When Congress enacted the Employee Retirement Income Security Act (ERISA) in 1974, it wanted to balance two competing concerns:
- protecting employees who had been promised certain benefits by their employers
- giving employers a set of rules by which they could operate and maintain uniform employee benefit plans without interference from varying state laws.
Congress accomplished these goals by enacting a complex bundle of tax and labor laws that regulate, among other things, the design, funding and administration of such plans and that give the IRS and the DOL the power to enforce those laws and issue regulations to provide further detail and guidance on what the laws require. In addition, ERISA gave benefit plan participants the right to sue their employers and plan fiduciaries in federal court if they are not provided the benefits they were promised or are not provided with the information employers should provide them about the benefit plan. ERISA preempts all state laws that relate to benefit plans, except for laws relating to insurance requirements, so any claim that an employee may bring that relates to an employee benefit plan (other than the exceptions noted herein), such as a claim for benefits or for breach of fiduciary duty, must be brought in federal court under ERISA.
Types of benefit plans
The Employee Retirement Income Security Act (ERISA) separates benefit plans into two types:
- employee welfare benefit plans
- employee pension benefit plans.
Employee welfare benefit plan
An employee welfare benefit plan usually includes plans maintained by an employer for its employees or their beneficiaries that provide the following kinds of benefits:
- health (medical)
- life insurance
- disability income
- accidental death and dismemberment benefits
- severance pay
- certain scholarships
- certain pre-paid legal services.
Certain employer-provided benefits, such as sick pay, short-term disability, paid time off, overtime, jury duty, and vacation pay, may be considered exempt from the requirements of ERISA if benefits are paid in all of the following ways:
- as a “normal payroll practice” by the employer and not from an insurance policy
- to currently employed individuals
- entirely from the employer’s general assets
- without employee contributions.
Voluntary individual or group insurance plans may also be exempt from ERISA if both of the following conditions are met:
- the employees pay all of the cost
- the employer’s role is limited to withholding premiums through payroll deduction and remitting them to an insurer.
However, even minimal “sponsorship or endorsement” (a company’s name on the brochures) by the employer may negate this exemption, and subject the benefit program to all the requirements applicable to an ERISA plan. ERISA generally does not apply to:
- cafeteria plans, POPs (premium only plans), or premium conversion plans (however, the benefits funded by them are often subject to ERISA)
- dependent care assistance plans (DCAPs, or dependent care FSAs)
- paid time off plans (PTO)
- adoption assistance plans
- educational assistance or tuition reimbursement plans
- on-site medical clinics (if providing first aid only, like flu shots – not treatment).
The Department of Labor has issued regulations and guidelines that better explain when a benefit program is considered an ERISA-covered employee welfare benefit plan.
Employee pension benefit plan
An employee pension benefit plan is a plan, fund or program that provides retirement income to employees or their beneficiaries or results in a deferral of income by employees extending to the termination of employment or beyond.
Defined benefit pension plans
These plans determine a participant’s retirement benefit based on a specified formula. Common defined benefit plans are traditional pension plans and cash balance plans. Under these plans, the employer retains the risk of loss from the plan’s investments.
Defined contribution pension plans
These plans provide participants with an account to which contributions may be made by the employer, employee or both. The employer may invest the assets of the plans, but more typically, the employer gives participants the right to direct where some or all of the assets are invested. Typical defined contribution plans include profit sharing plans, 401(k) plans, money purchase plans and SIMPLE plans.
An employee benefit plan (whether a welfare or a pension plan) under ERISA generally does not include the following plans:
- governmental plans
- church plans
- plans intended solely to comply with state laws (workers' compensation, unemployment compensation, disability, etc.)
- plans maintained outside the United States substantially for nonresident aliens
- unfunded excess benefit plans (plans maintained solely for the purpose of providing benefits for certain employees in excess of certain limitations on contributions and benefits imposed by the Internal Revenue Code and ERISA).
Employee Retirement Income Security Act (ERISA) imposes obligations on employers that sponsor an employee benefit plan, including:
- funding certain kinds of plans
- disclosing information about the plan to participants and beneficiaries
- reporting certain information concerning the plans to governmental authorities
- operating the plans in accordance with fiduciary duty obligations.
In addition, ERISA requires that employee benefit plans contain a number of provisions. These obligations are discussed as follows.
Plan sponsors have the obligation to fund certain employee benefit plans. Employee pension benefit plan assets must be held in trust for the benefit of the participants and beneficiaries in order to pay the benefits when they come due. Even a simple informal promise to pay an employee something when he retires may be a plan that is subject to ERISA’s funding as well as other ERISA requirements. In addition, defined benefit pension plans and certain defined contribution plans must meet minimum funding levels to pay participants or their beneficiaries the retirement benefits promised to them under the plan. Most welfare benefit plans are not subject to ERISA’s funding requirements. In the case of both retirement plans and welfare plans (to the extent funded) ERISA requires that assets intended to fund benefits must be held in trust.
All plans subject to ERISA must be in writing. However, an employee benefit plan that is not in writing (such as an informal promise to pay retirement benefits) still may be subject to ERISA. ERISA requires the plan sponsor to maintain a plan document and to explain the plan to participants in a summary plan description.
Summary plan descriptions
These summary plan descriptions are generally a summary of the plan and must be drafted in a manner calculated to be understood by the average plan participant. Summary plan descriptions also must contain certain provisions, including a statement of ERISA rights and claims review procedures. Summary plan descriptions are more than a summary of plan terms, however. They are typically the only document a participant receives that describes the benefits, and some courts have determined that a participant may sue based on the terms of the summary plan description, even if the terms conflict with the plan document. For this reason, great care should be taken in drafting summary plan descriptions.
If a participant requests documents used by the employer to operate the plan, they must be provided within 30 days of the request. Failure to provide the documents within this time period could result in a fine of up to $127 per day.
There are numerous other disclosures that may be required for various employee benefit plans, including, notices regarding blackout periods, summary annual reports, and COBRA and HIPAA notices, among others.
Most ERISA plans are required to file a Form 5500 annually with the IRS. This form reports the plan's financial condition, investments and operations. Excepted from this filing requirement are unfunded or fully insured welfare plans with less than 100 participants at the beginning of the plan year. Failure to file a Form 5500 could result in the imposition of a penalty of up to $2,400 per day. Sponsors of ERISA plans may take advantage of the Department of Labor’s Delinquent Filer Voluntary Correction Program to reduce the penalty for failure to file a Form 5500 in a timely manner. Detailed instructions on what plans must file, what form to file, how to file and when to file can be found on the DOL website at:
There are additional reporting obligations that may be required for certain types of plans (including certain reporting obligations for pension plans to the Pension Benefit Guaranty Corporation, among others).
Under ERISA, any individual who exercises discretion with respect to the administration of an employee benefit plan or the assets of the plan is a fiduciary and must comply with the statute’s fiduciary duty provisions. Fiduciaries must perform their duties solely in the interests of the participants and beneficiaries and are prohibited from self-dealing. Fiduciaries may be personally liable for losses to a plan.
The Employee Retirement Income Security Act (ERISA) gives participants or beneficiaries the right to sue the employer or the plan for benefits due to them under the plan’s terms and for penalties for the failure to provide requested documents or required notices. Participants may also sue for breach of fiduciary duty. Lawsuits under ERISA must be brought in federal court. ERISA does not give a participant a right to a jury trial, so most cases are decided by a judge. In addition, punitive damages are not available to participants who sue for recovery of benefits under and ERISA plan.
Many of the requirements for employee benefit plans are governed by the Internal Revenue Code (IRC). Aside from the tax consequences for failure to comply with the IRC, ERISA imposes certain requirements that if not complied with could create a cause of action against the plan, employer and/or fiduciaries. These requirements include:
- minimum participation by employees for pension plans
- vesting of employer contributions and funding requirements for certain pension plans
- COBRA and HIPAA requirements for group health plans. (See also Healthcare portability and privacy.)
Insured welfare benefit plans must also comply with state insurance laws.
Furthermore, an important provision of ERISA is that pension benefits may not be assigned or transferred other than to the participant or a beneficiary.
Qualified domestic relations order
The exceptions to the anti-assignment rule are if the IRS garnishes the plan account or a qualified domestic relations order (QDRO) is filed. Not all state court divorce orders that award pension benefits to the non-participating spouse meet the QDRO requirements and, until these orders are revised to meet the requirements, a distribution to an “alternate payee” is prohibited. Only state agency and court orders that comply with the IRS and ERISA rules for QDROs will allow such a distribution. Generally, in order to be a QDRO, the domestic relations order must be a judgment, decree or order, which relates to child support, alimony payments or marital property rights under state domestic relations law. Furthermore, it must specify certain things, including:
- the name of the plan to which the order relates
- the number of payments or period to which the order applies
- the amount or percentage of the participant’s benefit to which the payee is entitled
- other various requirements.
Also, the order cannot require the plan to make payments in a form or a manner for which the plan does not provide. It is important that employers be sure that court orders specifically comply with the QDRO rules before allowing a distribution from a qualified pension plan.
The IRC also imposes strict requirements on employee benefit plans that are similar in many ways to the ERISA requirements. Failure to satisfy the IRC’s requirements may result in adverse tax consequences.
The Department of Labor’s (DOL) recently released guidance on cybersecurity best practices for plans covered by ERISA, which makes it clear that plan sponsors, service providers and participants share responsibility for protecting plan accounts. The guidance includes tips for hiring service providers, cybersecurity program best practices and online security tips. It also provides a best practices roadmap to follow. Some action items employers can take as a best defense against fiduciary litigation and DOL investigations are:
- Hiring a service provider- When selecting and using third-party providers, you should conduct due diligence to identify service providers with strong established cybersecurity practices. The DOL recommends that plan sponsors inquire about a service provider’s cybersecurity standards, policies and practices, which also should include regular audits by an outside auditor. Contract with caution. Look out for contract provisions that limit the liability of the service provider, while simultaneously trying to include provisions that provide you with greater protection. For example:
- require a risk assessment by an independent auditor
- address minimum cybersecurity practices, such as:
- multifactor authentication
- encryption policies and procedures
- regular vulnerability scans and annual penetration tests
- notification protocol for a cybersecurity event, which directly impacts customer information system(s) or nonpublic information.
- Cybersecurity program best practices- As a plan fiduciary, you have an obligation to mitigate cybersecurity risks. As mentioned previously, when hiring a service provider, you should make certain the provider has adopted a strong cybersecurity program. A strong program identifies and assesses internal and external cybersecurity risks that aim to breach the confidentiality, integrity or availability of stored nonpublic information. Components of an effective policy include:
- oversight by the chief information security officer
- periodic policy updates
- annual cybersecurity awareness training
- written documentation of the particular framework(s) used to assess the security of systems and practices
- prudent annual risk assessment
- procedures to control access to IT systems and data
- annual third-party audits.
- Online security tips- Retirement plan participants and beneficiaries share accountability for maintaining the security of their retirement account information. Plan participants and beneficiaries who check their retirement accounts online should be educated on how they can reduce the risk of fraud and loss. In its guidance, the DOL provides the following tips:
- register, set up and routinely monitor your online account
- use strong and unique passwords
- use multifactor authentication
- keep personal contact information current
- close or delete unused accounts
- be wary of free Wi-Fi
- beware of phishing attacks
- use antivirus software and keep apps and software current
- know how to report identity theft and cybersecurity incidents.
It is recommended that plan sponsors, service providers and participants rely on the DOL’s guidance to establish a minimum threshold for cybersecurity compliance. Plan sponsors should establish consistent guidelines for vetting third-party providers and, as with any fiduciary decision, should carefully document the decision-making process. Further, plan sponsors should not limit compliance with these cybersecurity practices to ERISA-covered retirement plans; as a best practice, all ERISA-covered plans for which the plan sponsor has a fiduciary duty should fall under the policy’s umbrella.
Illinois retirement benefits
Private employers (for profit and not-for-profit) with more than 5 employees in Illinois who have been in business for more than two years may are required to automatically enroll their employees in a state-run Roth IRA program if the employer does not offer access to a private workplace retirement plan, as required by the Secure Choice Savings Program. Illinois Secure Choice has rolled out in various waves, in accordance with the following schedule:
Number of employees
Deadline for enrollment
More than 500
November 1, 2018
July 1, 2019
November 1, 2019
November 1, 2022
November 1, 2023
Participant employees automatically contribute 5% of their paychecks, but are free to change their contribution level or opt out at any time. Employers who do not offer the state-run, auto-IRA program or other type of private retirement plan will be subject to a fine of $250 per employee per year. The fine increases to $500 per employee for penalties incurred in subsequent years.
An employer is required to deposit employee payroll deductions into the program’s trust fund, which is run by a state-appointed board of directors comprised of seven members. A participating employer is not a fiduciary under the program and is not intended to be responsible for the program’s administration or investments.
Where to go for more information
This chapter is intended as a brief overview of some of the requirements and obligations ERISA and other laws imposes on employers. It is by no means exhaustive. If additional information is needed, please visit:
or consult an ERISA attorney. For IRS requirements visit: