When Congress enacted the Employee Retirement Income Security Act (ERISA) in 1974, it wanted to balance two competing concerns:
Congress accomplished these goals by enacting a complex bundle of tax and labor laws that regulate the design, funding, and administration of such plans, and that give the Internal Revenue Service (IRS) and the U.S. Department of Labor (DOL) the power to enforce those laws and issue regulations to provide further detail and guidance on what the laws require. In addition, ERISA gave benefit plan participants the right to sue their employers in federal court if they are not provided the benefits they were promised or are not provided with the information employers should provide them about the benefit plan. ERISA preempts all state laws that relate to benefit plans, except for laws relating to insurance requirements, and so any claim that an employee may bring that relates to an employee benefit plan (other than the exceptions noted below), such as a claim for benefits or for breach of fiduciary duty, must be brought under ERISA.
It should also be noted that on June 26, 2013, the Supreme Court overturned the federal Defense of Marriage Act (DOMA), disjoining gender from the federal government’s definition of the word “spouse.” For all intents and purposes, “spouse” in this topic will refer to either gender, including those recognized by Colorado’s civil union laws.
ERISA separates benefit plans into two types:
An employee welfare benefit plan usually includes plans maintained by an employer for its employees or their beneficiaries that provide the following kinds of benefits:
Certain employer provided benefits, such as sick pay, short-term disability, paid time off, overtime, jury duty, and vacation pay, may be considered exempt from the requirements of ERISA if benefits are paid as follows:
Voluntary individual or group insurance plans may also be exempt from ERISA if the following statements are true:
However, even minimal “sponsorship or endorsement” (for instance, a company’s name on the brochures) by the employer may negate this exemption, and subject the benefit program to all the requirements applicable to an ERISA plan.
ERISA generally does not apply to:
The DOL has issued regulations and guidelines that explain in more detail when a benefit program is considered an ERISA-covered employee welfare benefit plan.
An employee pension benefit plan is a plan, fund, or program that provides retirement income to employees or their beneficiaries, or results in a deferral of income by employees extending to the termination of employment or beyond. These plans include:
Defined benefit pension plans - These plans determine a participant’s retirement benefit based on a specified formula. Common defined benefit plans are traditional retirement plans and cash balance plans. Under these plans, the employer retains the risk of loss from the plan’s investments.
Defined contribution pension plans - These plans provide participants with an account to which contributions may be made by the employer, employee, or both. The employer may invest the assets of the plans, but more typically, the employer gives participants the right to direct where some or all of the assets are invested. Typical defined contribution plans include profit sharing plans, 401(k) plans, money purchase plans, and SIMPLE plans.
An employee benefit plan (whether a welfare or a pension plan) under ERISA generally does not include any of the following:
ERISA imposes certain obligations on employers that sponsor an employee benefit plan inlcuding:
In addition, ERISA requires that employee benefit plans contain a number of provisions. These obligations are discussed in the following paragraphs.
Plan sponsors have the obligation to fund certain employee benefit plans. Employee pension benefit plan assets must be held in trust for the benefit of the participants and beneficiaries in order to pay the benefits when they come due. Even a simple informal promise to pay an employee something upon retirement may be a plan that is subject to ERISA’s funding as well as other requirements. In addition, defined benefit pension plans and certain defined contribution plans must meet minimum funding levels to pay participants or their beneficiaries the retirement benefits promised to them under the plan. Most welfare benefit plans are not subject to ERISA’s funding requirements, although ERISA requires that assets intended to fund benefits must be contained in a trust.
All plans subject to ERISA must be in writing. However, an employee benefit plan that is not in writing (such as, an informal promise to pay retirement benefits) is still subject to ERISA. ERISA requires the plan sponsor to maintain a plan document and to explain the plan to participants in a summary plan description.
These summary plan descriptions are generally a summary of the plan and must be drafted in a manner calculated to be understood by the average plan participant. Summary plan descriptions also must contain certain provisions, including a statement of ERISA rights and claims review procedures. Summary plan descriptions are more than a summary of plan terms, however. They are typically the only document a participant receives that describes the benefits, and some courts have determined that a participant can sue based on the terms of the summary plan description, even if the terms conflict with the plan document. For this reason, great care should be taken in drafting summary plan descriptions.
If a participant requests documents used by the employer to operate the plan, they must be provided within 30 days of the request. Failure to provide the documents within this time period could result in a fine of up to $171 per day.
There are numerous other disclosures that may be required for various employee benefit plans, including, for instance, notices regarding blackout periods, summary annual reports, and Consolidated Omnibus Reconciliation Act (COBRA) notices.
Most ERISA plans are required to file a Form 5500 annually with the IRS. This form reports the plan's financial condition, investments, and operations. Exception to this filing requirement are unfunded or fully insured welfare plans with fewer than 100 participants at the beginning of the plan year. Failure to file a Form 5500 could result in the imposition of a penalty of up to $2,400 per day. Sponsors of ERISA plans may take advantage of the DOL’s Delinquent Filer Voluntary Correction Program to reduce the penalty for failure to file a Form 5500 in a timely manner. Detailed instructions on what plans must file, what form to file, how to file, and when to file can be found on the DOL website at:
There are additional reporting obligations that may be required for certain types of plans (including, for instance, certain reporting obligations for pension plans to the Pension Benefit Guaranty Corporation).
Under ERISA, any individual who exercises discretion in the administration of an employee benefit plan or the assets of the plan is a fiduciary, and must comply with the statute’s fiduciary responsibility provisions. Fiduciaries must perform their duties solely in the interests of the participants and beneficiaries. Fiduciaries can be personally liable for losses to a plan.
The Department of Labor’s (DOL) recently released guidance on cybersecurity best practices for plans covered by ERISA, which makes it clear that plan sponsors, service providers and participants share responsibility for protecting plan accounts. The guidance includes tips for hiring service providers, cybersecurity program best practices and online security tips. It also provides a best practices roadmap to follow. Some action items employers can take as a best defense against fiduciary litigation and DOL investigations are:
When selecting and using third-party providers, you should conduct due diligence to identify service providers with strong established cybersecurity practices. The DOL recommends that plan sponsors inquire about a service provider’s cybersecurity standards, policies and practices, which also should include regular audits by an outside auditor. Contract with caution. Look out for contract provisions that limit the liability of the service provider, while simultaneously trying to include provisions that provide you with greater protection. For example:
require a risk assessment by an independent auditor
address minimum cybersecurity practices, such as:
multi-factor authentication
encryption policies and procedures
regular vulnerability scans and annual penetration tests
notification protocol for a cybersecurity event, which directly impacts customer information system(s) or nonpublic information.
As a plan fiduciary, you have an obligation to mitigate cybersecurity risks. As mentioned previously, when hiring a service provider, you should make certain the provider has adopted a strong cybersecurity program. A strong program identifies and assesses internal and external cybersecurity risks that aim to breach the confidentiality, integrity or availability of stored nonpublic information. Components of an effective policy include:
oversight by the chief information security officer
periodic policy updates
annual cybersecurity awareness training
written documentation of the particular framework(s) used to assess the security of systems and practices
prudent annual risk assessment
procedures to control access to IT systems and data
annual third-party audits.
Retirement plan participants and beneficiaries share accountability for maintaining the security of their retirement account information. Plan participants and beneficiaries who check their retirement accounts online should be educated on how they can reduce the risk of fraud and loss. In its guidance, the DOL provides the following tips:
register, set up and routinely monitor your online account
use strong and unique passwords
use multifactor authentication
keep personal contact information current
close or delete unused accounts
be wary of free Wi-Fi
beware of phishing attacks
use antivirus software and keep apps and software current
know how to report identity theft and cybersecurity incidents.
It is recommended that plan sponsors, service providers and participants rely on the DOL’s guidance to establish a minimum threshold for cybersecurity compliance. Plan sponsors should establish consistent guidelines for vetting third-party providers and, as with any fiduciary decision, should carefully document the decision-making process. Further, plan sponsors should not limit compliance with these cybersecurity practices to ERISA-covered retirement plans; as a best practice, all ERISA-covered plans for which the plan sponsor has a fiduciary duty should fall under the policy’s umbrella.
ERISA gives participants or beneficiaries the right to sue the employer or the plan for benefits due to them under the plan’s terms and for penalties for the plan administrator’s failure to provide requested documents or required notices. Participants may also sue for breach of fiduciary duty. Lawsuits under ERISA must be brought in federal court. ERISA does not give a participant a right to a jury trial, so most cases are decided by a judge. In addition, punitive damages are not available to participants who sue for recovery of benefits under and ERISA plan.
Many of the requirements for employee benefit plans are governed by the IRC. Aside from the tax consequences for failure to comply with the IRC, ERISA imposes certain requirements that if not complied with could create a cause of action against the plan, employer, and/or fiduciaries. These requirements include:
Insured welfare benefit plans must also comply with state insurance laws.
Furthermore, an important provision of ERISA is that pension benefits may not be assigned or transferred other than to the participant or a beneficiary.
The exceptions to the rule are if the IRS garnishes the plan account or a qualified domestic relations order (QDRO) is submitted. Not all state court divorce orders that award pension benefits to the non-participating spouse meet the QDRO requirements and, until these orders are revised to meet the requirements, a distribution should not be allowed. Only state court orders that comply with the IRS and ERISA rules for QDROs will allow such a distribution. Generally, in order to be a QDRO, the domestic relations order must be a judgment from a court, signed by a judge, which relates to child support, alimony payments, or marital property rights under state domestic relations law. Furthermore, it must specify certain things, including:
Also, the order cannot require the plan to make payments in a form or manner for which the plan does not provide. It is important that employers be sure that court orders specifically comply with the QDRO rules before allowing a distribution from a qualified pension plan.
The IRC also imposes strict requirements on employee benefit plans that are similar in many ways to the ERISA requirements. Failure to satisfy the IRC’s requirements may result in adverse tax consequences.
The Department of Labor has updated the schedule of fines associated with violations to ERISA and FMLA. Details are incorporated in this updated text, however the complete rule is available to review at:
The Patient Protection and Affordable Care Act made several significant changes to health insurance in the United States. The changes were implemented on a gradual schedule to be completely rolled out in 2018. There are significant changes for the health industry, individuals, and employers. The following summary addresses changes specifically for employers.
Insurance availability - Every insurance carrier will be required to accept every employer or individual that applies for coverage.
Renewability guaranteed - Insurance carriers must renew coverage at the option of the plan sponsor or individual.
Non-discrimination - Insurance carriers are prohibited from establishing rules for eligibility of any individual to enroll under the terms of a plan or coverage based on health status, medical condition, claims experience, recipient of healthcare, medical history, genetic information, evidence of insurability, disability, or any other health-status related factor determined appropriate.
Cost controls - Premium increases and deductibles will be controlled for small business.
No dollar limits - Annual dollar limits on insurance coverage for essential benefits will be eliminated.
Tax Reporting - Employers must report the annual cost of health coverage on each employee’s
W-2 (began in 2012).
Large employer enrollment period - Employers with more than 200 employees must automatically enroll employees in the health insurance plan, but employees may opt out of coverage.
Premium assistance credit - When an employer’s plan covers less than 60% of an employee’s cost, or the plan premium exceeds 9.61% of the employee’s income, employees will be eligible for premium assistance credit to purchase coverage through an insurance exchange. For employers with 50 or more employees, which do not offer health insurance coverage or who have one or more employees receiving premium assistance credit, employer’s will be assessed $2,750 per each full-time employee, after the first 30 employees. There may be a $4,120 fee assessed for large employers that do not offer health insurance coverage. If an employee is not eligible for premium assistance credit, but has premium costs in excess of 8% of income, the employer is required to provide a free-choice voucher if the employee enrolls in an exchange, for use in purchasing coverage, in the amount that the employer would have provided in coverage to that employee.
This topic is intended as a brief overview of some of the requirements and obligations ERISA imposes on employers. It is by no means exhaustive. Additional information may be found online at:
or by consulting an ERISA attorney. For IRS requirements visit: