On May 5, 2021, the House Ways and Means Committee voted unanimously to send the bipartisan Securing a Strong Retirement Act to the full House of Representatives for consideration.
This bill was introduced in November of 2020 as “SECURE Act 2.0”, intended to build upon the original SECURE Act which was signed into law in December of 2019.
The SECURE Act 2.0 would require employers who establish defined contribution plans in 2021 to automatically enroll new employees, when eligible, in the plan at a pre-tax contribution rate of 3% of pay. This level would increase annually by 1 percent up to at least 10% but not more than 15% of pay. Employees would have the right to elect different levels of contributions. There are some exceptions to these rules for small companies, new companies, church plans and governmental plans.
While many companies have added automatic enrollment features like this to their plans, it’s never been mandatory for companies to do this.
SECURE Act 2.0 would also make some changes in how catch-up contributions are handled. It proposes to increase the annual catch-up contribution limits for those people between Ages 62 and 64 from the current $6,500 limit to $10,000. The other interesting change is that all catch-up contributions made would not have to be considered after-tax Roth contributions, which is a change from the current practice that gives employees the option to make catch-up contributions on either a pre-tax or after-tax basis.
SECURE Act 2.0 also proposes to increase the age at which required minimum distributions (RMD’s) are required to be paid. The current age at which RMD’s must be paid is the greater of the calendar year in which you turn Age 72 or retire from employment. The proposal gradually increases this age to 73 starting in 2022 with future increased proposed up to Age 75 by 2032.
There are several other proposed provisions to this bill which we will summarize in a future newsletter article if this bill is passed and becomes law. It’s important to note that since this bill has bi-partisan support, it’s very probable for this to pass sometime in the near future.
On April 14, 2021, the U.S. Department of Labor announced new guidance for plan sponsors, plan fiduciaries, recordkeepers and plan participants on best practices for maintaining cybersecurity, including tips on how to protect the retirement benefits of workers. This is the first time that cybersecurity guidance has been issued from the department’s Employee Benefits Security Administration (EBSA) agency.
As of 2018, EBSA estimates that there are 34 million defined benefit plan participants in private pension plans and 106 million defined contribution plan participants covering estimated assets of 9.3 trillion dollars. Without sufficient protections, it is the opinion of EBSA that these participants and assets may be at risk from both internal and external cybersecurity threats. It’s also their opinion that ERISA requires plan fiduciaries to take appropriate precautions to mitigate these risks.
The guidance from the DOL comes in three separate forms:
1) Tips for hiring a service provider with strong cybersecurity practices, which is intended to help plan sponsors and fiduciaries to select a service provider with strong practices and provide guidance on how to monitor their activities.
2) Cybersecurity Best Practices, which is intended to assist plan fiduciaries and recordkeepers in their responsibility to manage cybersecurity risks.
3) Online Security Tips, which are intended to provide participants who check their accounts online with basic rules to reduce the risk of fraud and loss.
Some good tips to share with your participants include the following items:
- Maintaining online access to their accounts allows them to better protect and manage their investments
- Doing a regular check of their accounts reduces the risk of fraudulent access
- If you fail to register your account online, it provides an opportunity for cyber-criminals to register instead to assume your online identity
- Keep your personal contact information current so you can be reached if there is a problem
- Close or delete unused accounts. The less online accounts you have, the more secure your information is
- Use strong passwords
- Be wary of accessing accounts using free wi-fi. These networks may pose security risks that can give criminals access to your accounts. It’s safer to use your cellphone or home network to access online accounts
For those clients who have engaged us to offer website access to participants through our online portal known as ESOPConnection, it’s important to note that we continue to enhance our security practices. For example, we have transitioned to a more secure e-mail based registration for new participants which requires strong passwords to be established. We offer multi-factor authentication to clients which provides an extra layer of protection to participants to combat against fraud. Please reach out to your Blue Ridge ESOP plan administrator if you are interested in more information regarding our security standards and options available to you.
