Managing Your Retirement Plan: The Challenges of Regulatory Compliance
Retirement plan sponsors face greater challenges today than ever before. Regulatory scrutiny is on the rise, with the Department of Labor (DOL) actively reviewing Form 5500 filings for evidence of noncompliance, inaccurate reporting and excessive fees.
But that’s not all. In addition to staying on top of complex legal and regulatory requirements, sponsors also must design effective retirement plans that attract and retain the best and brightest employees.
Electronic filing makes it easier than ever for regulators to perform queries of corporate retirement plans. The DOL can assess significant penalties for late tax filings, as well as fees to go through a correction program to fix qualified plan violations.
Penalties can also be assessed at a personal level on plan trustees for a breach of fiduciary duty. These corrections can be costly, time consuming and disruptive to business.
We’ve answered some of the most common questions clients have about complying with DOL regulations and strengthening their retirement plans.
Q: What can employers do to help keep the plan from becoming a liability?
Effective plan governance is the best defense to manage plan risk, so you should take the following steps:
- Establish a plan committee for general oversight and designate an employee as plan administrator. This employee will be responsible for plan committee meetings and plan operations and make sure fiduciary education is provided regularly to the plan committee.
- Hire qualified service providers to deliver needed expertise. Be sure to assess their quality and level of service in relation to the fees charged. Hiring the right expert protects the plan sponsor, and it might not mean the lowest-cost provider.
Timely, accurate reporting is vital. Qualified plans need to file a Form 5500 and provide various notices each year. It’s important to keep a calendar of due dates and carefully review draft reports for completeness and accuracy.
The most common Form 5500 errors include marking incorrect boxes, providing inaccurate data, incorrectly reporting expenses and filing the form late. Also, large qualified plans—generally defined as plans with more than 100 eligible participants—need to attach audited financial statements to their Form 5500. Hiring an auditor experienced in retirement plan audits can help ensure reporting requirements and fiduciary responsibilities are met.
Another best practice includes conducting internal checkups. The most common plan audit errors are not following the plan’s definition of eligible compensation to calculate contributions, not implementing auto-enrollment features correctly and not remitting participant contributions on a timely and consistent basis. Circumstances that can increase risk and may require additional oversight and checks of controls include:
- Changes in third-party administrators (TPAs) or custodians
- Changes to payroll companies or adding new employees, compensation plans or fringe benefits
- Adding a new division or mergers/acquisitions
Q: How much can be done in house and how much should be contracted out?
It depends on the plan sponsor’s internal capability to perform these functions in house. At a minimum, you should have a designated plan administrator to coordinate and work alongside internal human resources and payroll departments. They will also coordinate with external TPAs, investment advisers, plan auditors and plan attorneys to help keep all parties informed and ensure requirements are met.
If external expertise is needed, hire qualified service providers after a thorough evaluation and selection process. Always remember, however, that monitoring service providers is still required as part of the plan sponsor’s fiduciary responsibility.
Q: Does cybersecurity play a role in this?
Retirement plans with a high level of assets are a prime target for cyberattacks. Plan sponsors and service providers also utilize large volumes of personal information such as social security numbers, dates of birth, home addresses, salaries, passwords and general payroll information. All of this data is very attractive to cyberthieves.
Plan sponsors need to consider controls beyond the data that resides on the company’s network. Data residing on the networks of every service provider receiving data related to the plan or payroll is also vulnerable. Protecting it requires understanding the security of how data is transmitted, stored and protected at each service provider. A useful resource is the 2016 Department of Labor Advisory Council Cybersecurity Report.
Another way to manage risk is by purchasing cyber liability insurance coverage. This can help offset some of the significant costs associated with a data breach.
Contact us if you have more questions about complying with DOL regulations and strengthening your retirement plan.
All content provided in this article is for informational purposes only. Matters discussed in this article are subject to change. For up-to-date information on this subject please contact a James Moore professional. James Moore will not be held responsible for any claim, loss, damage or inconvenience caused as a result of any information within these pages or any information accessed through this site.