements. Auditors and corporate counsel often provide assistance to assure compliance with all requirements. Requirements to resolve stakeholder concerns may be formally or informally presented. Needs for the integrity of systems and services, the availability of assets when needed, and the confidentiality of sensitive information can vary significantly based on cultural norms and the perceptions of the stakeholders.

The criticality of the business processes supported by specific assets presents protection issues that must be recognized and resolved. Risk management requirements for the protection of especially valuable assets or assets at special risk also present important challenges. NIST advocates the categorization of assets for criticality, while asset classification for confidentiality is a long standing best practice.

Requirements for policy may arise from a contractual source or from a partner's request, the Payment Card Industry's Data Security Standard (PCI DSS) requires a policy addressing the Standard's requirements that applies to all assets within the scope of the standard. DSS requirements can be integrated into a single corporate policy but given the stringency of the requirements an enterprise may elect to segregate protection domains with separate dedicated policies so that less stringent requirements are applied to assets outside the scope of the DSS, saving resources and tailoring protection based on the lesser perceived threat/risk to the assets.

Risk assessments are an important source of policy requirements that are specific to the environment and assets to be protected. Risk mitigation measures based on an assessment of risk and the assets at risk allows managers the opportunity to weigh investment against potential damage to reach a level of risk acceptable to the decision makers.

Attacks targeting online applications and their data have become an issue of well-founded concern, policy should focus on risks in this area by specifically addressing the software development lifecycle and measures to ensure bespoke applications are sufficiently robust to withstand common attacks.

Policies should be reviewed and accepted at senior levels, ensuring the policy's authorizing authority has the stature necessary to make policy compliance mandatory. An authorization process to document and approve instances of noncompliance should also be provided. Often a compliance window is granted to allow time for the implementation of the policy by all applicable organizational entities.

Auditors often provide assurance of compliance as a result of their activities. The senior Auditor is also an important stakeholder and reviewer of policy drafts and amendments. Policies should be reviewed on an agreed schedule, often every two or three years. Changes in technology, evolution of business objectives and changes to the organization's goals and processes all act to invalidate and outdate a policy. Keeping the policy fresh and relevant is essential to providing appropriate protection to important assets and supporting mission performance.

ISO 17799/27001 and NIST SP800-53A Revision3 both provide a long list of information protection best practices. There is frequently an inclination to declare one of the documents to be the corporate standard and demand policy comply with the corporate standard. Ignoring cost issues, there are several important things wrong with this approach, first and most importantly, it ignores risk realities. Best practices are the average, where extraordinary risks exist, they are too weak and where risk is significantly below average they are too strong, wasting resources. Policy should be based on reality, not an idealized set of homogenized requirements. Arguably the correct approach is to begin with a standard and bend it to fit the shape of the enterprise. There is one exception to this rule, shops that run an absolutely standard architecture can benefit from the simplicity and straightforward nature of a standardized policy. Governance issues remain and should be dealt with quickly and cleanly as exceptions.

Security guidelines, component configuration standards, and standard operating procedures are based on and build on the information security policy. Care should be exercised that the documents are consistent with each other and are reviewed and exercised for correctness and reliability. Security training is often based on the detailed documents ultimately leading to repeatable processes and a predictable level of protection being realized.

An information security policy is a necessary first step in securing an environment and providing appropriate protection to all information assets. Building consensus around a policy is an effective approach to resolving concerns and resistance to the idea of mandated controls. Listening to and involving stakeholders while ensuring the policy reflects their issues will go a long way in gaining acceptance of the program of protection.

Go Foward

All Articles

Home