Retirement plans continue to face regulatory scrutiny that extends beyond day-to-day plan operations. Regulators are actively focusing on plan sponsors and service providers to ensure compliance and secure participants’ retirement assets. As regulatory expectations rise, there are several areas that many plan sponsors are not actively monitoring but are receiving increased attention and could be subject to additional oversight.
Cybersecurity
Cybersecurity is hardly a new topic, but the focus is shifting as the digital environment continues to evolve. As more plan records become fully electronic, plan sponsors need to protect participant data both internally and at third-party service providers (including third-party administrators, recordkeepers, payroll processors, and auditors). The Employee Benefits Security Administration has issued guidance on best practices in cybersecurity for use by these service providers, but these guidelines should also be considered by plan sponsors when selecting those providers. Plan sponsors ultimately retain responsibility for cybersecurity and should periodically review the controls in place at their service providers and maintain documentation of their review to demonstrate compliance with these expectations.
Correction Programs
Both the Department of Labor and the Internal Revenue Service have developed programs that plan sponsors can utilize to correct fiduciary breaches and operational failures. These programs also include a self-correction component that may be used in certain circumstances. With regulators providing several options to pursue correction through the proper channels, failing to use these programs or ignoring small errors that were previously not practical to correct could expose plans to regulatory enforcement. Plan sponsors should ensure that any identified errors are evaluated promptly, that the appropriate correction method is applied, and that sufficient documentation is maintained to support the use of self-correction or formal correction programs.
Forfeitures
Plan forfeitures of non-vested amounts have recently come under closer examination. Plan sponsors need to have an understanding of the activity in the plan’s forfeiture account, specifically what is being deposited into the account and how those funds are being used. The recordkeepers typically process these transactions but rely on guidance from the plan sponsors to ensure the forfeiture account is being properly handled in accordance with the plan document. Plan sponsors should periodically review forfeiture activity, ensure that forfeiture usage aligns with plan provisions, and address any accumulated balances in a timely manner.
Reach Out to Learn More
Each of these topics is expected to receive increased scrutiny and enforcement in the near future. Ongoing oversight in these areas can help plan sponsors stay ahead of potential issues and demonstrate effective plan governance. H2R’s Employee Benefit Plans team would be happy to assist in assessing whether your plan is prepared to demonstrate compliance with these regulatory expectations.
Share: