How confident are you that your company’s retirement plans are being run in accordance with all legal requirements under the Employee Retirement Income Security Act (ERISA) and the Internal Revenue Code (IRC)? Are you comfortable with the integrity of the annual representations made to your plan auditor that key benefit-plan controls are in place to make sure that your retirement plans are operated pursuant to their terms and applicable law? This Alert addresses what questions you should be asking when attempting to potentially minimize monetary sanctions, serious consequences to your employees, and personal liability for company officials who are ERISA-plan fiduciaries responsible for the investment of plan assets and plan administration that can stem from an IRS or DOL Plan audit.

Unprecedented Levels of Potential Liability for Compliance Failures in 401(k) and Other Retirement Plans

According to the 2016 Willis Towers Watson Retirement Plan Governance Survey, one out of three employers (and half of large employers with at least 25,000 employees) have had a retirement plan audited by the Internal Revenue Service (IRS) or Department of Labor (DOL) in the prior two years (2014-2015). As a result, regulatory compliance is seen as a top-three risk for employers, with more than half conducting an operational compliance review in the surveyed time period. This level of audit activity and employer interest in conducting compliance reviews continues to the present day. The IRS has also stepped up its audit activity of 403(b) plans sponsored by universities, hospitals, and other not-for-profit organizations. Private equity funds may also be held responsible for the retirement-plan obligations of its portfolio companies.

1. The IRS audits retirement plans to determine if the operation of a plan satisfies the IRC’s tax qualification requirements. If the plan fails any of the requirements, the IRS requires that the failure be corrected. For example, the IRS audits a plan and finds that the plan document provides for a 5 percent company-matching contribution, but the company only paid a 3 percent matching contribution. The company would be required to pay the additional 2 percent matching contribution plus earnings from the date the failure first occurred until it is corrected plus the legal and administrative expenses incurred in making the correction. Other common compliance failures may include:

• Failure to follow plan document provisions;

• Not performing “Lost Participant” searches on vested terminated employees;

• Incorrect calculation of plan compensation;

• Late enrollment or enrollment of incorrect population;

• Changes to deferral contributions not updated in payroll on a timely basis; and

• Improper administration of plan loans.

The cost of correcting these and other compliance failures can be significant. In addition to the cost of correcting the failure, the IRS may impose monetary sanctions on the company. Initial sanctions are based on the taxation of participant benefits and trust earnings, and the loss of the employer contribution deduction if the plan were disqualified by IRS. Sanctions may be imposed by the IRS on audit even if failures are unintentional discrepancies.

2. The DOL is currently auditing retirement plans under its Fiduciary and Plan Expense Audit Initiative. This program looks closely at the actions of the plan’s fiduciaries and whether expenses paid by the plan are proper. The DOL also targets 401(k) plans to determine if 401(k) deferrals withheld from employees’ pay are being paid to the trust in a timely manner (as soon as possible but usually not more than two or three days after withholding). If your company fails to meet the DOL guidelines regarding these deferrals, the company will be subject to excise taxes and other penalties. And, failure to meet ERISA’s fiduciary standards may lead to penalties and participant litigation.

3. A retirement plan with 100 or more participants must undergo an annual financial audit in which plan fiduciaries must certify to the auditor that certain internal control procedures are in place with respect to the benefits provided by the plan. Misrepresenting information in response to audit inquiries may result in fraudulent financial reporting and/or financial statement violation sanctions. This could occur in the case of a certified financial statement of a plan where a management representation letter to the auditor requires the company to represent that the plan is operated pursuant to its terms and applicable law. This representation appears as a footnote in virtually every plan’s financial statement and is likely to be inaccurate in the absence of the establishment and regular review of internal control procedures that enable the plan sponsor to identify errors in the administration of plan provisions and legal requirements.

Minimizing the Likelihood of Liability for Compliance Failures in Retirement Plans

1. Regular reviews of retirement plans operations. Ascertaining whether the plan document is up-to-date with all legal requirements and that the terms of the document are consistent with the actual operation of the plan may help ensure compliance. An operational review typically consists of reviewing the plan document for compliance with legal requirements, interviewing company personnel and plan service providers responsible for administration of the plan, documenting procedures, and “sampling” participant records to determine how the plan was actually operated. A thorough review allows a company to then correct any plan document or operational failures that are identified as a result of the review process and document the correction and obtain any required compliance statement. The operational review may help to mitigate audit and litigation risk and improve the operational performance of the plan. In this regard, plan sponsors may wish to consider retaining independent counsel to assess compliance status and make necessary adjustments on a privileged, confidential basis.

2. Evaluating the plan’s internal control procedures. Companies may wish to review and evaluate the plan’s internal control procedures and document those procedures, i.e., develop or update the plan administrative manual.

3. Insurance coverage for an IRS audit. Insurance coverage is available for companies that complete an annual operational review and correct any plan document or operational failures that are discovered. Insurance will cover the cost of any monetary sanctions imposed as a result of an IRS audit. Importantly, insurance covers the cost of correcting a failure that is required by an IRS audit. In the example above, the insurance would cover the company’s additional 2 percent matching contribution, earnings on the additional matching contribution, administrative costs related to the correction, and any monetary sanctions up to the coverage limit. Also, insurance would cover the cost of correcting the common compliance failures listed above.