Defined benefit plan

Guidance Issued for Single-Employer Defined Benefit Funding Rules

The IRS has issued Notice 2021-48, providing guidance about changes to the funding rules for single-employer defined benefit pension plans that were made by the American Rescue Plan Act of 2021 (ARPA). ARPA included provisions that addressed amortization relief by allowing existing shortfall amortization bases to be reduced to zero and extending funding shortfall installments for new shortfall bases to 15 years. In addition, ARPA amended segment rate minimum and maximum percentages and created an interest rate “floor” of five percent in a period of lower interest rates. These provisions are to be applied to all plans with plan years beginning in 2022 and, by election, may be adopted sooner.

The notice provides details concerning several items.

  • Applicability of IRS Notice 2020-61 when ARPA segment rates are elected
  • Written election requirements documenting whether ARPA provisions will be implemented prior to plan years beginning in 2022
  • Form 5500 Schedule SB reporting and revocation requirements
  • Election and revocation details relative to prefunding balances
  • Effect of ARPA elections on the plan’s Adjusted Funding Target Attainment Percentage (AFTAP)
  • Corrective actions related to a new certified AFTAP

Retirement Security and Savings Act Re-Introduced

Senators Rob Portman (R-OH), and Ben Cardin (D-MD), have introduced the Retirement Security and Savings Act of 2021, legislation that was last introduced in 2019. This bill, like the Securing a Strong Retirement Act introduced in the House of Representatives earlier this month, is intended to build on the Setting Every Community Up for Retirement Enhancement Act (SECURE) of 2019. With more than 50 provisions, this bill contains a broad set of retirement reforms under the following categories, highlights of which are enumerated below.

Expanding Coverage and Increasing Retirement Savings

  • Establishes a new automatic enrollment safe harbor with contributions starting at 6 percent in the first year and a three-tier rate of matching contributions on deferrals up to 10 percent of pay
  • Provides for a special tax credit on the first 2 percent of pay to nonhighly compensated employees for employers that adopt the new safe harbor
  • Makes the individual taxpayer’s saver’s credit refundable and would require that the credit be contributed directly to a Roth IRA or designated Roth in a qualified plan
  • Reduces the long-term part-time threshold implemented under the SECURE Act from three consecutive years with at least 500 hours to two consecutive years with at least 500 hours
  • Provides for a 60-day rollover to an inherited IRA for nonspouse beneficiaries
  • Raises the RMD age to 75 in 2032
  • Creates an additional catch-up contribution for those who have attained age 60 that is $10,000 for retirement plans that are not SIMPLE IRA or 401(k) plans, and $5,000 for SIMPLE plans and will be indexed with the cost of living
  • Allows deferral of tax on gain from sale of employer securities to an ESOP


Preservation of Income

  • Increases the maximum amount that can be funded to a qualifying longevity annuity contract (QLAC) to $200,000
  • Directs the Secretary of the Treasury to update regulations to allow exchange-traded funds (ETFs) to be included in variable annuity products


Simplification and Clarification of Qualified Retirement Plan Rules

  • Directs the Secretaries of the Treasury and Labor to adopt regulations outlining the consolidation of certain employee notices into a single notice
  • Permits nonspouse beneficiaries to roll over assets to 401(k), 403(b), and 457 plans
  • Allows contributions to SIMPLE IRA plans on a Roth basis
  • Reduces the 50 percent penalty for late distribution of a required minimum distribution (RMD) to 25 percent
  • Allows mergers of 401(a) and 403(b) plans
  • Exempts retirement savers that have $100,000 or less in retirement assets from taking RMDs
  • Reduces penalties for IRA excess contributions and the failure to take an RMD from an IRA if corrected timely, and removes requirements that, in case of a prohibited transaction, the IRA ceases to be qualified as an IRA and that assets are deemed to be distributed
  • Creates a national retirement savings lost and found (including an online searchable database to reunite retirement savers with their savings), increases the cash-out limit to $6,000, and requires that unclaimed balances under $1,000 are transferred to the Pension Benefit Guarantee Corporation (PBGC)


Defined Benefit Plan Reform

  • Clarifies that the variable interest crediting rate used as the projected interest crediting rate for cash balance plans is a reasonable projection subject to a maximum of 6 percent
  • Eliminates indexing of PBGC variable rate premiums
  • Reduces the overfunding threshold by which employers with overfunded pension plans may use a portion of the surplus assets to fund welfare benefits to the same population of retirees and extends provision through 2031


Reforming Employer Plan Rules to Harmonize with IRA Rules

  • Synchronizes retirement plan rules to allow the exemption of Roth balances from RMD rules
  • Allows plan participants to make charitable distributions
  • Allows spouse beneficiaries to treat a deceased participant’s balance as their own in the plan
  • Roth IRA amounts would be permitted to be rolled over to retirement plans


Plan Amendments

  • Establishes an amendment deadline on or before the last day of the first plan year beginning on or after January 1, 2023 (2025 for governmental plans), and conforms the plan amendment dates under the SECURE Act, Coronavirus Aid, Relief, and Economic Security (CARES) Act, and Taxpayer Certainty and Disaster Tax Relief Act to these new dates

Securing a Strong Retirement Act Re-Introduced

House Ways and Means Committee Chairman Richard Neal (D-MA) and Ranking Member Kevin Brady (R-TX) have introduced the Securing a Strong Retirement Act (SSRA) of 2021, legislation that was first introduced in October 2020. It builds upon the Setting Every Community Up for Retirement Enhancement Act (SECURE) Act of 2019. The House Ways and Means Committee held a markup hearing Wednesday, May 5, and unanimously voted to advance this legislation to the full House of Representatives to vote on the measure.

This legislation is the first comprehensive bipartisan retirement legislation introduced in 2021. SSRA of 2021 expands upon and includes additional provisions from the SSRA of 2020. While this bill (and others) have been coined by many as “SECURE 2.0,” it is prudent to follow retirement legislation developments by bill name for clarity and think of “SECURE 2.0” in the context of retirement reform generally.

The new and amended provisions include the following changes from the 2020 proposal.

  • Requires automatic enrollment of eligible employees in 401(k) and 403(b) plans with certain exceptions and grandfathering provisions, but eliminates the same requirement for SIMPLE IRA plans that appeared in the 2020 proposal
  • Increases the required minimum distribution (RMD) age to 73 on January 1, 2022; to age 74 on January 1, 2029; and to age 75 on January 1, 2032. The SECURE Act previously increased the age from 70½ to 72.
  • Drops the provision aligning ESOP rules of S Corporations with those of C Corporations that appeared in the 2020 proposal, but adds a placeholder that it is a Congressional goal to preserve and foster employee ownership of S Corporations through ESOPs
  • Provides an additional, indexed higher tier of catch-up deferral contributions for those who are age 62, 63, and 64
  • Permits 403(b) plans to participate in multiple employer plan (MEP) arrangements, specifically including pooled employer plans (PEPs)
  • Reduces from three years to two years the period of service requirement for long-term, part-time workers, and disregards pre-2021 service for vesting purposes
  • Directs the Departments of Labor (DOL) and Treasury to issue regulations explaining what fiduciaries need to do to meet their fiduciary duty in searching for missing participants
  • Eliminates the provision permitting tax-free qualified charitable contributions to be made from employer-sponsored retirement plans that appeared in the 2020 proposal
  • Permits employers to perform top-heavy tests separately for defined contribution plans covering excludable employees
  • Limits repayment of qualified birth or adoption distributions to three years
  • Permits participants to self-certify that deemed hardship distribution conditions are met in certain circumstances
  • Permits participants who self-certify that they have experienced domestic abuse to withdraw the lesser of $10,000 or 50 percent of their account without being subject to the 10 percent early distribution penalty tax. The funds could be repaid to the plan over three years.
  • Makes changes to stock attribution rules under family attribution for coverage and nondiscrimination testing
  • Permits discretionary amendments that increase benefits to participants to be adopted by the due date of the employer’s tax return
  • Permits new 401(k) plans established after the end of the taxable year but before the employer’s tax filing date that are treated as having been established on the last day of the taxable year to receive elective deferrals up to the due date of the employee’s tax return for the initial year when they are sponsored by sole proprietors and single-member LLCs
  • Limits only the portion of an IRA used in a prohibited transaction to be treated as distributed, as opposed to current rules disqualifying and treating the entire IRA as distributed
  • Permits SIMPLE IRAs to accept Roth contributions, and, plan permitting, allows employees to treat employee and employer SEP contributions as Roth contributions
  • Matches hardship rules for 403(b) plans to the 401(k) plan rules
  • Requires catch-up contributions to be made on a Roth basis beginning January 1, 2022
  • Permits defined contribution plans to provide participants with the option of receiving match contributions on a Roth basis
  • Plan amendments pursuant to this legislation must generally be made by the end of the 2023 plan year (2025 for governmental plans); plan amendment dates under the SECURE Act, CARES Act, and the Taxpayer Certainty and Disaster Tax Relief Act of 2020 are revised to conform with the same new dates


This legislation carries forward the following provisions from the 2020 proposal.

  • Further enhances the small retirement plan start-up credit, with a maximum credit of 100% (vs. the current 50%) for employers with no more than 50 employees
  • Requires the IRS to promote the saver’s credit
  • Permits 403(b) plans to invest in collective investment trusts
  • Provides for indexing of IRA catch-up contributions
  • Permits certain student loan repayments to qualify for employer retirement plan matching contributions
  • Allows a small employer joining a MEP or PEP arrangement to potentially claim a small plan start-up credit during the first three years of the MEP/PEP arrangement’s existence
  • Provides a new small employer tax credit for enhanced plan eligibility for military spouses
  • Permits immediate de minimis financial incentives, in addition to a matching contribution, to individuals for contributing to a retirement plan
  • Enhances options for correcting employee salary deferral errors
  • Increases the qualifying longevity annuity contract RMD exemption
  • Permits increasing payments in IRA and defined contribution plan life annuity benefits
  • Allows retirement plan fiduciaries additional discretion in whether to seek recoupment of accidental overpayments
  • Reduces excise tax on certain failures to take RMDs
  • Changes disclosure rules for performance benchmarks for asset allocation funds
  • Directs Treasury, DOL, and the Pension Benefit Guaranty Corporation (PBGC) to review and report on reporting and disclosure requirements and makes recommendations to Congress to consolidate, simplify, standardized, and improve such requirements
  • Simplifies retirement plan disclosures to non-participating employees
  • Creates a national online “lost and found” database to connect individuals with unclaimed retirement account benefits
  • Expands the IRS retirement plan correction program to permit self-correction of certain inadvertent IRA errors
  • Eliminates “first day of the month” deferral election requirement for governmental 457(b) plans
  • Requires defined contribution plans to provide paper benefit statements at least once annually, unless a participant elects otherwise
  • Makes certain technical corrections to SECURE Act provisions

IRS Issues Deadline Relief for Alabama Victims of Severe Storms and Tornadoes

The IRS has issued a news release announcing the postponement of certain tax-related deadlines for Alabama victims of severe storms, straight-line winds, and tornadoes. The tax relief postpones various tax filing and payment deadlines that occurred starting on March 25. The areas included in the relief are Bibb, Calhoun, Clay, Hale, Jefferson, Perry, Randolph, and Shelby counties.

In addition to extending certain tax filing and tax payment deadlines, the relief includes completion of many time-sensitive, tax-related acts described in IRS Revenue Procedure 2018-58 and Treasury Regulation 301.7508A-1(c)(1), which include filing Form 5500 for retirement plans, completing rollovers, and making retirement plan loan payments.

Affected taxpayers with a covered deadline on or after March 25, 2021, and before August 2, 2021, will have until August 2, 2021, to complete the act(s). This includes the May 17 deadline for filing 2020 individual income tax returns and paying any tax due. Taxpayers also have until August 2 to make 2020 IRA contributions.

“Affected taxpayer” automatically includes any individuals who live, and any businesses whose principal place of business is located, in the covered disaster area. Those who reside or have a business located outside the covered disaster area, but have been affected by the disaster, may contact the IRS at 866-562-5227 to request relief.

IRS Issues Deadline Relief for Kentucky Severe Storms Victims

The IRS has issued a news release announcing the postponement of certain tax-related deadlines for Kentucky victims of severe storms, flooding, landslides, and mudslides. The tax relief postpones various tax filing and payment deadlines that occurred starting on February 27. The areas included in the relief are Boyd, Breathitt, Carter, Casey, Clay, Cumberland, Elliott, Estill, Floyd, Franklin, Jackson, Johnson, Knott, Knox, Lawrence, Lee, Lincoln, Magoffin, Marion, Martin, Mason, Morgan, Ohio, Pike, Powell, Rockcastle, and Wolfe counties.

In addition to extending certain tax filing and tax payment deadlines, the relief includes completion of many time-sensitive, tax-related acts described in IRS Revenue Procedure 2018-58 and Treasury Regulation 301.7508A-1(c)(1), which include filing Form 5500 for retirement plans, completing rollovers, and making retirement plan loan payments.

Affected taxpayers with a covered deadline on or after February 27, 2021, and before June 30, 2021, will have until June 30, 2021, to complete the act(s). This includes the May 17 deadline for filing 2020 individual income tax returns and paying any tax due. Taxpayers also have until June 30 to make 2020 IRA contributions.

Retirement Spotlight: DOL Releases Additional Investment Advice Guidance

Objective investment advice. Simple concept, right? And most everyone agrees that every saver and retirement investor is entitled to this. But ensuring that individuals have access to objective investment advice is easier said than done. In fact, the Department of Labor (DOL) has been trying to make this happen since the 1970s, when it first released a five-part test to help determine whether investment professionals owed their clients a duty to provide objective advice.


This five-part test was created in 1975 to define investment advice under the Employee Retirement Income Security Act of 1974 (ERISA) and the Internal Revenue Code. Since then, regulations have been issued, revised, and vacated. Another round of guidance came in July 2020, when the DOL issued proposed prohibited transaction exemption (PTE) 2020-02 and a technical amendment to DOL Regulations 2509 and 2510. Then in December 2020, the DOL finalized PTE 2020-02, a class exemption and interpretation, entitled Improving Investment Advice for Workers & Retirees. The final PTE outlines the factors that determine when investment professionals are considered fiduciaries—which gives rise to certain duties—and shows how fiduciaries must comply with these responsibilities.

In February 2021, the DOL confirmed that PTE 2020-02 would take effect as scheduled on February 16, 2021. At the same time, the DOL indicated that “in the coming days” it would publish related guidance for retirement investors, employee benefit plans, and investment professionals. This happened on April 13, 2021, when the DOL released two new pieces of guidance. The first piece, entitled New Fiduciary Advice Exemption: PTE 2020-02 Improving Investment Advice for Workers & Retirees Frequently Asked Questions, contains a detailed set of frequently asked questions (FAQs) for investment professionals and financial organizations.

The second piece, Choosing the Right Person to Give You Investment Advice: Information for Investors in Retirement Plans and Individual Retirement Accounts, contains a list of questions that retirement savers should consider asking their investment professional before following their recommendations.

While some of this information is new, most of it was previously released in PTE 2020-02. For the most part, the DOL has simply released the same guidance in a new, more accessible format. The rest of this article summarizes the main takeaways from this latest round of guidance.

FAQs for Investment Advice Fiduciaries

This first piece of guidance contains FAQs that are separated into four main sections.

  • Background
  • Compliance Dates
  • Definition of Fiduciary Investment Advice
  • Compliance with PTE 2020-02

There is only one Q&A in the Background section, which provides some context and explains why the DOL issued PTE 2020-02.

Compliance Dates

The Compliance Date section explains that the DOL considered delaying the February 16, 2021, effective date. But it believes that the PTE’s core components provide “fundamental investor protections” that will benefit retirement investors. The DOL also states that it will not delay its new interpretation related to rollover recommendations. Although the DOL now rejects the original analysis provided in Advisory Opinion 2005-23A (the “Deseret Letter”), the DOL reiterates that it will not pursue claims for breach of fiduciary duty or prohibited transactions between the 2005 release of the Deseret Letter and February 16, 2021, for recommendations that would have been considered “nonfiduciary conduct under the reasoning in the Deseret Letter.” (The Deseret Letter stated that advice to roll assets out of an ERISA plan did not constitute investment advice.)

The DOL mentions in Q&A 5 that it anticipates issuing additional investment advice guidance, possibly by amending or revoking other class exemptions and by amending PTE 2020-02 and the investment advice regulation. This approach will allow the DOL to update current guidance without delaying enforcement of the PTE’s core components, such as the policy and procedure requirements.

Definition of Fiduciary Investment Advice

In this section (Q&A 7), the DOL explains the point at which the advice to roll over assets meets the “regular basis” requirement for the five-part test. This prong of the five-part test is satisfied when an investment professional recommends rolling over plan assets to an IRA—either at the beginning of an ongoing relationship with the retirement investor or after a relationship has already been established.

Q&A 8 addresses the “mutual agreement, arrangement, or understanding” element of the five-part test. The DOL emphasizes that, although statements containing fiduciary disclaimers may be considered when determining whether this prong of the test has been met, the statements alone will not insulate from fiduciary liability. Instead, the DOL will consider the “reasonable understandings” of each party, based on the overall situation. This is meant to prevent organizations and investment professionals from using written disclaimers to avoid becoming a fiduciary.

Q&A 9 describes what financial organizations and investment professionals must do to receive relief under the PTE when providing rollover recommendations. For example, financial organizations and investment professionals must make “diligent and prudent efforts to obtain information about the existing employee benefit plan.” If this information is not readily available, then the organization or investment professional may rely on other public data sources, such as the current plan’s most recent Form 5500.

Compliance with PTE 2020-02

This section (which is the largest) explains how financial organizations and investment professionals can comply with PTE 2020-02. In Q&A 13, the DOL explains why a written fiduciary acknowledgment is required. The DOL believes that this requirement will help all parties taking advantage of the PTE to make a conscious, up-front determination that they are acting as a fiduciary. The DOL provides sample language that financial organizations and investment professionals can use to meet the written fiduciary acknowledgement requirement.

Q&A 14 requires financial organizations and investment professionals to disclose any conflicts of interest that they create based on their services or recommended investment transactions. The DOL warns that these disclosures cannot be a mere “check-the-box” transaction. Retirement investors must receive “meaningful information” that will help them assess the financial organization’s conflicts of interest.

Q&A 15 discusses documentation requirements for rollover recommendations. Financial organizations and investment professionals must document the factors they considered when determining whether a rollover was in the retirement investor’s best interest. When making a rollover recommendation, financial organizations and investment professionals should focus on more than just the retirement investor’s existing investment allocation: they should consider all investment options in both the current plan and the new arrangement.

Financial organizations must have policies and procedures in place to reduce any conflicts of interest. Q&A 16 describes how financial organizations can meet this mitigation standard. The DOL explains that policies and procedures must be designed to protect retirement investors. They must prevent recommendations to make excessive trades, to choose investments that are not in the investor’s best interest, or to allocate excessive amounts to illiquid or risky investments.

The conflict mitigation requirement extends not only to investment professionals but also to the financial organization’s own interests—including interests in proprietary products and limited menus of investment options that generate third-party payments (e.g., revenue-sharing arrangements). The DOL points out that financial organizations must comply with the PTE’s requirements to obtain relief from the prohibited transaction rules: there is no safe harbor for an organization that solely complies with other regulators’ standards.

A financial organization’s compensation structure must avoid any quotas, bonuses, prizes, or performance standards that a reasonable person would conclude are likely to encourage recommendations that are not in a retirement investor’s best interest. The DOL acknowledges that financial organizations cannot eliminate all conflicts of interest, but it stresses the need to lessen conflicts. For example, if a financial organization offers mutual funds, it could provide the same level of compensation regardless of which mutual fund the investment professional recommends.

An organization’s policies and procedures must include supervisory oversight of investment recommendations. Financial organizations should carefully monitor recommendations involving certain key liquidity transactions (such as rollovers), and recommendations that are at or near compensation thresholds. They should also closely monitor recommendations to invest in assets that are prone to conflicts (such as proprietary products). These requirements were previously mentioned in PTE 2020-02 and align with options identified by the U.S. Securities and Exchange Commission.

Q&A 17 revives some familiar concepts that financial organizations should consider when designing payout grids that determine an investment professional’s compensation.

  • Financial organizations that profit more from certain investments should not shift this potential conflict to their investment professionals by rewarding them with higher commissions on such products.
  • Grids with modest or gradual increases are less likely to create impermissible incentives. Financial organizations should be careful about using grids that disproportionately increase compensation at specified thresholds. These may cause investment professionals to favor their own interests above the client’s.
  • When an investment professional reaches a compensation threshold on the grid, any increase in the compensation rate should be made prospectively: the new rate should apply only to new investments after the threshold is met.
  • To encourage recommendations that are made in the retirement investor’s best interest, financial organizations using escalating pay grids should monitor and supervise investment professional recommendations. Financial organizations should ensure that the thresholds do not create inappropriate sales incentives.

Q&A 18 speaks to how the insurance industry can comply with PTE 2020-02. An insurance company (as the supervisory financial organization) must ensure compliance with the PTE’s terms. Alternatively, the insurance company can work with insurance intermediaries (such as independent marketing organizations), which can assist with its independent obligations under the PTE. Insurers and agents may also rely on PTE 84-24, which provides relief for a smaller range of compensation practices.

Q&A 19 discusses the annual retrospective review requirement. To ensure accountability, senior executive officers must thoroughly review the report before certifying compliance with the PTE: certifying compliance without reviewing the report would violate the PTE.

The DOL explains how to correct PTE violations in Q&A 20. A financial organization can correct violations within 90 days after it learns (or should have learned) about the violation. Both the violation and correction must be included in the retrospective review’s written report.

The DOL concludes this section (Q&A 21), by explaining its PTE enforcement process. The DOL plans to investigate and enforce ERISA-plan compliance. But participants, beneficiaries, and fiduciaries can also pursue fiduciary breaches and prohibited transactions under ERISA Section 502. For IRAs and other non-ERISA plans, the DOL has “interpretive authority” to determine whether the PTE requirements have been met. If the requirements have not been met, the DOL can report any noncompliance to the IRS, which can then enforce any applicable penalties.

Questions for Retirement Investors to Consider

The DOL’s second piece of guidance contains a list of questions that retirement investors should consider asking their financial professionals before following their investment recommendations. The publication also contains a list of FAQs about PTE 2020-02. Overall, this publication is designed to educate retirement investors about a fiduciary’s roles and responsibilities—and why it’s important to know whether an investment professional is, in fact, a fiduciary.

Questions to Ask an Investment Advice Provider

The DOL believes that retirement investors should consider asking these fundamental questions of investment professionals before following a recommendation.

  • Are you a fiduciary?
  • Can I have a written statement that you are a fiduciary (and if not, why)?
  • Are you and your organization complying with PTE 2020-02? If not, are you relying on another exemption, or do you believe that you do not have any relevant conflicts? (If an investment professional indicates that it is a fiduciary but is not relying on the new exemption or a previously issued exemption, the DOL recommends asking why.)
  • What fees will I be charged? Can you give me a list of those fees?
  • What conflicts of interest do you have? Do you or your organization pay anyone else if I follow your recommendations?
  • Are there limitations on the investments you will recommend?
  • Will you monitor the investments in my account? If yes, how frequently?
  • Why are you recommending that I roll money out of my 401(k) plan? (The DOL reminds retirement investors that there are many factors to consider before completing a rollover. Retirement investors should ask multiple questions to ensure that they understand the reasons for the recommendation.)

Questions About PTE 2020-02

To help educate retirement investors about PTE 2020-02, the DOL includes the following Q&As.

  • How do I know if my investment advice provider is relying on the exemption?
  • I received a Client or Customer Relationship Summary from my investment professional. Is that document required by PTE 2020-02?
  • What does it mean to have investment advice provided in my best interest?
  • Is my investment professional automatically on the hook if I lose money?
  • Does my investment professional have to identify the best investment for me?
  • Does PTE 2020-02 contain protections related to rollovers? (The DOL explains that investment professionals must give retirement investors a written document explaining why the rollover is in the investor’s best interest.)

Additional Resources, Online Publications, and Appendix

The last few sections provide a list of additional online resources that retirement investors may find helpful. There is also an appendix that defines common terms that retirement investors should be familiar with.

The DOL stresses the importance of hiring an investment professional who is a fiduciary (as opposed to a nonfiduciary) when getting investment recommendations on retirement accounts. Hiring a fiduciary will help retirement investors protect their interests from harmful conflicts of interest. The DOL also reminds retirement investors to consider hiring a different investment professional if their current investment professional says that they are not a fiduciary with respect to the investor’s retirement account, or that they have conflicts of interest but are not relying on PTE 2020-02.

The Takeaway

This latest DOL guidance package presents helpful information in a more understandable format. Investment professionals and plan sponsors should review this guidance and take any necessary steps to comply with it. They should also make sure that clients and plan participants know and understand their rights under PTE 2020-02.

Ascensus will continue to analyze any new guidance as it is released. Visit for the latest developments.


Click here for a printable version of this issue of the Retirement Spotlight.

Washington Pulse: Department of Labor Releases Cybersecurity Guidance

Recent cyberattacks have gotten a lot of attention. Some of these hacks have created turmoil through a broad swath of the business community. But another widespread menace threatens our financial security. In fact, even as you read this, the global threat of cybercrime continues around the clock as criminals try to steal retirement plan assets.

A recent Government Accountability Office (GAO) report recommended that the Department of Labor (among other things) establish minimum expectations for addressing cybersecurity risks in retirement plans. According to recent estimates, IRAs and defined contribution plans alone hold well over $10 trillion in assets. And they are ripe for exploitation. On April 14, the DOL’s Employee Benefits Security Administration (EBSA) issued—for the first time—guidance for plan sponsors, fiduciaries, recordkeepers, service providers, and plan participants on best practices for maintaining cybersecurity. This guidance comes in three pieces.

While the links above bring you to the full text of the DOL’s guidance, here are some of the highlights from each.

Tips for Hiring a Service Provider with Strong Cybersecurity

Business owners want to run their businesses. So they often hire third-party vendors to handle matters outside their core competencies. This is also true for administering a retirement plan. Employers regularly look to recordkeepers, third-party administrators, and other service providers to conduct a plan’s day-to-day operations. These suggestions may help business owners and others to select and monitor those who provide plan services.

  • Ask about security standards, audit results, and other practices and policies; look for service providers that use an outside auditor to review cybersecurity.
  • Look for contract provisions that allow a review of audit results to verify whether providers comply with industry standards.
  • Ask about past security breaches—and about the provider’s response to any such breaches.
  • Find out whether they have sufficient insurance coverage to cover losses caused by identity theft and other cybersecurity breaches (both internal and external).
  • Make sure that the contract requires ongoing compliance with cybersecurity and information security standards—and use caution if the contract limits responsibility for IT security breaches.
  • Try to include additional cybersecurity-enhancement terms in the contracts, such as
    • a requirement that the provider obtain an annual security audit;
    • clear provisions on using and sharing confidential information;
    • prompt notification of security breaches, and an investigation into the causes of any breaches;
    • assurance of compliance with all laws pertaining to privacy, confidentiality, or security of participants’ personal information; and
    • adequate insurance coverage (including for errors and omissions, cyber liability, and data breach), which employers should understand to avoid surprises.

Cybersecurity Program Best Practices  

This second EBSA piece points out that “responsible plan fiduciaries have an obligation to ensure proper mitigation of cybersecurity risks.” Keep in mind that many service providers carefully avoid taking on an employer’s fiduciary duties. This does not mean, however, that these providers are somehow abdicating their responsibilities. To the contrary, most service providers recognize that, in order to compete in today’s retirement plan marketplace, they must adhere to the highest compliance standards. And employers—as fiduciaries—must select and monitor providers to make sure that these standards are met. So these EBSA best practices can help employers meet their own fiduciary duties by “making prudent decisions on the service providers they should hire.” They can also help service providers see how their current practices measure up, and then take action to improve any deficiencies.

EBSA lists 12 practices that a plan’s service provider should adhere to.

  • A formal, well-documented cybersecurity program. The organization should fully implement a program that identifies internal and external cybersecurity risks.
  • Prudent annual risk assessments. The organization should document the assessment’s scope, methodology, and frequency.
  • Reliable annual third-party audit of security controls. An independent auditor should assess the organization’s security program—including any documented corrections of weaknesses.
  • Clearly defined and assigned information-security roles and responsibilities. An effective cybersecurity program must be managed at the senior executive level and executed by qualified personnel.
  • Strong access control procedures. This helps guarantee that users are who they say they are. It also ensures that they have access to the data they seek. These access privileges should be reviewed at least every three months and disabled or deleted in accordance with a clear policy.
  • Cloud-stored data-security reviews and independent assessments. Because cloud computing raises unusual security concerns, employers must be able to evaluate how a third-party cloud service provider operates. Protections should include certain minimum provisions, such as multi-factor authentication and encryption procedures.
  • Cybersecurity awareness training for all personnel. Because employees can be the weakest link in cybersecurity, frequent training on identify theft and current trends in security breaches is essential.
  • Secure System Development Life Cycle Program. Such programs ensure that regular vulnerability assessments and code review are integrated into any system development. Best practices include requiring validation if a distribution is requested following changes to an individual’s personal information, or if a request is made to distribute an individual’s entire account balance.
  • Business Resiliency Program. Providers need to quickly adapt to disruptions while keeping assets and data safe. Core components of an effective program include a business continuity plan (for business functions), a disaster recovery plan (for IT infrastructure), and an incident response plan (for responding to and recovering from security incidents).
  • Encryption of sensitive data stored and in transit. This includes encryption keys, message authentication, and hashing (which can be used, for example, to avoid storing plaintext passwords in a database).
  • Strong technical controls. Best security practices include robust (and current) antivirus software, intrusion detection, firewalls, and routine data backup.
  • Responsiveness to cybersecurity incidents or breaches. Prompt action should be taken to protect the plan, including notifying appropriate agencies and individuals (e.g., law enforcement, insurer, participants), investigating the issue, and fixing the problem.

Online Security Tips

The final installment of EBSA’s three-part release gives practical pointers that retirement account owners can use to reduce cybersecurity risk. Some tips are fairly self-evident reminders about creating and protecting passwords, avoiding free Wi-Fi networks, and recognizing phishing attacks. Some other tips may not be so obvious—and they bear mentioning here.

  • Register, set up, and routinely monitor online accounts for retirement plans. Failing to register for an online account may enable cybercriminals to assume an account owner’s online identify. Account owners that regularly check their accounts can help detect and respond to fraudulent activity.
  • Use multi-factor authentication. This requires a second credential (like texting or emailing a code) to verify the account owner’s identity before an inquiry or transaction is allowed.
  • Keep personal contact information current. Account owners should ensure that their contact data includes multiple ways to reach them (by phone, text, or email). This will enable more effective communication if there is a suspected security breach.
  • Close unused accounts. Even dormant accounts can contain personal information. If an account isn’t needed, close it. Why give fraudsters the opportunity to steal data?

Next Steps

The previously mentioned GAO report also recommended that the DOL formally state whether cybersecurity is a fiduciary responsibility under ERISA. The DOL declined. It stated that fiduciaries must already “take appropriate precautions to mitigate risks of malfeasance to their plans, whether cyber or otherwise.” Instead, the DOL identified minimum expectations for reducing cybersecurity risks, which should be undertaken by all private-sector employer-sponsored defined contribution plans.

This best-practice guidance (and other tips) does not specifically apply to other types of plans. Nevertheless, prudent employers, financial organizations, and service providers should certainly consider this guidance when determining their approach to cybersecurity for other plans, such as IRAs and healthcare plans. Any time that an entity maintains access to personal information of clients, it must rigorously protect that data. Adhering to EBSA’s cybersecurity best practices is a good place to start.

Ascensus will continue to monitor future guidance on this subject and on other retirement and healthcare plan topics. Visit for the latest updates.


Click here for a printable version of this issue of the Washington Pulse.

Congress Votes to Extend Paycheck Protection Program

A proposal to extend the Paycheck Protection Program (PPP) through the end of May has passed the Senate by a vote of 92-7. The PPP was set to expire on March 31, 2021, just weeks after changes were made to expand availability to certain small businesses. The House had voted earlier this month to pass the bill, and it now heads to the President for signature.

PPP loans were initially created by the Coronavirus Aid, Relief, and Economic Security Act. The loans are meant to assist small employers in retaining employees on their payrolls in a time of financial stress during the coronavirus pandemic. If certain conditions are met, PPP loans can be forgiven and treated as a grant. Among the conditions for full forgiveness is a requirement that 60 percent of loan proceeds be used for payroll expenses. These expenses can include wages and salaries, as well as employer contributions to defined contribution and defined benefit retirement plans. Expenses for providing group healthcare coverage—including payment of insurance premiums—can also be included.

Washington Pulse: American Rescue Plan Act Provides Coronavirus Relief

President Biden has signed legislation that funds another round of assistance as the nation copes with the health and economic effects of the coronavirus pandemic. Several previous bills in 2020 provided direct cash benefits to Americans, created a small business lending program to help employers retain employees, and provided enhanced access to tax-favored retirement savings.

This latest round of relief, a $1.9 trillion stimulus bill known as the American Rescue Plan Act of 2021 (ARPA), contains a third round of direct payments to Americans, funding to help hard-hit industries, and many other provisions—including some that will affect health plans and defined benefit plans.

Health Plan Relief

ARPA’s health-related provisions are meant to help individuals who have suffered a job loss or a reduction of hours to maintain their health insurance coverage. The following text summarizes the most important health plan-related provisions.

COBRA Continuation Coverage Premium Assistance

ARPA provides premium assistance for COBRA continuation coverage. This type of coverage allows eligible individuals who lose their health benefits to continue participating in their group health plan for a limited period of time. The premium assistance is designed to help both employees and employers. For example, premium assistance can help former employees keep their employer health plan coverage at a critical time. COBRA coverage can be prohibitively expensive—individuals may have to pay up to 102 percent of the cost to the plan—which discourages enrollment in many circumstances. If the premium is subsidized, employees are more likely to opt for COBRA coverage. When faced with a serious medical event, individuals and families who have this coverage can avoid potentially catastrophic financial consequences.

Premium reimbursement can help employers by ensuring increased COBRA coverage enrollment. Having a large number of COBRA enrollees can help employers spread costs over a greater number of healthy individuals who will pay premiums without having significant claims (as opposed to having only individuals with substantial medical costs enrolled in COBRA coverage).

Premium Assistance Basics

ARPA effectively provides free COBRA coverage by creating a subsidy that pays 100 percent of the COBRA premiums. Normally, the individual who is enrolled in COBRA coverage would need to pay these premiums. ARPA authorizes payment for premiums arising from COBRA coverage during the period beginning on April 1, 2021, and ending on September 30, 2021. This premium assistance is available only for certain categories of individuals who are enrolled in COBRA coverage during this period. These “assistance eligible individuals” include the following persons:

  • Employees who are eligible for COBRA coverage because of involuntary termination of employment for reasons other than gross misconduct. (A key feature of the relief is that employees who voluntarily terminate are not eligible for the subsidy.)
  • Employees who are eligible for COBRA coverage because of a reduction in hours that causes them to lose eligibility for their employer’s health plan.
  • Dependents of the employees who have lost eligibility for the reasons indicated above.

COBRA-eligible individuals who meet these criteria and who either 1) have not yet enrolled in COBRA coverage, or 2) had already enrolled in COBRA coverage but discontinued their coverage, have an additional 60 days to elect COBRA coverage and to take advantage of the subsidy. The 60-day enrollment period will begin on the date that the individual receives an ARPA-required notice that explains both the subsidy itself and the individual’s extended opportunity to elect COBRA continuation coverage.

The subsidy is “paid” through a tax credit that is provided to the employer sponsoring the health plan or to the insurer providing the coverage when an individual enrolls in COBRA coverage.

ARPA also permits employers—at their discretion—to allow individuals who are eligible for the subsidy to enroll in different coverage also offered by the employer, as long as the other coverage is also offered to other similarly situated active employees and

  • does not exceed the premium cost of the health coverage initially enrolled in,
  • does not provide excepted benefits only, and
  • is not a qualified small employer health reimbursement arrangement (QSEHRA) or a flexible spending arrangement (FSA).

Premium Assistance Notification

Because awareness of the subsidy is critical to increasing COBRA enrollment, employers must communicate the availability of premium assistance and the option to enroll in different coverage (if allowed). Individuals must receive the additional notification within 60 days of becoming eligible. Employers may provide the disclosures by amending existing notices or by including a separate document with the COBRA election notice.

Within 30 days following the bill’s enactment, the Departments of Labor (DOL), Treasury, and Health and Human Services must issue model notice language in order to help employers comply with the COBRA premium assistance notification requirements. Specifically, the model notices must include

  • the forms necessary to establish eligibility for premium assistance;
  • the plan administrator’s or other party’s contact information—including name, address, and telephone number;
  • a description of the extended election period provided;
  • a description of the qualified beneficiary’s penalty for failure to notify the plan if eligibility for premium assistance ceases;
  • a description of the qualified beneficiary’s right to a reduced premium and any conditions on entitlement to the reduced premium; and
  • a description of the qualified beneficiary’s option to enroll in different coverage (if the employer permits).

Expiration of Premium Assistance

Eligible individuals will generally receive subsidized premiums for coverage beginning on April 1, 2021, and ending on September 30, 2021. Individuals will become ineligible for premium assistance during that period if they

  • reach the maximum period for COBRA coverage, or
  • become eligible to be covered under another group health plan.

For individuals who reach the maximum period of COBRA coverage, a notice must be provided 15 to 45 days before the expiration of premium assistance. The notice must prominently identify the expiration date. To help employers comply with the requirement, the DOL must produce model notices to communicate the expiration of premium assistance 45 days following ARPA’s enactment.

If, during the period of COBRA coverage, individuals receiving the subsidy become eligible for coverage under another health plan, they must notify the plan that they are no longer eligible for premium assistance. Failure to notify the plan will result in a $250 penalty. If an individual intentionally fails to notify the plan, the penalty could be up to 110 percent of the premium assistance amount. The penalty does not apply if there is a reasonable cause for the failure to notify.

Tax Provisions for Premium Assistance

The premium assistance amount will not be included in the individual’s gross income for federal tax purposes.

Defined Benefit Plan Relief

ARPA’s retirement-related provisions are designed to provide relief to single-employer and multiemployer defined benefit (DB) plans. Following is a high-level summary of these provisions.

Amortization Relief for Single-Employer DB Plans

ARPA treat a single-employer DB plan as having no funding shortfall bases, and no shortfall installments from the bases, in prior years and spreads out funding shortfall installments to 15 years. These changes have the effect of reducing an employer’s minimum required contributions.

Extension of Pension Funding Stabilization Percentages for Single-Employer DB Plans

The three segment rates used for the applicable interest rates are provided with minimum and maximum percentages, effectively stabilizing the rates to be applied in future years. ARPA provides funding relief in a time of lower interest rates by setting the minimum percentage at a five percent “floor.” A plan can elect not to have this provision apply in plan years before 2022.

Multiemployer DB Plan Relief

ARPA provides relief for certain underfunded multiemployer plans for 2020 and 2021 plan years—including retention of the preceding plan year’s plan status (endangered, critical, etc.), extension of the plan’s funding improvement period or rehabilitation period (whichever is applicable) by five years, and use of a 30-year amortization base when amortizing investment losses.

Special Assistance Program for Multiemployer Plans at the Pension Benefit Guaranty Corporation (PBGC)

A special fund will be created for struggling multiemployer plans that are most vulnerable. The fund will provide financial assistance in the form of a lump-sum payment sufficient to provide benefits through 2051. Plans receiving this assistance must comply with additional conditions, including reinstating previously suspended benefits. For plan years beginning after December 31, 2030, multiemployer plan premiums to the PBGC will increase to $52 per participant.

Community Newspaper DB Plans

Certain community newspapers with DB plans can elect to take advantage of more favorable interest rates and amortization periods. They can also avoid some at-risk DB plan requirements.

Next Steps

Employers with defined benefit plans should start reviewing the new rules so they can take full advantage of the relief provided by the American Rescue Plan Act. Single-employer DB plans may want to consider whether to opt into or out of the relief. The stabilization percentages will automatically apply for 2020 if employers don’t opt out.

Employers with health plans should

  • work with COBRA service providers (if applicable) to meet the new COBRA notification requirements,
  • understand how premium amounts are reimbursed through the payroll tax credit process, and
  • coordinate with payroll providers and tax professionals to help ensure proper documentation and tax payments.

Ascensus will closely monitor all future ARPA-related guidance. Visit for the latest updates.


Click here for a printable version of this issue of the Washington Pulse.