Seminar Recap: 2024 Employee Benefit Plan Risk Update

Posted on August 23, 2024August 27, 2024

During AAFCPAs’ recent Nonprofit Seminar (April 2024), Shawn P. Huxley, CPA, MSA and Davide Villani, CPA, CGMA updated approximately 400 attendees on employee benefit plan risk.

The full session was recorded and may be viewed as a webcast at your convenience.>>

Secure Act 2.0 Overview

Secure Act 2.0 is designed to increase access to retirement plans, encourage retirement savings, and simplify and clarify retirement plan rules. This act is comprehensive, with more than 90 provisions in all. Plan amendments generally need to be made by the end of the first plan year beginning on or after January 1, 2025. However, plans must operate in accordance with the effective dates of these provisions. The following focuses on a few significant mandatory and optional provisions and offers suggestions for implementation.

Mandatory Provisions

Long-Term Part-Time Employees: The original Secure Act in 2019 introduced a rule for 401(k) plans regarding long-term part-time employees. Secure Act 2.0 expands this to 403(b) plans. Effective 2025, employees working 500 hours or more in two consecutive 12-month periods will be eligible to participate. Plan sponsors should begin tracking hours for long-term part-time employees beginning in 2023 and into 2024.
Catch-Up Contributions: Previously, individuals over the age of 50 could make additional pre-tax contributions. Beginning December 31, 2025, if an employee’s income exceeds $145,000 in the previous year, catch-up contributions must be made as after-tax Roth contributions versus pre-tax deferral. This change addresses administrative challenges. The $145,000 threshold will be indexed for inflation.
Required Minimum Distributions (RMDs): RMD ages have gradually increased from 70.5 to 72 and now 73 since 2023. By 2033, this age will increase to 75.

Optional Provisions

Involuntary Cash-Outs: Effective this year, the threshold for involuntary cash-outs of terminated employee balances increases from $5,000 to $7,000. This change helps in managing plan assets by reducing the number of inactive participants, potentially eliminating the need for an audit. Another benefit to this is that you can provide participants with their retirement distribution faster when they leave the organization.
Self-Certification of Hardship Distributions: This provision lets participants self-certify hardship withdrawals, shifting the burden of documentation from the plan sponsor to the participant, thus reducing administrative responsibilities for sponsors.

AAFCPAs advises that clients review mandatory and optional provisions internally and with their advisors. Determine which optional provisions to adopt and coordinate with providers to understand the impact on day-to-day operations. Key areas to review include plan documents, payroll systems, and HR systems. Consider how you will track long-term part-time employees and participants making catch-up contributions. Given the amount of new data to track, clients will need to ensure all systems can handle those new tracking requirements and maintain open communication with finance, payroll, and HR teams as well as third-party administrators and record keepers.

Cybersecurity Risk Update

The Department of Labor (DOL) continues to issue cybersecurity alerts, emphasizing that retirement plans are not immune to cyber threats. Retirement plans hold a wealth of personal information and significant assets, making them attractive targets for cybercriminals. Risks include identity theft, beneficiary theft, and the theft of personal information. The DOL reminds plan sponsors that they are fiduciaries and have an obligation to mitigate these cybersecurity risks.

Plan sponsors face the challenge of balancing security with accessibility. While it is essential to provide employees with online access to manage their retirement assets and investment options, it is equally crucial to protect that information. The Department of Labor offers online guidance to help plan sponsors navigate these challenges and ensure the security of their employees’ information.

The DOL has focused on three key areas:

Have strong access control procedures.
Ensure any assets or data stored in a cloud or managed by a third-party service provider are subject to appropriate security reviews and independent security assessments.
Encrypt sensitive data stored and in transit.

Student Loan Payment Match

Another area generating considerable interest among plan sponsors is the provision for matching student loan payments. This optional feature lets employers match contributions based on their employees’ student loan payments, potentially aiding those who are unable to contribute to their retirement plans due to student debt. However, the lack of detailed administrative guidance has posed challenges. Key questions remain about the frequency of matching (monthly or annual), the type of documentation required from employees to verify loan payments, and the overall process for integrating this provision into existing plan structures. Despite uncertainties, the intention behind this provision is commendable and designed to support employees burdened by student loan debt. More comprehensive guidelines are anticipated to clarify the administration of this provision in the future. AAFCPAs advises that clients considering any provisions reach out to their service provider for assistance.

Proposed Fiduciary Advice Rule

More than $1.3 trillion is invested in 403(b) accounts. Participation in these plans has also reached record levels. Nearly one-third of 403(b) plans have automatic enrollment and more employers are offering matching contributions. They’re also doing a lot to help educate employees on the benefits of saving for retirement.

With that, the DOL has released a new fiduciary rule, expanding the definition and responsibilities of fiduciaries. This update reflects the shift from defined benefit pension plans to defined contribution plans like 401(k) and 403(b). The rule clarifies who is considered a fiduciary and strengthens guidelines for providing prudent investment advice to participants.

As plan sponsors, it is crucial to stay informed and proactive when managing retirement plans. Secure Act 2.0 introduces significant changes that require careful implementation and coordination. Additionally, ongoing cybersecurity vigilance and a thorough understanding of fiduciary responsibilities are essential to safeguard your plans and support your employees’ retirement savings.

If you have questions, please contact Shawn P. Huxley, CPA, MSA, Partner, Employee Benefit Plans at 774.512.9075 or shuxley@nullaafcpa.com, Davide Villani, CPA, CGMA, Partner, Employee Benefit Plans at 774.512.4012 or dvillani@nullaafcpa.com—or your AAFCPAs Partner.

About the Authors

Shawn P. Huxley, CPA, MSA

Shawn is a leader in AAFCPAs’ specialized Employee Benefit Plan Audit & Consulting Practice with extensive expertise in Employee Retirement Income Security Act (ERISA) and Department of Labor (DOL) standards, including those related to audits of 401K and 403B Plans. Shawn is Co-Chair of the MassCPAs’ ERISA Accounting & Auditing Committee where he shares information on best practices and specific audit procedures relating to ERISA audits to improve the overall quality of these types of audits. …

Davide Villani, CPA, CGMA

Davide is a leader of AAFCPAs’ specialized Employee Benefit Plan Audit & Consulting Practice with extensive expertise in ERISA standards. He provides meaningful audits, done efficiently by a dedicated employee benefit plan audit practice within a 300-person CPA & consulting firm, and with access as needed to the resources of PrimeGlobal, the 4th largest CPA firm network globally. He audits and advises plan sponsors on ERISA compliance requirements, including those associated with administering 401K, 403B, …

Related Insights

October is Cybersecurity Awareness Month. Are You Prepared?

Cybersecurity Awareness Month is observed in October in the United States to raise awareness about the importance of protecting digital systems and data from cyber threats. As of the third quarter of 2024, there were over 2,000 reported data breaches affecting an estimated 1.3 billion individuals globally with major breaches affecting companies like UnitedHealth, Snowflake, […]

Fidelity E-Delivery Initiative Spurs a Surge of Phishing Scams

Last week, AAF Wealth Management informed clients about an upcoming outreach effort by Fidelity Investments and cautioned them of an increase in phishing scams as a result. During the week of September 16, Fidelity begins an email campaign to encourage clients to switch from paper copies to electronic delivery of all documents. This affects investors […]

AI Risks: Establishing Workplace Guidelines 2024

AI Risks: Establishing Workplace Guidelines | Webinar OnDemand Watch AAFCPAs’ business intelligence, cybersecurity, and information risk management leaders for an informed discussion on AI risks in the workplace, from algorithm manipulation to misinformation, privacy safeguards, and transparency. Learn ways to mitigate risk by pairing AI-powered tools with human empathy, imagination, and forward-thinking capabilities. Future-proof your […]