October 31, 2017

Written by Dave Westra, Partner, CFP®, AIF®, CPFA and John Brimhall, Senior Client Associate, CFA, CPA, CFP®

Health Savings Accounts (HSAs) May Become the Next Retirement Savings Plan

High-deductible health plans (HDHPs) and HSAs provide a unique opportunity to save for retirement and other long-term goals.

Unlike traditional retirement savings plans, HSAs provide a triple tax advantage:

  • Contributions are pre-tax.
  • Investment growth is tax-deferred.
  • Qualified withdrawals are tax-free.

How? To benefit, individuals should treat their HSAs as long-term investment vehicles by making regular contributions up to the annual limit and, if possible, paying for current medical expenses out of pocket.

Why? To qualify for the triple tax benefit, HSA withdrawals must be used for qualified medical expenses such as doctor visits, medication, and other expenses that can be deducted on one’s tax return. Individuals can utilize their HSA to pay for current medical expenses or to reimburse themselves for prior medical expenses that were paid out of pocket. HSA funds can also offset Medicare premiums or be used to purchase long-term care insurance.

HSA Compared to Traditional Retirement Savings Plans

(Vanguard, 2017)

What Recordkeepers Say About Cybersecurity and How to Be Prepared

In response to the current recordkeeper reporting of cybersecurity capabilities, the SPARK Institute formed the Data Security Oversight Board (DSOB); it is comprised of both recordkeepers and retirement plan consultants. As a result of their collaboration, the SPARK organization standardized how security capabilities should be reported so that plan sponsors have a uniform way to compare vendors.

When a recordkeeper uses SPARK’s best practices to describe their overall data security capabilities, it MUST:

  • Use the 16 identified critical data security control objectives, defined by the DSOB (for a complete summary of the 16 control objectives, contact a member of your MRA Team).
  • Engage an independent third-party auditor to opine on its data security controls. The auditor must include a detailed report showing identified controls mapped to one of the 16 control objectives.

(Godbout, 2017)

Five Best Cybersecurity Practices to Consider

  1. Optimize password management
    • Remember RULE: random, unique, long, and encrypted
  2. Use multifactor authentication
    • Can serve as a tool to alert users when someone might be trying to access their account(s) and an indication it’s time to change their password
  3. Use the right tools
    • Make sure all company devices are running up-to-date software and most recent security patches for new threats
  4. Create a written data security program
    • Take account of all assets and user permissions. Then identify internal and external threats and vulnerabilities of your firm’s information technology systems
  5. Strengthen your weakest link
    • Invest time in educating your employees to help them recognize phishing attempts and use email best practices

(Brown, 2017)

DOL Rule Update

The Office of Management and Budget (OMB) approved the Department of Labor’s (DOL) proposal to delay implementation of the remaining provisions in the Labor Department’s fiduciary rule for 18 months. This delay signifies that the DOL is pursuing substantial changes to the rule. Two provisions of the DOL rule, which required all financial advisers to act in the best interests of their clients in retirement accounts, were implemented in June 2017. The remaining components of the rule, including the so-called Best-Interest Contract Exemption that allows brokers to charge variable compensation for their products/services so long as they sign a legally binding agreement, are subject to the proposed delay. Following the OMB’s approval, the proposal entered a short comment period. Experts say the delay rulemaking process will likely be completed in October of 2017.

(Schoeff, 2017)

Recently, the governors of Nevada and Connecticut signed bills to expand or amplify “fiduciary” requirements for brokers. Legislators in New York, New Jersey, and Massachusetts have proposed similar bills. The states in many cases are looking to go beyond the federal rule, which administers on tax-advantaged retirement savings, and instead require that brokers uphold a fiduciary standard across all accounts. In fact, Nevada is emerging as the country’s trial case because its new rule could expand the reach of fiduciary obligations to all investment assets and not just tax-advantaged retirement plans. This regulation is still being drafted and specific details have not been released.

(Beilfuss, 2017)

Plan Administration: End of the Year Considerations

Required Minimum Distributions

 Upon reaching age 70½, certain participants of a tax-qualified retirement plan may be required by federal tax law to withdraw a minimum amount from the plan each year. These mandatory distributions are known as “required minimum distributions” (RMDs). Depending on the terms of the specific retirement plan, RMDs must begin by April 1st of the year following the later of:

  • the year a participant turns 70½; or
  • the year a participant retires, provided he/she is not a 5% or greater owner of the business. For the years after the initial RMD is made, the requisite RMD amount must be withdrawn by December 31st of each year.

If the amount is not withdrawn by the applicable deadline or is withdrawn in less than the full required amount, the amount not withdrawn is subject to a 50% excise tax. The RMD is calculated by dividing the value of the retirement account of the affected individual as of December 31st of the immediately preceding calendar year by a life expectancy factor prescribed by certain IRS Tables.

(Warner, 2017)


 It is a best practice to utilize forfeiture amounts in the year that they are realized.

When a plan participant terminates employment prior to becoming fully vested in the employer contributions (i.e., match, profit sharing), the unvested portion is forfeited and remitted back to the plan. The plan document will contain provisions as to how and when the forfeiture account should be used.

Generally, forfeitures CAN be used to:

  • Pay a plan’s reasonable administrative expenses
  • Reduce employer contributions
  • Provide an additional allocation to participants

(Fidelity Investments Institutional Operations Company Inc., 2017)




Works Cited

Vanguard Research. (2017). Financial Planning Perspectives, HSAs: An off-label prescription for retirement saving. Pennsylvania, DC: Kahler, J.R., Clarke, A., Bruno, M.A.

Brown, B. (2017, September 28). 5 Cybersecurity Best Practices. Retrieved October 13, 2017 from http://www.morningstar.com/advisor/t/120592842/5-cybersecurity-best-practices.htm

Godbout, T. (2017, October 2). SPARK Initiates Best Practices for Reporting Cybersecurity Capabilities. Retrieved October 13, 2017 from https://www.asppa.org/News/Article/ArticleID/9125

Schoeff, M. (2017, August 29). OMB approves proposal for 18-month delay of DOL fiduciary rule’s second phase. Retrieved October 13, 2017 from http://www.investmentnews.com/article/20170829/FREE/170829929/omb-approves-proposal-for-18-month-delay-of-dol-fiduciary-rules

Beilfuss, L. (2017, September 12). States to Trump: Leave Retirement Rule Intact or We’ll Act. Retrieved October 16, 2017 from https://www.wsj.com/articles/states-to-trump-leave-retirement-rule-intact-or-well-act-1505208600

Learn more about the timely use of plan forfeitures. (2017, October 16). Retrieved from https://sponsor.fidelity.com/pspublic/pca/psw/public/library/manageplans/learn_planforfeit.html

Warner, S. (2017, October 3). Required Minimum Distributions. Retrieved October 16, 2017 from http://www.legacyrsllc.com/required-minimum-distributions-3/