Risky Business: Why Plan Governance Matters
Participant-driven lawsuits are on the rise, and employers are facing heightened scrutiny of the way they manage their retirement plans. In today’s continually-evolving regulatory and legal environment, it’s more important than ever to make sure your organization’s retirement plan is both effective and compliant. A well-structured retirement plan governance program can help you pursue these goals when aiming to limit fiduciary risk and improve plan performance, while striving to boost participant outcomes.
What is retirement plan governance?
Simply defined, governance outlines the processes and policies for managing a retirement plan as well as the roles and responsibilities of everyone involved. It provides a framework for effective decision-making on all aspects of the plan, from plan documents and investments to operations and financial reporting.
Why is plan governance important?
The stronger your governance, the stronger your plan. An effective governance program details processes, roles and responsibilities for all parties involved in managing the plan and helping support its objectives. It should address how duties are delegated and to whom, and the documentation and oversight of all responsible parties to the plan. Perhaps, most importantly, proper governance procedures help reduce plan fiduciaries’ exposure to personal liability for actions and decisions made on behalf of the plan and its participants. Finally, a successful governance program enables plan fiduciaries to work together towards the same goals, which can potentially improve plan performance and participant outcomes.
What can you do about it?
Governance best practices include documenting every aspect of the plan’s day-to-day management, along with long-term operating procedures, such as:
Of course, all of this documentation must be updated and maintained on an ongoing basis.
Wrapping It Up
Straightforward retirement plan governance guidelines and best practices help toward ensuring that your plan is compliant and continues to run smoothly, and that fiduciaries can confidently and successfully fulfill their responsibilities. Moreover, having carefully documented plan governance procedures can assist you in preparing for and managing plan audits and compliance reviews, increasing your plan’s efficiency and improving your participants’ experience1.
To recap, an effective governance program:
While governance programs are typically established when the plan is adopted, it’s never too late to develop or update governance procedures. Keep in mind, an effective governance program provides a carefully documented record of the plan fiduciaries’ efforts to manage and maintain the plan prudently in the best interests of its participants and their beneficiaries. Doing so helps all parties clearly understand and carry out their roles and responsibilities, and it helps manage their fiduciary liability.
Is it time to review your plan governance program? We can help. Contact us today for a comprehensive evaluation of your governance processes and policies.
New Year, New Topics! Plan Sponsor Need to Knows for Q1 2019
Ringing in the new year comes with changes to the 401(k) world, and as a plan sponsor, we want to keep you informed and educated. This past quarter, we’ve focused our attention on “Fiduciary Plan Governance” our latest newsletter features our insights with the following articles:
How protected is your company 401(k) plan?
Cyber crime is on the rise worldwide! What can you do to protect your plan assets and information? Watch our short 2-minute video to learn the 5 proactive measures plan sponsors should consider to prevent cyber attacks.
New year, new contribution limits!
The IRS has announced cost of living adjustments affecting dollar limitations for pension plans and other retirement-related items for tax year 2019. For company retirement plans, the most recognized highlight is the 401(k) contribution limit increase to $19,000 for the new year.
Are your participants considering 401(k) loans?
It’s very common that 401(k) plan participants suffer financial hardship; thus, 401(k) loans are made available to them. However, there are a couple of important factors for them to take into consideration before they access the loan.
Help guide your participants in the right direction! Our newest infographic will review what they should know before taking a loan from their 401(k), and offer tips to help avoid the need for a 401(k) loan.
Cyber-crime is on the rise worldwide. As a result, growing numbers of organizations are taking critical steps to protect their valuable electronic data from hackers and other cyber criminals — a process known as cybersecurity. It’s serious business, and a trend retirement plan sponsors and committees should pay attention to.
In 2015, IBM’s chair, president and CEO Ginni Rometty said, “Cyber-crime is the greatest threat to every company in the world.” Last year, billionaire investor and businessman Warren Buffett echoed that sentiment, claiming that “cyber-attacks are a bigger threat to humanity than nuclear weapons.” In short, cyber-crime is extremely dangerous, and many businesses are vulnerable to cyber-attacks — some without even knowing it.
Why is cybersecurity important?
Thanks largely to the proliferation of high-profile cyber-attacks and data breaches that hit organizations in 2017 (including Equifax, which exposed the personal information of nearly half of Americans), Gartner Group has estimated worldwide cybersecurity spending will reach $96 billion in 2018. Moreover, information security research firm and publisher Cybersecurity Ventures predicts that, by 2021, cybercrime will cost the world $6 trillion annually. A single successful cyber-attack can cost an organization more than $5 million, or $301 per employee, according to the Ponemon Institute. Clearly, the costs related to cybersecurity threats are significant.
Beyond the expenses related to a potential cyber-attack, there are a number of reasons why retirement plan sponsors and committees should focus on specific cybersecurity efforts to protect their plan assets and information. For starters, if you think your plan isn’t a target, think again. It’s not a matter of if, but when your plan gets hacked.
Here’s why: Recently, cyber attackers have begun to set their sights on plan sponsors themselves rather than their recordkeepers and custodians because they know that the former typically lack the sophisticated cybersecurity defenses of their vendors.
Cyber criminals also know that defined contribution (DC) plan sponsors and their vendors manage large amounts of money, and in so doing, collect highly sensitive personal data from plan participants and their beneficiaries, including names, address, birthdates, and Social Security numbers. This information is extremely valuable to hackers because most of it is permanently associated with an individual and can’t be changed or cancelled like a credit card or bank account information.
Enrollment data such as account balance, direct deposit and compensation/payroll information is also at risk, and therefore, potentially vulnerable to a cyber attack if not properly handled and protected by plan sponsors and their third party vendors. Therefore, it’s critical for sponsors to address cybersecurity within their own organizations, as well with vendors such as recordkeepers, trustees, TPAs and investment advice providers, which receive personal data from the plan.
Some examples of cyber threats to retirement plans might include fraudulent distribution or loan requests, or ransomware attacks and phishing techniques where a hacker might obtain log-in credentials (i.e., through a stolen laptop or mobile device storing personal data and passwords) to access participants’ account information online.
What is my responsibility?
While retirement plan information is protected under specific regulations, there are no comprehensive laws that protect plan sponsors and service providers against cyber threats, like there are for group health plans (i.e., the Health Insurance Portability and Accountability Act, or HIPAA). Nonetheless, plan sponsors must act in a fiduciary capacity under the best interest clauses of the Employee Retirement Security Income Act (ERISA), the law that governs retirement plans. In addition, sponsors must adhere to the data privacy requirements for electronic notices. The following graphic breaks down the regulatory guidelines for plan sponsors’ fiduciary duties related to cybersecurity and electronic distribution of plan information:
Several states also have laws governing the protection of employees’ social security numbers and employers’ responsibilities to notify employees in the event of a security breach. However, these laws are designed to regulate the employer rather than the plan sponsor, so ERISA would likely take precedence in a retirement plan-related cyber-attack.
What can I do to protect plan assets and information?
Most organizations take a reactive approach to cyber-attacks, addressing them only after an incident has occurred. However, that can be expensive, complicated, and mostly ineffective.
Plan sponsors have an opportunity to proactively address and manage cyber security risks using a variety of tactics to improve their ability to prevent, detect and respond to cyber-attacks.
First off, assume that your company’s retirement plan will be attacked. When setting up defenses against cyber threats, consider addressing the following questions:
In addition, plan sponsors should:
Moreover, sponsors should also encourage plan participants to:
Cyber threats are evolving and becoming more sophisticated every year. As such, plan sponsors must do their best to try to stay one step ahead of hackers by heightening their cybersecurity defenses to protect the personal information of participants and their beneficiaries.
Retirement plan fiduciaries can take proactive steps to help secure sensitive retirement plan data. The challenge for many is knowing where to start. We hope this article provided several key steps plan sponsors and retirement committees can take to boost their cybersecurity protections and fortify their plans against insidious cyber-attacks.
Did you know cybercrime is a possible threat for your company 401(k) plan?
Technology is evolving fast, but cyber criminals are evolving just as fast. Cyber criminals are now going after plan sponsor’s company 401(k) plans, and you could be liable if disaster strikes!
You should be aware of the multiple cyber threats that can affect your plan and the protective measures available to help you thwart those threats. Our guide provides you with many ways you can help protect your plan, inform yourself of possible threats, and engage plan sponsors to actively protect their accounts.
The recent enactment of the Tax Cuts and Jobs Act of 2017 (TCJA) makes changes to 401(k) loan repayment options, which should prompt plan sponsors and plan administrators to re-evaluate their existing loan program, processes and procedures. This article will provide an overview of the loan provision and offer a list of considerations that plan sponsors can use when adding or modifying an existing loan feature to their plan.
Although not required by law, many 401(k) plans offer a loan provision as a way for plan participants to access money prior to retirement. The thinking is that more employees will contribute to the plan if they know they can tap into their savings should they incur an unexpected expense while working; conversely, if employees can only access their savings at retirement, employees may decide not to contribute at all.
Rates & Loan Amounts
The loan rate is determined by the plan (i.e., the plan sponsor or plan fiduciaries) and is usually equal to prime rate plus 1%. Plans will often set a minimum loan amount of $1,000 due to the administrative work involved in processing them. The maximum loan amount is usually 50% of the participant’s vested account balance up to $50,000.
Special considerations are available for participants affected by certain natural disasters and it’s a best practice to check the IRS’ website for more information.
While loan rates and minimum loan amounts are fairly consistent across all plans, there is less commonality on the number of permitted outstanding loans. Recent findings from the PLANSPONSOR 2017 DC Survey: Plan Benchmarking reveal that 59% of plans offering loans only offer one loan, 31% offer 2 loans, while 9% offering 3 or more outstanding loans.
Offering plan participants the ability to have more than one outstanding loan may feel like a gratifying gesture on behalf of the employer. However, participants may view this as an endorsement by the plan sponsor to simply take a loan whenever money is needed.
The Pension Resource Council in 2014 revealed that participants who have access to multiple loans are more likely to borrow in the first place: “This is suggestive of a buffer-stock model also found among credit card borrowers. In other words, given the ability to borrow multiple times, workers are more willing to take the first loan, given that they retain slack borrowing capacity for future spending needs.”
Loan repayment schedules are set-up to include substantially equal periodic payments which include both principle and interest and must be repaid within 5 years. However, if the loan is for the purchase of a primary residence the plan may permit a lengthier repayment time period, such as 5 to 15 years.
Distribution of loan proceeds are not considered a distribution of plan assets and thus are not subject to taxation, unless the participant defaults on the loan. Plans have options in how they wish to treat defaulted loans. One common option is a “deemed distribution”. Upon a defaulted loan, the outstanding loan amount becomes a taxable distribution of plan assets, plus 10% tax-penalty if the participant is under age 59½.
Another option for handling a defaulted loan is a plan “offset”, where the participant’s account balance is reduced or offset by the unpaid portion of the loan. This offset amount is treated as a distribution of plan assets which is eligible for rollover. Until recently the participant would have up to 60-days to rollover the outstanding loan amount into an IRA or another eligible tax-qualified employer plan to avoid a taxable distribution. Effective January 1, 2018, the TCJA extends the usual 60-day time-period until the participant’s federal tax filing deadline, including extension, if the plan offset is due to the participant’s termination of service or an entire plan termination.
Note: the 60-day rollover period still applies to actively employed participants who default on a loan while still working for the employer.
This is good news for participants as they now have a greater time period to affect a tax-free rollover of their outstanding loan offset, however, according to Drinker Biddle, a law firm specializing in employee benefits, “plan sponsors may wish to coordinate administration of their plan loan offset rollover rules with the plan’s third-party administrator (TPA) in order to avoid inadvertently ‘defaulting’ the participant’s plan loan.”
While a loan feature may help increase plan participation and be viewed as a positive outcome, participants taking loans are reducing their overall retirement savings. Here’s why:
All of these items together are a recipe for hindering the advantages of tax-deferred savings inside a 401(k) plan.
Loan Program Considerations
If the purpose of a 401(k) plan is to help employees save for retirement, it may seem counterintuitive to offer a loan provision, which if utilized, will have a negative impact on the participant’s retirement nest egg. For plan sponsors who feel it’s important to offer access to these funds prior to retirement, here is a list of considerations to use when designing a loan program, which can help provide a fine balance between these two diametrical financial objectives.
From Plan Participant’s Perspective
From Plan Administrator’s Perspective
The DOL Rule is Dead
On June 21, 2018 the 5th Circuit Court of Appeals vacated the requirements of the U.S. Department of Labor’s (DOL) Conflict of Interest Rule—more commonly referred to as the “DOL Fiduciary Rule”—thus killing the rule entirely. Despite this news, the death of the DOL Fiduciary Rule does not alleviate a plan sponsor from being a fiduciary when sponsoring an ERISA-covered retirement plan, such as a 401(k).
The primary purpose of the DOL Fiduciary Rule was two-fold: 1) Broaden the existing definition of investment advice; and 2) Ensure that financial advisors and other professionals who provide investment advice on ERISA retirement plan and IRA assets do so absent any conflicts of interest—basically making all financial advisors who work with these types of assets ERISA fiduciaries.
Note, many financial advisors today do not act as an ERISA fiduciary to their client’s retirement plan, because they are just providing investment education. However, some advisors do provide investment advice and will put in writing that they are acting as an ERISA fiduciary to the plan.
What This Means for Plan Sponsors
So how does the demise of the DOL Fiduciary Rule affect plan sponsors? It basically has little-to-no impact on a plan sponsor’s existing fiduciary responsibility. According to the DOL’s Meeting Your Fiduciary Responsibilities any individual who uses “discretion in administering and managing a plan or controlling the plan’s assets makes that person a fiduciary to the extent of that discretion or control.” The following are common fiduciary activities:
Who is a Fiduciary?
Every ERISA plan must have a “named fiduciary” listed in the plan’s governing documents, and most often the employer is identified as the named fiduciary. But the named fiduciary can also be identified by individual employee name(s), position title(s) (e.g., CFO, CEO) as well as by committee (e.g., investment committee, plan committee). Named fiduciaries may also outsource their specific fiduciary functions to third parties who have the desired expertise to assist with plan administration, investments and management responsibilities.
Note, even though certain functions may be outsourced, the named fiduciary still bears ultimate fiduciary responsibility for oversight of the plan and any outsourced fiduciary responsibilities.
But beware. Any person who acts or possesses fiduciary-like powers (i.e., exercises discretionary control over plan’s management or assets) can be deemed to be a “functional fiduciary”, whether or not said person is listed as a named fiduciary. Therefore, it’s imperative that plan sponsors identify all individuals within their organization who are considered an ERISA fiduciary.
Fulfilling your Duty
Recognizing all those serving in a fiduciary capacity is essential because ERISA mandates all fiduciaries to conduct themselves in accordance with the following duties:
In applying all of these specific duties, it should be noted that fiduciary conduct under ERISA is not measured by the results achieved from fiduciary decisions, but rather by the process followed in making those decisions. According to ERISA attorney Marcia Wagner, “Given the procedural nature of these [fiduciary] requirements, a 401(k) plan sponsor can achieve compliance with ERISA’s fiduciary standards by adopting and maintaining a prudent process. Plan fiduciaries are typically judged by how they arrive at their investment decision with the information then available to them.” This is why many plans will adopt an Investment Policy Statement (IPS) to guide plan fiduciaries on selecting, monitoring and potentially replacing investment options.
Serving as an ERISA fiduciary should not be treated lightly, and despite ERISA-specific requirements for fiduciary conduct, those serving in a fiduciary capacity should not become overwhelmed. Plan sponsors should first require all those individuals within their organization serving as a fiduciary to read the DOL’s Meeting Your Fiduciary Responsibilities as a primer to this topic.
Also, talk to your property and casualty insurance provider about purchasing fiduciary liability insurance—optional insurance which protects plan fiduciaries in the unlikely event there is a breach of fiduciary responsibility. (Note, fiduciary liability insurance is different from the ERISA-required fidelity bond, which protects plan assets from theft/embezzlement).
Lastly, if you have additional questions or need help understanding and managing your fiduciary duty, we may be able to help. We are happy to provide additional resources, access to tools and education programs to help fiduciaries manage liability.
As an employer, would you like to maintain your company’s profit sharing contribution and, at the same time, encourage your employees to save more?
Stretch the match! Help your employees to reach, stretch, and strengthen for their retirement.