The Department of Labor Reiterates Focus on Cybersecurity
The US Department of Labor (DOL) issued a press release on September 6, 2024, reminding ERISA plan fiduciaries that it considers cybersecurity to be an area of ‘great concern,’ emphasizing the DOL will continue to investigate potential cybersecurity-related ERISA violations. The press release accompanied guidance which updated the DOL’s 2021 cybersecurity guidance; most significantly, it clarified the 2024 updates apply to all types of ERISA plans, including health and welfare plans.
Background
The DOL issued three pieces of guidance in 2021 intended to address the intersection of cybersecurity and ERISA-covered plans. Each piece of guidance was addressed to a different audience:
- Online Security Tips was addressed to ERISA plan participants.
- Tips for Hiring a Service Provider with Strong Cybersecurity Practices (Hiring Tips) was addressed to ERISA plan fiduciaries.
- Cybersecurity Program Best Practices (Best Practices) was addressed to ERISA plan vendors and fiduciaries selecting and monitoring such vendors.
The 2021 guidance was framed only in terms of retirement plans, but it could be read to cover all ERISA plans.
2024 Updates
Outside of clarifying that the DOL’s cybersecurity guidance applies to all ERISA plans – retirement plans and health and welfare plans alike – the 2024 updates were limited:
• In Online Security Tips, the 2024 update tweaked the frequency with which it recommends participants update their passwords (changing it from 120 days to annually), clarified participants should not use common passwords (as opposed to stating they should not use dictionary words), and suggested participants favor longer passwords instead of more frequent resets.
• In Hiring Tips, the 2024 update clarified ERISA plan fiduciaries should ensure their vendors’ insurance coverage covers cybersecurity breaches and incidents involving the plan.
• In Best Practices, the 2024 update indicated ERISA plan vendors who follow these best practices should adopt certain multifactor authentication processes, as well as notify participants of unauthorized acquisition of their personal data without unreasonable delay.
The Bottom Line
Despite the limited scope of the 2024 updates, the takeaway is clear: the DOL continues to see cybersecurity as a top priority, and all ERISA plan fiduciaries (including those overseeing health and welfare plans) should be prepared for the DOL to investigate the steps taken to mitigate their plans’ cybersecurity risks.
In light of this clear message from the DOL, fiduciaries and service providers to ERISA plans (that have access to data and or assets) may want to consider evaluating the plan’s cybersecurity regime, such as through a cybersecurity self-audit, adoption of a cybersecurity policy, or through other improvements to the cybersecurity and or monitoring processes.
For group health plans, this can be done in conjunction with the self-audits that must be conducted to develop those policies and procedures required under the HIPAA Privacy and Security Rules. Final Rules issued under HIPAA earlier this year require group health plans to update their HIPAA privacy policies and procedures and provide associated workforce training by December 22, 2024.
If you need assistance with such process improvements, or have any questions about the impact of this guidance or fiduciary oversight of cybersecurity risk, please contact the Shepherd Financial team.
SECURE 2.0: Catch-Up Contributions
With SECURE 2.0’s increased catch-up contribution limits set to take effect next year, it’s time for 401(k) plan sponsors to brush up on the rules and consider how to administer the changes. Under the current rules, 401(k) plans may allow participants to make catch-up contributions when they are age 50 or older. For 2024, the catch-up contribution limit is $7,500.
SECURE 2.0 creates a window of increased catch-up contribution limits for participants ages 60 – 63. Below are key questions 401(k) plan sponsors are asking about this change:
Are the changes mandatory?
Plan sponsors are not required to offer catch-up contributions. However, if a plan allows for catch-up contributions, it is important to check with the plan’s recordkeeper to determine whether or not opting out of the increased catch-up contribution limit will be permitted.
When do the changes take effect?
The new limits take effect for tax years beginning after December 31, 2024.
Which participants are eligible for the increased limit?
Participants are eligible for the increased limits for the years in which they attain ages 60, 61, 62, and 63.
What is the increased limit?
The increased catch-up contribution limit for eligible participants is the greater of: (a) $10,000, subject to cost-of-living adjustments starting in 2026; or (b) 150% of the limit in effect for 2024 (i.e., $11,250).
While the change seems straightforward, administration may be complex. For example, plan sponsors should consider how to track eligibility for the increased limits, in addition to tracking eligibility for regular catch-up contributions. Plan sponsors should also consider how to re-impose the lower catch-up contribution limits when participants age out of the higher limits. Employers may need to work with their payroll teams and update their existing processes (e.g., payroll codes) to implement these changes.
Finally, keep in mind that the increased catch-up contribution limits are separate from the SECURE 2.0 Roth catch-up rule for certain high-earning individuals, which the IRS delayed to 2026.
Essential Cybersecurity Practices
In an age where digital threats are just a click away, understanding how to protect yourself online isn’t just advisable – it’s essential. This guide is your first step toward mastering the essentials of cybersecurity, providing you with the knowledge to shield your personal and financial data from the evolving dangers of the digital world.
The Foundations of Cyber Safety
Embarking on a journey towards comprehensive cyber safety starts with mastering a few fundamental practices. By adopting the four simple steps outlined below, you can significantly enhance your digital security. These measures are designed to fortify your identity and sensitive data against the myriad threats that lurk online. Each step serves as a pivotal building block in constructing a robust defense for your personal and professional digital environments.
Multifactor Authentication (MFA)
Also known as Two Factor Authentication, Two Step Factor Authentication, MFA, or 2FA, they all refer to the same concept: choosing to add an additional verification step when trusted websites and applications require confirmation that you are indeed the person you claim to be when logging into their system. MFA adds a critical layer of security by requiring two forms of identification before access is granted. This method significantly reduces the risk of unauthorized access, even if a password is compromised, because the likelihood that an attacker also has the secondary authentication factor is minimal.
Regular Software Updates
Keeping software up to date is not just about accessing new features but primarily about securing devices from vulnerabilities that hackers exploit. Updates often include patches for security flaws that, if left unaddressed, could allow hackers easy access to your system. We recommend taking it one step further by enabling automatic updates on your operating systems, which will ensure you’re protected as soon as these fixes are available.
Think Before You Click
Over 90% of successful cyberattacks start with a phishing email. These deceptive messages are designed to look legitimate to trick you into giving away sensitive information or downloading malware. Always inspect emails for unusual language or out-of-place requests and verify the authenticity of the message through other communication channels if possible.
Use Strong Passwords
A strong password acts as the first line of defense against unauthorized access. Use long, unique, and randomly generated passwords for different accounts to prevent cross-site breaches. Password managers such as LastPass or 1Password can help manage the complexity of storing and remembering different passwords, enhancing your overall security posture while maintaining convenience.
Vigilance Against Phishing Attacks
Phishing attacks remain one of the most common and pernicious threats in cybersecurity. These attacks often involve fraudsters masquerading as reputable entities to deceive individuals into providing sensitive data.
Identifying Phishing Attempts
Phishing emails or messages often contain suspicious links, urgent requests for information, and slight inconsistencies in email addresses, links, or formatting. Being aware of the possible threat, along with recognizing the signs is crucial in avoiding phishing.
Preventative Measures
Handle unexpected requests for personal information with skepticism. If you receive such a request, do not respond immediately. Instead, verify the sender by contacting the organization through official channels, such as their verified contact number or email address found on their official website.
Education and Training
Educate yourself about the latest phishing tactics through online resources, safety courses, or webinars. Staying updated on new phishing strategies and learning practical tips can enhance your ability to protect your personal data.
Use of Technology
Employ reliable email filtering tools that can screen out suspicious emails. These filters can significantly reduce the number of phishing attempts that reach your inbox, adding an essential layer of security.
By proactively enhancing your knowledge, understanding the basics, and implementing these strategies, you can significantly lower your risk of falling victim to cyber attacks.
SECURE 2.0: RMDs
SECURE 2.0 brought significant changes to retirement planning and distributions, including updating the Required Minimum Distribution (RMD) requirements. As background, RMDs are the minimum amounts that individuals who attain their ‘required beginning date’ must withdraw from their retirement accounts each year.
SECURE 2.0 introduced several changes to the rules on RMDs, including the following:
Delaying the Age for RMDs
The age for starting RMDs has been raised from 72 to 73 years. This increased age provision phases in over time, with the final adjustment taking effect in 2033 to age 75. The change recognizes that many Americans are working and saving for retirement for longer periods, and the later distribution requirement allows for more flexibility in managing retirement assets.
No RMDs from Roth Accounts
Starting with the 2024 calendar year, participants are no longer required to take RMDs from their retirement plan Roth accounts. This change aligns the RMD rules for Roth accounts in retirement plans with the rules applicable to Roth IRAs.
Decreased Penalties for Missed RMDs
The excise taxes for failing to take an RMD have been decreased from 50% to 25% of the RMD amount not taken. The penalty may be further reduced to 10% if the RMD is corrected in a timely manner.
Remember Who Comes First
After attending a recent conference and thinking about the company culture we’re striving to build at Shepherd Financial, this quote from Richard Branson kept running through my head:
‘Clients do not come first. Employees come first. If you take care of your employees, they will take care of the clients.’
It’s true. All the things we’re passionate about here (for our clients!) – creating financially healthy individuals, retirement-ready participants, and responsible plan fiduciaries – happen when we take care of our team first. While we are a young company, our growth has been rapid, and keeping this conversation about culture in the front of our minds is essential to our continued success.
Our leadership team at Shepherd has used the following questions to help guide our planning process. As you craft your own benefits package and design the structure of your retirement plan, consider asking yourself these same questions.
What is your company identity?
In other words: who are you? How did you get here? Why are you doing what you’re doing? If you can clearly articulate the answers to these questions, logical decisions about how to care for your team will follow.
What is the tie-in?
Benefits for your employees should align with what you’re trying to accomplish as a company. Consider your environment and what’s appropriate for your team – from a financial perspective, think about what you can afford, both right now and in the future. If your desire is to offer a more robust package over time, share that vision with your team.
Why do these benefits matter?
When selecting plan specifications (automatic features, vesting schedule, etc.), consider how they will be used to both recruit and retain your employees. Do your benefits meet the practical needs of the people you’ve hired? Are you putting your team members in a position to retire well? Is their hard work going to pay off in the future? How are you financially sharing corporate success with each person?
Ultimately, your retirement plan and benefits package need to reflect how you want to be seen by your employees and the community. Don’t segment your decisions – instead, consider how they impact the whole landscape of your employees’ lives. This process won’t happen overnight, but if you’re not deliberate, it won’t happen at all. Remember who comes first, and act accordingly.
Addressing Multigenerational Communication Styles
As discussed in last month’s blog, employers must rethink the formation of corporate benefits packages to better attract and retain high-quality employees. The key point was creating a benefits package with different and refreshed options (or even deconstructing it to allow for greater choice and flexibility), but an equally important piece of the puzzle is effectively communicating with employees.
Remember, multiple generations make up the modern workforce, and it’s important to understand their different communication needs. Regardless of their generation, each employee may have unique preferences; these should be attuned to and included as the benefits package is created, announced, and implemented.
While the retirement plan is one slice of the holistic benefits package, it comes with its own set of challenges. For example, employee enrollment and deferral eligibility may be different than eligibility to receive employer contributions. An 18-year-old employee just starting their first job may not understand any of those terms, while a 60-year-old transitioning to a new employer might be full of questions about rollovers, in-service distributions, and more.
Will these employees learn best at a group meeting? With customized resource sheets? Working with a financial advisor in a one-on-one setting? Watching a pre-recorded, customized enrollment video? Don’t limit the possibilities, because the answer is likely a combination of several of these options; each generation will desire a range of communication channels. Technology offers more, too – consider email, text messaging, company intranet, webinars, online tools, social media, and apps. Some employees may be content with one-time efforts; others will desire constant engagement and more frequent messaging.
While carrying different expectations for relationships with their employers, commonalities abound among the generations. Employees want fair treatment, to be acknowledged for a job well done, and trust they are working in the right place. Paying attention to these desires, as well as incorporating a flexible benefits package with a healthy variety of communication channels, is ultimately a win for everyone.
Employees really do want to understand their benefits, and as an employer, it is your responsibility to effectively communicate with them. If your current methods aren’t measuring up, call the Shepherd Financial team. We’re here to help.
Rethinking the Employee Benefits Experience
Attracting and retaining high quality employees is not a new challenge, but the benefits landscape has changed dramatically in recent years, particularly since millennials entered the workforce. And now that this generation is today’s largest workforce demographic (hint: it’s your employees who are anywhere from 23 to 38 right now), employers must rethink the construction of the overall benefits package. As you consider how to add value for employees and help your company grow, do you understand what millennials actually want?
The answer is twofold: different options than previous generations required, and the ability to create a customized benefits experience.
Don’t bristle at these desires – especially because of technology, today’s workplace is fundamentally different than it was 20 years ago. It makes sense your employees have new expectations, too. (Speaking of technology, it should be standard to have always-accessible employee benefit information, often through a secure online portal.)
Aside from health insurance and retirement plans, benefit options might include the ability to work remotely, flexibility in work schedules, student loan repayment plans, opportunities for professional development, lifestyle solutions like onsite child care, and corporate investment in wellness initiatives. While some of these options require creative thinking and scheduling, the positive results speak for themselves in overall employee wellbeing and productivity.
Regarding the customized benefits experience, it is becoming increasingly popular – and practical – to offer an à la carte solution. In short, employees receive a fixed amount of money as part of the benefits offering and may decide how to allocate their employer’s contribution. Closer to retirement, a baby boomer might select a higher contribution rate to the company retirement plan and a full suite of health insurance, life insurance, and long-term care insurance; a millennial employee may earmark less money for their retirement plan but include student loan repayment and extra parental leave.
Every company is unique, and so are your employees. Employers certainly have many decisions to make about the options to include, as well as how to structure the benefits program to meet compliance regulations. To discuss ways to better attract and retain employees through the benefits program, call the Shepherd Financial team.
Financial Shutdown
Did the recent 35-day partial government shutdown affect you or someone you know? It’s quite possible, considering it forced 800,000 federal workers to miss paychecks and hurt many small businesses. And since the three-week spending bill expires soon, there could be even more financial repercussions.
These recent circumstances certainly give reason to pause and wonder: are you prepared for a financial shutdown in your life? If that question feels too broad, what about this one: if you were in a serious accident and had to miss work, how long would your current financial situation carry you? 35 days? 6 months?
This is about more than just creating an emergency fund – though you should, since it’s widely touted 40% of Americans can’t cover a $400 emergency. And it’s not just about having proper insurance coverage, though that’s certainly important, too. The bigger issue is thoughtfully creating a financial plan and knowing where to turn if the bottom falls out.
As a plan sponsor, you might feel the pieces in your plan are well-aligned. That’s positive news! But can the same be said for your employees? If they can’t currently address a $400 bill, how would they handle a total shutdown if it occurred? You can help prepare your team by proactively providing education and wellness opportunities, offering useful resources that speak to real situations, and taking the fear out of financial conversations.
Employees don’t get off the hook that easily, though – everyone is ultimately responsible for themselves. Consider the last time you gave yourself a financial checkup. Start with a budget you’ll actually follow, build up your emergency fund, and pay off debt. Then push deeper – ask for help to balance college funding, utilize a health savings account, max out your retirement account options, and optimize tax strategies.
The Shepherd Financial team is always only a phone call away. Whether you’re currently in a financial crisis or want to create a plan to see you through one, we want to help.
Save More. (And Save Smarter.)
No matter our job titles here at Shepherd Financial, we are all nerds. Every last one of us. Case in point: every year, the IRS announces new contribution limits for retirement savings.
Because it’s vital information for how we operate, timeliness is essential – so at a meeting several weeks ago, I jokingly suggested there would be a prize for the team member that conveyed the new information to me first. Perhaps the IRS caught wind of our challenge; instead of releasing the limits mid-October, as they traditionally have, we waited with bated breath until November 1st.
(I’m completely serious when I tell you one team member set her Twitter account to alert her every time the IRS tweeted. She still didn’t win.)
In brief, the new limits: in 401(k), 403(b), and most 457 plans, the contribution limit was raised from $18,500 to $19,000. Not a huge jump, and the limit tends to increase by about that much every year. Significantly, though, the IRS has increased the contribution limit for traditional individual retirement accounts (IRAs) for the first time since 2013 (the limit is now $6,000).
But what’s the big deal, you might be asking? Essentially, the government has enabled Americans to save more. Larger retirement contributions can mean lower tax bills and more income in retirement. And if you happen to be an American with a late start on your retirement savings, this is good news. If you’re over age 50, between your 401(k), IRA, and catch up contributions, you could save $32,000 in 2019. That doesn’t even take into account an employer match or integrating a health savings account in your retirement investment strategy.
And that’s where saving smarter comes in. All these investment vehicles play a unique role in your overall retirement savings strategy. If you’re not sure about how to best utilize each one, call our team at Shepherd Financial. We nerds have a great time figuring this out every day.
Prioritizing Financial Wellness
We are currently faced with a financial epidemic: many employees are on unstable footing due to debt challenges and a lack of emergency savings; others abruptly find themselves responsible for both their aging parents and dependent children. There’s no doubt about it – many employees are financially stressed.
These financial burdens can have negative effects at home and in the workplace, impacting health, relationships, and productivity. As an employer, this should concern you – aside from the possible adverse bearing on your company’s bottom line, it’s also discouraging to know financial stress can have the power to derail top employees.
In fact, 45% of employees say financial matters cause them the most stress in their lives. We believe it’s essential to closely and honestly examine the financial wellness programs currently in place within your company – are they adequately addressing your employees’ needs? Are they producing the behavioral changes necessary to improve employee well-being? If they’re not, consider the following:
Problem: More than a quarter of employees are using credit cards to pay for monthly necessities because they can’t afford them otherwise – and it’s an issue across all income levels.
Suggested courses of action: Host a budgeting and debt management course to help employees understand where their money is coming from, as well as where it’s going. Teach employees how to monitor their credit scores, emphasizing the power of compound interest and how it can either work for or against them.
Problem: Among employees with student loans, a large percentage indicate these are having a moderate to significant impact on their ability to meet other financial goals.
Suggested courses of action: Provide resources to educate employees about student loans and possible payment plans. Offer opportunities to learn about college savings plans to help ease future student loan burdens. Implement a student loan repayment benefit as part of your overall benefits package.
Problem: 47% of employees have less than $50,000 saved for retirement.
Suggested courses of action: Participants must understand the importance of starting early, how to take advantage of the company match, and what kind of gap they face between what’s saved and their retirement-ready futures. Make sure you’re providing sufficient education about your company’s retirement plan, how to enroll, your recordkeeper and their website, and where they can go with any kind of financial questions.
The Shepherd Financial team specializes in customized financial wellness programming, so we’d love to have a conversation about how we can improve your employees’ well-being. Connect with us today at 844.975.4015 or shepfinteam@shepherdfin.com.
Source: pwc, Employee Financial Wellness Survey, 4.16