Retirement Plan Industry Update – Q4 2019
January 22, 2020
Written by Dave Westra, Partner, CFP®, AIF®, CPFA and John Brimhall, Client Advisor, CFA, CPA, CFP®
IRS Releases 2020 Retirement Plan Limits
SECURE Act – Update
On December 20, 2019, President Trump signed into law the Setting Every Community Up for Retirement Enhancement (SECURE) Act. The Senate and House of Representatives overwhelmingly passed the bill. This represents the most impactful retirement plan legislation since the passage of the Pension Protection Act of 2006.
The following are highlights of the SECURE Act:
- Promotes lifetime income in defined contribution plans
- Provides a fiduciary safe harbor for plan sponsors in selecting a lifetime income provider to make available as an investment option in the plan (e.g., annuities)
- Allows participants to transfer lifetime income investments to another retirement plan or individual retirement account (IRA) if the plan sponsor eliminates the investment as an option
- Requires plan sponsors to provide a lifetime income illustration, at least annually, that helps participants understand their projected monthly income based on their current account balance
- Enhances 401(k) safe harbor plan options
- Raises the automatic escalation salary deferral cap from 10% to 15%
- Provides additional time for plan sponsors to add a safe harbor feature (e.g., after the year has begun). Certain restrictions apply.
- Eliminates the annual notice requirement for plans that make a safe harbor nonelective contribution
- Prohibits 401(k) plans from excluding part-time employees who work at least 500 hours in each of the immediate three consecutive years from participating in their company’s retirement plan. Note: this change is effective 1/1/2021.
- The participation requirement only applies to salary deferral contributions.
- Allows individuals to withdraw up to $5,000 from their retirement accounts without the 10% early withdrawal penalty for expenses related to the birth or adoption of a child
- Increases the penalties for failure to file the plan’s Form 5500 by the required deadline
- Increases the starting age for required minimum distributions (RMDs) from 70½ to 72
- Eliminates “stretch IRAs” for certain beneficiaries
- Requires distributions to a designated beneficiary be made by the end of the 10th year following the year in which the IRA owner died. Previously, these could be stretched over the life of the designated beneficiary.
- There are several exceptions to this new rule, including spouses and children under the age of 18.
- Eliminates the 70½ age limit for contributing to a traditional IRA
Note: Unless otherwise noted, the SECURE Act changes discussed above are effective 1/1/2020.
(NAPA Net Staff, 2019)
Managing Cybersecurity Risks in Retirement Plans
In order to clarify whether managing cybersecurity risk is a fiduciary function, the ERISA Advisory Council has asked the Department of Labor to issue guidance.
Because retirement plan sponsors want to know that their service providers are taking steps to protect participant data and assets, the SPARK Institute recently developed a framework to evaluate and compare service providers’ cybersecurity controls. The framework includes 16 critical data security control objectives, including access control, encryption, and cloud security. One of the objectives of offering the SPARK framework is to provide plan sponsors with a manageable way to benchmark and compare different service providers on a consistent basis.
Regardless of whether managing cybersecurity is a fiduciary function, Andy Adams and Jay Schmitt, principals at Strategic Benefits Advisors, recently said, “the onus of safeguarding plan participants from fraud, no matter its source, does not fall solely on the recordkeeper. Both DC plan sponsors and recordkeepers need to agree on fraud-resistant processes that are clearly documented, rigorously implemented, and consistently followed.”
The following is a summary of best practices that Adams and Schmitt suggest plan sponsors implement:
- Consult with your insurance provider about a cyber insurance policy. These policies can include access to cyber breach response experts and credit monitoring services.
- Conduct initial and ongoing background checks on anyone in your organization with access to retirement plan accounts and participant data.
- Ensure your service providers have processes and audit trails that document every transaction in the recordkeeping system, including mailing address changes and distribution requests.
- Require service providers to document how they will respond to a cybersecurity breach, including acknowledgement of their liability in the event of a breach.
- Require service providers to encrypt data for transmittal purposes and destroy data that is no longer needed.
- Utilize two-factor or multi-factor authentication.
- Understand your service providers’ cybersecurity guarantees.
- Encourage your employees to register their accounts online and use a strong, complex password.
IRS (November 6, 2019). 4019(k) Contribution Limit Increases To $19,500 for 2020; Catch-up Limit Rises To $6,500. Retrieved on January 13, 2020 from https://www.irs.gov/newsroom/401k-contribution-limit-increases-to-19500-for-2020-catch-up-limit-rises-to-6500
NAPA Net Staff (December 17, 2019). Key SECURE Act Provisions and Effective Dates. Retrieved January 13, 2020 from https://www.napa-net.org/news-info/daily-news/key-secure-act-provisions-and-effective-dates
Moore, Rebecca (December 23, 2019). A Background on Retirement Plan Cyber Crimes and How to MitigateThem. Retrieved January 13, 2020 from https://www.plansponsor.com/background-retirement-plan-cybersecurity-avoid/
 The 15-member ERISA Advisory Council provides advice on policies and regulations affecting employee benefit plans governed by the Employee Retirement Income Security Act of 1974 (ERISA). By law, members of the council serve for staggered three-year terms. Three members represent employee organizations (at least one of which's members are participants in a multiemployer plan). Three members represent employers (at least one of whom represents employers maintaining or contributing to multiemployer plans). Three members represent the general public. There is one representative each from the fields of insurance, corporate trust, actuarial counseling, investment counseling, investment management, and accounting. Source: DOL
Share This Blog