The IRS recently released updated limits for retirement plans. Our summary of those limits (along with the limits from the last few years) is below.
|Type of Limitation||2017||2016||2015||2014|
|Elective Deferrals (401(k), 403(b), 457(b)(2) and 457(c)(1))||$18,000||$18,000||$18,000||$17,500|
|Section 414(v) Catch-Up Deferrals to 401(k), 403(b), 457(b), or SARSEP Plans (457(b)(3) and 402(g) provide separate catch-up rules to be considered as appropriate)||$6,000||$6,000||$6,000||$5,500|
|SIMPLE 401(k) or regular SIMPLE plans, Catch-Up Deferrals||$3,000||$3,000||$3,000||$2,500|
|415 limit for Defined Benefit Plans||$215,000||$210,000||$210,000||$210,000|
|415 limit for Defined Contribution Plans||$54,000||$53,000||$53,000||$52,000|
|Annual Compensation Limit||$270,000||$265,000||$265,000||$260,000|
|Annual Compensation Limit for Grandfathered Participants in Governmental Plans Which Followed 401(a)(17) Limits (With Indexing) on July 1, 1993||$400,000||$395,000||$395,000||$385,000|
|Highly Compensated Employee 414(q)(1)(B)||$120,000||$120,000||$120,000||$115,000|
|Key employee in top heavy plan (officer)||$175,000||$170,000||$170,000||$170,000|
|SIMPLE Salary Deferral||$12,500||$12,500||$12,500||$12,000|
|Tax Credit ESOP Maximum balance||$1,080,000||$1,070,000||$1,070,000||$1,050,000|
|Amount for Lengthening of 5-Year ESOP Period||$215,000||$210,000||$210,000||$210,000|
|Taxable Wage Base||$127,200||$118,500||$118,500||$117,000|
|FICA Tax for employees and employers||7.65%||7.65%||7.65%||7.65%|
|Social Security Tax for employees||6.2%||6.2%||6.2%||6.2%|
|Social Security Tax for employers||6.2%||6.2%||6.2%||6.2%|
|Medicare Tax for employers and employees||1.45%||1.45%||1.45%||1.45%|
|Additional Medicare Tax*||.9% of comp >$200,000||.9% of comp >$200,000||.9% of comp > $200,000||.9% of comp > $200,000|
*For taxable years beginning after 12/31/12, an employer must withhold Additional Medicare Tax on wages or compensation paid to an employee in excess of $200,000 in a calendar year for single/head of household filing status ($250,000 for married filing jointly).
You might recall that the Department of Labor (DOL) took the position earlier this year that it had to protect individual retirement accounts and annuities as well as IRA owners by extending certain ERISA protections to them. In its promulgation of the amended investment advice regulation (otherwise known as the fiduciary rule) and the related prohibited transaction exemptions, it extended its reach deep into parts of the individual retirement plan structure where it had not ventured before. (Its authority to do so is presently the subject of numerous lawsuits.) It did so contending that public policy requires it to protect the IRAs and IRA owners from its perceived conflicts of interest emanating from the investment advisory and sales arms of financial services organizations.
Now, the DOL has done an about face, seemingly in furtherance of a different public policy goal. The policy this time is to enhance savings opportunities for American workers who do not have access to ERISA-protected employer-sponsored qualified retirement plans. By creating a “safe harbor” that allows states to mandate payroll deduction IRAs for these workers, the DOL fails to provide the protections afforded by ERISA to participants in these State-sponsored IRA plans (other than, presumably, the investment advice rule). The irony (and intellectual inconsistency) is patent: IRAs are important enough to be caught within the ambit of ERISA’s fiduciary rule, but large state plans using IRAs can otherwise avoid the myriad of other ERISA protections.
The safe harbor addresses a state law creating an automatic enrollment IRA program with these requirements:
- The program is established and maintained pursuant to state law.
- The program requires employer participation in the automatic enrollment arrangement.
- The program is implemented and administered by the State.
- The State is responsible for investing the employee savings and it is the State that selects the investment options for participant direction. (Unlike its ERISA control, the DOL apparently recognizes that it cannot control what the States do to implement, control, and monitor this requirement.)
- The State is responsible for securing payroll deductions and savings (although the State need not be a guarantor of them).
- The State adopts processes to ensure that employees receive notice of their rights under the program.
- The State must create a mechanism to enforce the rights of employees.
- Employees may opt out at any time.
- All employee rights are enforceable the employee, a beneficiary or the State.
- The employer’s involvement is limited to ministerial acts: (i) collecting contributions through payroll deduction, (ii) providing notices and maintaining records regarding collections and remittances, (iii) providing information to the State as needed to assist operation of the program, and (iv) distributing program information to the employees.
- The employer cannot contribute or provide savings incentives.
- The employer has no discretion, authority or control.
- The employer is only paid its approximate reasonable costs.
In “stretching” the definition of fiduciary under ERISA to cover IRAs, the DOL took the position that times have changed and that the marketplace for retirement savings (particularly IRA savings) and investment is very different today than it was when the original regulation (29 CFR § 2510.3-21(c)) was adopted in 1975. However, in creating a safe harbor for State-sponsored IRAs, the DOL relies on another 1975 regulation (29 CFR § 2510.3-2(d)) that apparently is not affected by any change in the retirement marketplace and does not need modification to cause certain IRA structures to gain other ERISA protections.
State-sponsored IRAs are arguably not established or maintained by an employer. But the safe harbor does mandate employer participation, and employers are in a position to control employee deferrals. Were the plan an ERISA plan, employee deferrals used for prohibited purposes would invoke the prohibited transaction protections of ERISA that the DOL relies on so heavily in imposing the investment advice regulation. Recognizing that this mandate might be interpreted to cause an employer either to establish or maintain the State’s auto-IRA arrangement and therefore making it subject to ERISA , the safe harbor tries to avoid this by applying the four non-ERISA plan requirements under the 1975 regulation: (i) no employer contributions, (ii) voluntary employee participation, (iii) without endorsement, collect payroll deduction contributions and remit them, and (iv) the employer receives no compensation other than the reasonable cost for servicing the arrangement.
After the 1975 regulation exempting the type of IRA described above, the courts weighed in. One might contend that the DOL has seen fit to bring a traditional IRA into the ERISA arena under the investment advice regulation even though it is not established or maintained by an employer while exempting a new form of IRA structure from ERISA (except for the investment advice regulation, of course) that may violate well-settled case law.
In Donovan v. Dillingham, 688 F. 2d 1367 (2nd Cir. 1982), the court identified the four factors that give rise to an ERISA plan: “a plan, fund or program [established or maintained by an employer] under ERISA implies the existence of intended benefits, intended beneficiaries, a source of financing, and a procedure to apply for and collect benefits.” Five years later, in Fort Halifax Packing Co. v. Coyne, 482 U.S. 1 (1987), the Supreme Court added a fifth factor: “ongoing plan administration” such as determining eligibility for benefits, calculating benefit amounts and monitoring plan funding. A State –sponsored IRA program as described in the safe harbor meets the four Dillingham requirements and in many cases will meet the fifth Fort Halifax requirement. However, isn’t a State-sponsored arrangement a plan, fund or program established or maintained by an employer where that employer is mandatorily obligated to participate in the program? Regardless, that begs the question: shouldn’t the IRA accounts in State-sponsored auto-enrollment IRAs get ERISA protections if IRAs generally (including, presumably, those that are part of the State-sponsored programs) are important enough to be subject to the investment advice regulation? Is it good policy to eschew ERISA to enhance employee savings opportunities?
It would appear that the DOL is conflicted by its policy considerations: Protect traditional IRAs and IRA owners by imposing ERISA investment advice rules on them while at the same time enhancing employee retirement savings without the other protections.
HHS recently posted guidance on its website addressing HIPAA’s approach to cloud computing. Basically, any time a cloud service provider has electronic protected health information (ePHI), it’s a business associate. This is true even if the cloud provider only stores encrypted ePHI and even if the cloud provider does not have the encryption key (and therefore, in theory, could not access the data). This means that both health plans and their business associates who use outsourced cloud computing services must have business associate agreements with those services.
At first blush, this might seem like it doesn’t directly touch the health plan, but cloud computing can take many forms. For example, if your company has an off-site data server that is managed by a third party and ePHI is stored on that server, a business associate agreement with that third party is probably necessary. Even if all you do is use something like Google Docs, OneNote, Evernote, or Dropbox for storage, that could be considered cloud computing subject to these rules. Therefore, the sweep is broad and employees working on health plan matters would be well advised to consult with the plan’s Security Officer and their IT departments about this guidance. HHS’s position is that it is a HIPAA violation if ePHI is shared with a cloud provider and there’s no business associate agreement in place.
The HHS guidance provides some points to consider in contracting with cloud providers. Some of those points will likely be addressed in a general service agreement between the company and the provider. In addition, this one page summary from Bryan Cave’s data privacy team has some additional general thoughts on issues to consider when contracting with cloud providers.
In response to this information, employees charged with health plan matters should consider the following steps:
- Evaluate with your IT department and HIPAA Security Officer whether you use any cloud service providers.
- Review the HHS guidance with the relevant IT personnel.
- Determine whether ePHI is created, received, maintained, or transmitted by the cloud service provider or if it is possible to avoid having ePHI handled by the cloud service provider.
- Determine whether a business associate agreement is in place with the cloud service provider (and if not, get one as soon as possible). In negotiating that agreement, consider what data protections you may need or want to include.
- Include an evaluation of the cloud service provider in your HIPAA risk assessment.
With the looming end of the determination letter program as we know it, the IRS has issued an updated Revenue Procedure for the Employee Plans Compliance Resolutions System (EPCRS). Released on September 29, 2016, Rev. Proc. 2016-51 updates the EPCRS procedures, replaces Rev. Proc. 2013-12 and integrates the changes provided in Rev. Proc. 2015-27 and Rev. Proc. 2015-28. The updated revenue procedure is effective January 1, 2017 and its provisions cannot be used until that date. Rev. Proc. 2013-12, as modified by Rev. Proc. 2015-27 and Rev. Proc. 2015-28, should be used for any corrections under the EPCRS for the remainder of 2016. Highlights from the new revenue procedure are outlined below.
- Determination Letter Applications. Determination letter applications are no longer required to be submitted as part of corrections that include plan amendments. The new revenue procedure also clarifies that any compliance statement for a correction through plan amendment will not constitute a determination that the plan amendment satisfies the qualification requirements.
- Favorable Letter Requirements. A qualified individually designed plan submitted under the Self Correction Program (SCP) will still satisfy the Favorable Letter requirement when correcting significant failures even if its determination letter is out of date.
- Fees. The Voluntary Correction Program (VCP) fees are now user fees. Effective January 1, 2017 a plan sponsor must refer to the annual Employee Plans user fees revenue procedure to determine the applicable VCP user fees.
- Model Forms. The model forms for a VCP submission (Forms 14568-A through 14568-I) can now be found on the IRS website.
- Audit CAP Sanctions. The method used to determine Audit Closing Agreement Program (Audit CAP) sanctions has been revised. Sanctions will no longer be a negotiated percentage of the Maximum Payment Amount (MPA), but will be determined by the IRS on a “facts and circumstances” basis. The MPA will be one factor used to determine a sanction. Generally, sanctions will not be less than VCP fees.
- Refunds. The IRS will no longer refund half of the user fee if there is disagreement over a proposed correction in an Anonymous Submission.
- The provisions of Rev. Proc. 2015-27, which clarify the methods that may be used to correct overpayment failures, modify the SCP for Code Section 415(c) failures to extend eligibility to certain plans with repeated corrections of excess annual additions so long as elective deferrals are returned to affected employees within 9½ months after the end of the plan’s limitation year, and lower the fees for certain VCP submissions, have been incorporated.
- The provisions of Rev. Proc. 2015-28, which modify EPCRS by adding safe harbor correction methods for employee elective deferral failures in both 401(k) and 403(b) plans, have also been incorporated into Rev. Proc. 2016-51.
For many years, the PBGC has been helping reunite missing participants with their benefits under single-employer defined benefit plans. Now, a new PBGC proposed rule may open up the program to missing participants under other terminated plans.
Under this proposed rule, terminated defined contributions plans may choose to transfer benefits of missing participants to the PBGC or to establish an IRA to receive the transfer and send information to the PBGC about the IRA provider. The PBGC will attempt to locate the missing participants and add them to a searchable database. The PBGC notes that once the program is established, it may issue guidance making the reporting requirement mandatory for defined contribution plans as authorized under section 4050 of ERISA.
The PBGC will accept the transfer of accounts of any size. If a plan sponsor chooses to transfer accounts to the PBGC, it must transfer the accounts of all missing participants. There will be no fee for transfers of $250 or less. For transfers above that amount, a one-time flat fee will apply which the PBGC indicates will not exceed its costs associated with the program. Initially, the fee has been set at $35.
This newly-proposed voluntary program for defined contribution plans has certain limitations. For instance, it would only be available to locate missing participants upon plan termination. It would not be available to locate missing participants for ongoing plans. For example, the program would not be available to find missing participants in connection with a plan correction under EPCRS. In addition, although the program would be available to many types of single-employer and multiemployer defined contribution plans, including abandoned plans, it would not be available to governmental plans and church plans.
The proposed rule also establishes a similar voluntary program for terminated professional service defined benefit plans with 25 or fewer participants and a mandatory program for terminated multiemployer plans covered by title IV of ERISA, similar to the existing program for single-employer defined benefit plans.
Finally, the proposed rule contains numerous changes to the existing rules. Most notable for defined contribution plans, the proposed rule modifies the criteria for being “missing” to include distributees of defined contribution plans who fail to elect a form or manner of distribution although their whereabouts are known. The PBGC notes that this change is consistent with existing DOL regulations which currently treat such individuals similarly to individuals who cannot be found for purposes of the safe harbor for terminated defined contribution plans. For terminating defined benefit plans, it would include distributees subject to mandatory “cash-out” who do not return an election form. According to the PBGC, it can be difficult to find the benefits of non-responsive distributees after they have been transferred to IRAs. It hopes to address this problem by bringing non-responsive distributees “into the PBGC fold” with its centralized governmental repository and pension search capability. Defined benefit plan distributees whose benefits are not subject to a mandatory cash-out provision would only be considered missing if the plan did not know their whereabouts. In making this distinction, the PBGC indicates that individuals with benefits that are not subject to cashout enjoy rights and features not available to those whose benefits may be cashed out and, absent an election, their benefits will be annuitized, preserving those rights and features. In addition, for title IV plans the identity of the insurer issuing the annuity must be provided to the PBGC if their whereabouts are unknown.
Other changes include more detailed requirements for diligent searches for defined benefit plans similar to those already required of defined contribution plans by DOL guidance, simplification of the existing rules and assumptions used for valuing benefits to be transferred to the PBGC, and changes in the defined benefit plan rules for paying benefits to missing participants and their beneficiaries.
The new rule is generally proposed to be effective for plan termination dates after calendar 2017. In addition to the proposed rule, the PBGC has issued a set of FAQs as well as draft forms with instructions for each of the proposed programs. Additional information can be found on the PBGC website here.
While the litigation over wellness programs rages on, the EEOC is still marching forward with the implementation of its wellness rules that we wrote about previously. As most people in the wellness space are aware, the EEOC’s rules under ADA and GINA do not align completely with the HIPAA wellness rules, particularly on the issue of the amount of the incentive. The ADA and GINA rules apply to all wellness programs, whether participation-only or health contingent, and generally limit the incentive that is available to 30% of the cost of self-only coverage.
One open question under the ADA and GINA rules was how to calculate the incentive when an employer offers multiple tiers of coverage (e.g. Gold, Silver, Bronze) under a health plan. The ADA and GINA rules address the calculation of the incentive when there are multiple group health plans, but not multiple tiers. When an employer offers multiple group health plans, and an employee is eligible for a wellness program as long as he or she is enrolled in any one of them, then the maximum incentive is 30% of the lowest cost self-only option among the plans.
In a recently released informal discussion letter, the EEOC addressed how these rules apply to a single group health plan with multiple tiers where an employee enrolled in any tier can participate in the same wellness plan. Not surprisingly, the same rules used for multiple group health plans apply. In other words, the incentive is limited to 30% of the lowest cost self-only tier of coverage. (There are minor language differences between the ADA and GINA regulations in this regard, but the EEOC says they are “legally inconsequential.”). This means that if a company offers Gold, Silver, and Bronze tiers, for example, and employees enrolled in any tier get the same wellness plan, the reward is limited to 30% of the self-only Bronze premium.
While not a watershed piece of guidance, this clarification at least lets employers know what the rules of the road are. Because the letter is informal, it is not necessarily binding on the EEOC, but given the restrictive nature of the guidance, it seems unlikely the EEOC would take a different position in court or an investigation. If you have comments about this piece of EEOC guidance, or the wellness program rules in general, feel free to leave them in the comment section on this post.