Retirement Planning is a Team Sport

Beyond the sponsorship and ultimate oversight of the plan, the following are key roles which are vital to a well-run plan.

Third Party Administrator (TPA) - Not to be confused with the named Plan Administrator, the TPA plays a critical role in the maintenance of the plan and the coordination of the team. The TPA is typically the "go-to" resource for HR personnel for questions regarding the day-to-day operation of the plan and the coordinator among other service providers in the plan's ecosystem. More than reliable customer service, TPAs are trained professionals that provide technical expertise to ensure the plan complies with current regulations governing retirement plans. ERISA, DOL regulations, and case law are complex and frequently change. Compliance is daunting, and penalties and back taxes can be significant. So, it is important that a dedicated TPA is engaged. Common duties include:

• Providing guidance on plan design.
• Preparing and maintaining legal plan documents.
• Performing compliance testing.
• Preparing annual valuations and benefit statements.
• Completing and filing all forms with the government.
• Performing non-discrimination testing.

Financial Advisor - An equally important counterpart to the TPA role is the plan's financial advisor. In tandem with the TPA, advisors help Plan Sponsors decide the goals for the retirement plan. These goals are then translated, with the TPA, into a plan design and ultimately a written plan document that guides the operations of the plan from year to year. The financial advisor also helps the Plan Sponsor select and monitor the investments in the retirement plan. In a 401(k) plan, where participants may direct their account balances, the advisor will assist the Plan Sponsor in selecting a recordkeeping platform and a line-up of investment options from which the plan's participants will choose. The advisor may also:

• Oversee investment meetings.
• Act as a guide and educator to the plan's participants through the initial enrollment process and subsequent enrollment meetings.
• Act as a co-fiduciary to the plan.

Recordkeeper/Custodian - The recordkeeping platform in a participant directed 401(k) plan keeps track of the participant's investment selections and account balances. The plan's custodian holds the plan's assets and handles buying and selling of investments for contributions, investment exchanges, and distributions. These services can be provided as a bundle or independently offered.

Other important members of the team:

• Payroll Providers - Payroll providers play a key role in 401(k) plans by recording participant salary deferral percentages and calculating the deductions and appropriate taxes on the contributions to the plan.
• Plan Auditor - For plans over 100 participants, a financial statement audit is performed by a certified public accountant.
• Retirement Plan Fiduciary - Though not a requirement, many advisors have migrated to taking on a fiduciary role in retirement plans by acting in a 3(21) or 3(38) capacity.
• ERISA Attorney - Many Plan Sponsors and TPAs may need the assistance of an ERISA attorney in certain areas of retirement plan administration such as QDROs, voluntary compliance programs, or in the event of a legal action against the plan.
• 3(16) Fiduciary - A Plan Sponsor may hire a firm to fill the role of the Plan Administrator as stated in the plan document.

As with most things in life, there is no perfect answer that fits everyone in every situation. Many of the services mentioned in this article can be linked together and offered in "bundles." On the surface, this may seem the easier route, but bundled does not give the Plan Sponsor the ability to evaluate each component on its own, so many trade-offs in services and expertise may occur.

An unbundled approach strives to offer the Plan Sponsor a more a la carte approach to the services they use to design their plan. With a good TPA and advisor relationship, the Plan Sponsor can be easily guided through the selection process by relying on the experience of these professionals. Many believe this approach ultimately ends up with the design and structure that works best for their employees. Be aware that, though cheaper fees and overall costs may be offered through bundled providers, it is possible that recordkeeping or compliance costs are being offset in other areas like investment management fees.

Ultimately, the Plan Administrator and Plan Sponsor must ensure that the service providers are fulfilling their duties. By relying on a close relationship with their TPA and Financial Advisor, Plan Sponsors can feel confident that they are creating a plan that will serve the retirement needs of their employees and steer clear of any issues with governing entities. ■

So, you've sold your business and now you're asking the question "What happens to the retirement plan?" You are not alone. In the world of mergers and acquisitions, it is not uncommon for retirement plans to be overlooked in the process. The options available depend upon the type of transaction taking place and the timing, that is — has the transaction already occurred, or is it set for a prospective date? The transaction that takes place is typically classified under one of two categories, an asset sale or a stock sale. We will explore each of these transaction types along with the options available under each below.

In an asset sale, the assets of an entity are purchased by another company. Some examples of assets include equipment, licenses, goodwill, customer lists, and inventory. While the seller's assets have been purchased, their entity will continue to exist until properly closed down. The buyer generally does not acquire the liabilities of the seller in this scenario. This includes the retirement plan. Once the sale takes place, the seller can terminate the retirement plan and distribute all assets, or they can continue operating the plan as long as the sponsoring entity continues to exist. Employees who transition to the buyer will be considered new hires and terminated under the seller's firm. In most cases, the terminated employees will have the option to roll over their account balances to the retirement plan of the buyer. It is common for the buyer's plan to be amended, allowing for immediate eligibility for these new employees. If it is not amended, the new employees will need to satisfy the eligibility requirements defined under the buyer's plan.

In a stock sale, the buyer purchases the stock of the seller's company. The company is absorbed by the buyer, becoming part of the buyer's firm. The buyer becomes the employer and assumes all liabilities tied to the seller. This includes the retirement plan unless specifically addressed in the purchase agreement. Under this scenario, there are generally three options available with regard to the seller's retirement plan. First, the buyer could require the seller's plan be terminated prior to the effective date of the sale set forth in the purchase agreement. In this case, with the proper board resolution, the seller would be responsible for completing the termination of the plan. It is important that the termination process set forth by the IRS be followed in order to avoid violating successor plan rules.

Another option is to maintain both plans. As long as both plans satisfy coverage rules immediately before the transaction and there are no significant changes in the terms or coverage of the plan, the sponsor may rely on the transition rule where coverage requirements are considered satisfied. This means the plans can be separately maintained through the end of the transition period. This period runs through the end of the year following the year in which the transaction took place. After the transition period has expired, if the sponsor continues to maintain both plans, they must be tested together.

The third option available is to merge the plans. This is typically the option most plan sponsors choose. In this case, the seller's plan is usually merged into the plan of the buyer. This is accomplished through a resolution and amendment to the surviving plan. It is important the seller's plan be reviewed for any protected benefits. These benefits, such as vesting and certain distributable events, cannot be eliminated. It is also important to note that with the merging of the two plans, the surviving plan inherits any compliance issues or failures that exist. The buyer should complete their due diligence with regard to review of the seller's plan before going this route. Any deficiencies will need to be addressed and corrected accordingly. This review and the subsequent documentation will prove beneficial should the seller's plan be selected for audit, as the IRS can audit a plan up to three years from the date the final Form 5500 was filed.

While every transaction is unique, some advance planning with regard to retirement plans can save you from quite a few headaches down the road. Take the time to consult with your advisors, including your CPA, attorney, etc., when considering buying or selling a business. As a buyer, if you don't, you could suddenly find you are the proud sponsor of a retirement plan! ■

On April 14, 2021, the DOL's Employee Benefits Security Administration (EBSA) issued long-awaited guidance designed to protect participants from both internal and external cybersecurity threats. The guidance is far-reaching and is directed at plan sponsors, plan fiduciaries, recordkeepers, and plan participants. This is the first time the DOL has issued guidance on cybersecurity for employee benefit plans and is a welcome step forward as it provides best practices and tips to help mitigate cybersecurity risks.

The guidance is set forth in three parts:

Tips for Hiring a Service Provider: Provides practical steps plan sponsors and fiduciaries can take when selecting retirement plan service providers.

• Ask about the service provider's information security standards, practices, and policies, as well as audit results, and compare them to the industry standards adopted by other financial institutions.
• Ask the service provider how it validates its practices, and what levels of security standards it has met and implemented. Look for contract provisions that give you the right to review audit results demonstrating compliance with the standard.
• Evaluate the service provider's track record in the industry, including public information regarding information security incidents, other litigation, and legal proceedings related to vendors' services.
• Ask whether the service provider has experienced past security breaches, what happened, and how the service provider responded.
• Find out if the service provider has any insurance policies that would cover losses caused by cybersecurity and identity theft breaches (including breaches caused by internal threats, such as misconduct by the service provider's own employees or contractors, and breaches caused by external threats, such as a third-party hijacking a plan participant's account).
• When you contract with a service provider, make sure that the contract requires ongoing compliance with cybersecurity and information security standards - and beware of contract provisions that limit the service provider's responsibility for IT security breaches. Also, try to include terms in the contract that would enhance cybersecurity protection for the Plan and its participants.

Cybersecurity Program Best Practices: Includes best practices designed to assist plan fiduciaries and recordkeepers in managing cybersecurity risks.

• Have a formal, well documented cybersecurity program.
• Conduct prudent annual risk assessments.
• Have a reliable annual third-party audit of security controls.
• Have clearly defined and assigned information security roles and responsibilities.
• Have strong access control procedures.
• Ensure that assets or data stored in the cloud or managed by a third-party service provider are subject to appropriate security reviews and independent security assessments.
• Conduct cybersecurity awareness training at least annually for all personnel and update to reflect risks identified by most recent risk assessment.
• Implement a Secure System Development Life Cycle Program (SDLC).
• Have a business resiliency program that addresses business continuity, disaster recovery, and incident response.
• Encrypt sensitive data stored and in transit.
• Have strong technical controls implementing best practices.
• Take appropriate action to respond to cybersecurity incidents and breaches.

Online Security Tips: Directed at plan participants and beneficiaries who check their retirement accounts online. It provides basic rules to reduce the risk of fraud and loss.

• Register, set up, and routinely monitor your online account.
• Use strong and unique passwords.
• Use multi-factor authentication.
• Keep personal contact information current.
• Close or delete unused accounts.
• Be wary of free Wi-Fi.
• Beware of phishing attacks.
• Use anti-virus software and keep apps and software current.
• Know how to report identity theft and cybersecurity incidents.

Additional information on the tips and best practices summarized above can be found in three documents provided by the DOL.

• Tips for Hiring Service Providers with Strong Cybersecurity Practices
• Cybersecurity Program Best Practices
• Online Security Tips

If you have any questions about the guidance and how it may impact your plan, please contact your representative. ■

Did You Know?

As of 2018, the Department of Labor's (DOL) Employee Benefits Security Administration (EBSA) estimates that there are 34 million defined benefit plan participants in private pension plans and 106 million defined contribution plan participants covering estimated assets of $9.3 trillion.