It’s tempting to take a “set it and forget it” mentality when it comes to your employee benefit plan. If no one’s complaining, why spend time on it? But if you take that approach, you may be missing opportunities to optimize your plan, satisfy ever-changing government regulations and protect your employees and your organization.
Here are three reasons why you should take a deeper look at your employee benefit plan sooner rather than later.
Hardship Distribution Changes
On February 9, 2018, the Bipartisan Budget Act of 2018 was signed into law, removing the six-month suspension on contributions to a retirement plan following a hardship withdrawal. This simplifies plan administration and alleviates plan sponsors from having to suspend the deferral contribution, which is a common operational error.
Under current law, hardship contributions are available from the original contributions made to the elective deferral money source. Earnings on elective deferrals may not be withdrawn for financial hardship (other than earnings accrued before 1989), and a hardship withdrawal is prohibited for certain types of employer contributions. Participants are also required to obtain all available loans before resorting to a hardship withdrawal.
The Bipartisan Budget Act of 2018 eliminates these restrictions for plan years beginning after December 31, 2018. Since changes are optional, a plan amendment is required in order to adopt them. But these changes should be well received by third-party administrators, since it’s difficult for them to track the basis of the original contributions.
Determination Letter Program Changes
On June 29, 2016, the U.S. Department of the Treasury and the IRS issued Revenue Procedure 2016-37, which makes changes to the IRS determination letter program and the remedial amendment cycle for individually designed plans, and also changes how and when plan sponsors can request documentation.
Previously, there was a five-year remedial amendment cycle for individually designed plans to request a determination letter. Effective January 1, 2017, the IRS no longer accepts determination letter applications based on this five-year cycle, and determination letters do not have an expiration date. Plan sponsors of individually designed plans must vet any discretionary amendments to the plans carefully to ensure they are being properly handled, as they are no longer required by the IRS to review them as frequently. However, sponsors of individually designed plans can submit a determination letter application if the plan has never received a favorable determination letter (initial plan qualification), the plan is terminating or there are certain special exceptions based on program capacity or other factors that the IRS determines annually.
The IRS publishes a Required Amendment List after October 1 of every year to address changes in qualification requirements. The Required Amendments List contains all the amendments an individually designed plan must amend to retain its qualified plan status. As a general rule, plan sponsors have to adopt all items placed on the Required Amendments List by the second calendar year following the year the list is published. The Revenue Procedure does not change a plan’s operational compliance standards. The goal of these changes is to help free up reduced resources at the IRS to focus on other matters. Prototype and volume submitter plans are not impacted by these changes.
The Importance of Cybersecurity
Cybersecurity continues to be a hot topic at the Department of Labor (DOL). While most companies consider their cybersecurity risk, they may not think about the risks they take with their employee benefit plans. Those plans can be targets for hackers trying to access plan assets or participants’ personal information, such as Social Security numbers, dates of birth and email addresses. Hackers may attempt to make unauthorized loans or disbursements from the plan if they are able to gain online access to a participant’s account.
Most employee benefit plan administrators make transactions electronically and often share information with third parties that help administer the plan, making them susceptible to cyberattacks. Plan sponsors may rely too much on anti-virus or anti-spam software to protect them. They also may believe that the service organization’s SOC 1 report addresses all cybersecurity risks, when in reality, SOC 1 reports address only a plan’s internal control over financial reporting, not broader-entity cybersecurity controls and risks.
The DOL encourages plan administrators to evaluate cybersecurity risks internally and with their third-party vendors. Maintaining security of employee benefit plan data is part of the plan sponsor’s fiduciary responsibility. Security breaches can be costly since plan sponsors must determine the extent of the break-in, recover information and restore the integrity of the plan. Breaches can also lead to losses of participants’ account balances, which plan fiduciaries could be required to restore. Plan sponsors should review their processes and controls on a regular basis to ensure that access to sensitive information is restricted to the appropriate individuals within their organization as well as at third-party vendors.
Additionally, plan sponsors should understand how their third-party service providers store and protect personal information they handle and have a policy in place for addressing a security breach in the event of one. The American Institute of Certified Public Accountants (AICPA) has created a cybersecurity resource center that provides various tools and information plan sponsors can use to address cybersecurity risks. The DOL’s Cybersecurity Considerations for Benefit Plans document creates additional awareness regarding cybersecurity risks.
Optimizing Your Employee Benefit Plan
Keeping up with changing government regulations can be challenging, but as we’ve seen above, those regulations also can be beneficial. Take another look at your employee benefit plan and the security around it to help your organization streamline certain processes, satisfy regulations and protect your business from security threats. And if you need help optimizing your employee benefit plan, contact Wipfli — we can bring the knowledge and insight you need to ensure your plan is compliant and positioned to benefit both your business and employees.