In today’s environment of rising regulatory scrutiny, retirement plan sponsors must keep up with complex legal requirements, while trying to design effective plans that retain employees.
“Regulators such as the Department of Labor (DOL) actively review plan Form 5500 filings for evidence of noncompliance, inaccurate reporting and excessive fees, especially since electronic filing makes it easier to perform queries,” says Tiffany White, CPA, shareholder at Clark Schaefer Hackett. “The DOL can assess significant penalties for late tax filings or fees to go through a correction program to fix qualified plan violations. Worse, penalties can be assessed at a personal level for plan trustees for a breach of fiduciary duty. And in almost all cases, corrections can be costly, time consuming and disruptive to business.”
Smart Business spoke with White about complying with audit requirements and strengthening your retirement plan.
What can employers do to help keep the plan from becoming a liability?
Effective plan governance is the best defense to manage plan risk. So, you should:
- Establish a plan committee for general oversight, designate an employee as plan administrator to take care of day-to-day plan operations and ensure fiduciary education is provided regularly.
- Hire qualified service providers to deliver needed expertise. Be sure to assess the quality and level of service as compared to the fees charged. Hiring the right expert protects the plan sponsor and might not mean the lowest-cost provider.
Timely, accurate reporting is vital. Qualified plans need to file a Form 5500 and provide various notices each year. Keep a calendar of due dates, and carefully review draft reports for completeness and accuracy.
Common Form 5500 errors include marking incorrect boxes, providing incorrect data, incorrectly reporting expenses and filing the form late. Also, large qualified plans — generally, plans with more than 100 eligible participants — need to attach audited financial statements. Hiring an auditor experienced in plan audits can help ensure reporting requirements and fiduciary responsibilities are met.
Another best practice is conducting internal checkups. The most common plan audit errors are not following the plan’s definition of eligible compensation to calculate contributions, not implementing auto-enrollment features correctly and not remitting participant contributions on a timely, consistent basis. Circumstances that can increase risk and may require additional oversight and checks of controls include:
- Changes in third-party administrators (TPAs) or custodians.
- Changes to payroll companies or adding new earnings codes or fringe benefits.
- Adding a new division of employees or mergers/acquisitions.
How much can be done in house? How much should be contracted out?
Plan sponsors should determine if they have the internal capabilities. At minimum, have a designated plan administrator to coordinate and work alongside internal human resources and payroll departments and external TPAs, investment advisers, plan auditors and plan attorneys to help keep all parties informed and requirements met.
If external expertise is needed, hire qualified service providers after a thorough evaluation and selection process. The plan sponsor must remember, however, that monitoring service providers is still required as part of the fiduciary responsibility.
How does cybersecurity play in this?
Retirement plans, which have a high level of assets, are a target for cyberattacks. Plus, plan sponsors and service providers utilize personal information, such as Social Security numbers, date of birth, home address, salary, passwords and general payroll information.
Plan sponsors need to consider controls over data not only on the company’s network, but also for every service provider that receives data related to the plan or payroll. This includes obtaining an understanding of the security for data transmissions, how data is stored and how data is protected at each service provider.
A useful resource is the 2016 Department of Labor Advisory Council Cybersecurity Report. Another way to manage risk is through cyber liability insurance coverage, which can help offset some of the significant costs associated with a data breach.
Insights Accounting is brought to you by Clark Schaefer Hackett