The Department of Labor Reiterates Focus on Cybersecurity
The US Department of Labor (DOL) issued a press release on September 6, 2024, reminding ERISA plan fiduciaries that it considers cybersecurity to be an area of ‘great concern,’ emphasizing the DOL will continue to investigate potential cybersecurity-related ERISA violations. The press release accompanied guidance which updated the DOL’s 2021 cybersecurity guidance; most significantly, it clarified the 2024 updates apply to all types of ERISA plans, including health and welfare plans.
Background
The DOL issued three pieces of guidance in 2021 intended to address the intersection of cybersecurity and ERISA-covered plans. Each piece of guidance was addressed to a different audience:
- Online Security Tips was addressed to ERISA plan participants.
- Tips for Hiring a Service Provider with Strong Cybersecurity Practices (Hiring Tips) was addressed to ERISA plan fiduciaries.
- Cybersecurity Program Best Practices (Best Practices) was addressed to ERISA plan vendors and fiduciaries selecting and monitoring such vendors.
The 2021 guidance was framed only in terms of retirement plans, but it could be read to cover all ERISA plans.
2024 Updates
Outside of clarifying that the DOL’s cybersecurity guidance applies to all ERISA plans – retirement plans and health and welfare plans alike – the 2024 updates were limited:
• In Online Security Tips, the 2024 update tweaked the frequency with which it recommends participants update their passwords (changing it from 120 days to annually), clarified participants should not use common passwords (as opposed to stating they should not use dictionary words), and suggested participants favor longer passwords instead of more frequent resets.
• In Hiring Tips, the 2024 update clarified ERISA plan fiduciaries should ensure their vendors’ insurance coverage covers cybersecurity breaches and incidents involving the plan.
• In Best Practices, the 2024 update indicated ERISA plan vendors who follow these best practices should adopt certain multifactor authentication processes, as well as notify participants of unauthorized acquisition of their personal data without unreasonable delay.
The Bottom Line
Despite the limited scope of the 2024 updates, the takeaway is clear: the DOL continues to see cybersecurity as a top priority, and all ERISA plan fiduciaries (including those overseeing health and welfare plans) should be prepared for the DOL to investigate the steps taken to mitigate their plans’ cybersecurity risks.
In light of this clear message from the DOL, fiduciaries and service providers to ERISA plans (that have access to data and or assets) may want to consider evaluating the plan’s cybersecurity regime, such as through a cybersecurity self-audit, adoption of a cybersecurity policy, or through other improvements to the cybersecurity and or monitoring processes.
For group health plans, this can be done in conjunction with the self-audits that must be conducted to develop those policies and procedures required under the HIPAA Privacy and Security Rules. Final Rules issued under HIPAA earlier this year require group health plans to update their HIPAA privacy policies and procedures and provide associated workforce training by December 22, 2024.
If you need assistance with such process improvements, or have any questions about the impact of this guidance or fiduciary oversight of cybersecurity risk, please contact the Shepherd Financial team.
SECURE 2.0: Catch-Up Contributions
With SECURE 2.0’s increased catch-up contribution limits set to take effect next year, it’s time for 401(k) plan sponsors to brush up on the rules and consider how to administer the changes. Under the current rules, 401(k) plans may allow participants to make catch-up contributions when they are age 50 or older. For 2024, the catch-up contribution limit is $7,500.
SECURE 2.0 creates a window of increased catch-up contribution limits for participants ages 60 – 63. Below are key questions 401(k) plan sponsors are asking about this change:
Are the changes mandatory?
Plan sponsors are not required to offer catch-up contributions. However, if a plan allows for catch-up contributions, it is important to check with the plan’s recordkeeper to determine whether or not opting out of the increased catch-up contribution limit will be permitted.
When do the changes take effect?
The new limits take effect for tax years beginning after December 31, 2024.
Which participants are eligible for the increased limit?
Participants are eligible for the increased limits for the years in which they attain ages 60, 61, 62, and 63.
What is the increased limit?
The increased catch-up contribution limit for eligible participants is the greater of: (a) $10,000, subject to cost-of-living adjustments starting in 2026; or (b) 150% of the limit in effect for 2024 (i.e., $11,250).
While the change seems straightforward, administration may be complex. For example, plan sponsors should consider how to track eligibility for the increased limits, in addition to tracking eligibility for regular catch-up contributions. Plan sponsors should also consider how to re-impose the lower catch-up contribution limits when participants age out of the higher limits. Employers may need to work with their payroll teams and update their existing processes (e.g., payroll codes) to implement these changes.
Finally, keep in mind that the increased catch-up contribution limits are separate from the SECURE 2.0 Roth catch-up rule for certain high-earning individuals, which the IRS delayed to 2026.
SECURE 2.0: RMDs
SECURE 2.0 brought significant changes to retirement planning and distributions, including updating the Required Minimum Distribution (RMD) requirements. As background, RMDs are the minimum amounts that individuals who attain their ‘required beginning date’ must withdraw from their retirement accounts each year.
SECURE 2.0 introduced several changes to the rules on RMDs, including the following:
Delaying the Age for RMDs
The age for starting RMDs has been raised from 72 to 73 years. This increased age provision phases in over time, with the final adjustment taking effect in 2033 to age 75. The change recognizes that many Americans are working and saving for retirement for longer periods, and the later distribution requirement allows for more flexibility in managing retirement assets.
No RMDs from Roth Accounts
Starting with the 2024 calendar year, participants are no longer required to take RMDs from their retirement plan Roth accounts. This change aligns the RMD rules for Roth accounts in retirement plans with the rules applicable to Roth IRAs.
Decreased Penalties for Missed RMDs
The excise taxes for failing to take an RMD have been decreased from 50% to 25% of the RMD amount not taken. The penalty may be further reduced to 10% if the RMD is corrected in a timely manner.
Watch Your Language
Every group has its own lingo. When football coaches speak about designing receiver slants, hitting the A-gap, or running stunts, players quickly understand their roles. Likewise, as theater buffs converse about moving stage left, blocking, and striking, no one bats an eye. But if you’re not part of either group, it might just sound like gibberish.
The retirement industry has this problem, too. Advisors and plan sponsors use technically-correct language to describe company plans, features, and savings strategies, but the jargon is causing a disconnect. Research has revealed participants find their retirement plans to be confusing; their desire for clearer language should be a loud call for our attention. If they don’t understand their options, participants may be less likely to make appropriate decisions about their retirement plan account.
As mentioned in previous posts, different generations desire different benefits options, but they also have unique communication needs. This is true for not only how we communicate but what we communicate. A baby boomer may be looking for financial advice, while a millennial might prefer a financial coach or financial counseling.
Plan enrollment is a critical time to help employees see the big picture. Defined contribution is a somewhat clunky term – employees can be encouraged to participate in their workplace savings plan. And instead of talking about a deferral rate, employees might better understand phrases like the amount you contribute or the percentage of your paycheck that you put in the plan.
The employer match is also a point of confusion, but clarification is critical for increasing participants’ savings rates. Telling participants about free money and the ability to significantly increase their total amount of retirement savings resonates with their goals.1 After defining the company match, it’s important to explain how that money is vested – but very few employees have any idea what a vesting schedule is. They might, however, be very interested to hear about the rate of ownership for that free money.
Finally, it’s easy to quickly get in the weeds when it comes to investment terminology. Target date funds are the victims of plenty of industry jargon. A helpful explanation about their intent may include language about a customized strategy that is managed for you and designed to help achieve your goals.1 Talking about a glide path may illicit blank stares, while a risk-reduction path1 over the course of working years is easier to understand.
Ultimately, no language choice will be the perfect fit for all employees, but it remains essential for advisors to prioritize speaking in more understandable and relatable terms.
Save More. (And Save Smarter.)
No matter our job titles here at Shepherd Financial, we are all nerds. Every last one of us. Case in point: every year, the IRS announces new contribution limits for retirement savings.
Because it’s vital information for how we operate, timeliness is essential – so at a meeting several weeks ago, I jokingly suggested there would be a prize for the team member that conveyed the new information to me first. Perhaps the IRS caught wind of our challenge; instead of releasing the limits mid-October, as they traditionally have, we waited with bated breath until November 1st.
(I’m completely serious when I tell you one team member set her Twitter account to alert her every time the IRS tweeted. She still didn’t win.)
In brief, the new limits: in 401(k), 403(b), and most 457 plans, the contribution limit was raised from $18,500 to $19,000. Not a huge jump, and the limit tends to increase by about that much every year. Significantly, though, the IRS has increased the contribution limit for traditional individual retirement accounts (IRAs) for the first time since 2013 (the limit is now $6,000).
But what’s the big deal, you might be asking? Essentially, the government has enabled Americans to save more. Larger retirement contributions can mean lower tax bills and more income in retirement. And if you happen to be an American with a late start on your retirement savings, this is good news. If you’re over age 50, between your 401(k), IRA, and catch up contributions, you could save $32,000 in 2019. That doesn’t even take into account an employer match or integrating a health savings account in your retirement investment strategy.
And that’s where saving smarter comes in. All these investment vehicles play a unique role in your overall retirement savings strategy. If you’re not sure about how to best utilize each one, call our team at Shepherd Financial. We nerds have a great time figuring this out every day.
What Are You Waiting For?
Are you a procrastinator? Do you get a rush from delaying things until their final deadlines? You’re certainly not alone. Many people will sheepishly admit to sometimes pushing work to the last minute. But it could be a problem if you’re part of the 20% of the population known as chronic procrastinators, whose delays create havoc and undermine goals in multiple areas of their lives.
At the halfway point of 2018, we have to ask: where do you fall on the spectrum? And is your procrastination affecting others? As a plan sponsor, it’s your fiduciary duty to prioritize your company’s retirement plan and participants. So those financial wellness goals you set in January? Pretty important. The pending decisions about plan design? Critical and time sensitive.
First, remind yourself of the priority items for this year. If this was never a discussion with your advisor, schedule a review meeting right now. You need to have a clear picture of where you’re going to determine the steps you should be taking along the way. Analyze what adjustments might need to be made to those goals since a great deal of change can occur over the course of six months.
With regard to financial wellness, consider your employee population and anything you’ve learned about them. Do you know their communication preferences? It may be helpful to integrate those attributes and desires in your overall delivery strategy. Examine the type and frequency of participant meetings. Are your employees engaged? Do they have access to appropriate resources? If the answer to either question is no, consider the changes needed to help your employees retire well. You should also think about how you currently measure the success of your financial wellness program – what are your metrics? What results have you seen so far this year?
Perhaps you want to implement a safe harbor contribution provision in your plan design. Well, don’t delay – missing the deadline can be costly. To obtain the safe harbor exemption from ADP and ACP testing for the remainder of the year and ensure an active safe harbor plan by January 1st, the setup process should begin no later than September 15th. Since you must provide notices to your employees at least 30 days (but no more than 90 days) before the beginning of the plan year, notices should be delivered by December 1st.
So even if you’re infamous for your procrastinating ways, here’s your gentle reminder: your deadline is now. Do the things you’ve been delaying – at least when it comes to your company’s retirement plan.
Litigation Nation: How to Avoid the Danger Zones
‘I don’t know if you’ve been watching the news lately, but we live in contentious times,’ said [anyone at any given moment in history]. It seems to be the case that putting people near each other is the fastest way to guarantee discord of some kind. In our industry, that can play out in a number of ways; making major headlines these days, though, are lawsuits targeting 401(k) plans.
For the last decade, most of these lawsuits have been aimed at mega plans – those in the multibillion-dollar arena – and their service providers. But the past few years have seen this litigation creep down market and target plan sponsors for their lack of fiduciary prudence. So the question must be asked: as a plan sponsor, do you know how to help reduce the threat of litigation?
First, remember the point of the 401(k) plan is to help employees achieve desired retirement outcomes. In other words, your legal obligation is to ensure your plan’s administration and investment management decisions are in the best interest of the participants. Keeping that in mind, it’s useful to understand potential danger zones.
Inappropriate investment choices – ERISA puts the emphasis on a prudent decision-making and monitoring process in the selection of investments, rather than on the specific funds chosen. Creating an investment policy statement (IPS) is the best way to establish guidelines for making investment-related decisions in a prudent manner, but plan sponsors must be diligent in following its criteria and objectives. Once established, failure to follow an adopted IPS could be considered a demonstration of fiduciary imprudence.
Excessive fees – Again, ERISA requires a careful, prudent process to ensure no more than reasonable fees are paid for necessary services. High fees aren’t inherently bad, but they can become legally problematic if a plan sponsor can’t demonstrate their prudent decision-making. Understanding if fees are reasonable requires a thorough benchmarking process – fund fees should be compared to other funds with similar risk/return and asset class characteristics, and plan fees (recordkeeping, administration, advising, and any other recurring expenses) should be compared to peer plans.
Documentation is an important element here – formally demonstrate the process undertaken to select and regularly monitor investments, review fees charged and services received, and choose which benchmarks were used. Continue to monitor fees over time and consider how changes in the plan have affected those fees. (For example, as plan assets grow over time, the plan may become eligible for a lower cost share class.)
Committee members who both understand and properly execute their fiduciary roles and responsibilities are better equipped to serve their plan participants and avoid litigation. That’s a winning formula for everyone (except the litigation lawyers, I guess).
View from the Top: Our NAPA 401(k) Summit Roundup
Because we’re passionate about staying at the forefront of industry trends and regulations, Shepherd Financial recently sent a team to the National Association of Plan Advisors (NAPA) 401(k) Summit. This national conference allows industry experts to interact and share relevant, best-practice strategies for serving retirement plans. Our team highlighted the following topics as key difference makers in the retirement industry, plan administration, benefits collaboration, and plan participant financial wellness:
Industry News: Plan Litigation
The news continues to swirl with lawsuits against corporations, alleging their 401(k) plans have high fees harming employees. Such litigation has brought greater awareness to the fees being charged in plans, as well as a sense of urgency for retirement plan committees to take their fiduciary duties seriously. For example, the duty of exclusive benefit means fiduciaries must be aware of and fully understand all expenses paid from the plan – but it doesn’t end there. Expenses must also be deemed reasonable for the services provided. There is no obligation to choose providers or investments with the lowest costs; the best choice for a plan is unique to the plan’s objectives and characteristics. The most important elements for avoiding litigation over fees come in the form of a consistent process and thorough documentation.
Plan Administration: Committee Relationships
It can be beneficial to establish a committee to assist plan sponsors in the development of prudent processes for plan governance. It’s considered best practice to select a committee chair and establish a committee charter. Utilizing a committee charter to formally authorize the purpose and scope of the committee defines how committee members are selected or appointed, how often meetings occur, and the roles of any outside consultants. Understanding each party’s role, financial liability, fiduciary responsibility, and signing authority can help ease the administrative burden.
Benefits Collaboration: Health Savings Accounts
The buzz continues around health savings accounts (HSAs): they’re the link between health care and finance, but many employees still don’t understand their unique benefits. These savings vehicles provide triple tax-advantaged opportunities (tax-deductible contributions, tax-free earnings, and tax-free distributions), but few are taking advantage. Often confused with flexible savings accounts (FSAs) or health reimbursement accounts (HRAs) and their ‘use it or lose it’ rule, unused HSA funds from the current year roll over to the next year, so participants don’t have to worry about forfeiting their savings. Additionally, employees are often not saving enough to fully utilize the investing capabilities of the HSA – savings can be invested in mutual funds, stocks, or other investment vehicles to help achieve more growth in the account. Clearer education is needed to enable participants to fully engage in their whole suite of benefits.
Plan Participants: Watch Your Language!
The retirement plan experience can be extremely intimidating for participants, and language choices from both plan sponsors and advisors are important. Communication needs to be positive, reasonable, clear, and personal. Participants respond well to a process that is readily accessible, but they first need to hear why they’d want to participate. Using phrases like ‘a comfortable and enjoyable retirement’ and ‘an easy, cost-efficient, and satisfying path to retirement’ resonated well with employees. Each company has unique demographics, so plan sponsors should work closely with their advisor to determine the best language fit for their participants.
This list doesn’t need to be overwhelming – navigate each of these areas by working with your advisor to create a retirement plan strategy every year. Incorporate a formal process that includes regular plan cost benchmarking, a thoughtful examination of plan design, thorough documentation of committee policies and procedures, and honest conversations about how to better equip participants to retire well.
Spring Cleaning for Plan Sponsors
Did you know Department of Labor investigations consistently find failures in over 70% of retirement plan audits? These findings could be anything from failing to monitor the plan to defects in plan administration to misinterpreting plan provisions. Since spring is now officially upon us, consider a few suggestions for cleaning up your retirement plan.
Review your plan documents
First of all, it’s pretty helpful to know where they are – an auditor would certainly want to. Plan documents include the adoption agreement, amendments, summary plan description, investment policy statement, and so on. If you don’t have a fiduciary file or secure online vault in which to store these documents, start one today. Request any missing documents from the appropriate parties. Next, verify your plan documents are compliant with laws and regulations; amend them as required. Most importantly, though, ensure you are adhering to them!
Know your roles
To be compliant, the people running your day-to-day operations need to understand both the plan documents and their fiduciary duties. Define roles and clarify responsibilities. Don’t forget to document these assignments, as well as the processes to implement them – it may be beneficial to utilize a committee charter, fiduciary acceptance and acknowledgement letters, or a retirement plan internal controls policy. It’s important to be aware of all the fiduciaries serving your plan, because you have potential liability for their actions. And even if you have delegated certain fiduciary duties to others, you still retain fiduciary responsibility for prudently monitoring their performance.
Monitor the contribution process
The most common ERISA violation is making delinquent contributions and loan repayments. No matter who is responsible for remitting contributions, you must know your plan’s reasonable standard and understand the overall remittance process. Take care to monitor the responsible parties so you are attuned to issues as they arise; if they do, work with an advisor to determine how you should correct late payments, as well as report delinquent payments on your Form 5500.
Schedule your audit
If you haven’t done so already, schedule your plan’s required audit. Take care as you select your auditor: an auditor plays an important role in the health of your plan, so be sure to ask clarifying questions regarding their capabilities, workload, credentials, etc. Exhibit due diligence by documenting your selection process.
Clear the clutter
You also have a fiduciary responsibility to monitor the assets held in your plan and prudently act on your participants’ behalf. This includes terminated participants with account balances in the plan. And that’s not all. Those terminated participants are also required to receive benefit statements and plan disclosures. Depending on your service agreements, you may be paying a per-participant fee to maintain these terminated account balances. Discuss with your advisor if it would be beneficial to initiate a force-out campaign – following the terms of your plan document, of course!
Look ahead
You have three quarters left to achieve the goals initially set for 2018. Preparing participants for retirement might be high on the list (we sure hope so!), but have you put plans in place to make it happen? Pull out your calendar and prioritize time for your employees – schedule enrollment and engagement meetings to increase their financial wellness. Equip them with the tools they need to succeed. Determine the metrics you’ll use to track their progress, then decide next steps based on that data.
Being a plan fiduciary is not a duty to take lightly – there are many administrative and compliance-related tasks to perform. But we do believe you should take pride in being a good steward of your company’s retirement plan assets, because it means you are better equipping your employees for retirement. After all, the primary purpose of a retirement plan is to provide benefits for plan participants and beneficiaries. So roll up your sleeves and take time to polish your plan.
Putting the Fun in Fund Selection
Our team at Shepherd Financial is passionate about creating retirement-ready employees and responsible plan fiduciaries. One of the many ways we achieve these goals is through our extensive fiduciary training. Committee members and key personnel are equipped with critical knowledge to properly execute their roles and responsibilities. As a result, participants may achieve more successful outcomes, because their plan is carefully developed and monitored.
An important component of fiduciary training is learning how to monitor investments. This includes the following tasks:
- Setting overall objectives and investment strategies for the plan
- Selecting appropriate investments in light of these goals and strategies
- Monitoring the plan’s investment options on an ongoing basis
- Adding or removing investments, when warranted, over time
- Ensuring the investment options meet the provisions of the investment policy statement (IPS)
- Reviewing the organizational structure of the portfolio managers
As you think about investment selection and monitoring within your own plan, there are certainly many factors contributing to participant retirement readiness, but selecting an appropriate qualified default investment alternative (QDIA) is critical; without an approved QDIA, participants who are not actively engaged or knowledgeable in selecting their investment mix could wind up in a fund that is not suitable for their circumstances. An approved QDIA can consist of a target date retirement fund, a balanced fund, or a professionally managed account. Notice requirements must also be met for a fund to qualify as a QDIA.
Three factors should be considered when selecting the QDIA for your plan: your participant base, risk, and the elements of a periodic review.
1. Participant Base
Think about the characteristics of your participant population, such as their salary levels, contribution rates, typical retirement age, and post-retirement withdrawal patterns. Also consider their ability to stick with the default fund over time.
2. Risk
Risk, rather than returns, is a critical component impacting participant behavior. Make sure you understand the inherent risk associated with the QDIA – for a target date fund, examine the glidepath, asset classes, and how the asset allocation can impact participants at different phases (accumulation, nearing retirement, at retirement, and beyond retirement).
3. Periodic Review
In addition to performance, risk, and fees, determine if any information used in the initial selection of the QDIA has changed. Consider fund manager, strategy, or objective changes, as well as if your initial objectives for the QDIA itself have changed.
Shepherd Financial is a fiduciary, in writing, for each of our clients. Our commitment to this standard permeates our fiduciary training, fund screening, and due diligence processes, because we believe in working together with plan sponsors and participants to help pursue retirement health.
There is no assurance the Fund will achieve its investment objective. The Fund is subject to market risk, which is the possibility that the market values of securities owned by the Fund will decline, and, therefore, the value of the Fund shares may be less than what you paid for them. Accordingly, you can lose money investing in a Fund. A plan of regular investing does not assure a profit or protect against loss in a declining market. You should consider your financial ability to continue your purchase throughout periods of fluctuating price levels. Please obtain a prospectus for complete information including charges and expenses. Read it carefully before you invest or send money. None of the information in this document should be considered as tax advice. You should consult your tax advisor for information concerning your individual situation.
Risk-adjusted performance is the performance of a security or investment relative to its risk. One may calculate the risk-adjusted performance in a number of ways. One may consider the investment’s volatility. Alternatively, one may compare its performance to the performance of the marketa s a whole or relative to securities or investments with similar levels of risk.
Investments in Target Date Funds are subject to the risks of their underlying funds. The year in the fund name refers to the approximate year (the target date) when an investor in the fund would retire and leave the workforce. The fund will gradually shift its emphasis from more aggressive investments to more conservative ones based on its target date. The principal value in a Target Date Fund is not guaranteed at any time, including on or after the target date, which is the approximate date when investors turn age 65. Should you choose to retire significantly earlier or later, you may want to consider a fund with an asset allocation more appropriate to your particular situation. The funds invest in a broad range of underlying mutual funds that include stocks, bonds, and short-term investments and are subject to the risks of different areas of the market. The funds maintain a substantial allocation to equities both prior to and after the target date, which can result in greater volatility. All investing is subject to risk, including the possible loss of the money you invest. Diversification or asset allocation do not ensure a profit or protect against a loss. Investments in bonds are subject to interest rate, credit, and inflation risk.
A Balanced Portfolio is a portfolio allocation and management method aimed at balancing risk and return. Such portfolios are generally divided equally between equities and fixed-income securities.