EJReynolds – Cybersecurity Commitment

Trust your retirement plan development and your personal data with the retirement experts.

Data breaches are happening more and more often with many companies of all sizes. Even companies whose main function is to protect your identity and personal information. What can you do to ensure your data is safe? EJReynolds has taken the following measures to safeguard our Client information with our cutting-edge cybersecurity commitment that will give you peace of mind knowing your most private information is safe.

How is EJReynolds handling and protecting your personal information?

Our advanced cybersecurity program stems from our core principles of trust, integrity, and ethics. We collect only the necessary information to consistently deliver the best products and services for our clients. All employees are required to complete extensive training programs on new threats and how to handle them. We have implemented security standards and processes to ensure that access to client information is limited to your EJReynolds Plan Consultant.

Our Best Practice Cybersecurity Protocols Include:

–  Citrix ShareFile© – Secure File Sharing

EJReynolds’ secure file sharing link provides a safe and secure way to transmit sensitive information online. This assures that files are sent and received with bank-level encryption. You will be required to register through ShareFile©’s one-time enrollment process to send and receive files securely. We are aware this may be an initial inconvenience, but we want our Clients’ information to remain protected.

–  Two-factor Authentication

EJReynolds has implemented a two-factor authentication process for our Plan Consultants to review our clients most sensitive information. It is the most advanced form of security and we have been applying this practice to all documentation.

–  State-Of-The-Art Advantage Firewall Security

EJReynolds’ Firewall Security system protects our computer network from being attacked by online hackers, worms, viruses, etc. It is designed to stop unauthorized access to the EJReynolds computer systems.

–  Industry leading threat protection

Advanced Threat Protection (ATP) helps to protect our organization from malicious attacks by:

  • Scanning email attachments for malware
  • Scanning web addresses (URLs) in email messages and office documents
  • Identifying and blocking malicious files in online libraries
  • Checking email messages for unauthorized spoofing
  • Detecting attempts to impersonate users or organization’s custom domains

–  Dark Web Monitoring

Dark Web Monitoring provides around the clock monitoring and alerting for compromised digital credentials, scouring millions of sources, including botnets, criminal chat rooms, peer-to-peer networks, malicious websites, bulletin boards and illegal black market sites. All email addresses for EJReynolds’ employees, including the personal accounts for certain officers and managers, are monitored on the “Dark Web” for breeches in security. We are notified immediately if these critical assets are compromised, affording the chance to secure them before they may be used for identity theft, data breaches or other crime.

–  Continuous Training

Since 2019, all employees are required to complete extensive training programs through KnowBe4.com©, a nationally recognized leader in security awareness. Along with monthly training on the latest ERISA rules and regulations, each employee must complete training sessions on:

  • Phish threat security and common threats
  • Handling sensitive information digitally
  • Ransomware
  • Establishing and maintaining strong passwords
  • Mobile device security

Hackers constantly change their tactics. EJReynolds is groomed and trained to handle these situations.

Our commitment to your security is just one more reason to trust your retirement plan administration to EJReynolds.

IRS Issues Guidance on Notice Requirements for Safe Harbor Nonelective Contribution Plans

The IRS issued Notice 2020-86 (the Notice) on December 9, 2020, providing initial guidance for plan sponsors on the changes made under the SECURE Act for plans that provide for safe harbor nonelective contributions. Although the Notice address all the changes to a certain extent, this piece is focused solely on the elimination of the safe harbor notice requirements for plans that provide for safe harbor nonelective contributions. While this change was intended (by Congress) to reduce the administrative burden associated with these types of plans, it has little practical application based on the initial IRS guidance.

In general, the SECURE Act eliminated the safe harbor notice requirement for plans that provide for safe harbor nonelective contributions, expanded the ability for plan sponsors to retroactively amend their plans to permit safe harbor nonelective contributions, and increased the maximum automatic enrollment percentage from 10% to 15% for QACA safe harbor plans. As of today, the IRS has not updated the regulations, so there may (and hopefully will) be future changes.

Which plans are required to provide the safe harbor notice?

The Notice clarifies that the following plans still must provide the safe harbor notice:

  • Plans that provide for safe harbor matching contributions (the SECURE Act did not make any changes to the rules appliable to plans that provide for safe harbor matching contributions)
  • Plans that provide for safe harbor nonelective contributions AND matching contributions intended to satisfy the ACP safe harbor requirements

If a plan provides for safe harbor nonelective contributions, it is exempt from the ADP test. If the plan also permits matching contributions (fixed or discretionary), the plan must meet certain requirements for the match to be exempt from ACP testing. In general, 401(k) contributions exceeding 6% of compensation cannot be matched, the plan cannot impose allocation conditions on the match, discretionary matching contributions cannot exceed 4% of a participant’s compensation, and the safe harbor notice must be provided.

For example, assume a plan provides for a 3% safe harbor nonelective contribution and permits discretionary matching contributions. Further, assume there are no allocation conditions on the match and the employer matches 66.67% of deferrals up to 6%. While the safe harbor notice is not required for the plan to satisfy the ADP safe harbor requirements, it would be required if the employer wants to meet the requirements for the match to be exempt from the ACP test. In other words, even though the match provided by the employer would otherwise meet the ACP safe harbor requirements, if the employer does not provide the safe harbor notice, the plan would nevertheless be subject to ACP testing for the plan year.

Can a plan that provides for safe harbor nonelective contributions be amended mid-year to reduce or suspend those contributions if the employer did not provide the safe harbor notice?

First, under the existing regulations (which have not been updated for the SECURE Act changes), in order for a 401(k) plan that provides for safe harbor nonelective or safe harbor matching contributions to be amended mid-year to reduce or suspend safe harbor contributions, the employer must (1) be operating at an economic loss, or (2) have provided a notice to participants prior to the beginning of the year stating that the plan may be amended during the year to reduce or suspend contributions (the Safe Harbor “maybe” notice). Note that there are additional conditions that must be satisfied including the requirement to provide 30 days advance notice to participants such as allowing them to make changes to their deferral elections. Additionally, the safe harbor contribution must made through the effective date of the amendment, and the plan must satisfy the ADP/ACP tests using the current year testing method for the entire plan year.

Since the SECURE Act generally eliminated the safe harbor notice requirements for plans that provide for safe harbor nonelective contributions, it was anticipated the IRS would also eliminate the Safe Harbor “maybe” notice. Unfortunately, the IRS took the surprising position in Notice 2020-86 that a plan that provides for safe harbor nonelective contributions still must provide the Safe Harbor “maybe” notice if the employer wants to reserve the right to reduce or suspend safe harbor contributions mid-year.  The Notice states that while such plans are not required to provide the safe harbor notice, they still must provide a “maybe” notice (generally, within 30 days prior to beginning of the plan year).

We took the position to tell our clients with the Safe Harbor “maybe” non-elective plan design that it would be better to remove the Safe Harbor election altogether, since a plan may be amended to allow the 3% Safe Harbor non-elective contribution at any time up until the end of the 11th month of the plan year, or later up until the due date of the corporate tax return if the employer contributed a 4% Safe Harbor non-elective contribution.

Since it is only a matter of how much language is included in the participant notice, this essentially subjects employers who sponsor safe harbor nonelective contributions plans to the same notice requirements that existed before the SECURE Act. We expect the IRS will receive many comments on this aspect of the guidance, so there is still hope this issue will be resolved when they update the regulations.

How can I learn more?

When the IRS provides additional guidance or issues the amended regulations, we will provide an update. If you have any questions, please do not hesitate to contact EJReynolds, Inc. We are here to help.