Cyber-crime is on the rise worldwide. As a result, growing numbers of organizations are taking critical steps to protect their valuable electronic data from hackers and other cyber criminals — a process known as cybersecurity. It’s serious business, and a trend retirement plan sponsors and committees should pay attention to.
In 2015, IBM’s chair, president and CEO Ginni Rometty said, “Cyber-crime is the greatest threat to every company in the world.” Last year, billionaire investor and businessman Warren Buffett echoed that sentiment, claiming that “cyber-attacks are a bigger threat to humanity than nuclear weapons.” In short, cyber-crime is extremely dangerous, and many businesses are vulnerable to cyber-attacks — some without even knowing it.
Why is cybersecurity important?
Thanks largely to the proliferation of high-profile cyber-attacks and data breaches that hit organizations in 2017 (including Equifax, which exposed the personal information of nearly half of Americans), Gartner Group has estimated worldwide cybersecurity spending will reach $96 billion in 2018. Moreover, information security research firm and publisher Cybersecurity Ventures predicts that, by 2021, cybercrime will cost the world $6 trillion annually. A single successful cyber-attack can cost an organization more than $5 million, or $301 per employee, according to the Ponemon Institute. Clearly, the costs related to cybersecurity threats are significant.
Beyond the expenses related to a potential cyber-attack, there are a number of reasons why retirement plan sponsors and committees should focus on specific cybersecurity efforts to protect their plan assets and information. For starters, if you think your plan isn’t a target, think again. It’s not a matter of if, but when your plan gets hacked.
Here’s why: Recently, cyber attackers have begun to set their sights on plan sponsors themselves rather than their recordkeepers and custodians because they know that the former typically lack the sophisticated cybersecurity defenses of their vendors.
Cyber criminals also know that defined contribution (DC) plan sponsors and their vendors manage large amounts of money, and in so doing, collect highly sensitive personal data from plan participants and their beneficiaries, including names, address, birthdates, and Social Security numbers. This information is extremely valuable to hackers because most of it is permanently associated with an individual and can’t be changed or cancelled like a credit card or bank account information.
Enrollment data such as account balance, direct deposit and compensation/payroll information is also at risk, and therefore, potentially vulnerable to a cyber attack if not properly handled and protected by plan sponsors and their third party vendors. Therefore, it’s critical for sponsors to address cybersecurity within their own organizations, as well with vendors such as recordkeepers, trustees, TPAs and investment advice providers, which receive personal data from the plan.
Some examples of cyber threats to retirement plans might include fraudulent distribution or loan requests, or ransomware attacks and phishing techniques where a hacker might obtain log-in credentials (i.e., through a stolen laptop or mobile device storing personal data and passwords) to access participants’ account information online.
What is my responsibility?
While retirement plan information is protected under specific regulations, there are no comprehensive laws that protect plan sponsors and service providers against cyber threats, like there are for group health plans (i.e., the Health Insurance Portability and Accountability Act, or HIPAA). Nonetheless, plan sponsors must act in a fiduciary capacity under the best interest clauses of the Employee Retirement Security Income Act (ERISA), the law that governs retirement plans. In addition, sponsors must adhere to the data privacy requirements for electronic notices. The following graphic breaks down the regulatory guidelines for plan sponsors’ fiduciary duties related to cybersecurity and electronic distribution of plan information:
Several states also have laws governing the protection of employees’ social security numbers and employers’ responsibilities to notify employees in the event of a security breach. However, these laws are designed to regulate the employer rather than the plan sponsor, so ERISA would likely take precedence in a retirement plan-related cyber-attack.
What can I do to protect plan assets and information?
Most organizations take a reactive approach to cyber-attacks, addressing them only after an incident has occurred. However, that can be expensive, complicated, and mostly ineffective.
Plan sponsors have an opportunity to proactively address and manage cyber security risks using a variety of tactics to improve their ability to prevent, detect and respond to cyber-attacks.
First off, assume that your company’s retirement plan will be attacked. When setting up defenses against cyber threats, consider addressing the following questions:
In addition, plan sponsors should:
Moreover, sponsors should also encourage plan participants to:
Cyber threats are evolving and becoming more sophisticated every year. As such, plan sponsors must do their best to try to stay one step ahead of hackers by heightening their cybersecurity defenses to protect the personal information of participants and their beneficiaries.
Retirement plan fiduciaries can take proactive steps to help secure sensitive retirement plan data. The challenge for many is knowing where to start. We hope this article provided several key steps plan sponsors and retirement committees can take to boost their cybersecurity protections and fortify their plans against insidious cyber-attacks.
Did you know cybercrime is a possible threat for your company 401(k) plan?
Technology is evolving fast, but cyber criminals are evolving just as fast. Cyber criminals are now going after plan sponsor’s company 401(k) plans, and you could be liable if disaster strikes!
You should be aware of the multiple cyber threats that can affect your plan and the protective measures available to help you thwart those threats. Our guide provides you with many ways you can help protect your plan, inform yourself of possible threats, and engage plan sponsors to actively protect their accounts.
The recent enactment of the Tax Cuts and Jobs Act of 2017 (TCJA) makes changes to 401(k) loan repayment options, which should prompt plan sponsors and plan administrators to re-evaluate their existing loan program, processes and procedures. This article will provide an overview of the loan provision and offer a list of considerations that plan sponsors can use when adding or modifying an existing loan feature to their plan.
Although not required by law, many 401(k) plans offer a loan provision as a way for plan participants to access money prior to retirement. The thinking is that more employees will contribute to the plan if they know they can tap into their savings should they incur an unexpected expense while working; conversely, if employees can only access their savings at retirement, employees may decide not to contribute at all.
Rates & Loan Amounts
The loan rate is determined by the plan (i.e., the plan sponsor or plan fiduciaries) and is usually equal to prime rate plus 1%. Plans will often set a minimum loan amount of $1,000 due to the administrative work involved in processing them. The maximum loan amount is usually 50% of the participant’s vested account balance up to $50,000.
Special considerations are available for participants affected by certain natural disasters and it’s a best practice to check the IRS’ website for more information.
While loan rates and minimum loan amounts are fairly consistent across all plans, there is less commonality on the number of permitted outstanding loans. Recent findings from the PLANSPONSOR 2017 DC Survey: Plan Benchmarking reveal that 59% of plans offering loans only offer one loan, 31% offer 2 loans, while 9% offering 3 or more outstanding loans.
Offering plan participants the ability to have more than one outstanding loan may feel like a gratifying gesture on behalf of the employer. However, participants may view this as an endorsement by the plan sponsor to simply take a loan whenever money is needed.
The Pension Resource Council in 2014 revealed that participants who have access to multiple loans are more likely to borrow in the first place: “This is suggestive of a buffer-stock model also found among credit card borrowers. In other words, given the ability to borrow multiple times, workers are more willing to take the first loan, given that they retain slack borrowing capacity for future spending needs.”
Loan repayment schedules are set-up to include substantially equal periodic payments which include both principle and interest and must be repaid within 5 years. However, if the loan is for the purchase of a primary residence the plan may permit a lengthier repayment time period, such as 5 to 15 years.
Distribution of loan proceeds are not considered a distribution of plan assets and thus are not subject to taxation, unless the participant defaults on the loan. Plans have options in how they wish to treat defaulted loans. One common option is a “deemed distribution”. Upon a defaulted loan, the outstanding loan amount becomes a taxable distribution of plan assets, plus 10% tax-penalty if the participant is under age 59½.
Another option for handling a defaulted loan is a plan “offset”, where the participant’s account balance is reduced or offset by the unpaid portion of the loan. This offset amount is treated as a distribution of plan assets which is eligible for rollover. Until recently the participant would have up to 60-days to rollover the outstanding loan amount into an IRA or another eligible tax-qualified employer plan to avoid a taxable distribution. Effective January 1, 2018, the TCJA extends the usual 60-day time-period until the participant’s federal tax filing deadline, including extension, if the plan offset is due to the participant’s termination of service or an entire plan termination.
Note: the 60-day rollover period still applies to actively employed participants who default on a loan while still working for the employer.
This is good news for participants as they now have a greater time period to affect a tax-free rollover of their outstanding loan offset, however, according to Drinker Biddle, a law firm specializing in employee benefits, “plan sponsors may wish to coordinate administration of their plan loan offset rollover rules with the plan’s third-party administrator (TPA) in order to avoid inadvertently ‘defaulting’ the participant’s plan loan.”
While a loan feature may help increase plan participation and be viewed as a positive outcome, participants taking loans are reducing their overall retirement savings. Here’s why:
All of these items together are a recipe for hindering the advantages of tax-deferred savings inside a 401(k) plan.
Loan Program Considerations
If the purpose of a 401(k) plan is to help employees save for retirement, it may seem counterintuitive to offer a loan provision, which if utilized, will have a negative impact on the participant’s retirement nest egg. For plan sponsors who feel it’s important to offer access to these funds prior to retirement, here is a list of considerations to use when designing a loan program, which can help provide a fine balance between these two diametrical financial objectives.
From Plan Participant’s Perspective
From Plan Administrator’s Perspective
The DOL Rule is Dead
On June 21, 2018 the 5th Circuit Court of Appeals vacated the requirements of the U.S. Department of Labor’s (DOL) Conflict of Interest Rule—more commonly referred to as the “DOL Fiduciary Rule”—thus killing the rule entirely. Despite this news, the death of the DOL Fiduciary Rule does not alleviate a plan sponsor from being a fiduciary when sponsoring an ERISA-covered retirement plan, such as a 401(k).
The primary purpose of the DOL Fiduciary Rule was two-fold: 1) Broaden the existing definition of investment advice; and 2) Ensure that financial advisors and other professionals who provide investment advice on ERISA retirement plan and IRA assets do so absent any conflicts of interest—basically making all financial advisors who work with these types of assets ERISA fiduciaries.
Note, many financial advisors today do not act as an ERISA fiduciary to their client’s retirement plan, because they are just providing investment education. However, some advisors do provide investment advice and will put in writing that they are acting as an ERISA fiduciary to the plan.
What This Means for Plan Sponsors
So how does the demise of the DOL Fiduciary Rule affect plan sponsors? It basically has little-to-no impact on a plan sponsor’s existing fiduciary responsibility. According to the DOL’s Meeting Your Fiduciary Responsibilities any individual who uses “discretion in administering and managing a plan or controlling the plan’s assets makes that person a fiduciary to the extent of that discretion or control.” The following are common fiduciary activities:
Who is a Fiduciary?
Every ERISA plan must have a “named fiduciary” listed in the plan’s governing documents, and most often the employer is identified as the named fiduciary. But the named fiduciary can also be identified by individual employee name(s), position title(s) (e.g., CFO, CEO) as well as by committee (e.g., investment committee, plan committee). Named fiduciaries may also outsource their specific fiduciary functions to third parties who have the desired expertise to assist with plan administration, investments and management responsibilities.
Note, even though certain functions may be outsourced, the named fiduciary still bears ultimate fiduciary responsibility for oversight of the plan and any outsourced fiduciary responsibilities.
But beware. Any person who acts or possesses fiduciary-like powers (i.e., exercises discretionary control over plan’s management or assets) can be deemed to be a “functional fiduciary”, whether or not said person is listed as a named fiduciary. Therefore, it’s imperative that plan sponsors identify all individuals within their organization who are considered an ERISA fiduciary.
Fulfilling your Duty
Recognizing all those serving in a fiduciary capacity is essential because ERISA mandates all fiduciaries to conduct themselves in accordance with the following duties:
In applying all of these specific duties, it should be noted that fiduciary conduct under ERISA is not measured by the results achieved from fiduciary decisions, but rather by the process followed in making those decisions. According to ERISA attorney Marcia Wagner, “Given the procedural nature of these [fiduciary] requirements, a 401(k) plan sponsor can achieve compliance with ERISA’s fiduciary standards by adopting and maintaining a prudent process. Plan fiduciaries are typically judged by how they arrive at their investment decision with the information then available to them.” This is why many plans will adopt an Investment Policy Statement (IPS) to guide plan fiduciaries on selecting, monitoring and potentially replacing investment options.
Serving as an ERISA fiduciary should not be treated lightly, and despite ERISA-specific requirements for fiduciary conduct, those serving in a fiduciary capacity should not become overwhelmed. Plan sponsors should first require all those individuals within their organization serving as a fiduciary to read the DOL’s Meeting Your Fiduciary Responsibilities as a primer to this topic.
Also, talk to your property and casualty insurance provider about purchasing fiduciary liability insurance—optional insurance which protects plan fiduciaries in the unlikely event there is a breach of fiduciary responsibility. (Note, fiduciary liability insurance is different from the ERISA-required fidelity bond, which protects plan assets from theft/embezzlement).
Lastly, if you have additional questions or need help understanding and managing your fiduciary duty, we may be able to help. We are happy to provide additional resources, access to tools and education programs to help fiduciaries manage liability.
As an employer, would you like to maintain your company’s profit sharing contribution and, at the same time, encourage your employees to save more?
Stretch the match! Help your employees to reach, stretch, and strengthen for their retirement.
More than 1 in 5 employees do not contribute enough to their 401(k) to receive your full employer match. Your employees might not fully understand how to take full advantage of it or what they are missing out on…
Download and distribute our infographic to your 401(k) plan participants, so they can be in the know about how a company match works!
Remind them to find out whether they are eligible for on the company match by checking in with the HR Department about the company’s match formula. Then, encourage them to strive to save up to (or more than) the match!
For the majority of future retirees, medical expenses pose significant risk to any retirement plan, and they are only projected to rise. Medical cost estimates for couples throughout their full retirement, assuming both partners are 65, has increased $15,000 from 2016 to 2017, bringing total projections to $275,000, after Medicare coverage. Even for professionals with 401k balance projections at their target retirement age over $1 million dollars, this figure is daunting. At the same time, employers seek cost-effective strategies to enhance their benefits offerings.
While the ever-coveted employer 401k match may seem like the most direct way for employers to help mitigate this financial burden for future retirees, the humble Heath Savings Account (HSA) may be a feasible, cost-effective strategy. The HSA was originally intended as a savings vehicle for those using High Deductible Health plans to cover their medical costs; the “triple tax advantage” afforded by these accounts allows employees to contribute pre-tax money that can grow tax-free and be withdrawn tax-free to pay for qualified medical expenses.
Account holders can gain additional benefits by using HSA funds to pay for long-term care insurance, which has its own set of tax benefits. Additionally, since there is no requirement that employees must reimburse themselves from their HSA accounts within a certain time frame, contributing to HSAs and saving the receipts, while still paying for medical expenses using post-tax dollars, yields maximum retirement growth potential from what the Wall Street Journal reports as “the most tax-preferred account available.”
Features Employees Can Benefit From:
Who Can Take Advantage?
While any employee can enroll in a high-deductible health plan (HDHP)and open an HSA, this strategy will be most appreciated by high-earning employees who can afford to max out the yearly contribution limits and pay for their medical expenses out-of-pocket, especially those still young and/or healthy enough to incur relatively negligible medical costs over the course of many years and bulk up their account balance. Since account-holders can opt to delay the reimbursement of their qualified medical expenses indefinitely, it is possible to keep the receipts, invest the account, let it to grow, then withdraw up to the total of the qualified medical expense receipts, and use it for anything, all tax-free .The rest can still be used tax-free for qualified medical expenses in retirement.
Maximizing the Benefits
For employees to truly maximize the long-term possible benefits from these plans, employers should verify that their HSA options are through administrators who include an investment offering to allow compound interest and market growth over time. Employers looking to further enhance can even contribute directly to the accounts as part of the employees’ compensation package. It’s also important to make sure that the out-of-pocket maximum expenses on the HDHPs offered to employees do not exceed the maximum contribution limits for HSA accounts ($3,450 for individuals and $6,900 for families in 2018);2 otherwise employees’ hard-earned HSA balances are at-risk of being easily wiped out by a badly-timed medical expense.
How Employers Benefit
HDHPs are usually cheaper for employers because the higher deductible and out-of-pocket maximum limits reduce the risk borne by the insurance company, which results in lower premiums. This is especially attractive for large firms who can access lower group rates for essentially buying in bulk, and/or make contributions towards the plan premiums, wholly or in part. It is thus not surprising that many employers now offer some version of an HDHP with $0 premiums for the individual employee. The employer group can save money on premiums, while also offering “free” health insurance to employees.
The best part is that since 43% of employers were already offering these types of plans as of 2018,3 all that may be necessary for employers to enhance their benefit offerings is to have Human Resources get the word out to employees. Additional marketing materials upon new-hire benefit eligibility and benefits seminars (with a follow-up email summary) in advance of open enrollment could be all that’s required to highlight the potential of the HSA as a significant Financial Wellness Benefit and help employees get more out of their DC plan.
For more information on how Investment Solutions Group can help you setup, review, and/or enhance your HSA plan, contact us today.
Many financially stressed employees confess to spending 3+ hours of their work week distracted by personal finances, that’s 156 hours per year. This means you could be losing up to $5,260 per employee!
So, what can employers do? Here are three ways employers can help employees manage financial stress:
Recently, I went to cheer on a friend running in her first marathon. The excitement of watching thousands of people accomplish such an amazing goal was an experience like no other. I waited at the last bend before the finish line so I’d have a good vantage point for cheering my friend on. What I did not expect was the wave of emotion that washed over the faces of each runner as they saw the finish line for the first time. There were people from all walks of life, from young athletes trying to beat previous race times to cancer survivors celebrating their health by completing an exhausting 26.2-mile race. No matter their reason for running, they all had obstacles to overcome in order to make it across that finish line.
Training for the Financial Marathon
For many people, their ultimate financial goal is to reach a comfortable retirement with enough energy in reserve to enjoy it. Like running a marathon, this is a long-term goal that takes preparation and persistence.
As the plan sponsor of your company’s retirement plan, you play a crucial role in helping your employees reach toward their long-term financial goals. Imagine yourself as a trainer: you are there to build a training regimen to help your employees work toward their goal and keep them motivated along the way.
Setting Attainable Goals
A good trainer will assess their athlete’s health and ability before committing to a race. It is important to align goals and position your employees for success. If they’re not yet ready to run a marathon, that’s fine; they may need to start with a 5K or 10K instead.
If retirement is not your employees’ most pressing financial concern, consider offering financial counselling, wellness programs, or plan design options that address whichever issues are causing the most stress, such as:
If emergency savings is a common concern, your employees are not alone! Many have little to no money in savings: 45% report having less than $25,000 saved, and 26% report having less than $1,000.
The Federal Reserve reported $1.4 trillion in student loan debt at the end of 2017. This is a huge concern for younger employee! Eight out of ten Millennials that carry student loan(s) say that debt has a moderate or significant impact on their ability to meet their other financial goals.
Three out of five employees consistently carry balances on their credit cards, and 40%of those folks are finding it extremely difficult to make their minimum payments on time each month.3 This kind of debt is extremely common for Millennials and Gen Xers.
Healthcare is one of the largest expenses in retirement. A vast majority of workers (81%) haven’t even tried to calculate how much money they would need to cover healthcare costs in retirement. As it turns out, the average couple will need a staggering $280,000 for medical expenses in retirement, excluding long-term care.
Talk to any marathon runner and they can tell you all about the walls they might hit during a race. For some, that wall might be a soul-crushing hill; for others, it’s the 13.1 split; still others may even experience injuries that make them question whether they can push themselves to reach the finish line.
Even if your employees do save for retirement, hitting obstacles can force them to take out loans from their 401(k) plans. 44% of employees think it’s likely they’ll need to take money out of their retirement plans to pay medical bills, credit cards, education expenses, or unexpected costs. 3
401(k) loans can be a difficult obstacle to overcome. You may consider tightening loan provisions to deter employees from using their nest egg as a rainy-day fund.
The Real Trick
Athletes and trainers alike will be happy to offer tips and tricks to make finishing the marathon easier, from Vaseline on your feet to fancy supplements, but at the end of the day, the only way you can finish the race is if you start running in the first place.
As a plan sponsor, make sure that the 401(k) enrollment process is simple and designed in the best interests of your employees. At our firm, we are dedicated to helping our clients pursue their financial goals and can help you build a plan that will help to keep your employees on track to reach toward the finish line of their retirement.
Locating missing plan participants can be a headache for any employer, but simply ignoring them is not an effective solution. Regulatory agencies in previous years have published guidance on this topic relating to missing “retired” employees. With the increase in the number of “pre-retired” missing plan participants, governmental bodies are now taking additional measures to provide solid guidance and solutions to help streamline this arduous process for plan sponsors.
Plan sponsors must understand why locating missing plan participants is important. First, ERISA requires that plan fiduciaries (e.g., plan sponsors, employers) have a duty of prudence and loyalty to all plan participants and beneficiaries—regardless whether the participant is actively contributing. In 2014, the U.S. Department of Labor (DOL) published Field Assistance Bulletin 2014-01 (FAB), which explained that these duties require plan fiduciaries of terminated plans defined contribution plans to make a reasonable effort to locate missing plan participants. Therefore, failure to make any efforts in locating missing plan participants is viewed as a breach of fiduciary responsibility.
Second, per Internal Revenue Code 401(a)(9), the entire plan could lose its tax-qualified status if a participant fails to take his/her required minimum distribution (RMD) (usually at age 70 ½). This scenario could likely happen: a retiree, who has money left in the plan, subsequently becomes “missing”, and the employer is unable to locate and deliver information on the retiree’s upcoming RMD.
While the 2014 FAB published DOL guidance, it only addresses locating missing participants for a terminated defined contribution plan (e.g., 401(k), profit sharing, money purchase pension). Despite this narrow application, one could opine that plan fiduciaries follow the same requirements as an on-going, active defined contribution plan.
The FAB lists minimum search actions to take when locating a missing participant:
Timothy Hauser, acting director of the DOL’s Employee Benefits Security Administration, at the August 24, 2017 ERISA Advisory Council in Washington, D.C. offered two additional no-cost search options:
These are the minimum, no-cost search actions that the DOL expects of plan sponsors. If still unsuccessful locating a missing participant, after considering the size of a participant’s account balance and the cost of further search effort plan sponsors might consider using additional options that will incur fees, such as using commercial locator services or credit agencies.
Once all these options have been exhausted, the 2014 FAB allows plan sponsors to transfer a missing participant’s account balance to a rollover IRA in the name of the participant. The challenge here is finding a financial institution that will establish an IRA in the participant’s name, without the participant’s affirmative consent or signature.
New Relief, Guidance and Resources
Regulators and lawmakers have recognized that more relief, guidance and resources are needed to help plan sponsors manage missing participants:
The Pension Benefit Guarantee Corporation (PBGC), an agency that helps ensure solvency of retirement plan benefits accrued in a defined benefit plan, has expanded a program initially designed to only help missing participants of a terminated defined benefit plan. Plan sponsors who terminate a 401(k) or other defined contribution plan effective on or after January 1, 2018, may now transfer missing participant account balances to the PBGC instead of to an IRA. The PBGC maintains a central repository for these funds and will pay out benefits to participants once they have been located.
The Internal Revenue Service (IRS) has provided its own kind of relief. IRS memorandums from August 2017 and March 2018 confirm that an RMD failure from a missing participant will not occur if the plan sponsor has engaged in the various search options similar to those prescribed by DOL.
The U.S. Senate has introduced the Retirement Savings Lost and Found Act of 2018, which would provide fiduciary relief and RMD safe harbor in regard to missing participants provided the plan sponsor adheres to a specific number of search options, borrowed from DOL’s list and records of missing participant account balances in a newly-established national lost and found retirement account database.
What to do now?
Until DOL provides formal guidance for locating and handling missing plan participants for an active, on-going plan, plan fiduciaries should consider utilizing the various search options outlined in the 2014 FAB. But merely performing these various search inquiries may not be enough. To protect oneself from a plan auditor inquiry, all search actions performed to locate a missing individual should be recorded along with supplemental documentation, such as returned, undeliverable certified mail, or printouts from an electronic database.
From a best fiduciary practice perspective, plan sponsors may wish to create missing plan participant procedures for the plan administrator to follow. This should help ensure a consistent process for locating every missing participant. The procedures should also list any final recourse of transferring participant’s account balance from plan to an IRA or central repository for unclaimed monies.