Financial Institutions have always banked their privacy practices on the requirements under Title V of the Gramm-Leach-Bliley Act (GLBA) and its implementing regulations. That day is now over! The California Consumer Privacy Act (CCPA) is sweeping in and changing the financial privacy landscape. Many had hoped the CCPA would have an all-inclusive exemption for financial instructions already subject to compliance under GLBA; however, the California legislature has made clear that CCPA’s application will apply to portions of data held by financial institutions.
Scope of Financial Institution Exemption
CCPA exempts certain types of information that are subject to GLBA. The impact for financial institutions – all of the personal information collected today that is not subject to GLBA will be subject to CCPA (to the extent the financial institution is subject to CCPA). This includes the following information: personal information collected through general advertising and website marketing; personal information obtained from non-financial institution partners; and personal information obtained for commercial (non-personal or household) purposes.
A financial institution will be subject to CCPA if it does business in California and either (1) has at least $25 million in annual gross revenues; (2) buys, sells, shares or receives information from at least 50,000 California consumers; or (3) derives at least 50% of its annual revenue from selling California personal information.
Financial Institution Data Likely Subject to CCPA
The initial action financial institutions should take is to perform an internal data mapping exercise. Once the financial institution has determined what personal information it collects that is not subject to GLBA, the financial institution can prepare a practical and efficient CCPA compliance plan for all “non-GLBA” information.
As you are formulating a plan to comply with CCPA, our experienced privacy team is ready to partner with you in determining the most practical approach that minimizes disruptions to your already existing GLBA obligations. Here is a link for more information about our team: Privacy Team
With the California Consumer Privacy Act’s (CCPA) compliance deadline fast approaching (January 1, 2020), companies are preparing to comply with the additional complex data privacy and security requirements. HIPAA-Covered Entities may mistakenly overlook the fact that the CCPA does not wholly-exempt personal information collected by HIPAA-Covered Entities, but in turn only exempts information already protected by HIPAA. HIPAA, the Health Insurance Portability and Accountability Act, requires health care organizations, employer-sponsored group health plans, healthcare clearinghouses, and other Covered Entities to ensure the privacy and security of Protected Health Information (“PHI”). Although the CCPA exempts data that constitutes PHI, a HIPAA-Covered Entity or related Business Associate must still protect personal data (or even health data) that is covered by the CCPA but does not satisfy the definition of PHI under HIPAA.
HIPAA-Covered Entity Data Could Be Subject to CCPA
What type of data is governed by HIPAA and, as a result, exempt from the CCPA? PHI is defined as “individually identifiable health information” held or transmitted by a Covered Entity or its Business Associate, in any form or medium, whether electronic, paper, or oral. For example, health information, demographic data, medical histories, test results, and insurance information are forms of PHI if they can reasonably be used to identify a patient. Identifiers coupled with health information such as names, geographic locations, dates, contact information, social security numbers, and more can also constitute PHI. If the data amounts to PHI, that data is exempt from the CCPA.
Not all data collected by a HIPAA-Covered Entity amounts to PHI. For example, employment records held in the hands of an employer (rather than held by the group health plan sponsored by the employer) are not PHI. Any data collected by a HIPAA-Covered Entity that is not PHI will be subject to the CCPA (to the extent the entity is subject to the CCPA). However, the CCPA provides for an exception. When a Covered Entity or health care provider maintains health information in the same manner as PHI, even though the health information is not PHI, the CCPA rules do not apply. That being said, applying HIPAA privacy and security rules to non-PHI could be a burdensome task and cause confusion amongst a Covered Entity’s employee population.
What This Means for HIPAA-Covered Entities
Start your data mapping now. To determine what information is collected that is not protected under HIPAA and, to what extent the CCPA applies to such data, you must understand what categories of information are collected, who it is received from, what’s being done with the data and who it is shared with. From there, you can formulate a CCPA plan that correlates and flows with obligations under HIPAA to ensure efficiencies throughout your data compliance program.
As you are reviewing CCPA application to your entity, reach out to our experienced privacy and ERISA team to partner with you to develop a practical plan that minimizes risk and syncs to your already existing HIPAA obligations. Here is a link for more information about our team: Privacy Team
Tackling The California Market From The Midwest? What A Business Needs To Know About The California Consumer Privacy Act (CCPA)
The data privacy regime is starting to look like more of the wild west every day. A year after companies had to focus resources on complying with Europe’s onerous requirements under the General Data Protection Regulations (GDPR), companies must once again gear-up for the first round of U.S. state efforts to tighten up data privacy rules with California’s new California Consumer Privacy Act (CCPA), which comes into effect on January 1, 2020. Whether you were able to ignore GDPR or not, CCPA sets the data privacy bar higher for most U.S. based companies.
DOES CCPA APPLY TO YOUR COMPANY?
CCPA generally will apply to any for-profit company that does business in California; and, either (1) has at least $25 million in annual gross revenues; (2) buys, sells, shares or receives information from at least 50,000 California consumers; or (3) derives at least 50% of its annual revenue from selling California personal information.
COMPLIANCE WITH GDPR DOES NOT EQUAL COMPLIANCE WITH CCPA.
CCPA also includes specific disclosure requirements with respect to the “sale” of California consumer personal information and specific disclosure requirements with respect to personal information of minors. As part of the “sale” disclosures, many companies will need to add a new website opt-out option labeled “Do Not Sell My Personal Information.”
RISKS OF NONCOMPLIANCE.
CCPA is enforceable by both the California Attorney General and through limited private rights of action (specific to claims with respect to data breaches). Enforcement of CCPA will begin by the California Attorney General 6 months after the publication of final regulations or July 1, 2020, whichever is sooner. Fines can run from $2,500-$7,500 per incident (for example, a violation involving 10,000 California consumers could result in fines of $25 million to $75 million).
EXEMPTIONS – GLBA AND HIPPA.
There are specific exemptions with respect to certain types of data under CCPA. If you are a financial institution subject to Gramm-Leach-Bliley Act (GLBA) or a covered entity subject to HIPPA, certain data collected will be exempt. However, financial institutions and covered entities are still subject to CCPA with respect to data not subject to GLBA (non-NPPI) or HIPPA protection (i.e. non-PHI). It is important for companies to understand the interplay between all privacy regulations and set forth a data privacy compliance program that complies with all applicable laws.
WHERE TO START.
Analyzing the application of data privacy regulations can be daunting. McGrath North recommends companies start with data mapping to determine what information is collected, where the information is collected from, and what a company does with the information (including a list of third-parties that the information is later shared with). From here, companies can start to formulate well-thought-out compliance programs that allow them to comply with applicable data privacy laws while maintaining efficient and effective operations.
With a heightened national focus on data privacy and security, these burdensome and sometimes difficult to manage regulations are not going away. Whether you put in place a compliance program to satisfy the requirements of GDPR or not, CCPA and other U.S. state-based data privacy laws will impact almost all nationally operating entities.
McGrath North has data privacy experts to help you work through the weeds of the regulations and to partner with you to determine the most practical and efficient way for your company to implement privacy policies and procedures to ensure compliance. Here is a link for more information on our team: Privacy Team
GDPR One Year Later: Has Your Company Sorted Through The Confusion And Risks – What U.S. Companies Need To Remember
It’s been more than 1 year since Europe’s General Data Protection Regulations (GDPR) went into effect, and the data protection regulatory front still remains confusing and difficult to trudge through for many U.S. based companies. However, it is clear, there is no slowing down when it comes to increased data privacy regulation. Below is a refresher on the basics of GDPR, as last year we saw many U.S. based companies put aside the issue of whether they needed to focus dollars and time on complying with GDPR. As the regulatory front continues to grow and there is increasing pressure from consumers, customers and vendors to pay attention to data privacy laws (like GDPR), companies who avoided GDPR should review the jurisdictional requirements to confirm their compliance obligations.
WHY CARE – HOW GDPR APPLIES TO U.S. COMPANIES?
Why should a U.S. (or local Midwest based) company pay attention to a set of regulations providing rights (in general) to residents of European nations? The answer is simple; GDPR’s extra-territorial reach allows European nations who have adopted GDPR to latch onto U.S. based companies who have no physical presence in Europe. A U.S. based company with no operations (or other establishment) in Europe will be subject to GDPR jurisdiction if the company either (1) offers goods or services to residents of European nations, or (2) monitors the behavior (i.e. through its website) of residents of European nations.
PRACTICAL WAYS TO START YOUR COMPLIANCE PLAN.
Companies who desire to start formulating a plan with respect to data privacy compliance should start with data mapping. Understanding where and who data is collected from, what the company does with the data and where and who data is shared with will help a company determine what data privacy regimes govern its operations. From there, a company can begin to pull together its data privacy compliance program (whether basic or more sophisticated) to ensure compliance with all applicable data privacy laws.
IMPLEMENTING NECESSARY CHANGES.
Penalties under GDPR for noncompliance can be hefty and upwards of $20 million Euros or 4% of a company’s worldwide annual turnover (whichever is greater). Companies may also be subject to criminal penalties, suits by supervisory authorities or private rights of action by individuals. And today, various European supervisory authorities are beginning to investigate compliance among dozens of U.S. based companies.
GDPR’S NOT FOR YOU – YOUR CUSTOMERS AND VENDORS MIGHT TELL YOU OTHERWISE.
Even if a company determines that GDPR’s jurisdictional reach does not apply to its operations, many U.S. based companies are seeing their customers and services providers require them to comply with the terms of GDPR (through flow-down liability). It is important for companies to understand what they are contractually signing up for and what impact agreeing to GDPR compliance will have.
What this means for most U.S. based companies, is that if GDPR is not yet on your radar (or you subtly ignored GDPR over the last few years), today is the day to review its application and take the necessary steps to gain compliance. With the regulatory focus on data privacy and security, even if GDPR does not apply to your company, almost all U.S. based companies will be impacted by various data privacy state laws working their way through local legislation. Starting with GDPR analysis is just the beginning!
As you are evaluating GDPR’s ongoing impact, our experienced privacy team is ready to partner with you in formulating a practical, effective and tailored compliance approach that minimizes disruptions to your company’s business plans. Here is a link for more information on our team: Privacy Team
Calendar Year 2019
The following summary describes the most common penalties applicable to retirement, health, and welfare plans in 2019 through ERISA and other federal laws. This list serves as an important reminder that noncompliance with laws relating to your company’s benefit plans could result in significant penalties.
- Furnish Reports. Failure to furnish reports (e.g., pension benefit statements) to certain former participants and beneficiaries or maintain records: $30 per employee.
- COBRA. Failure to provide an initial COBRA notice or an election notice on a timely basis, as required by COBRA: $110 per day.
- Form 5500. Failure or refusal to properly file annual Form 5500 report required by ERISA § 104: Up to $2,194 per day.
- Notification of Benefit Restrictions. Failure to notify participants under ERISA §10(j) of certain benefit restrictions and/or limitations arising under Internal Revenue Code §436: Up to $1,736 per day.
- Notification of Automatic Contribution Arrangement. Failure to furnish automatic contribution arrangement notice under ERISA §514(e)(3): Up to $1,736 per day.
- Form M-1. Failure of a multiple employer welfare arrangement to file report required by regulations issued under ERISA §101(g): Up to $1,597 per day.
- Information Requested by DOL. Failure to furnish information requested by the Secretary of Labor under ERISA §104(a)(6): Up to $156 per day, not to exceed $1,566 per request.
- Blackout Notice. Failure to furnish a blackout notice under ERISA § 101(i): Up to $139 per day.
- Right to Divest Notice. Failure to furnish a notice of the right to divest employer securities under ERISA § 101(m): Up to $139 per day.
- CHIP Notice. Failure by an employer to inform employees of Children’s Health Insurance Program (CHIP) coverage opportunities (each employee is a separate violation): Up to $117 per day.
- State Coverage Coordination. Failure by a plan administrator to timely provide to any State the information required to be disclosed regarding coverage coordination under ERISA §701(f)(3)(B)(ii); each participant/beneficiary is a separate violation: Up to $117 per day.
- Failure by any plan sponsor of a group health plan, or any health insurance issuer offering health insurance coverage in connection with the plan, to meet the requirements of ERISA §§702(a)(1)(F), (b)(3), (c) or (d); or §701; or §702(b)(1) with respect to genetic information: Up to $117 per day during non-compliance period.
- Minimum penalty for de minimis failures to meet genetic information requirements not corrected prior to notice from the Secretary of Labor: $2,919 minimum.
- Minimum penalty for failures to meet genetic information requirements which are not corrected prior to notice from the Secretary of Labor and are not de minimis: $17,515 minimum.
- Cap on unintentional failures to meet genetic information requirements: Up to $583,830.
- CSEC. Failure of Cooperative and Small Employer Charity Act (CSEC) plan sponsor to establish or update a funding restoration plan: Up to $107 per day.
- Prohibited Distribution. Distribution prohibited by ERISA §206(e): Up to $16,915 per distribution.
- SBC Distribution. Failure to provide Summary of Benefits Coverage under Public Health Services Act §2715(f): Up to $1,156 per failure.
- Failure of a multiemployer plan to certify endangered or critical status under ERISA §305(b)(3)(C) treated as a failure to file annual report: Up to $2,194 per day.
- Failure to furnish certain multiemployer plan financial and actuarial reports upon request under ERISA §101(k): Up to $1,736 per day.
- Failure to furnish estimate of withdrawal liability upon request under ERISA §101(l): Up to $1,736 per day.
- Failure by a plan sponsor of a multi-employer plan in endangered status to adopt a funding improvement plan or a multiemployer plan in critical status to adopt a rehabilitation plan. Penalty also applies to a plan sponsor of an endangered status plan (other than a seriously endangered plan) that fails to meet its benchmark by the end of the funding improvement period: Up to $1,378 per day.
Health Care Reform.
- Failure to offer coverage to 95% of eligible full-time employees with Minimum Essential Coverage. Penalty applies if one full-time employee receives federal premium subsidy for marketplace coverage: $2,500 per full-time employee (minus the first 30).
- Failure to offer affordable coverage (less than or equal to 9.56% in 2018 and 9.86% in 2019) or failure to provide “minimum value” coverage (60%+ of total allowed costs): $3,750 per full-time employee receiving a subsidy or $2,500 per full-time employee (minus the first 30).
- Failure to comply with health care reform mandates: $100 per day.
- Failure to file a correct 1094 or 1095 or failure to file the information returns on a timely basis: $270 for each return.
- Failure to furnish correct 1095 payee statement on a timely basis or failure to include all of the information required to be shown on a payee statement or the inclusion of incorrect information: $270 for each return.
- MHPAEA. Failure to comply with MHPAEA requirements: $100 per day for each individual to whom a failure relates.
- HIPAA. Failure to comply with HIPAA: Excise tax of $100 per day for each individual to whom the failure relates; civil penalties of $100 to $50,000 per violation, capped at $1.5 million per calendar year.
This summary is not intended to be a comprehensive list of all federal penalties that could apply to an employee benefit plan. Additionally, state and local law penalties are not included in this summary.
Unless you have been paying attention to data privacy news, you may not realize that January 1, 2020, is the implementation date of the California Consumer Protection Act (CCPA) and that July 1, 2020, is the current deadline for the California Attorney General to implement regulations under CCPA. As currently drafted, the CCPA directs the California Attorney General to forego bringing any enforcement action under the CCPA until six months after publication of such final regulations, or July 1, 2020, whichever is sooner.
The CCPA constitutes an expansion beyond California’s existing privacy laws and various provisions of the new law will apply to all businesses that do business in California:
- With annual gross revenue greater than $25 million (not just in California),
- That obtain or share for commercial purposes the personal information of 50,000 or more California residents, households or devices, or
- That get 50% or more of their revenue from selling or sharing the personal information of California residents.
Many non-California based businesses may be surprised to learn that they fall within the scope of the CCPA.
The CCPA was passed quickly to avoid a similar voter initiative ballot measure, and as a result has numerous ambiguities and apparent inconsistencies. The law was amended on September 23, 2018, and it is very likely that the law will be changed again by amendment, and clarified through final rules and regulations, before it comes into effect on January 1, 2020.
Note that at this point, the application of the CCPA to employee data remains an open question. On its face, the CCPA appears to apply only to California “consumers.” However, the CCPA’s definition of consumer (a California resident) combined with California’s longstanding practice of protecting individual privacy rights, suggests that the CCPA also may extend to the personal information of California residents maintained as part of an employment relationship. If so, the CCPA would apply to residents of California who are job applicants, full or part time employees, temporary workers, interns, volunteers, independent contractors, and even such persons’ dependents or beneficiaries.
While the CCPA will almost certainly change again before it comes into effect on January 1, 2020, businesses may want to begin thinking now about some of the core new provisions in that law, in particular, how the business will respond to consumers’ requests for information about their personal information held by the business and such consumers’ requests to delete their personal information held by the business. Note that as presently drafted, the CCPA requires businesses to maintain a twelve (12) month look back (as early as back to January 1, 2019) of data processing activities relating to covered personal information.
Also worth watching is the law’s treatment of private rights of action. While the CCPA does not contain a private right of action for violation of any of the new disclosure or individual rights provisions, it does provide a private right of action for California consumers whose information has been compromised in a data breach resulting from inadequate security measures. This essentially codifies the concept of negligence in California data breaches and, by imposing statutory damages ($100-$750), may largely affect the pleading and proof of damages in data breach cases, which is often the issue of greatest dispute. From a litigation standpoint, these statutory damages plus the broad definition of “consumer” means that plaintiff’s attorneys may be gearing up to use the CCPA to bring cases against businesses that do business in California on behalf of a myriad of different groups about whom businesses typically hold personal information including, for example, end use customers, employees, shareholders and service providers and vendors.
If you have questions or would like to discuss the CCPA’s application to your business, please contact a member of the McGrath North Privacy and Data Security team.
In an effort to reverse another aspect of the Affordable Care Act (“ACA”), the Trump Administration published a proposed rule in late October that would allow employers to reimburse employees for medical expenses through a stand-alone health reimbursement account (“HRA”). Health care reform imposes a large excise tax on arrangements that reimburse employees for health care expenses without also providing a group health plan to employees. The penalty was intended to drive employers to purchase group insurance plans for their employees but posed a huge challenge for small employers who saw such reimbursements as a natural alternative to offering employee health care coverage. In the wake of rising health care costs, the Internal Revenue Service (“IRS”) recognized the burden such prohibition posed on small employers. As a result, in 2017, the IRS chipped away at the prohibition by allowing employers with less than 50 full-time employees to offer special stand-alone HRAs, known as “Qualified Small Employer Health Reimbursement Accounts” or “QSEHRAs.” The government now takes one step further by proposing to allow both small and mid-size employers to offer HRAs to their employees, even if they do not offer traditional group coverage. The Proposed Rule intends to accomplish two major goals: (1) permit HRAs to be integrated with individual health insurance coverage; and (2) expand the definition of benefits in order to allow reimbursement for stand-alone dental, limited scope vision, and other plans.
i. The Proposed Integration Rules
HRAs are tax-free, employer-funded accounts used to pay for out-of-pocket, qualified medical expenses. HRAs have been part of the health care market for years, but the ACA tried to discourage the use of HRAs to prevent employers from pushing employees with health risks into the individual market. Currently, employers can only offer an HRA to their employees if it is “integrated” with a major group medical plan sponsored by the employer. Under the new Proposed Rule, employers would be able to offer HRAs to employees with individual health insurance coverage if certain conditions are met. For example, under the Proposed Rule, an employer cannot offer a stand-alone HRA and a traditional group health plan to the same group or class of employees. Additionally, while HRA reimbursement amounts can vary to reflect age-based health coverage pricing, reimbursement amounts cannot vary based on the health-risk posed by the employee. In other words, the general rule requires that the HRA integrated with individual health insurance coverage be offered on the same terms to all employees of the same class (e.g., full-time, part-time, seasonal, etc.).
ii. Limited Excepted Benefits under the Proposed Rule
The Proposed Rule also offers employers the opportunity to offer an HRA to its employees, even if its employees do not have any major medical coverage at all. Under the Proposed Rule, an HRA will be considered a “limited excepted benefit” exempt from the integration rules if: (1) the HRA is not an integral part of the plan; (2) the HRA does not provide reimbursements in excess of $1,800 per year; (3) the HRA does not reimburse premiums for certain health insurance coverage; and (4) the HRA is made available under the same terms to all similarly situated individuals. The HRA is not an “integral part of the plan” if the participant is offered the opportunity to enroll in an employer-sponsored group health plan. Additionally, the HRA cannot reimburse the participant for premiums for individual health insurance coverage, coverage under a group health plan, or Medicare parts B or D. Rather, the HRA could reimburse employees for premiums for dental plans, limited scope vision plans, or other “excepted benefits.”
iii. The Proposed Rule and QSEHRAs
HRAs under the Proposed Rule are different from QSEHRAs. QSEHRAs have specific, stringent requirements and only apply to employers with less than 50 full-time employees. However, QSEHRAs have a higher statutory dollar limit on reimbursements. While an employer-sponsored QSEHRA can reimburse employees up to $5,050 for individuals and $10,250 for families, a stand-alone HRA under the new Proposed Rule can only reimburse employees for up to $1,800 worth of medical expenses. In other words, some small employers hoping to reimburse employees up to the highest dollar amount available might find that QSEHRAs are a more attractive option. Another difference between QSEHRAs and the stand-alone HRAs under the Proposed Rule is the ACA consequences applicable to employers. Under the Proposed Rule, if group health plan coverage is unaffordable for an employee enrolled in the stand-alone HRA, the employer will be subject to ACA penalties if the employee opts out of coverage and qualifies for a premium tax credit subsidy. In contrast, QSEHRAs do not impose penalties on employers if the reimbursements do not make health coverage “affordable,” because small employers eligible to establish QSEHRAs are not subject to the pay-or-play mandate.
If you have any questions about the HRAs, QSEHRAs, or the new Proposed Rule, please contact one of our employee benefits attorneys.
EFFECTIVE: JANUARY 1, 2019
The IRS has released the 2019 cost-of-living adjustments applicable to the dollar limits and thresholds for retirement plans and health and welfare benefit plans. Plan sponsors should update their systems and formulas to include the limits that have been adjusted.
To view the chart, click here.
McGrath North is pleased to announce that their Tax, Trusts and Estates practice group earned a top ranking (Band 1) in the 2018 Chambers High Net Worth (HNW) guide. McGrath North is one of two Nebraska firms to receive the Band 1 honor for private wealth law.
McGrath North advises individuals on tax planning, business succession matters, the administration of trusts and estates, and the preparation of wills and trusts. In the HNW guide, Chambers notes that McGrath North is regarded as “one of the top law firms” in Nebraska. The firm has a substantial tax, trusts and estates group that works with wealthy clients from across the Midwest.
Three of McGrath North partners were also singled out for recognition in the HNW guide. Clients and peers praised these individual attorneys during interviews with Chambers researchers:
- Jonathan Grob, a co-practice group leader, assists clients with tax planning, estate planning and business succession matters, as well as offering advice on charitable giving and is ranked in Band 2. An interviewee states this: “He’s very sound technically in all kinds of aspects of tax law, including the wealth transfer type,” adding that “he is easy to work with, able to answer questions.”
- James Wegner is ranked in Band 2 and is a co-practice group leader. He advises clients on tax planning and business succession issues, and advises on non-profit organizations and charities law, as well. A market insider says this: “With him I know clients are in excellent hands – as an estate planner he does an excellent job.”
- Jeffrey Pirruccello is ranked in Band 1 and was recognized for his extensive experience advising wealthy clients on estate and tax planning matters. He also represents clients under tax investigations. “He’s a respected and long-standing presence,” says a peer, adding that “he has a very sound grasp of how transfer planning works, he has lots of experience of those things.”
“We are very proud that these three attorneys are held in such high regard by their clients and others in the industry” said Roger Wells, president of McGrath North. “Each are valued leaders in our firm and trusted advisors to our clients.”
In light of the current trend toward state-mandated paid family and medical leave laws, recent tax reforms added a provision to the tax code allowing certain employers to claim a business credit based on wages paid to employees on family and medical leave, subject to certain conditions. The new provision, added by the Tax Cuts and Jobs Act, offers a general business credit of up to 25% of wages paid to certain qualifying employees while they are on family and medical leave. The credit will incentivize employers to offer paid family and medical leave, which will also help prepare employers for impending state and local paid leave laws. The credit is generally effective for wages paid in taxable years beginning after December 31, 2017 and is not available for wages paid in taxable years beginning after December 31, 2019. Therefore, employers interested in utilizing the credit should act quickly in the event Congress does not act to extend the credit beyond 2019.
The employer tax credit is calculated as a percentage of the amount of wages paid to a qualifying employee while on family and medical leave (as defined by the Family and Medical Leave Act of 1993 or “FMLA”) for up to 12 weeks per tax year. The credit is available only if the rate of pay for employees on leave is at least 50% of the employee’s normal wages. The credit is a minimum of 12.5% of the wages paid during leave and is increased by 0.25% for each percentage point by which the amount paid to a qualifying employee exceeds 50% of the employee’s wages (up to a maximum credit of 25% of wages paid).
A qualifying employee is any employee under the Fair Labor Standards Act who has been employed for one year or more and, for the preceding year, had compensation that did not exceed the maximum statutory amount. For an employer claiming a Section 45S credit for wages paid to an employee in 2018, the employee must not have earned more than $72,000 in 2017. Employers taking advantage of the credit must reduce deductions for wages and salaries paid or incurred by the amount determined as a credit. Additionally, any wages taken into account for other general business credits may not be used toward the paid family and medical leave credit.
In order to take advantage of the credit, employers must establish written policies and procedures that operate in accordance with the requirements of the new Internal Revenue Code Section 45S as added by the Tax Cuts and Jobs Act. For example, each year, employers must provide at least two weeks of paid family and medical leave to all full-time qualifying employees, and prorate the same benefits for employees working part-time. Additionally, as noted above, whatever paid leave is offered by the employer cannot be paid at less than 50% of the wages the employee normally receives. Employers can offer up to 12 weeks of paid leave annually under their written policies. The credit is available to employers that are not subject to the FMLA, so long as the employer offers paid family and medical leave consistent with the credit’s minimum standards and establishes a written policy governing the leave.
For purposes of the paid leave credit, “family and medical leave” includes leave taken for any of the following reasons: childbirth; placement of a child for adoption or foster care; caring for a spouse, child, or parent with a serious health condition; a serious health condition causing an employee to be unable to perform his or her work functions; qualifying events due to a spouse’s, child’s, or parent’s coverage on active duty or called to duty in the Armed Forces; or, caring for a spouse, child, parent, or next of kin that is a service member. However, employers should recognize that paid vacation leave, personal leave, or medical or sick leave provided by the employer will not be considered family and medical leave unless it specifically covers one of the aforementioned events. Additionally, leave provided under state and local law may not be included in calculating the employer credit. In other words, the Section 45S credit is unavailable regarding paid leave that is required under state or local law.
The IRS intends to provide employers with more guidance on the employer tax credit, including information on how paid family and medical leave will interact with other employer-provided paid leave, state and local leave laws, controlled group rules, and more. Until the IRS issues further guidance, please contact one of the McGrath North Employee Benefits or Labor and Employment attorneys with any questions or concerns.