Subject: The Importance of Cybersecurity for Retirement Plans

Subject: The Importance of Cybersecurity for Retirement Plans

Cybersecurity should never be an afterthought, but sometimes it is not taken seriously enough. With the ever-increasing risk of cyber-attacks, it is imperative that every company and every employee take threats extremely serious.  PWC’s 2018 Global State of Information Security survey found that cyber attacks have been growing quickly and will continue to increase. With the prevalence of attacks it is imperative that companies ensure they have Cybersecurity processes in place.

Cybersecurity processes are put in place to protect both the individual user and companies as a whole from hackers, cyber criminals, and hacktivists, among others. Not only does a lack of cybersecurity in an organization affect the individual whose personable identifiable information (PII) may have been compromised; the average cost of a data breach to an organization is $6.5 million.

The law governing cybersecurity is developing and is currently a patchwork of state and federal regulations. There is no comprehensive federal law governing cybersecurity.  However, there are many established state and federal laws that govern the financial industry’s use of financial information, as well as laws regarding personable identifiable information, giving TPA’s ample inspiration for best practices to implement and stay ahead of data breaches. TPA’s should ensure protections such as:

  • Technology tools and measures to prevent and detect attacks and data breaches.
  • Detailed processes and procedures to follow when sharing benefits plan and personable identifiable information.
  • Proper authentication processes to ensure everyone accessing information is verified.

With the growing risk of cyber-attacks, we at EJReynolds take client privacy very seriously. In our efforts to protect the financial information provided by our clients and entrusted to our employees, EJReynolds, Inc. offers a Cybersecurity Commitment to give you the comfort and peace of mind when working with us.

Our Cybersecurity Commitment stems from the core principles of trust, integrity and ethics: We collect only client information that is pertinent to the services provided by our team. Thus, we have implemented security standards and processes including physical, electronic and procedural safeguards to ensure that access to client information is limited only to select employees who may need it to do their jobs.

  • Secure file sharing links put in place to provide a safe & secure way to share sensitive information online.
  • Advanced Firewall Security system protects computer networks from being attacked online by hackers, worms, viruses, etc.
  • Use of Advanced Threat Protection (ATP), an industry leading threat protection network used internally to protect from malicious attacks.
  • Two-factor authentication, 2FA, requires the user to have two out of three types of credentials before being able to access an account.

If you have any questions about our services and/or how we protect your information please feel free to contact us.

New Rules for Hardship Distributions in 401(k) Plans

Hardship Distribution Rules Relaxed

The Bipartisan Budget Act of 2018 liberalized the rules applicable for hardship distributions in 401(k) plans. These changes impact the “safe harbor” hardship distribution rules (the ones most commonly used in plans) and will generally become effective for plan years beginning after December 31, 2018.

To assist plan sponsors with implementing these changes, the IRS issued proposed regulations in November 2018, and it is anticipated those regulations will be finalized in early 2019.

What is changing?

In general, the new rules make it easier for participants to qualify for hardship distributions, expand the sources available for such distributions, and remove the 6-month deferral suspension period following a hardship distribution. They also make it easier on plan sponsors by simplifying the substantiation process.

What qualifies for a hardship distribution under the new rules?

Under the existing rules, hardship distributions may only be made from a participant’s 401(k) and/or Roth account for the following:

  1. Unreimbursed, tax-deductible medical expenses (without regard to the deduction limitation);
  2. Certain costs associated with the purchase of a participant’s principal residence;
  3. Post-secondary educational expenses for a participant, his or her spouse, children or dependents (for the next 12 months);
  4. Funeral expenses for a participant’s spouse, parents, children or dependents;
  5. Expenses necessary to repair damage to a participant’s principal residence incurred as a result of a casualty (tax-deductible loss); and
  6. Amounts necessary to prevent foreclosure or eviction from a participant’s principal residence.

Under the new rules, the conditions under which a participant can obtain a hardship distribution have been expanded to include the following:

  1. Expenses incurred as a result of a natural disaster in a federally-declared disaster area; and
  2. Medical, post-secondary educational, and funeral expenses for a participant’s primary beneficiary.

Additionally, the proposed regulations clarify that if a participant’s principal residence is damaged as a result of a casualty, such as a fire or windstorm, it is not necessary for the participant’s home to be in a federally-declared disaster area. When the income tax law changed, it impacted the hardship distribution rules since the 401(k) regulations (current) require the casualty loss be tax-deductible.

What contribution types are available for hardship distributions?

Under the existing rules, hardship distributions can only be made from a participant’s 401(k) and/or Roth account, excluding any related earnings. In other words, a participant can only withdraw his or her contributions.

Under the new rules, the amount available for hardship distributions will include related earnings. In addition, participants will be able to take hardship distributions from safe harbor account balances as well as QNEC or QMAC account balances, if provided for under the terms of the plan document.

Note: Some plans permit “hardship” distributions from other sources, such as profit sharing or matching account balances. These contribution sources are not “restricted” from taking in-service distributions prior to attainment of age 59 ½ (like 401(k), Roth, safe harbor, QNEC and QMAC account balances), so it is still permissible to allow for hardship distributions from these accounts, if provided for under the terms of the plan document.

How much can a participant receive as a hardship distribution?

The amount cannot exceed the lesser of (1) a participant’s financial need (grossed up for applicable income taxes), or (2) his or her available account balance. This rule has not changed, although the amount available has been expanded to include related earnings and additional contribution sources.

What substantiation is required for hardship distributions?

The proposed regulations provide new standards for determining whether a hardship distribution is deemed necessary to meet a participant’s financial need.

  • The participant must have obtained all other available in-service distributions under any plans maintained by the employer; and
  • The participant must represent that he or she does not have enough liquid assets to satisfy the financial need.

Currently, a participant is generally required to take a loan from the plan (if available) prior to receiving a hardship distribution, and the determination of whether a hardship distribution is deemed necessary to meet an “immediate and heavy” financial need is based on all relevant facts and circumstances.

The new standards remove the plan loan requirement and simplify the process for plan sponsors as they can rely on the participant’s representation, absent actual knowledge to the contrary.

How will the new rules for the 6-month deferral suspension apply?

Under existing rules, plans are required to suspend participant deferrals for a period of 6 months following a hardship distribution. Under the new rules, plans will no longer be permitted to suspend participant deferrals.

The proposed regulations provide flexibility in implementing these changes, though. For 2019, plan sponsors have the option of imposing the 6-month suspension period, or they can permit participants to continue to defer immediately following a hardship distribution.

Additionally, for hardship distributions made during the last 6 months of 2018, plan sponsors can either continue the 6-month suspension period or resume deferrals for all participants effective January 1, 2019.

For hardship distributions made on or after January 1, 2020, however, plans will be prohibited from imposing the 6-month suspension period.

When are these changes effective?

Generally, these changes are effective for plan years beginning after December 31, 2018.  There are special rules, however, that apply for certain purposes such as the 6-month suspension period.

Will these changes require a plan amendment?

Yes, these changes will require a plan amendment. It appears that plan sponsors will be able to implement the new rules prior to amending their plan, though. We are hopeful the IRS will issue additional guidance on this important point in the final regulations.

How can I learn more about these requirements?

Please contact us to learn more about how these rules impact your plan and participants!

 

Top Heavy Determination and Top Heavy Requirements

The purpose of the Top Heavy Requirements is to ensure that qualified plans do not unfairly benefit the Key Employees of the employer. If, on the Determination Date, the total of the account values for the Key Employees exceeds 60% of the account values for all employees, it will be determined to be Top Heavy. A minimum Top Heavy Contribution will be required for the initial plan year and/or the following plan year if the Key Employees receive any contribution allocation. This contribution must be 3% of the Non-Key employee’s total annual compensation or if less, the highest percentage of compensation that any Key Employee receives. The Top Heavy Contribution is allocated to the eligible Non-Key employees who are employed on the last day of the plan year without regard to the number of hours worked. Key Employees may receive a Top Heavy Contribution if elected in the Plan Document.

Compliance Testing Required for 401(k) Plans

A number tests must be performed each year to demonstrate that 401(k) plans do not discriminate in favor of highly compensated employees and that contributions do not exceed certain limitations. Some of the most common tests include:

Types of ERISA Fiduciaries

Under the Employee Retirement Income Security Act of 1974 (ERISA), there are several named classes of Fiduciaries, first and foremost of which is the Plan Sponsor. All qualified retirement plans have at least one named Plan Sponsor. The Plan Sponsor adopts the plan, and only employees (or beneficiaries thereof) of the adopting Plan Sponsor (or sponsors) may participate in and benefit from the plan. Since many Plan Sponsors of qualified retirement plans like to limit their fiduciary risk when it comes to the investment and disbursement of Plan Assets, it is possible for Plan Sponsors to mitigate their fiduciary liability by naming specific entities or individuals as fiduciaries. This article takes a look at determining who is a Plan Administrator, at investment advisors as fiduciaries, and the benefits of naming specific parties as certain types of named fiduciaries.

Plan Administrator under ERISA 3(16)

The Plan Administrator is responsible for the day to day duties of the plan, including determination and transmittal of contributions; distribution and loan review, approval and processing; annual compliance testing and the preparation of Form 5500 and related schedules. A Plan Sponsor can certainly hire outside service providers to handle most of these tasks, but unless the service provider specifically accepts Fiduciary status under ERISA Section 3(16), the Plan Sponsor or other specifically named parties are still considered the Plan Administrator, with all of the related Fiduciary Liability. To determine who is a Plan Administrator under 3(16), first review the Plan’s document. The Plan Administrator will be the individual named in the document. If the document does not name an individual, then the Plan Sponsor is the Plan Administrator. In the case where there are multiple employers, then the association, committee, joint board or trustees or other similar group of representatives of the parties who establish and maintain the plan may be named Plan Administrator. Some service providers are beginning to offer these services, for a fee, specifically accepting the title of 3(16) Plan Administrator.

Investment Advisors as Fiduciaries

A qualified plan financial adviser (or investment advisor) is a term for professionals who sell, advise, market or support qualified retirement plans. According to the U.S. Financial Industry Regulatory Authority (FINRA), terms such as financial adviser and investment advisor are general terms or job titles used by investment professionals and do not denote any specific designations.

ERISA 3(21) Fiduciaries

An investment advisor may be appointed as a fiduciary under 3(21) of ERISA directly by the Plan Sponsor. Persons can be deemed a 3(21) Fiduciary to the extent that they meet the following criteria; if they:
• Exercise discretionary authority or control with respect to the management
of the plan and the disposition of plan assets
• Render investment advice for a fee or any other direct or indirect
compensation; or
• Have any discretionary authority or responsibility over the administration of
the Plan

Fiduciaries accepting 3(21) responsibility share that responsibility with the Plan Sponsor and Plan Administrator; however the Plan Sponsor retains the ultimate responsibility and must monitor the performance of the 3(21) fiduciary. For instance, an investment advisor accepting ERISA 3(21) responsibilities may recommend a potential menu of investment options for the plan, but it is up to the Plan Sponsor to accept or reject those investment options, and to ensure that the investment policy is enforced.

ERISA 3(38) Fiduciaries

A fiduciary who falls under 3(38) of ERISA must be a registered investment advisor, bank, or insurance company. This type of fiduciary has all of the responsibilities of a 3(21) fiduciary, however they must agree in writing to assume the liability of selecting and monitoring the investments of the Plan. A 3(38) fiduciary has full discretion for selecting and monitoring plan investments and must make judicious decisions when making their investment choices. This type of fiduciary assumes the legal responsibility and liability of investment decisions. Bringing forward our previous example, the investment advisor accepting ERISA 3(38) responsibilities may recommend a potential menu of investment options for the plan, however neither the Plan Administrator nor the Plan Sponsor would have a say in the ultimate investment of the funds.

Benefits of naming a Fiduciary

From investments to the day to day management of the plan, it is not always possible for a Plan Sponsor be an expert in all aspects of a qualified plan. Hiring experts to help with these important and sometimes confusing requirements is not only prudent but may help limit the overall liability a Plan Sponsor is exposed to. For smaller plans, however, it may cost prohibitive to appoint an outside fiduciary. As the assets of the plan grows, so does the potential fiduciary liability and therefore the potential need for a named outside fiduciary. Ultimately, it is up to the Plan Sponsor to evaluate their own need and determine the scope of such an undertaking. More importantly, the Plan Sponsor also has the responsibility to monitor the fiduciary, as it would any other service provider, and make prudent decisions in selecting a 3(16), 3(21) or 3(38) fiduciary. The act of hiring such a fiduciary is itself a fiduciary act, so there is no way to eliminate all fiduciary liability. By making sensible, well documented decisions, and monitoring the results of the decisions, a Plan Sponsor can best defend themselves against any potential future litigation. The Sponsor must also take steps to ensure that the services received are commensurate with the cost of those services. There is no requirement under ERISA that any plan costs must be the cheapest around, only reasonable.

Meeting your fiduciary obligations under ERISA can be nuanced and not always obvious. You may also want to read our blogs in our fiduciary series, Are You a Fiduciary? and Fiduciary Responsibilities for Benefit Plans under ERISA.

If you have questions about your particular responsibilities or risk, feel free to contact us.

Fiduciary responsbilities for Retirement Plans under ERISA

Qualified retirement plans can be rewarding and beneficial for both employees and employers. However, plan sponsors, administrators and officials who have discretion over a plan must take care to meet the high standards of conduct for fiduciaries under the Employee Retirement Income Security Act of 1974 (ERISA).

Non-compliance with ERISA can expose benefit plan sponsors to serious risk and litigation. In some cases, individuals who play a fiduciary role can be held personally responsible for losses. It is especially helpful to be familiar with ERISA if your organization is a small business or non-profit with limited resources for plan administration.

Here is a basic overview of responsibilities and some tips for limiting fiduciary liability under ERISA.

Four key elements of a Retirement Plan

A “qualified retirement plan” is one that meets the requirements of ERISA and the Internal Revenue Code (IRC). Core elements of a retirement plan include:
• A written plan that describes benefit structure and guides day-to-day
operations.
• A trust account that holds the plan’s assets.
• A record keeping system to track the flow of monies to and from the plan.
• Reports that furnish mandatory disclosures to plan participants, beneficiaries
and government.

Who will manage your Retirement Benefits Plan?

Options for managing your retirement plan include:
• Hiring an outside professional (“third-party service provider”).
• Forming an internal administrative committee.
• Assigning management to Human Resources if applicable.
• A combination of the above.

Six important rules for Fiduciaries of Retirement Plans

• Act solely in the interests of the plan participants and exclusively for the
purpose of providing benefits.
• Act “prudently” and document decision making.
• Follow the terms of your plan (except where it conflicts with ERISA) and keep
it current.
• Diversify investments to minimize risk of loss.
• Pay only “reasonable” expenses and fees.
• Avoid “prohibited” transactions.

The importance of being prudent

Acting “prudently” is a central responsibility of fiduciaries. The “prudent man rule” in ERISA requires fiduciaries to carry out their duties with the same “care, skill, prudence and diligence” as would a person who is familiar with the subject and has the capacity to understand the issues would act in a similar enterprise with similar aims. Plan sponsors are expected to monitor their plans and have or obtain the expertise needed to meet fiduciary obligations.

Document your process

Plan sponsors, administrators and fiduciaries should document their decision making to demonstrate prudence. For example, if you are selecting a third-party provider, comparing potential providers by asking the same questions and providing the same requirements to each will support your final selection.

Reduce fiduciary liability

Other ways to limit your fiduciary liability include:
• Participant-directed plans like 401(k) and profit sharing plans.
• Automatic enrollments in default investments.
• Hiring third-party professionals who assume liability for their functions.
• Fidelity bonds on fiduciaries handling plan funds or property.
• Periodic review of plan documents, providers and operations.
• Avoiding conflict of interest and prohibited transactions.

Avoid “prohibited” transactions

Fiduciaries are prohibited from making certain transactions with “parties in interest” — those persons who are in a position to exert an improper influence over the plan, including the employer, the union, plan fiduciaries, plan service providers, officers, owners defined by statute, and relatives of parties in interest. Prohibited transactions would include sales, exchanges, leases, loans, extension of credit, or furnishing of goods, services or facilities.

Exceptions

The Labor Department grants a number of exemptions for some transactions that would fall under the “prohibited” category, but are deemed necessary and helpful in protecting the plan. Examples of allowable transactions include:
• Hiring a service provider for plan operations.
• Hiring a fiduciary adviser to give investment advice to participants in self-
directed accounts.
• Making loans to plan participants.

Conflicts of interest

Fiduciaries must not use the plan’s assets in their own interest, or accept money or any other consideration for their personal account from any party that is doing business with the plan.

Audits

The size of your benefits plan also impacts your government obligations. For example, ERISA requires an annual audit of plans with more than 100 eligible participants.

Deadlines for depositing contributions

If participants contribute to the plan through salary reductions, employers have a fiduciary responsibility to deposit the funds into the plan as soon as possible. Plans with less than 100 participants should deposit contributions no later than the 7th business day following the date of withholding. The rules for larger plans are not quite as clear. The regulations suggest no later than the 15th business day of the month that follows payday, however the Department of Labor has informally indicated that the small plan rules (within 7 days) should be the standard for all plans.

Additional information

We hope you have found this general overview helpful. ERISA regulations can be complex and each plan and situation is different. Please seek expert consultation for specific concerns and questions.

If you have a question about your fiduciary risks and responsibilities, feel free to contact us.

Are you a Fiduciary?

Fiduciaries of qualified retirement plans are held to the highest of federal standards. Fiduciary violations under the Employee Retirement Income Security Act (ERISA) of 1974 can expose you and your employer to risk and litigation. In some circumstances, fiduciaries can be held personally responsible for losses and restitution.

Not all fiduciaries are identified by title. Furthermore, some individuals may play a fiduciary role in some of their functions but not other functions. So how might you know if your position places you in a fiduciary role, or if your actions are subject to ERISA’s fiduciary standards?

There are innumerable journal articles, books and court cases that parse the question of who is held accountable for fiduciary conduct regarding benefit plans under ERISA. Here are some commonly held distinctions between a plan fiduciary and a non-fiduciary.

Functions Tell More than Titles

Fiduciary status is based on functions performed, not just titles. Under ERISA, the litmus test is whether you exercise discretionary authority in administering and managing a plan or in controlling the plan’s assets. You will be viewed as a fiduciary to the extent of your authority, control or discretion.

Fiduciaries Named in the Plan Document

Written benefit plans must name at least one official Fiduciary, by name or by office, or through a process described in the plan, as having control over the operation of the plan. The named Fiduciary can include one or more individuals; as well as entities such as an administrative committee or the company’s board of directors. Plan fiduciaries may typically include:

  • The Trustee
  • Persons exercising discretion in the administration of the plan
  • Members of a plan’s administrative committee (if the committee exists)
  • Persons who select committee officials
  • Investment advisors

Professionals and Fiduciary Responsibility

Professionals providing services are generally not considered fiduciaries when they are acting solely in their professional capacities. Professionals who commonly provide services include:

  • Attorneys
  • Accountants
  • Actuaries
  • Consultants

However, to the degree that a professional exercises authority or control over a plan, he or she can be liable for fiduciary actions. For example, a professional who is given compensation to provide investment advice for the plan trustees and participants would be performing a fiduciary function.

Business Decisions vs. Fiduciary Decisions

Business decisions are not governed by ERISA. Since employers are not required to provide retirement plans for employees, ERISA views the decision to establish a qualified plan as a business decision because the employer is acting on behalf of the business.

Other business decisions can include the determination of:

  • The contribution formula
  • Certain features to be included, such as loans or hardship distributions
  • Whether or not to adopt a discretionary plan amendment
  • Whether or not to terminate a plan

However, once employers (or those hired by them) act to implement a qualified plan, they are acting on behalf of the plan, and their decisions in carrying out the plan are considered fiduciary decisions, subject to ERISA regulations governing fiduciary responsibilities. They have a fiduciary duty to ensure the plan is operated in and maintains proper compliance.

Specific Situations

Given the nuances of fiduciary codes, the Department of Labor, which enforces ERISA laws, has demonstrated over the years that final determination of fiduciary liability and responsibility rests on the intersection of the specific circumstances of each situation and the prevailing regulations. If you have a specific question regarding fiduciary roles, naming a fiduciary, or the delegation of fiduciary duties, it is best to seek professional expertise.

If you feel you are facing a change in responsibilities or have a question about your fiduciary roles and risks, feel free to contact us.