Tag Archives: ERISA

New “Notice And Access” Safe Harbor Allows Employers To Ditch Paper Disclosures For Retirement Plans

On October 22, 2019, the Department of Labor (“DOL”) released proposed regulations updating the electronic disclosure rules for ERISA notices. Given the significant advances in technology over the last decade, employers have long-awaited a meaningful update to the current, outdated electronic disclosure safe harbor. Although employers may continue to provide paper notices to employees, the DOL anticipates that most employers will migrate to the new, proposed safe harbor for electronic disclosure of ERISA notices. The new safe harbor is expected to create efficiency, increase participant awareness, and result in cost savings for employers. The only downside¾the safe harbor does not apply to health and welfare plans.

What disclosures are impacted by the rule?

The new safe harbor can be used for any ERISA notices required to be distributed to pension benefit plan participants, other than those documents only required to be furnished upon request. In other words, pension benefit statements, Safe Harbor Notices, QDIA Notices, fee disclosures, summary annual reports, and other documents required to be furnished solely because of the passage of time may be disclosed electronically under the new safe harbor. However, disclosures such as the plan document, terminal report, trust agreement, and other documents that only need be to be furnished upon request cannot utilize the new safe harbor for disclosure.

Curiously, the safe harbor only applies to pension benefit plans, as defined in ERISA Section 3(2), including defined contribution (e.g., 401(k) plans) and defined benefit (e.g., pension) plans. The safe harbor does not apply to “employee welfare benefit plans,” which means that group health plans, disability plans, and other health and welfare plans must continue to rely on the old electronic disclosure regulations. The DOL expressed concern about the safe harbor as applied to group health plans, given the special considerations relating to issues such as pre-service claims review, access to emergency health care, and more.

Who can receive retirement plan disclosures electronically?

Participants, beneficiaries, or other individuals (“Covered Individuals”) entitled to ERISA notices can receive the notices electronically if: (1) they provide the employer, as a condition of employment or at the beginning of plan participation, with an e-mail address or smartphone telephone number; (2) they are assigned an e-mail address by the employer; or (3) they are given an internet-based mobile computing device by the employer.

Internet-based mobile computing devices include smartphones with data plans, laptops, tablets, or similar devices. The DOL does not want to specifically limit the regulations to any particular devices, as technology changes quickly over time and they want to avoid ending up with outdated regulations.

What are the notice and access requirements?

The “notice and access” safe harbor requires just that: delivery of a specific notice of internet availability and compliance with certain minimum standards concerning the availability of and access to the notices. A notice of internet availability must comply with certain content requirements and must be furnished electronically to the Covered Individuals no later than the time the notice is available on the internet/website. In other words, if a notice is due to participants on January 1st and is uploaded to the company website on such date, the notice of internet availability must be provided to Covered Individuals on January 1st. For an employer that chooses to provide all notices at the same time each year, the notice of availability must only be provided each plan year, and no more than 14 months following the date the prior plan year’s notice was furnished.

The “access” prong of the safe harbor requires that employers comply with the following requirements: (1) the employer must ensure the existence of an internet website at which a covered individual is able to access covered documents; (2) the notices must be available on the applicable, required dates; (3) each notice must remain available on the website until it is superseded by a subsequent version of the notice; (4) the notice must be presented on the website in a manner calculated to be understood by the average plan participant (must be “readable”); (5) the notice must be presented in a widely-available format or formats that are suitable to be both read online and printed clearly on paper, and must be “searchable”; (6) the notice must be presented on the website in a widely-available format or formats that allow the covered document to be permanently retained in an electronic format; and (7) the website must protect the confidentiality of personal information relating to the Covered Individuals.

Can a Covered Individual opt out?

Yes.  The safe harbor includes a “global” opt out provision. Covered Individuals may elect to opt out of electronic disclosure and receive all notices in paper. Covered Individuals may also maintain electronic disclosures, but request that the employer furnish them, free of charge, a paper copy of a notice (or all of the notices) as soon as reasonably practicable. For individuals that opt out, the employer must establish and maintain reasonable procedures governing requests or elections for paper copies.

The proposed regulations require employers to send an initial notification of default electronic delivery and the right to opt out to ensure that all participants and beneficiaries accustomed to receiving paper notices are aware of the new method for electronic disclosure and have the opportunity to choose to continue to receive paper copies.

Effective Date

Generally, the proposed regulations will be effective 60 days after publication of a final rule in the Federal Register. The DOL has proposed the new safe harbor apply to employee benefit plans as of the first day of the calendar year following the publication of the final rule. The Department has requested comments with regard to providing an earlier effective date.

Questions?

For more information on the details of the proposed regulations and implementing the safe harbor going forward, including special rules for severance of employment and other circumstances, please contact Caroline Nelsen at 402-633-9575 or e-mail her at cnelsen@mcgrathnorth.com

Share Button

Participant Data And Fiduciary Liability: The Current Regulatory Environment, The Vanderbilt Lawsuit, And Best Practices For Benefit Plan Sponsors

With cybersecurity risks on the rise and increased awareness of the sophisticated ability of hackers in the modern world, many plan sponsors have expressed growing concerns that they may have fiduciary liability with respect to protection of participants’ personal information. By now, most plan sponsors have become accustomed to complying the Health Insurance Portability and Accountability Act (“HIPAA”) with respect to participant data within their employer-sponsored health plan. However, employers are not accustomed to applying such standards in the retirement plan context. Given the heightened cybersecurity risks in today’s digital society, employers serving as plan sponsors of retirement and welfare benefit plans should begin to implement policies and procedures to protect participant data and carefully monitor their service providers as they handle participant data.

In recent years, there has been a push for regulation governing protection of personally identifiable information (“PII”) in the retirement plan context. In 2011, an ERISA advisory council that serves as an advisor to the Secretary of Labor issued a report urging the Department of Labor (“DOL”) to issue guidance or regulations relating to the obligation of plan fiduciaries to protect the PII of plan participants and beneficiaries. The counsel expressed concern over insecurity of plan financial data, asking the DOL to provide guidance on whether ERISA fiduciaries must secure PII and develop educational materials for participants. Specific areas of concern included theft of PII or money from accounts, unsecured/unencrypted data, hacking into plan administration and service provider systems, outdated password protections, phishing emails, and stolen hardware. The counsel met again in 2016 and once again urged the DOL to issue guidance and hoped that the report could serve as a reference for plan sponsors to secure plan data and assets from cybersecurity risks.

To date, the DOL has issued no direct guidance on cybersecurity considerations for PII within retirement and welfare plans. However, a new argument has emerged under ERISA fiduciary standards that the “prudent man” rule, exclusive benefit rule, and the obligation to select and monitor service providers include the obligation to maintain the privacy and security of plan data and monitor service providers’ use of the data. Under ERISA, fiduciaries must act prudently, taking the course of action that a similar, prudent man would in like circumstances and with like knowledge. Furthermore, ERISA requires fiduciaries to act only for the exclusive benefit of plan participants and their beneficiaries. Finally, ERISA fiduciaries must prudently select and monitor a plan’s service providers.

Some have begun to use Interpretive Bulletin 96-1 as a reference point to establish a requirement of prudence in service provider selections, including the prudent selection of a service provider that securely maintains electronic plan data. Additionally, one of the arguments in a lawsuit against Vanderbilt University stated that the University failed to protect plan assets by allowing third parties to market services to participants, referring to participant and financial data held by the plan as “plan assets” protected by fiduciary obligations. In that case, the plaintiffs argued that the University allowed the plan’s recordkeeper to obtain access to participants’ private and sensitive information, including investment choices, account information, contact information, proximity to retirement, age, and more, in order to market and sell its own insurance products to participants outside the plan. The plaintiffs claimed that such an action violated the University’s fiduciary duty to work for the exclusive benefit of the participants. Unfortunately, the parties recently came to a settlement agreement before the courts had a chance to rule on whether ERISA protections will apply to personal plan information.

Although there is no direct guidance from the DOL on fiduciary standards as applied to the privacy and security of participant data, it is likely in the coming years the DOL will find that retirement and welfare plan fiduciaries have a responsibility to safeguard participant data in compliance with the prudence standard, given the common knowledge of cybersecurity risks in today’s society. Specifically, plan sponsors should be aware of their duty to monitor service providers and their security measures in place for protecting plan data. Going forward, plan sponsors should implement security policies and procedures relating to the protection of PII and participant data. Some companies have formed cybersecurity committees for purposes of implementing these procedures and increasing awareness internally about the seriousness of cybersecurity. Further, in choosing service providers, plan sponsors should exercise due diligence in questioning the providers’ security measures, breach reporting practices, and contract provisions relating to the protection of plan data.

Share Button

Employee Benefits Statutory Civil Penalties

Calendar Year 2019

The following summary describes the most common penalties applicable to retirement, health, and welfare plans in 2019 through ERISA and other federal laws. This list serves as an important reminder that noncompliance with laws relating to your company’s benefit plans could result in significant penalties.

ERISA Penalties.

  • Furnish Reports. Failure to furnish reports (e.g., pension benefit statements) to certain former participants and beneficiaries or maintain records: $30 per employee.
  • COBRA. Failure to provide an initial COBRA notice or an election notice on a timely basis, as required by COBRA: $110 per day.
  • Form 5500. Failure or refusal to properly file annual Form 5500 report required by ERISA § 104: Up to $2,194 per day.
  • Notification of Benefit Restrictions. Failure to notify participants under ERISA §10(j) of certain benefit restrictions and/or limitations arising under Internal Revenue Code §436: Up to $1,736 per day.
  • Notification of Automatic Contribution Arrangement. Failure to furnish automatic contribution arrangement notice under ERISA §514(e)(3): Up to $1,736 per day.
  • Form M-1. Failure of a multiple employer welfare arrangement to file report required by regulations issued under ERISA §101(g): Up to $1,597 per day.
  • Information Requested by DOL. Failure to furnish information requested by the Secretary of Labor under ERISA §104(a)(6): Up to $156 per day, not to exceed $1,566 per request.
  • Blackout Notice. Failure to furnish a blackout notice under ERISA § 101(i): Up to $139 per day.
  • Right to Divest Notice. Failure to furnish a notice of the right to divest employer securities under ERISA § 101(m): Up to $139 per day.
  • CHIP Notice. Failure by an employer to inform employees of Children’s Health Insurance Program (CHIP) coverage opportunities (each employee is a separate violation): Up to $117 per day.
  • State Coverage Coordination. Failure by a plan administrator to timely provide to any State the information required to be disclosed regarding coverage coordination under ERISA §701(f)(3)(B)(ii); each participant/beneficiary is a separate violation: Up to $117 per day.
  • GINA.
    • Failure by any plan sponsor of a group health plan, or any health insurance issuer offering health insurance coverage in connection with the plan, to meet the requirements of ERISA §§702(a)(1)(F), (b)(3), (c) or (d); or §701; or §702(b)(1) with respect to genetic information: Up to $117 per day during non-compliance period.
    • Minimum penalty for de minimis failures to meet genetic information requirements not corrected prior to notice from the Secretary of Labor: $2,919 minimum.
    • Minimum penalty for failures to meet genetic information requirements which are not corrected prior to notice from the Secretary of Labor and are not de minimis: $17,515 minimum.
    • Cap on unintentional failures to meet genetic information requirements: Up to $583,830.
  • CSEC. Failure of Cooperative and Small Employer Charity Act (CSEC) plan sponsor to establish or update a funding restoration plan: Up to $107 per day.
  • Prohibited Distribution. Distribution prohibited by ERISA §206(e): Up to $16,915 per distribution.
  • SBC Distribution. Failure to provide Summary of Benefits Coverage under Public Health Services Act §2715(f): Up to $1,156 per failure.

Multi-Employer Plans.

  • Failure of a multiemployer plan to certify endangered or critical status under ERISA §305(b)(3)(C) treated as a failure to file annual report: Up to $2,194 per day.
  • Failure to furnish certain multiemployer plan financial and actuarial reports upon request under ERISA §101(k): Up to $1,736 per day.
  • Failure to furnish estimate of withdrawal liability upon request under ERISA §101(l): Up to $1,736 per day.
  • Failure by a plan sponsor of a multi-employer plan in endangered status to adopt a funding improvement plan or a multiemployer plan in critical status to adopt a rehabilitation plan. Penalty also applies to a plan sponsor of an endangered status plan (other than a seriously endangered plan) that fails to meet its benchmark by the end of the funding improvement period: Up to $1,378 per day.

Health Care Reform.

  • Failure to offer coverage to 95% of eligible full-time employees with Minimum Essential Coverage. Penalty applies if one full-time employee receives federal premium subsidy for marketplace coverage: $2,500 per full-time employee (minus the first 30).
  • Failure to offer affordable coverage (less than or equal to 9.56% in 2018 and 9.86% in 2019) or failure to provide “minimum value” coverage (60%+ of total allowed costs): $3,750 per full-time employee receiving a subsidy or $2,500 per full-time employee (minus the first 30).
  • Failure to comply with health care reform mandates: $100 per day.
  • Failure to file a correct 1094 or 1095 or failure to file the information returns on a timely basis: $270 for each return.
  • Failure to furnish correct 1095 payee statement on a timely basis or failure to include all of the information required to be shown on a payee statement or the inclusion of incorrect information: $270 for each return.

Miscellaneous Penalties.

  • MHPAEA. Failure to comply with MHPAEA requirements: $100 per day for each individual to whom a failure relates.
  • HIPAA. Failure to comply with HIPAA: Excise tax of $100 per day for each individual to whom the failure relates; civil penalties of $100 to $50,000 per violation, capped at $1.5 million per calendar year.

This summary is not intended to be a comprehensive list of all federal penalties that could apply to an employee benefit plan. Additionally, state and local law penalties are not included in this summary.

Share Button

New Health Plan Opportunities for Small Businesses

Under new guidance, small businesses now have more opportunity to offer affordable health care coverage to their employees. In June, the Department of Labor issued a Final Rule on Association Health Plans (AHPs) that will allow small employers to group together to buy insurance. The Final Rule is intended to help small businesses and self-employed individuals obtain health care coverage at a lower cost and increase their bargaining power with insurance companies.

The new rules focus on how ERISA defines “employer” for purposes of sponsoring a health plan. Under ERISA Section 3(5), the term “employer” is defined as “. . . any person acting directly as an employer, or indirectly in the interest of an employer, in relation to an employee benefit plan; and includes a group or association of employers acting for an employer in such capacity.” Under ERISA, bona fide employer groups or associations could sponsor a joint welfare plan only by satisfying a very high standard.  Specifically, employers intending to establish an association benefit had to demonstrate both a commonality of interests unrelated to providing benefits and a certain level of control over the plan and trust. Employers were prohibited from banding together for the sole purpose of establishing a welfare benefit plan.  If an association or group of employers could meet these criteria, the association or group would be treated as an employer sponsoring a single health plan for its employer members and the plan will be regulated as a group health plan under ERISA.

The Final Rule expands the definition of employer for this purpose and, among other things, allows sole proprietors to participate in AHPs. Under the Final Rule, a bona fide group or association of employers will be treated as a single employer sponsoring a single health plan for its employer members (an AHP) if the following criteria are met:

  1. Purpose. The primary purpose may be to offer health coverage to employer members and their employees only if there is one substantial business purpose for the association that is unrelated to the provision of health coverage. A substantial business purpose exists if the group or association would be a viable entity absent the sponsorship of the health plan. Substantial business purposes include promoting common business or economic interests of a trade or community, and do not have to be for-profit.
  2. Employer Members Acting Directly As Employers. Each employer member must act directly as an employer of at least one employee participating in the plan.
  3. Organizational Structure. The employer members must have a formal organizational structure, including a governing body and bylaws (or similar formality).
  4. Control. The employer members must maintain control over the functions and actions of the association, as well as what employers may become employer members and participate in the plan.
  5. Commonality of Interest. The employer members must either be in the same trade or industry, or maintain their principal place of business in the same state or metropolitan area. A metropolitan area may include more than one state if the metropolitan area sprawls across state lines.
  6. Participation. Participation in the plan must be limited to the employees or former employees (and their beneficiaries) of employer members.
  7. Nondiscrimination. The plan must comply with ERISA’s group health plan nondiscrimination rules governing eligibility conditions, premiums, and contributions. Additionally, the plan cannot condition employer membership on a health factor of an individual who might become eligible to participate.
  8. Sponsor Cannot be a Health Insurance Issuer. The group or association sponsoring the plan cannot be a health insurance issuer or owned or controlled by a health insurance issuer. However, health insurance issuers can participate in the group or association as an employer member.

The Final Rule also expressly allows “working owners” to receive dual treatment as an employer and an employee simultaneously, which permits working owners to participate in AHPs. For purposes of the Final Rule, a “working owner” includes anyone who: (1) has an ownership right in a trade or business (including partners and self-employed individuals); (2) earns wages or self-employment income; and (3) either works 20 hours per week (80 hours per month) or earns wages that cover the working owner’s cost of coverage.

Finally, the Final Rule ensures that no joint-employer liability attaches to the employer members sponsoring an AHP. The Final Rule states “nothing in the final rule is intended to indicate that participating in an AHP sponsored by a bona fide group or association of employers gives rise to joint employer status under any federal or State law, rule or regulation.”

For fully-insured health plans, the rule will take effect starting September 1, 2018. New self-insured AHPs may operate under the new rule starting on April 1, 2019, and for any existing, self-insured AHPs the rule will be effective January 1, 2019.

If you have any questions regarding the Final Rule or AHPs, please contact one of our employee benefits attorneys.

Share Button

Year-End Compliance Checklist

Year end complianceIt’s that time of year again—time to cleanup and close-out the 2014 plan year for your ERISA health and retirement plans. The following is an overview of a few compliance items that should be addressed before the close of 2014.

Group Health Plans

This past year was a big year for health plans. With all the changes associated with the Affordable Care Act (“ACA”) and some big announcements by the IRS and the Supreme Court, there are several new items to add to our year-end checklists. Here are a few of the highlights:

  • Health Flexible Spending Accounts.  The IRS recently announced that the health flexible spending arrangement (“Health FSA”) limit for 2015 was increased to $2,550. Additionally, as announced last year, Health FSAs continue to be permitted to offer limited rollovers of up to $500.
  • New COBRA Notices.  COBRA, which stands for the Consolidated Omnibus Budget Reconciliation Act, requires group health plans to provide qualified beneficiaries with an election notice that describes their rights to continuation coverage and how to make an election. The election notice must be provided to these individuals within 14 days of the date the plan administrator receives the notice of a qualifying event. The Department of Labor (“DOL”) recently issued new model COBRA notices that reference the ACA Marketplaces (or “exchanges”). Accordingly, employers should modify their COBRA notices and include this new language going forward.
  • Health Reimbursement Arrangements.  The IRS continues to maintain that certain health reimbursement arrangements which operate independently of group health plans must be re-designed or terminated by January 1, 2014. Employers providing reimbursement for individual health insurance policies or other medical care should review their plan design to ensure the arrangement remains permissible.
  • DOMA.  On June 26, 2013, the Supreme Court of the United States ruled in the well-publicized United States v. Windsor that Section 3 of the Defense of Marriage Act (“DOMA”) was unconstitutional. As a result, the IRS and the DOL declared that employee benefit plans must now treat same-sex spouses in the same manner as opposite-sex spouses. To this end, plan sponsors should review the plan documents and gather information to determine the impact of this guidance. Specifically, plans should update eligibility provisions, adjust imputed income practices and review plan definitions of “spouse” to ensure compliance before year end.
  • HIPAA.  In January 2013, the government released final HIPAA regulations which became effective September 23, 2013. Sponsors of group health plans should review and update their plan’s HIPAA materials as necessary to ensure compliance with the new regulations. This review should include the plan’s HIPAA Privacy Notice, Business Associate Agreements and HIPAA Privacy Policies.

Sponsors of group health plans should continue focus their efforts on getting ready for the full onset of the ACA’s employer mandate. Under the mandate, large employers will be subject to significant penalties if they fail to offer health coverage or fail to offer sufficient health coverage to their full-time employees. Employers should have measurement periods in place and should continue to examine their workforce, particularly part-time and/or seasonal employees, in order to finalize their health care reform strategies for 2015.

Retirement Plans

Although the ACA has dominated the employee benefits news this past year, plan sponsors of retirement plans are equally affected by the Supreme Court’s ruling on DOMA. Additionally, retirement plans are subject to a variety of annual disclosure obligations. Here are a few of the year-end compliance highlights:

  • Safe Harbor 401(k) Plans.  Plan sponsors of safe harbor 401(k) plans must provide all participants an annual notice describing the employer’s safe harbor contributions. This notice must be provided to participants at least 30 days (but not more than 90 days) before the first day of the plan year. For most plans, the notice was due December 1, 2014.
  • Automatic Enrollment Features.  Plans that automatically enroll participants are required to provide participants with an annual notice describing the plan’s enrollment and contribution features. This notice must be provided to participants at least 30 days (but not more than 90 days) before the first day of the plan year. For most plans, the notice was due December 1, 2014.
  • Funding Notice for Defined Benefit Plans.  Defined benefit plans are required to provide participants with a funding notice summarizing the plan’s assets and liabilities, its funding status for the previous two years and certain other information. The notices are due no later than 120 days after the close of the plan year. For most large plans, the notice must be provided by April 30, 2015.
  • Qualified Default Investment.  Where participants are allowed to direct their own investments, defined contribution plans are allowed to select a “qualified default investment” in which participants’ assets will be invested if the participant does not select an investment option. The plan sponsor must give participants notice of the plan’s qualified default investment. This notice must be provided to participants at least 30 days (but not more than 90 days) before the first day of the plan year. For most plans, the notice was due December 1, 2014.
  • DOMA.  Pursuant to the Supreme Court ruling and guidance from the IRS, same-sex spouses must be treated as lawful spouses for purposes of maximum benefit limitations, spousal consent rules, rollovers, death benefits, minimum required distributions, availability of in-service hardship withdrawals and assignment of benefits under qualified domestic relations orders. At a minimum, plan sponsors should review the plan documents, policies and procedures to determine whether additional amendments are needed to reflect these changes.

Complying with the IRS and the DOL notice requirements is an important part of the plan administration process. Furthermore, penalties for noncompliance can be significant. Penalties for noncompliance generally begin at $100 per day per affected participant or beneficiary.

Compliance Assistance

We understand this is a busy time of year for many of our clients and that it’s easy to overlook small details. If you have any questions regarding the above items or have any related compliance questions, be sure to contact your McGrath North attorney.

Share Button

Good Housekeeping: The Importance of Diligent Investment Committee Meetings

investment committee meetingsIt’s that time of year again—time for your quarterly investment committee meetings.  It’s no coincidence that the ‘failure to operate benefit plans in a prudent manner’ is at the top of the Department of Labor’s (DOL) list of common plan failures. (See the full list of common plan failures at the link below.)  The DOL has a variety of investigative initiatives intended to root out these types of compliance issues.  For instance, the DOL currently has a compliance initiative focusing on the types of compensation paid to plan consultants and investment advisors. Additionally, the DOL has initiatives focusing on certain types of benefit plans (e.g., multiple employer welfare arrangements, employee stock ownership plans, etc.).  In 2013, the DOL’s enforcement branch collected over $1.6 billion in penalties and assets recovered as a result of its examination efforts. 

For a full list of the DOL’s examination initiatives and common compliance errors, visit:

http://www.dol.gov/ebsa/erisa_enforcement.html   

For a summary of the DOL’s enforcement achievements, visit:

http://www.dol.gov/ebsa/newsroom/fsFYagencyresults.html

Make sure your company is protected from fiduciary challenges and DOL audits by implementing prudent administration procedures, starting with quarterly investment committee meetings.  Investment committees should examine retirement plan performance and investment objectives. Committees should be guided by the plan’s Investment Policy Statement as well as a committee charter or bylaws setting forth the role of the committee and its operational rules. The implementation of prudent plan administrative procedures can go a long way in protecting plan fiduciaries from participant lawsuits.

Share Button