DLS City & Town 2

DLS Prepares for a Busy Fall

Sean Cronin - Senior Deputy Commissioner of Local Services

I hope you all had a great summer and are ready for the FY20 tax rate and balance sheet season! Last year we implemented a standardized balance sheet as part of the Free Cash certification process. This was done in an effort to streamline, simplify, and develop consistency in the balance sheet submission process. We sought feedback via a survey in April and heard back from close to 190 respondents. I also spoke with many finance officials at various conferences and meetings after the conclusion of the FY19 balance sheet season. I’m pleased to say that the overwhelming response was positive! Some suggestions were made and we are taking them seriously. Thank you for providing the feedback and helping make the FY19 season a successful one!

As I’m sure you are aware, the final FY20 state budget has been approved and we have provided links to the Cherry Sheets. The final aid and/or assessment figures might require you to amend your FY20 budget so that it is balanced prior to submitting your tax recap. If you have any questions on the Cherry Sheet figures, you can contact Lisa Krzywicki at krzywickil@dor.state.ma.us.

A few weeks ago, we issued a DLS Alert from Stephanie Helm, the Director of the MassCyberCenter at the Mass Tech Collaborative. In it, Director Helm wrote that state and local governments are increasingly targeted by cyber criminals. Ransomware variants are becoming more sophisticated and prolific. In an unprecedented move, the Cybersecurity and Infrastructure Security Agency (CISA), the Multi-State Information Sharing and Analysis Center (MS-ISAC), the National Governors Association (NGA) and the National Association of State Chief Information Officers (NASCIO) prepared a joint statement that contains key three steps to improve cybersecurity resiliency. A copy of that statement can be found at https://www.dhs.gov/cisa/news/2019/07/29/cisa-ms-isac-nga-nascio-recommend-immediate-action-safeguard-against-ransomware

In the August 15th edition of City & Town, Lt. Governor Polito announced the opening of the FY20 Community Compact Cabinet (CCC) program, the fifth year of the initiative. Below I provide some of the key dates again for the two programs being offered:

• The Best Practice program is dedicated to municipalities that did not apply in FY19. Applications are now being accepted.

• The IT Grant program will open on September 16th with applications due by October 16th. Grant announcements will be made in November/December.

Also on August 15th, each of the 351 municipal executives in cities and towns across the Commonwealth received an emailed letter from Lt. Governor Polito with information about the programs. The letter contained passcodes and links to the CCC website where you'll find additional information and an online application process that's quick and easy. If you have any questions on whether your community is eligible, please email us as communitycompact@dor.state.ma.us.

Lastly, I’d like to remind everyone of the 2019 municipal conference that Lt. Governor Polito highlighted in the August 15th edition of City & Town. Offered in collaboration with the Massachusetts Association of Regional Planning Agencies (MARPA), we are offering an event centered on “21st Century Municipalities – Challenges & Opportunities.” State and local officials will join together to share ideas and attend workshops focusing on climate resiliency; new challenges of running a municipality involving public safety, HR and cybersecurity; intergenerational opportunities and becoming an Age Friendly Community; regionalization of services; and other subjects. We are honored to have Lt. Governor Polito speaking at the event on Tuesday, October 8th at the College of the Holy Cross in Worcester. You can register for the conference by clicking here.

An Important Message About Ransomware

Kirsten Shirer – Data Analytics and Resources Bureau Chief

On August 19th DLS issued a DLS Alert concerning the increasing threat to local government posed by ransomware attacks. You have probably seen recent media coverage of July’s coordinated attack in Texas, with 22 communities having their computer infrastructures rendered useless almost simultaneously. Many states, including Massachusetts, have seen the number of cyber attacks significantly increase over the past year – so much so that four national organizations representing federal and state government (the Cybersecurity and Infrastructure Security Agency (CISA), Multi-State Information Sharing and Analysis Center (MS-ISAC), National Governors Association (NGA), and the National Association of State Chief Information Officers (NASCIO)) issued a joint statement to focus attention on prevention efforts. Because we feel that this threat cannot be understated, we’re re-publishing the statement below. Prevention and resiliency are the keys to surviving a cyber attack, so we urge you to read and discuss this information with your fellow officials as soon as possible.

https://www.us-cert.gov/sites/default/files/2019-07/Ransomware_Statement_S508C.pdf

CISA, MS-ISAC, NGA & NASCIO RECOMMEND IMMEDIATE ACTION TO SAFEGUARD AGAINST RANSOMWARE ATTACKS

Take the First Three Steps to Resilience Against Ransomware for State and Local Partners

WASHINGTON – July 29, 2019 – The recent ransomware attacks targeting systems across the country are the latest in a string of attacks affecting State and local government partners. The growing number of such attacks highlights the critical importance of making cyber preparedness a priority and taking the necessary steps to secure our networks against adversaries. Prevention is the most effective defense against ransomware.

The Cybersecurity and Infrastructure Security Agency (CISA), Multi-State Information Sharing and Analysis Center (MS-ISAC), National Governors Association (NGA), and the National Association of State Chief Information Officers (NASCIO) are committed to supporting ransomware victims and encouraging all levels of government to proactively protect their networks against the threat of a ransomware attack. Today, we call on our State, local, territorial and tribal government partners, along with the wider cyber community, to take the following essential actions to enhance their defensive posture against ransomware. Through this collective action, we can better protect ourselves and our communities, and further advance the cyber preparedness and resilience of the Nation. Three Steps to Resilience Against Ransomware:

1. Back-Up Your Systems – Now (and daily): Immediately and regularly back up all critical agency and system configuration information on a separate device and store the back-ups offline, verifying their integrity and restoration process. If recovering after an attack, restore a stronger system than you lost, fully patched and updated to the latest version.

2. Reinforce Basic Cybersecurity Awareness and Education: Ransomware attacks often require the human element to succeed. Refresh employee training on recognizing cyber threats, phishing and suspicious links – the most common vectors for ransomware attacks. Remind employees of how to report incidents to appropriate IT staff in a timely manner, which should include out-of-band communication paths.

3. Revisit and Refine Cyber Incident Response Plans: Agencies must have a clear plan to address attacks when they occur, including when internal capabilities are overwhelmed. Make sure response plans include how to request assistance from external cyber first responders, such as state agencies, CISA and the MS-ISAC, in the event of an attack.

After implementing these recommendations, refer to the ransomware best practices published by CISA, MS-ISAC, NGA, and NASCIO for additional steps to protect your organization.

Additional Resources:

MS-ISAC Security Primer on Ransomware

CISA Tip Sheet on Ransomware

NGA Disruption Response Planning Memo

NASCIO Cyber Disruption Planning Guide

Ask DLS: Other Post-Employment Benefits Trust Fund - Part 2

This month's Ask DLS features part two of frequently asked questions concerning the local option Other Post-employment Benefits (OPEB) Trust Fund under G.L. c. 32B, § 20 and 20A, as amended by Sections 15 and 238 of Chapter 218 of the Acts of 2016, the Municipal Modernization Act. For Part 1 of the series, see the August 1, 2019 edition of City & Town. Please let us know if you have other areas of interest or send a question to cityandtown@dor.state.ma.us. We would like to hear from you.

Who is the custodian of the OPEB Trust Fund (OPEB Fund)?

The treasurer of the governmental unit is the custodian of the OPEB Fund and must be bonded in any additional amounts required to protect fund assets.

Must an OPEB Fund have a trustee?

Yes. One of the purposes of the Municipal Modernization Act’s amendments was to establish an OPEB Fund as a trust fund with a trustee.

Who designates the trustee of an OPEB Trust Fund?

The governing body of the governmental unit, by majority vote, designates the trustee of an OPEB Fund. It may choose (1) the treasurer of the governmental unit or (2) the retirement board of the governmental unit or (3) it may establish an OPEB Fund board of trustees described below. If the governing body does not designate a trustee, the treasurer of the governmental unit is trustee.

What is the governing body of a governmental unit?

The governing body of the governmental unit is the legislative body in a city or town, the county commissioners in a county, the regional district school committee in a regional school district, and the district meeting or other appropriating body in any other governmental unit.

Are there any requirements for an OPEB Fund board of trustees?

Yes. An OPEB Fund board of trustees must have 5 to 13 members. The board must include (a) one or more individuals with investment experience as specified by the governing body, (b) one or more citizens of the governmental unit, (c) one employee of the governmental unit, and (d) one or more retirees of the governmental unit, and (e) one or more officers of the governmental unit.

Who selects the members of an OPEB Fund board of trustees and how long do the members serve?

The governmental unit employee trustee is selected by current employees of the unit by ballot. The retiree trustees are selected by current retirees of the unit by ballot. All other trustees are appointed by the chief executive officer of the governmental unit. The chief executive officer is a mayor in a city or select board in a town, unless the charter designates another municipal officer as the chief executive officer; county commissioners in a county; the regional district school committee of a regional school district; and the governing board, commission or committee in a district or other governmental unit.

The trustees serve for terms of three or five years, as determined by the governing body. If a vacancy occurs, a trustee may be elected or selected in the same manner to serve for the remainder of the term. Trustees are eligible for reappointment.

What are the powers and duties of the trustee/board of trustees of the OPEB Fund?

The trustee/board of trustees of the OPEB Fund acts in a fiduciary capacity for the primary purpose of enhancing the value of the OPEB Fund. The trustee acts with the care, skill, prudence and diligence that a prudent person acting in a similar capacity and familiar with such matters would use in the conduct of an enterprise of similar character and similar aims at that time. The trustee is required to diversify the investments in the fund to minimize the risk of large losses, unless under the circumstances it is clearly prudent not to do so.

The trustee/board of trustees is the investing authority and has general supervision of the management, investment and reinvestment of the OPEB Fund using the investment standard or investment vehicle.

The trustee/board of trustees may employ reputable and knowledgeable investment consultants to assist in determining appropriate investments and pay for those services from the OPEB Fund, if authorized by majority vote of the governing body.

Any other duties and obligations of the trustee or board of trustees must be set forth in a declaration of trust to be adopted by the trustee or board of trustees. All duties and obligations established by the declaration of trust must be consistent with the provisions of the OPEB law, G.L. c. 32B, § 20.

Is the trustee/board of trustees required to adopt a declaration of trust?

Yes. The trustee or board of trustees must adopt a declaration of trust stating the duties and obligations of the trustee or board of trustees. The declaration of trust and any later amendments must be filed with the chief executive officer and clerk of the governing body of the governmental unit. The declaration or amendment takes effect 90 days after the filing date unless the governing body votes to disapprove the declaration or amendment within that period of time. As soon as possible after receipt of a declaration of trust or amendment, the clerk should post a notice that the declaration or an amendment has been filed under G.L. c. 32B, § 20(d). The posting should be made in the same manner as notices of meetings under the Open Meeting Law. G.L. c. 30A, §§ 18 – 25. The notice should remain posted until the 90-day period has elapsed.

Stay tuned for next month’s City and Town for Part 3 in our FAQ series on OPEB. For more information, see Informational Guideline Release (IGR) 19-10.

FY20 Sewer Rate Relief

Tony Rassias - Deputy Director of Accounts

In March of 2019, the Division of Local Services (DLS) announced the FY2019 distribution from the Commonwealth Sewer Rate Relief Fund, established in 1993 under the provisions of Massachusetts General Laws c. 29, §2Z, to mitigate escalating costs of sewer service in the Commonwealth.

48 governmental units, including cities and towns, sewer districts, water and Sewer Commissions and the Massachusetts Water Resources Authority were distributed $1.1 million in total to assist in payment of debt service obligations for qualified sewer construction projects.

DLS administers the program in consultation with the Department of Environmental Protection. Since FY94, the sewer rate relief program has distributed close to $500 million to governmental entities with qualified projects.

The program’s sole source of funding is from an annual appropriation in the annual state budget. Except for fiscal years when the program was unfunded, the appropriation has ranged from a high of $58,600,000 in FY2002 to a low of $500,000 in FY2012 and FY2017.

For FY2020, $1.1 million has once again been included in the State budget. DLS is preparing its request for applications which is expected to be sent via DLS Alerts during the month of September. Program details will be included in the application. To sign up for DLS Alerts, please click here.