Retirement plan compliance must be standard operating procedure

“My best days in retirement are when I give back to the community.” 

— Anonymous 

Stock markets continue to record all-time record levels throughout the pandemic since the original downdraft / sell-off on March 23, 2020.  401(k) and 403(b) retirement account values have increased significantly for almost all participating employees and retirees.  The S&P 500 Index has increased by approximately 90% since March 23, 2020 (i.e., 2,337.40 that day vs. 4,479.53 on August 23, 2021).   

Perhaps somewhat related to the extraordinary stock market increases, I heard recently that another celebrity has publicly indicated that his more than $160 million net worth will be donated to charity and NOT to his children upon his demise.  Daniel Craig, of James Bond fame, did not refer directly to the Warren Buffett / Bill Gates “Giving Pledge”, but his disclosure is certainly consistent with Warren Buffett’s initial declaration from 2006.  Mr. Buffett disclosed that he intended to “gradually give all of [his] Berkshire Hathaway stock to philanthropic foundations”.  One of the many reasons for stock market valuation increases is the continued increase in stock market investments by employees through their retirement plans, including 401(k) and 403(b) plans.  In addition to expanding the number of millionaires in their retirement account valuations, more than 55% of Americans now hold investments either individually or through their retirement plans.  

As an auditor and business advisor, the foregoing fact pattern reminded me of an article that I published back in 2013 that focused on mitigating risk by having employers implement both required and reasonable policies and procedures to reduce the probability of government regulatory penalties.   

Retirement plan compliance continues to be a priority area for audit by both the Department of Labor and the IRS.  Recent data shows that with the stock market at record highs, based partly on $10+ trillion of pandemic stimulus funds coupled with our economy as the “best of the worst on the globe,” U.S. retirement assets are at $35 trillion and represent 32% of all financial household assets.  As a nonprofit organization and employer, you most likely have a 403(b), 401(k) or defined contribution plan. Defined Defined benefit plans have fallen out of favor for various reasons, and now cover only 7% of American employees, primarily employed by government and organizations with collective bargaining units.  There are currently about 600,000 401(k) plans in the U.S., covering about 60 million active participants and millions of former employees and retirees.  

Retirement plan compliance is an area that does not always receive an appropriate amount of monitoring from the employer’s perspective. Regulatory compliance with Department of Labor and Internal Revenue Service regulations should be of particular importance to the plan trustees.  If you need proof, consider the following DAILY PENALTIES that can be assessed by the DOL or IRS for regulatory violations:   

And there are many, many more penalties for violations not listed above. 

Believe me, if you pay attention to the following Top 10 list, you will be most likely able to avoid penalties for failure to exercise proper governance and due diligence with respect to your retirement plan(s).  

1. Our firm serves as auditors for more than 500 retirement plans.  That places us in the Top 20 CPA firms in the U.S. with specialization in auditing retirement plans.  As a result, we know firsthand about best practices, as well as issues and concerns facing employers as Plan Sponsors.  Therefore, your first Cardinal Rule is to be sure that you call a professional accountant or attorney with extensive expertise in the area of retirement plan compliance.   
2. The trustees of your retirement plan, your board, and/or audit/finance committee should meet at least once each year with your retirement plan independent auditors.  The retirement plan trustees have primary responsibility for regulatory compliance, but the agency board also has responsibility for the protection of employee retirement plan assets.   
3. Your independent auditor should also provide a letter of recommendations regarding any internal control improvements and regulatory compliance matters, as necessary.  For example, the independent auditor should be testing that employee contributions to the plan are being properly deposited within the applicable Safe Harbor period (e.g., 15 days) or as required by regulation. 
4. An ongoing challenge for all retirement plan employer sponsors is maintaining compliance with all investment-related fee disclosures that are required to be provided to plan participants.  The regulations in this area can be found at IRS Code Section 2550.404a-5. 
5. To comply with the Section 404 regulations, retirement plan fiduciaries must discharge their duties with respect to the plan prudently and solely in the interest of participants and beneficiaries. At a minimum, this requires disclosure of specific plan related information (e.g. administrative expenses) and investment related information (e.g. investment fees and expenses). 
6. Plan fiduciaries should be aware of the following: 
   1. Simply receiving and passing on disclosures isn’t enough; due diligence must be conducted and documented. 
   2. Using existing service providers to conduct due diligence involves inherent conflicts of interest and should be avoided.  
   3. Benchmarking fees and expenses alone is generally not adequate to determine reasonableness. 
   4. Plan sponsors subject to these Section 404 regulations that have not issued an RFP in more than three years should do so. 
7. Plan sponsors, and many retirement plan advisors, are not in a position to properly manage Section 404 disclosure requirements due primarily to the complexity of fee arrangements and lack of appropriate expertise.  
8. In 2018, the IRS published a 401(k) Plan Checklist, which is designed to help plan sponsors find, help with, and avoid costly mistakes.  Additional information can be found at https://www.irs.gov/pub/irs-pdf/p4531.pdf.  
9. In April 2021, the Department of Labor issued a Cybersecurity Notice.  Information can be found at https://www.dol.gov/newsroom/releases/ebsa/ebsa20210414. This notice provides guidance for plan sponsors in the following areas: 
   1. Tips for monitoring service provider cybersecurity practices and activities 
   2. Cybersecurity best practices for plan fiduciaries (plan sponsors) 
   3. Online security tips for plan participants and beneficiaries.
10. Finally, if you are one of the dwindling number of employers that sponsors a defined benefit retirement plan, please review it to determine whether the plan is sustainable and affordable for your organization. In the past 25 years, the number of employees covered by a defined benefit plan has declined from 62 percent to less than 7 percent!  This is primarily due to the relative lack of predictability (e.g., mortality rates, investment return, historically low interest rates, compensation increases, and turnover rates) in comparison to the discretionary flexibility that exists in defined contribution plans (e.g., 401(k), 403(b), etc.) 

Finally, the IRS has examples of some of the most common errors made together with appropriate correction methods.  This can be found at https://www.irs.gov/retirement-plans/401k-plan-fix-it-guide.  The DOL also has an informational webpage related to its Voluntary Fiduciary Correction Program at https://www.dol.gov/agencies/ebsa/employers-and-advisers/plan-administration-and-compliance/correction-programs.  

Retirement plan compliance must be incorporated into your organization’s Risk Mitigation Policies and Procedures.   

Gerald J. Archibald, a CPA, is a partner in charge of management advisory services at The Bonadio Group, and is known for his expertise in non-profit and tax-exempt accounting, management and governance issues. He can be reached at (585) 381-1000 or [email protected].