Now without further delay, let's begin today's Defined Contribution Plan Perspectives 2024 Update on Regulation and Litigation.  I'd like to introduce you to your moderator for today, and that is Chris Dall, CFA, Managing Director, Senior VP PNC Institutional Asset Management.  Chris, you have the floor.

Christopher Dall

Thank you, Ian.  Hello, welcome to everyone on the call today.  My name is Chris Dall.  I lead our defined contribution retirement business at PNC.  As Ian shared, I'll be moderating today's discussion.  Today's topic is going to focus heavily on regulation and litigation topics.  It goes without saying, the last four years have put tremendous strain on organizations adapting to a changing economic landscape while dealing with unprecedented challenges from an HR and benefits standpoint.

So it's not surprising that we sit here today, a lot of defined contribution plan items such as conducting a target date fund review, analyzing plan fees against the market, implementing cybersecurity programs, and more have been postponed over the last couple of years.  The good news we're seeing from an industry perspective is across the country many of the plan sponsors we work with are working to reestablish those schedules, return to the normal to the extent we can from a post-pandemic world perspective.

So we're excited today to have two fantastic speakers from Morgan Lewis joining us again.  Morgan Lewis is one of the largest employee benefit practices in the country and the world beyond.  John and Claire, thank you again both for being here.  Their presentation will go about 50 minutes today, and after that, we'll have time for some Q&A.  So please, if you have any questions, type them in the chat, we'll be collecting them, and any that we don't get to in today's conversation, we will follow up with you after.  With that, I'll hand it off to Claire.

Claire Bouffard

Thanks, Chris.  Good afternoon everyone, and thanks very much for joining.  We'll go quickly through the agenda here because we want to get right into the content.  We've got a pretty packed agenda for you today.  Starting out, I'll be talking about governance and compliance refresher and why this is important.  John will be talking about the target date fund considerations.  I will quickly go through a cybersecurity refresher and then John and I will split talking about some of the Secure 2.0 provisions that have recently received guidance from the IRS and/or DOL and those provisions that are going to be effective this year.

So moving right into the governance and compliance refresher, the first thing we wanted to address is why we care about this and why it's so important to have good governance procedures.  First and foremost, this is necessary in order to help plan fiduciaries fulfill their fiduciary duties and avoid breaches of their fiduciary duties.  And it's also important because this is the type of thing that plaintiff's lawyers are looking very carefully at.  So as an example, if the procedures or processes are put in place, but they are not being reviewed and followed, then that's something that a plaintiff's lawyer may pay very close attention to.  It may be low-hanging fruit.  So an example we gave here was from a fee litigation case where individuals who were either on the committee didn't realize that they were fiduciaries or individuals didn't realize that they were actually on the committee.  So that's the sort of maybe low-hanging fruit that plaintiff's lawyers might seek out when bringing these types of cases.

So touching back on fiduciary duties and how a good governance process affects these.  So first, we want to avoid breaches of the duty of loyalty and having a good governance process, making it clear when individuals are acting in a fiduciary capacity versus a settler capacity is very important because when people are acting in a fiduciary capacity, they must act in the best interest of plan participants and beneficiaries.  Whereas when the settler is acting, the settler can act in the best interest of the company.  And so we want to be very clear about who is who and who is assuming which role at what particular time so that they can know what the standards should be that are governing their conduct.

So an example of that that we had was the recent litigation that has come up - it hasn't moved very far yet because it's very, very recent - around the use of forfeitures of unvested amounts, for example, in the plan to offset employer contributions versus to pay plan expenses.  And the plaintiff's lawyers in those cases are alleging that that is a fiduciary decision, which would suggest that if there are expenses that could be paid using those amounts, that perhaps those amounts should be used for that rather than to offset employer contribution obligations by the company.

And another example of course would be that we need to know when something is a fiduciary versus settler action so that we can know whether the expenses associated with those are chargeable to the plan versus not chargeable to the plan.  So the second reason, aside from avoiding breaches of fiduciary duties that we want to look at this is that the duty of prudence requires prudent processes.  So we want to make sure that we have prudent processes in place for the various fiduciary functions so that when fiduciaries are taking action, they are complying with their prudence obligations.

And we've included a chart here illustrating some fiduciary versus settler actions to help reinforce the reason why we want to make sure that we know when we're acting as a fiduciary versus a settler.  So we used forfeitures as one example, but another example would be designing benefit formulas, which is the settler action.  We'd obviously want that to be a settler action because if it was a fiduciary action, then things would be a little bit different.  We couldn't really act in the best interest of the company, and it would probably be in the participant's interest to give them as much as possible.

So circling back to a little bit more detail on the duty of prudence.  As I mentioned, the duty of prudence is a process-based function.  So we're looking at creating prudent processes, not necessarily always getting the perfect outcome because we can't always know how to get there, but we try to create a process that gets us to what we hope will be the right outcomes in the various situations.  Fiduciaries are held to an expert standard.  So part of a prudent process may include retaining others to help fiduciaries to fill in gaps in their knowledge.  We're going to be talking about a couple of different examples the target date funds and cybersecurity where building a prudent process is important.  And those may be areas where the fiduciaries don't have full expertise, especially perhaps cybersecurity.  So it may be appropriate to bring in other experts to help the fiduciaries to get the knowledge that they need or even to delegate, in some cases, those functions to experts in order to help the fiduciaries establish this prudent process.

Another important consideration is that what is a prudent process will change over time.  What's prudent today may not be prudent tomorrow, and cybersecurity, again, is a great example of this.  Cybersecurity practices and processes are changing all the time.  Hackers and bad actors are constantly coming up with new ways to try to infiltrate and to get unauthorized access to plans.  So thinking about trying to be dynamic and addressing situations as they come up so that we're not using the processes that were in the 1980s where we didn't dream of necessarily everything that we have today to address today's problems.  And that also reinforces that processes should be reviewed and updated and we want to make sure that when we establish these processes, particularly if they're in writing, that we're reviewing those processes periodically and thinking about, "Is this still working for us?  Are we still doing all of these things?"

I mean, hopefully, we are.  But if we aren't, then we need to make sure that our processes reflect what we're doing or that what we're doing reflects our processes and that everything is in order.  So we've listed a few examples here of where someone might run afoul of the duty of prudence.  So some of these are negatives of some of the things that I just said.  So, for example, not hiring an expert, where we have a knowledge gap and not bringing somebody in to help us, because as I said, the duty of prudence requires a prudent expert.  So if we have a knowledge gap, that will not be forgiven.  Ignorance is not an excuse with the duty of prudence.  So we need to make sure that we can fill in any areas where we don't have the knowledge.

Another example, of course, would be to make a decision where we haven't about all the alternatives that are out there.  And again, this could play into the expert because maybe we don't know what all the alternatives are that are out there.  So we need to bring somebody in to hire to help us to figure out what all of those alternatives might be, and help us to be able to assess the various alternatives.  Failing to monitor our delegates, so if we delegate authority to our benefits team to make certain decisions or even to pay certain fees that we're looking over their shoulder to make sure that they're doing everything in line with what our expectations are.

Another example would be failure to follow governing documents.  So an investment policy could be one charter plan documents.  So these are all things that should be reviewed from time to time to make sure that we're doing everything that is required.  Another example, of course, would be failing to monitor investments, which might also be a failure to comply with the investment policy statements.  So very important that that's being done on a regular basis.  And of course, failing to document what we're doing, that's a problem just for the duty of prudence, but it's also a problem because it really lets a lot of our good hard work go to waste if we're not documenting all of the good things that we've been doing and doing for plan participants.

So we've just included one quick little, little diagram here.  We're going through some really basic steps to try to make sure that we've got a good fiduciary governance process.  So, as I was mentioning, making sure all of our documents are up to date and that we're following them, changing them if they're not doing what we're supposed to be doing, or if they're not working for us anymore, making sure we're keeping track of everything that we're doing.  We're keeping our minutes.  And then, of course, making sure we're up to date with all of the ERISA developments, like secure 2.0 to tie it in with our last topic.  And so with that, I will hand it over to John to talk about target date funds.

John G. Ferreira

 All right, Claire.  Thanks.  So let me kind of take a step back from this, and this is really the second bullet point on this slide.  Our firm has one of the largest and most active ERISA litigation practices in the country.  Defense practices and our ERISA litigators have been ridiculously busy over the last few years because many, many law firms have now devoted themselves to suing plan fiduciary committees and companies alleging that the various things that they're doing with respect to their 401(k) plans are not prudent, are violating ERISA's fiduciary duties, and as a result, the participants have less money in their accounts than they otherwise would.

And there are all kinds of different ways that those claims come up.  Often, record-keeping fees are challenged as being too expensive.  There are various challenges made to the investment funds that have been put on the lineup.  Either they're too expensive, particularly if they're in a more expensive share class that might otherwise be available to the plan or they just don't perform well compared to other funds, whether they're active funds of the same type or passive funds or indexes.  Plaintiff's lawyers have been bringing these lawsuits all over the place, hundreds of them really over the last few years.  And so that's kind of the ultimate goal is probably not to be not sued.  The ultimate goal if you're a fiduciary committee, for example, or a planned fiduciary, is to put yourself in the best position you can to defend yourself if that ever comes up.

And one of the things I'd point out is that when these lawsuits first started 10, 15 years ago, they tended to be aimed at the really large plans because that's where most of the money was, and the larger the plan, the better kind of target they'd make for litigation.  But over the last few years, we've seen increasingly these plans moving down market as other law firms have kind of jumped into this, have been able to take the complaints filed against the large plans and kind of copy them over and then target them at more modest sized plans.  So don't fall into the trap of thinking, "Oh, our plan is not some Fortune 100 company's plan.  It's just not big enough for anybody to pay attention to."  You should never make that assumption.  So good governance and good fiduciary practices are important for every size of plan.

And in particular, what we've seen in recent years is a real focus of these lawsuits on target date funds.  And why is that?  Well, as automatic enrollment and automatic escalation with defaults into target date funds have become more and more and more ubiquitous.  And as we'll talk about under Secure 2.0, that's even going to ramp up.  The fact of the matter is more and more money is going into those funds, and so if you want to sue the best sort of target for your lawsuit will be, no pun intended, the target date funds because that's where the money is.  And so that's why we wanted to spend a few minutes talking about target date funds and kind of best practices or recommended practices for how you monitor those funds.  And again, help to avoid any potential exposure in litigation.

So these are actually tips on how to deal with target date funds derived in general from the Department of Labor's view about how you should monitor investments generally.  So for example, when you're choosing the target fund suite, make sure that you are not just looking at that target date fund suite and comparing it to sort of a bunch of other target date fund suites of the same type, but take a step back first and look at your participant demographics and behavior and other factors that might impact, for example, how aggressive or conservative a glide path strategy ought to be in the target date fund suite that you select.  For example, does your company have a pension plan as well as a 401(k) plan?  That might be a real significant factor in determining how aggressive or conservative the glide path should be.

What are the demographics of your group?  What's their general amount of pay?  How much do you think they'll be expected to save?  Again, these all factor into kind of how the glide path would fit with your workforce.  And don't just set it and forget it, as Ron Popiel used to say.  Periodically review the target date suite that you have in place to make sure that there haven't been changes in your demographics.  Maybe your pension plan's been frozen since you put the original target date fund suite into place.  Maybe the workforce has changed because of different changes in the way your business has been conducted.  So it really ought to be kind of a continuous process.  But what we've generally recommended is that while monitoring the target date funds should be part of your normal process like monitoring all the other funds, that maybe every few years, you take a much more sort of deep dive into your target date suite and how it's doing.

Take a look at what's available in the market because there are new options coming online all the time.  And do a study to make sure that you've got the right fund suite on your lineup.  Make sure you understand fees and expenses, which are always an issue potentially in litigation.  Determine whether something that's not an off-the-shelf fund might be more appropriate.  Use whatever commercially available information you can.  And again, as Claire made the point, make sure you're documenting all of the things that you're doing here so that if you do get sued, God forbid that happens, then we can defend you much better because we'll be able to point to a record that shows that you did the right things and thought of the right steps.

Another issue that we see kind of persistently about target date funds as an issue is communicating to participants what they are and how they work.  It is often the case that if you look at your participant population, you'll find that participants aren't necessarily using target date funds the way they're supposed to.  They're supposed to be the sole basket into which all their eggs are put.  And that's okay because that fund itself is very diversified.  It's set up in a way that's supposed to have over its glide path, a more conservative approach as people approach retirement.  So the idea is if you aren't comfortable selecting your own investment mix, you put it all in a target date fund, but we invariably find if you look at participants' actual behavior, that they may have multiple target date funds in which they're invested, or a target date fund and other funds in which they're invested.

And that's not really the proper way to use those funds.  So it's important to be thinking about what kind of communications you can give your participants so that they understand how target date funds are supposed to be used.  And benchmarking, that's a real challenge because target date funds are unlike other funds, hard to find an apples-to-apples comparison for because there are different underlying investments, passive versus active, different glide path strategies.  There are all kinds of ways that each fund suite differs from others.  So just comparing them one to the other is not all that easy.  So that's something you've got to spend some time thinking about as you're going through the monitoring process.

Now, target date fund litigation.  As I say, there have been all sorts of lawsuits just generally filed about 401(k) plans, but in particular, there has been, and there have been a number of cases challenging the target date fund choices.  And then there was a particular suite of passively managed TDFs that BlackRock makes available.  And a number of the plans that had those target date funds on their lineup got sued, I think about a dozen of them.  And the fact of the matter is those are good funds.  They're low fees.  They perform reasonably well, but the plaintiffs picked a period of time during which equities were doing really, really well in the markets, and the BlackRock funds have a more conservative glide path than some other funds do.  And then they picked a handful of other funds that had a more aggressive glide path, a couple passive, a couple active, and said, "Oh, see how much better these performed over this five-year period."  Clearly, it wasn't prudent to have BlackRock funds.

Now, that's kind of a nonsense argument, and thankfully almost every one of those lawsuits has been dismissed with one exception, but I think that one might end up also being a victory for the defendants.  But those are an illustration of how plaintiff's lawyers are looking for these kind of targets.  And there have been other target date fund suites that have been targeted - I'm sorry to keep using the word target - that have been challenged.  And sometimes they're custom funds.  They may be funds that are relatively new and don't have a great track record.  There were a number of - there are funds that were challenged because they had certain alternative asset classes in them that didn't perform well.  And the allegation was you shouldn't have been in those funds because those are not appropriate investments for 401(k) plan like private equity, for example.  So again, we expect that this'll be a continuing issue because of how much money is flowing into these funds.  And with that, I'll turn it back over to Claire to talk about cybersecurity.

Claire Bouffard

Thanks, John.  We wanted to go through a little bit of the background here quickly.  As Chris had alluded to, this issue of cybersecurity has been around, it's been percolating for a while.  And so we just wanted to give a little bit more about the state of play and things that fiduciaries might consider in building a prudent process around cybersecurity.  So even during the pandemic from I think pretty much the beginning of the pandemic, we started to see an increase in breach incidents, theft things like that, just because retirement plans are a large pools of money, and as such, they are attractive targets, unfortunately, for bad actors.  So whether they're cyber criminals or individuals who are trying to get at the participants in order to compromise the participant's information.  So somebody who steals a participant's password, for example, which is something that's very hard for the plan to control against other than through participant education.  But these are all ways that bad actors have tried to target retirement plans and try to gain access to participant funds.

So the DOL issued cybersecurity guidance.  It was the first cybersecurity guidance they'd issued in April of 2021.  It had three different pieces.  So the first piece was directly aimed at plan sponsors and said, "Plan sponsors, here's some things that you might want to consider about cybersecurity procedures."  And then it said - then there was a second piece that was aimed directly at service providers.  So that's, "Service providers, here are some other steps that you may want to consider."  And that guidance is also helpful for plan sponsors, even though it's directed at service providers because it shows some of the areas where the DOL is concerned and steps that the DOL thinks are good.  So as plan fiduciaries, fiduciaries may look at that list and say, "Okay, how do we confirm whether our service providers are doing all of these things?  Are our service providers doing all of these things?  Are we doing all of these things?"  So it provides some helpful steps that we can look at to try to build out a prudent process around cybersecurity.

The third piece is directed at plan participants, and it gives them some steps that they might take in order to try to make sure that they're fulfilling their steps that they can help to secure their plan accounts because obviously, even the plan fiduciaries can't control for everything.  If a plan participant leaves their password on their desk next to their computer that says, "This is where my 401(k) account is.  Here's my username and password."  And somebody breaks into the house, there really isn't a lot that the planned fiduciaries can do necessarily to address that.  So it's important to have this piece also for planned participants, and that's something that planned fiduciaries might consider distributing directly to planned participants so that they can read it and make sure that they're looking at and thinking about all of these different cybersecurity considerations and how they can help to secure their accounts.

In connection with the DOL guidance, the DOL has also started asking a lot of questions about cybersecurity on audit, and this includes very, very detailed and robust documentation production requests around sometimes very technical pieces of cybersecurity guidance and testing.  And so it can be a lot of work to collect a lot of these things if they aren't already readily available, and it also highlights that the DOL is very focused on this.  The final and last place where people have started to really jump in on this is fiduciary liability insurers.  So they also have started asking questions around what the plan fiduciaries are doing in cybersecurity to try to address these, both the threats and the DOL guidance, and also litigation around this because there has been some litigation around breaches and in particular even theft of retirement assets.

We've listed here on the slides, and we understand that the slides will be made available, so we'll let you read them at your Leisure, but we've listed the various tips and suggestions that the DOL has given.  In this case, this is from the plan sponsor fiduciary guidance and so we've listed these here so that you can take a look at them.  We've also listed the various tips and tricks from the service provider guidance, and again, we won't read through all of them.  We'll let you peruse them at your leisure, but we wanted to list them here so that we could kick off some thoughts and inspiration for how we will build the prudent process.  So we've got here suggestions that we think that the plan fiduciaries might decide to implement as part of a prudent process.

And most of the basic first steps that we've got here really focus on what are the service providers doing because a lot of them have direct access to a lot of participant data.  So record keepers being perhaps a primary example where they, or TPAs, where they are interacting directly with the participants and they have a lot of the participant-specific information.  So when new contracts are being negotiated that affect the plan and the plan assets and participant data, looking at those contracts to see what do they say about information security.

So what are the procedures that are being followed?  Are they following the DOL guidance?  Are they doing something else?  What do they do if there's been a breach in particular?  That's something that's addressed in the DOL guidance, but it's really something that they focused on, including in audits and audit requests is, have you had any breaches?  How did you handle those breaches?  What was the outreach to participants like?  So all of these are very important considerations.  What was done to remediate?  Was their credit monitoring?  All of those things.  In addition to negotiating new contracts, you also may want to look at your existing contracts and see what those say especially if they've been outstanding for a long time, and especially if they've been outstanding since pre the DOL guidance.

Another thing to do - this not specifically necessarily related to service providers, although this is something you might check as well - is looking at insurance coverage, both the coverage that the service providers have and the coverage that the plan sponsor and plan fiduciaries have that may protect against cybersecurity events to make sure that there are these kinds of backstops in place for participants and beneficiaries.  It might also be worth considering sending around some kind of questionnaire or checklist either to service providers or to even internal corporate IT and saying, "Hey, what are you doing about all these things?"  Here's a bunch of different questions that the DOL even gave us that we might think about asking.  Maybe we can go ahead and ask those in a checklist or questionnaire.

And then some other enhanced steps that might be worth considering could be looking at the company's data security protections.  Many companies have very robust and skilled and deep protections in this area already.  And so there are resources that the plan fiduciaries could leverage internally and use in order to make sure that everything's functioning as it's supposed to.  So hopefully the plan fiduciaries don't have to start from zero.  There's already something in place that's already working hopefully very well to protect the various data items that the company has, so all of the HR data.  It also may be worth considering whether there are any additional cybersecurity protections, either at vendors, or somewhere else that could be enabled.  So if there's no multifactor authentication, for example, enabled, why not?  Could that enabled now?  Would that be a benefit to participants and beneficiaries?

It might be worth considering internal training, whether it's for the entire company or just for the HR department on cybersecurity issues.  Maybe there already is corporate training, but maybe there's something special we could do for the people in the benefits department.  Maybe there's something fundamentally different about the types of employee data and things that they handle that we would want to train them on.  Another thing that might be worth considering is a single umbrella cybersecurity policy that covers everything.  So it might defer to, in some cases, the various service provider policies.  It might talk about the steps that we take in order to work to get the service provider policies to be where we need them to be, or how we assess whether they are where we need them to be.  It may also leverage the company's own internal cybersecurity procedures as another example, but it would just set out the steps and things that the planned fiduciaries would do in order to make sure that we've created a good process for participants and beneficiaries to keep their retirement funds as safe as we can.

I had already kind of alluded to this, but another thing would be educating participants.  So whether it's distributing the cybersecurity guidance or maybe having some sort of informational session for participants to remind them.  I think many of them are probably aware of cybersecurity threats in general, but this threat is out there.  It's sometimes tied to retirement plans.  So just being sure that they're keeping vigilant and helping in the process of keeping their accounts safe.  And with that, I will turn things over to John to cover the first few of our Secure 2.0 provisions.

John G. Ferreira

All right, Claire.  Thanks.  So just quickly wanted to run through the things we're going to talk about, not every one of these, but these are some of the Secure 2.0 provisions that have become effective this year.  So they're now kind of live and we've got to deal with them.  Auto portability, de minimis incentives, automatic enrollment and escalation, Rothification of contributions, although that one had been put off a bit, long-term part-time employees.  And then there's a bunch of other guidance.  We'll cover some of that, but not all of it, but obviously, we'll answer any questions people have, so next.

Auto portability, what is this?  It's a very interesting kind of concept, which is that one of the big issues that hurts people when they get to retirement age is leakage.  The idea that when they move from job to job, if their money comes out of the 401(k) plan, does it then go into an IRA?  Does it go into a successor employer's plan?  There may be a temptation to keep some of it, use it for current needs, and that that kind of leakage will really hurt those folks when they get to retirement.  So the idea is to try to encourage and smooth out the process of making sure the money stays invested.  And one of the ways that that can be done is by creating this kind of system for automatically moving the money.  If you go from one company to another, it'll just get moved, and that's something that's now going to be implemented.

So there are these portability service providers, and they basically will match a participant's default rollover IRA with their retirement plan with the new employer, and transfer the balance to the new employer's plan.  So, for example, if money gets rolled out because it's under the cashout limit, which is now $7,000, and goes into a rollover IRA, and then that person gets a job somewhere else, the money can come directly out of the IRA into that employer's plan and stay with the participant and just keep building up.

Now, both plans have to be enrolled in the service.  Participants have to be notified and told, "If you don't want this to happen, let us know."  There's certain service provider requirements for the folks who are acting as the middlemen here, but we did not get proposed regulations on this until just very recently.  But this is now going to become, we think, more ubiquitous as time goes by, and as more and more companies sign up for this.  And as I said, the hope is that it'll keep people's money following them from one job to the next.

De minimis incentives.  The background of this is that there's always been in the regulations for 401(k)plans, the rule that you can't do anything to incent someone to put their money in a 401(k) plan other than give them a matching contribution.  That any other kind of incentive would be prohibited.  Secure 2.0 made an interesting change to that rule.  And it said that you can provide de minimis incentives to get people to sign up.  You can give them little rewards, shall we say.  And we've gotten guidance now - we've got guidance in January - that clarified exactly how that's supposed to work.  So the incentive can't be worth more than $250, which is - it's a reasonable amount of money.

You can provide gift cards, for example, as an incentive, but those can only be offered for an initial deferral election, not for a deferral increase.  This is to get people to sign up for your plan who maybe you don't have auto-enrollment and so they weren't enrolled originally and they've not signed up on their own.  Maybe they dropped out of the plan after they were signed up originally, and you want to try to get them back in.  And it can be made in installments, contingent on continued deferrals so that you can say, "If you sign up, we'll give you this much.  If you are still in there six months later, we'll give you this much."  Just so people don't sign up to get the gift card and then immediately pull out.

Now, these incentives are going to be treated as wages unless they're subject to an exception under the de minimis fringe benefits rules.  We don't have time to get into all that, but for example, a $200 Visa gift card would be treated as includable in their wages, and you'd have to include that in their payroll and do the appropriate reporting and withholding.  But there are other incentives you can provide that would not be treated the same way.

Speaking of auto-enrollment, now this is also kind of interesting.  So auto-enrollment has been a tremendous benefit in getting people to participate in these plans who might not otherwise have participated.  Inertia is a really positive feature of these plans because it gets people where they're supposed to be.  Congress did not want to force companies that already have a 401(k) plan to start auto-enrolling people if they haven't been doing that before.  Instead, they want the rule to be, and the rule is, that if you start up a new plan, then your new plan has to include a provision that you will automatically enroll people at least 3% when they are hired, no more than 10, and then you'll automatically escalate them 1% a year up to 10% or even higher, but no more than 15%.  And that's now a requirement for any new plan.

Now, one of the things that we were hoping for guidance on - and now we have guidance - is, "Well, what does it mean to say it's a new plan?  For example what if we spin off a plan because we sell a part of our business and we create a separate plan for that part of the business?  Is that a new plan?"  And the answer is no.  What if we merge two plans or more plans that are subject to the requirements?  Then those plans are subject to the requirements post-merger.  If you merge two or more plans not subject to the requirements, then the new merge plan won't be.

And then there's - it's a little bit more complicated if you have one plan that was subject to the requirements because it was established after the December 29th, 2023 and one or more plans not subject to the requirements, then the successor plan generally will be subject to those requirements with a limited exception related to acquired plans.  So again, those are the rules around automatic enrollment.  Obviously, even a lot of plans that have been around a while have already adopted automatic enrollment, and that certainly has, as I said, helped those plans significantly increase participation.

Rothification of employer contributions.  So now plan sponsors are allowed to let employees elect to get their contributions on a Roth basis.  And we haven't seen a lot of adoption of this, but now there's some guidance in the recently published notice that has answered some of the questions we had around it.  So we may see some more take up now.  And by the way, one of the things the notice does is - and there's a technical corrections bill that's going to do this as well - Secure 2.0 accidentally deleted some of the provisions in the tax code allowing for up catch-up contributions.

So the IRS has said, "Don't worry about that, that's going to get fixed."  And in fact, Congress is very likely to fix that.  So catch-up contributions are still fine.  There are some still open questions about recharacterizing pre-tax contributions as contributions on a Roth basis.  But basically, the way it would work is that an employee elects once a year to say, "I want my matching contributions made as Roth contributions."  And the requirement that those contributions have to be vested won't cause the plan to fail non-discrimination testing.  And basically, if people elect to have say, matching contributions treated as Roth contributions, then the amount of those contributions would be taxable to them in the year they're contributed.  That gets reported on a 1099-R just as if it were a distribution from the plan, and it's not subject to FICA or FIA.  Claire, I can't remember this, you or me?

Claire Bouffard

 Me.  So I'll take over.  Thanks, John.

John G.  Ferreira

I'm going to turn this over to Claire.

Claire Bouffard

 So long-term part-time employees, we wanted to first highlight that under Secure 1.0, we had the first iteration of the long-term part-time employee rules, and then we had a second iteration under Secure 2.0.  So under Secure 1.0, we had the three-year rule.  So if an employee has 500 hours of service in each of three consecutive years, they need to enter the plan solely for the purpose of making deferrals.  So they don't need to receive employer contributions, but they do need to have the ability to make deferrals into 401(k)s.  And that provision only took into account years of service after January 1st, 2021, which meant as a result the earliest somebody could get in was January 1, 2024.  So that effectively came into effect.  So we could have had our first round of our long-term part-timers that could have come in as early as January 1, 2024.

Under Secure 2.0, we have the two-year rule.  So if an employee has 500 or more hours of service in each two consecutive years, then they would need to get into the plan, again, just for the purpose of deferrals.  They would not need to receive employer contributions, but we had a little bit of extra time on that because we were only taking into account years of service that were later so that under the two-year rule, employees could get in as early as January 1st, 2025.  We received proposed regulations in November that gave some helpful clarifications on a number of the open questions in the long-term part-time employee role.  And so we've highlighted some of these here and some of these were positive developments and some of them maybe not as much.

So the first one is a positive development, which is that a lot of employers questioned, "What do I do if I'm an elapsed time plan?  I don't count hours of service for anything, and now you're telling me I have to keep track of hours of service in order to see if somebody is a long-term part-time employee and gets into the plan.  That's really a hassle.  Maybe even considering just letting everybody in rather than having to keep track of the service just for these particular individuals."  So the regulations clarify that plans that use elapse time do not need to switch and count hours.  They can continue to use their elapsed time rules.  The only clarification here is that employees that get in under elapsed time are not long-term part-time employees.  So any kind of special testing relief that the plan may have wanted to take advantage of for people who are in this group would not be available because these individuals got in under the normal plan terms, so they don't count as long-term part-time employees.

Another somewhat helpful piece is that the measurement period for determining whether the long-term part-time employee has satisfied the 500 hours of service can switch from the employee's anniversary year to the plan year.  But you essentially sort of have to do this double counting.  That means that employees could get in a little bit faster if you do it that way.  Then if you just continue to allow them to get in on the anniversary period.

One of the negative side effects of the proposed regulations is that they clarify that the special vesting provisions that apply to long-term part-time employees, which is that they need to get a year of vesting service each year in which they have 500 hours of service.  That continues to apply to individuals that are long-term part-time employees, even after they get into the plan for other purposes.

So if I come into the plan as a long-term part-time employee, but I then work 1,000 hours of service even for future years, I need to get a year of vesting service for each year that I have 500 hours of service.  So the tracking for those individuals does not stop just because they become eligible like somebody who's not a long-term part-time employee.  And then, again, as I'm, as I mentioned above if you become eligible because you're not a long-term part-time employee for some other reason like the plan just allows everybody in, you cannot be separated out for purposes of non-discrimination testing relief.

So we won't go through quite all of these, but we wanted to list, both here and on the next slide, a number of provisions that are effective for the first time in January of 2024.  So I think one of them that is the most popular, certainly, and I guess the least controversial in a lot of ways is the increased cashout limit.  So increasing the small benefit cashout limit the amounts that can be cashed out without a participant's consent from $5,000 to $7,000.  And those amounts must be sent to a small IRA thinking in connection with some of the auto portability pieces of Secure 2.0.  So I think that's a provision that we've seen a lot of interest in and that many are considering adopting as relatively straightforward.

We've also got the ability to provide match on student loan payments, which is something that many plan sponsors were interested in initially, but I think we've seen a little less interest maybe in light of the pandemic and things just being a little bit a bit crazy.  But this would allow for the matching contributions on student loan payments to be treated as matching contributions, which would satisfy a lot of concerns that were in the plan sponsor community when the idea of having some kind of employer contribution made to plan participants who are choosing to pay their student loans rather than to defer into the 401(k) plan first came to light.  So that could be a really helpful and interesting benefit to offer to employees.

John G. Ferreira

Well, I think, Claire, in particular, there were all these sort of suspensions that the federal government had in place for people having to repay their student loans.  So that also meant there was less pressure on employers to think about this benefit, but now those been lifted essentially, so people have now had to go back to repaying their student loans.  So now people might be more interested in this.

Claire Bouffard

Definitely.  And then some of the other provisions include various withdrawal options that have been made available.  So we've noted the personal expense and domestic abuse withdrawals as special exceptions to the 10% penalty tax and special withdrawal events from 401(k) plans that also could be of interest.  And then with that, I know we said we wanted to leave about 10 minutes for questions.  So Chris, maybe turn it back over to you.

Christopher Dall

Awesome.  Thank you.  That was a wonderful presentation.  I'm blown away by how much you were here able to cover in 50 minutes.  I would just encourage everyone please submit questions via the Q&A tab.  We've gotten some great questions as the webinar has gone on.  We just encourage everyone to keep sending them in.  I'm going to start with one that we received early in the presentation.  You mentioned documenting a process and following it with regard to target date funds, the investment lineup.  Even if the DOL says it's optional, is it table stakes to have an investment policy statement these days?

John G. Ferreira

Yes.  We certainly do recommend that you have an IPS.  When the Department of Labor does an audit, they always want to see a copy of it.  One of the important things - and we think that it adds some rigor into the kind of governance system - it's evidence that you've been thoughtful about how you go about the process of reviewing the plan investments and fees and expenses.  It should be very well drafted and carefully drafted so that it shows that there's a robust process and that you're thinking of all the right things and taking the right steps, but you have to follow it because some courts have said that it's a plan document.  So under ERISA, as a fiduciary, you have to do what the plan documents provide.  So we try to make it not really prescriptive and super detailed so that you don't trip over things, but detailed enough that it's demonstrates that you are doing the things you're supposed to do.  So we absolutely recommend an IPS.

Christopher Dall

Awesome.  Thank you.  Shifting back to something, again, we saw early in the presentation, Claire, you mentioned use of forfeiture assets.  We received a couple of questions.  Obviously, there's been a recent uptick in litigation targeting the use of forfeiture assets.  Avoiding the question of whether those Seuss have merit today would be interested in your opinion.  Any best practices you would recommend for plan sponsors today?

Claire Bouffard

One thing that might make sense is to look at your plan document language around use of forfeitures and see what it says.  Does it say that you'll use assets first to pay fees and expenses?  So are we following what the language says currently?  And does it give discretion or does it prescribe a hierarchy for how forfeitures are used?  And so if that doesn't match what you want to do, then thinking about whether that needs to be changed.

Christopher Dall

Awesome.  Thank you.  Shifting gears, again, how important is naming a committee member due to the required responsibility and commitment of those involved in oversight?  So kind of how would you rate in terms of structuring a formal committee versus kind of informally delegating responsibility?

Claire Bouffard

I mean, I think it's important to have some kind of formal, especially if it's a committee member, some formal delegation in place.  Sometimes they may be specified by title in the charter or in the plan document even, or perhaps they sign formal appointment certificates that state that they understand that they are fiduciaries and that they are committee members and that they accept those responsibilities.  That also helps to make it clear when you're removing somebody from the committee.  So obviously you want that to be formal too.  If there's somebody who hopefully they're being removed for some innocuous reason, like they're leaving the company, but if they're doing something wrong or they're not living up to their expectation and there's a decision to remove them, then we definitely want to make sure that we've documented that they are in fact no longer committee members and that they understand that as well.

Christopher Dall

Thank you.  This is kind of a broad question.  What single issue generates the most amount of lawsuits and what is the reason?  And maybe even a focus on kind of if you were to point plan sponsors to some problem areas versus necessarily kind of looking at the past litigation? 

John G. Ferreira

Sure.  I think it's almost universal in these cases that there's an allegation that record-keeping fees are too high.  They also in many cases add claims about the funds themselves, whether it's a share class claim or just a performance claim, but record-keeping fees are the sort of universal element of these lawsuits.  So what do we see as a result of all these lawsuits and what do we recommend?  Basically what we recommend is that you have a process for monitoring the fees that you're paying for record-keeping services, that either you're doing benchmarking on an annual basis, maybe you have to get a consultant to help you with that process, probably, and that maybe you're periodically doing an RFI or an RFP.

Even though replacing the record keeper can be a very kind of difficult and time-consuming process, if you go out to market periodically, that is generally the best indicator of whether you're paying what you should be or whether you're getting charged too much.  And at the very least, if you do an RFP, it can help you put pressure on your existing record keeper to give you the best deal that they're willing to give you.  And this is particularly the case as your plan starts to grow over time, the bigger the plan gets, then the more leverage it has in obtaining a better record-keeping deal.  So that's something that requires kind of constant monitoring.  Again, not to beat this to death, but a good prudent process that you're documenting for how you're making sure that the plan is not paying too much for record keeping.

Christopher Dall

Thank you, John.  And I'll put a selfish plug in there.  That is something we do every year for our clients in terms of that fee benchmarking.  And you'd be surprised how quickly a record keeper's willing to negotiate if they are out of blind with kind of where you would see middle 50% for a given situation.

So I'm going to cut it there at three minutes to the top of the hour.  Thank you, John and Claire, that was fantastic.  Always amazed just the wealth of knowledge you bring.  I would encourage attendees - one, thank you for joining us, but two, if you'd like to continue the discussion, please reach out to your PNC representative or fill out the contact-us form to meet with a member of our team.  Morgan Lewis, again, is if you're looking for ERISA counsel, and they're one of the biggest invest in the industry, would highly recommend them as someone to reach out to.

And just one last housekeeping item, following the webinar, you will be redirected to a quick survey where you can give us feedback, ask additional questions.  That'll help us to tailor the next webinar, and make sure that it is kind of meeting your expectations.  There is going to be a replay, slides and everything communicated after the webinar.  And just want to thank everyone again for your time.  Thank you, and be well.


Thank you, Chris.  Thank you, John.  And thank you, Claire.  And thanks to all of our participants for joining us today.  As Chris said, please fill out the post-event survey that will appear on your screen after the event's conclusion.  That'll be greatly appreciated and it'll help us with future events.  Thank you again and have a good rest of your day.


Let's Talk

Our solutions can be tailored to meet your unique needs.

Contact Us »