Benefit plan regulators were active in the period leading up to the June 30 fiscal year-end. Significant new rules and regulations were proposed for retirement plans, deferred compensation plans and group health plans.
It’s not a walk on the wild side, but some of the dry regulatory pronouncements will impact most benefit plan sponsors and administrators. So, let’s get down in the weeds – here is the good news and the bad news:
Tax-Exempt Organizations/New Deferred Compensation Rules
IRS proposed regulations, which can be relied on at this time, clarify the nature of plans subject to Section 457 of the Internal Revenue Code and provide useful exceptions. Section 457 generally imposes special tax rules for deferred compensation plans of tax-exempt entities such as governmental bodies and not-for-profit organizations. Code Section 457(b) postpones tax on qualifying benefits until they are actually “paid or made available” to the recipient (these are “eligible” plans with a limit on annual deferrals, currently $18,000). Code Section 457(f) requires taxation on benefits of “ineligible” deferred compensation plans (covered plans that do not qualify as eligible plans) when they are no longer subject to a substantial risk of forfeiture and, as a result, are “vested.” Go here for the new rules on Section 457 exceptions for severance pay and short term deferral arrangements as well as new vesting options.
PEOs Get Respect
Professional employer organizations (PEOs) and other employee leasing organizations that act as co-employers with their clients can now apply for IRS recognition as “certified professional employer organizations,” or CPEOs. The IRS certification will recognize the legitimacy of the PEOs undertaking payroll tax reporting and withholding obligations in its own name on behalf of leased employees performing services for PEO clients. New regulations govern the voluntary certification program which began accepting applications on July 1 with respect to wages paid on or after January 1, 2016. To qualify for certification, PEOs must assume liability for payroll taxes payable with respect to its leased employees and meet tax status, background, experience, business location, financial reporting standards, IRS bonding and other requirements.
HIPAA Privacy and Ransomware
The Department of Health and Human Services Office for Civil Rights (OCR) recently announced guidance on “ransomware” attacks and the HIPAA privacy provisions that protect personal health information (PHI). Ransomware is a type of malicious software (malware) that denies access to a user’s data by encrypting that data with a key known only to the hacker until a ransom payment is made. If a covered entity (medical service provider or self-funded group health plan) or a business associate with access to PHI is subject to a ransomware attack, and the OCR reports there are 4,000 such attacks daily since early 2016, the presence of such ransomware (or any malware) on the computer system of a covered entity or business associate is a security incident under the HIPAA security rule and likely also will be a breach of PHI confidentiality triggering the HIPAA breach notification provisions.
Group Health Coverage and Gender Transition
The OCR has also published final regulations under the ACA prohibition of discrimination on the basis of race, color, national origin, sex or disability. The regulations prohibit the denial of health benefits on the basis of “gender identity” and “sex stereotyping.” The regulations also prohibit categorized exclusions of services related to “gender transition.” The new rules apply to covered entities such as health care providers that accept Medicare, insurance companies and plans offered through the ACA marketplace. For employers with fully insured group health plans, the insurer will be responsible for compliance. For sponsors of self-funded group health plans, a third party administrator (TPA) that is an insurance company will be responsible for observing the new rules. Self-funded group health plans that use a TPA which is not an insurance company may have no mandated compliance assistance but will be subject to claims by aggrieved participants and beneficiaries for damages for non-compliance. Although the new rules are effective now, responsive changes to plan documents are not required until the first day of the first plan year beginning on or after January 1, 2017 (that’s a 2016 year-end project for calendar year plans). Required non-discrimination notices must be posted no later than October 17, 2016 (sample language is online at http://www.hhs.gov/sites/default/files/sample-ce-notice-english.pdf).
Determination Applications for Individually Designed Retirement Plans
…are eliminated effective January 1, 2017! The IRS has abolished this program in Revenue Procedure 2016-37 in an effort to streamline its regulatory operations and control costs. There will generally be no more favorable determination letters issued for individually designed retirement plans except on initial adoption and plan termination. It will be up to the sponsors of such plans, their document providers and legal counsel to assure compliance with an annual Requirement Amendments List to be issued by the IRS. At the same time, preapproved plans (prototype and volume submitter documents) continue to be updated and reviewed for compliance by the IRS on a six year cycle. Sponsors of individually designed plans are expected to migrate to preapproved plans although certain plans (such as cash balance plans) cannot do so at this time. Defined contribution plans that move to a preapproved plan document by April 30, 2017 will be able to rely on the plan’s national office determination letter for the following amendment and review cycle. So, for retirement plans that can move to a preapproved plan document it’s time to think about making that change. For individually designed “Cycle A” plans (generally plans sponsored by employers with Employer Identification Numbers ending in “1” or “6”), determination applications can still be filed through December 31, 2016.
More on Section 457
The highlights of the new rules include:
- Severance pay arrangements, disability plans, voluntary early retirement “window” plans, sick and vacation plans, and death benefit plans as defined do not defer compensation and are not subject to Section 457(f).
- Short term deferrals of compensation (benefits paid or made available by the 15th day of the third month following the calendar year or the employer’s taxable year during which benefits vest) are not treated as a deferral of compensation under Section 457(f). This can buy some administrative time at year-end for those plans that currently require payment by the end of the calendar year in which vesting occurs.
- In appropriate circumstances, non-compete agreements will impose a substantial risk of forfeiture in order to defer the recognition of taxable income under Section 457(f). This is contrary to Section 409A which does not recognize compliance with a non-compete agreement as imposing a substantial risk of forfeiture.
- Termination of employment for “good reason” by an employee is recognized as an involuntary termination. Triggering a benefit payment on involuntary termination of employment can by itself impose a substantial risk of forfeiture for Section 457 vesting purposes. Termination for good reason also can qualify as the required “involuntary termination” for purposes of the Section 457 severance pay exception.
- The new rules allow the voluntary extension of an existing substantial risk of forfeiture in limited circumstances in order to permit the postponement of vesting and a resulting additional period of income tax deferral.
The proposed regulations also observe that most deferral arrangements subject to Section 457(f) will also be subject to Code Section 409A restrictions. So, any revision of a 457(f) plan (the proposed regulations include even individual employment contracts as “plans”) responsive to the new rules will also need to pass Section 409A scrutiny and deal with its sometimes conflicting requirements.