Retirement plan sponsors face greater challenges today than ever before. Regulatory scrutiny is on the rise with the Department of Labor (DOL) actively reviewing Form 5500 filings searching for evidence of noncompliance, inaccurate reporting and excessive fees.

But that’s not all. In addition to staying on top of complex legal and regulatory requirements, sponsors also must design effective retirement plans that attract and retain the best and brightest employees.

Electronic filing makes it easier than ever for regulators to perform queries of corporate retirement plans. The DOL can assess significant penalties for late tax filings, as well as fees to go through a correction program to fix qualified plan violations.

Penalties can also be assessed at a personal level on plan trustees for a breach of fiduciary duty, and these corrections can be costly, time consuming and disruptive to business.

We’ve answered some of the most common questions clients have about complying with DOL regulations and strengthening their retirement plans.

Q: What can employers do to help keep the plan from becoming a liability? 

A: Effective plan governance is the best defense to manage plan risk. So, you should:

  • Establish a plan committee for general oversight and designate an employee as plan administrator to take care of day-to-day plan operations and make sure that fiduciary education is provided regularly.
  • Hire qualified service providers to deliver needed expertise. Be sure to assess their quality and level of service in relation to the fees charged. Hiring the right expert protects the plan sponsor, but it might not mean the lowest-cost provider.

Timely, accurate reporting is vital. Qualified plans need to file a Form 5500 and provide various notices each year. Keep a calendar of due dates and carefully review draft reports for completeness and accuracy.

The most common Form 5500 errors include marking incorrect boxes, providing inaccurate data, incorrectly reporting expenses and filing the form late. Also, large qualified plans — generally defined as plans with more than 100 eligible participants — need to attach audited financial statements to their Form 5500. Hiring an auditor experienced in retirement plan audits can help ensure that reporting requirements and fiduciary responsibilities are met.

Another best practice is conducting internal checkups. The most common plan audit errors are not following the plan’s definition of eligible compensation to calculate contributions, not implementing auto-enrollment features correctly and not remitting participant contributions on a timely and consistent basis. Circumstances that can increase risk and may require additional oversight and checks of controls include:

  • Changes in third-party administrators (TPAs) or custodians.
  • Changes to payroll companies or adding new earnings codes or fringe benefits.
  • Adding a new division of employees or mergers/acquisitions.

Q: How much can be done inhouse and how much should be contracted out? 

A: Plan sponsors should determine if they have the internal capabilities to perform these functions inhouse. At a minimum, you should have a designated plan administrator to coordinate and work alongside internal human resources and payroll departments. He or she will also coordinate with external TPAs, investment advisers, plan auditors and plan attorneys to help keep all parties informed and ensure that requirements are met.

If external expertise is needed, hire qualified service providers after a thorough evaluation and selection process. Always remember, however, that monitoring service providers is still required as part of the plan sponsor’s fiduciary responsibility.

Q: Does cybersecurity play a role in this? 

A: Retirement plans with a high level of assets are a prime target for cyberattacks. Plus, plan sponsors and service providers utilize large volumes of personal information such as Social Security numbers, dates of birth, home addresses, salaries, passwords and general payroll information. All of this is very attractive to cyberthieves.

Plan sponsors need to consider controls not just over data that resides on the company’s network, but also on data that resides on the networks of every service provider receiving data related to the plan or payroll. This includes obtaining an understanding of the security for how data is transmitted, stored and protected at each service provider. A useful resource is the 2016 Department of Labor Advisory Council Cybersecurity Report.

Another way to manage risk is by purchasing cyber liability insurance coverage. This can help offset some of the significant costs associated with a data breach.

Reach out to us if you have more questions about complying with DOL regulations and strengthening your retirement plan.