When it comes to administering your retirement plan, determining compensation for each participant can be confusing. Compensation is routinely near the top of the list of plan operational failures reported by both the U.S. Department of Labor (DOL) and the Internal Revenue Service (IRS). 

Determining proper compensation for each participant is crucial to proper administration of any qualified retirement plan. It is used to apply limits, conduct nondiscrimination testing, and determine tax deductions. Failure to properly report compensation can result in significant penalties up to and including plan disqualification.

Standard Definitions

Standard definitions of compensation cast a wide net in terms of what they include. Common standard definitions include simplified compensation, W-2 compensation, and withholding wages. These definitions are very similar but there are differences among them and the differences involve certain specific types of pay. Also remember; no matter how a plan defines compensation, the IRS sets a cap on the maximum pay that can be counted each year, and that limit is adjusted annually for inflation. The limit for 2018 is $275,000.

See this chart for additional guidance.

Plan Specific Exclusions

Your plan document may also include specific exclusions for certain types of compensation not already excluded from the standard definitions in the chart linked above. Note that if certain types of compensation are excluded it may trigger the necessity for additional nondiscrimination testing to be performed to ensure that non-highly compensated participants are not disproportionately affected. Below are just a few of the additional exclusions you may find in your plan document. 

Pre-participation Compensation: Almost all plans have a waiting period before new employees become participants. This compensation is counted for testing as well as for calculating benefits under all of the standard definitions. If the goal is to exclude this compensation, it must be clearly defined in the plan document. 

Bonuses, Commissions and Overtime: The default under the standard definition is that these items are includible in compensation (see linked above chart). However, these types of compensation are not necessarily regularly recurring, giving some companies the desire to exclude them for plan purposes. Make sure your plan document clearly states what your desired exclusions and inclusions are. For example, if your company issues more than one type of bonus such as a holiday bonus and a performance bonus, you may want only the holiday bonuses to be excluded. Stating “bonuses are excluded” in your plan document will make all bonuses excluded. Your plan document should specifically state “holiday bonuses” are excluded in order to bring about the desired result of excluding only the “holiday” bonus. Any other type of bonus would be included under the standard definitions unless additional language is added to your plan document. 

Taxable Fringe Benefits: The default under the standard definition is that these items are includible in compensation (see linked above chart). To exclude taxable fringe benefits, your plan document would have to include separate language to do so. Like the example used for bonuses in the above paragraph; how your plan document is worded can determine whether the compensation item is included or excluded. Make sure your plan document directs you to the result you are desiring. 

This is an area to review carefully for 2018. With the passing of the Tax Cuts and Jobs Act, changes were made to the taxation of certain fringe benefits. For example, employers are no longer allowed to pay or reimburse moving expenses on a tax-free basis. Thus they will now become includible under the standard definitions of compensation unless your plan document specifically includes an exclusion. 

Mitigating Risk

In order to mitigate the risk of disqualification of a plan, it is important to understand how the IRS defines compensation for qualified retirement plans and to understand definitions as laid out in your plan document. Make sure your plan document is up-to-date, and review your payroll coding system to make sure it still agrees with the administering of your plan; taking into consideration any recent changes to tax law, changes to your plan document, or both.

If you have any questions about how compensation is defined in your plan, please contact your Hawkins Ash CPAs representative. 

In February 2018, Congress passed the Bipartisan Budget Act (the “Act”). A key provision of this new legislation relaxes certain restrictions on hardship withdrawal rules from 401(k) and 403(b) plans.

Under current 401k and similar defined contribution plan regulations, plan participants are limited to taking hardship withdrawals from their elective deferral account balance and are prohibited from making elective deferral contributions to the plan for at least six months following the hardship distribution. In addition, a plan participant is normally required to take available loans under the plan (if allowed) prior to taking a hardship withdrawal.

Key Changes Under the Act

Six Month Suspension Period Eliminated

The Act directs the Department of the Treasury to amend current 401(k) and 403(b) regulations to remove the six month suspension period on employee deferrals to a plan after a hardship distribution.

Available Sources of Funds

The Act expands the types of sources of contributions that are eligible for hardship withdrawals to include: qualified nonelective contributions (QNECs), qualified matching contributions (QMACs), safe harbor plan contributions, and earnings on all of these accounts – including earnings on participant elective contributions. (This change only applies to 401(k) plans but there is an expectation that the IRS will also extend it to 403(b) plans.)

Elimination of Loan Requirement

The Act removes the requirement for participants to take any available loans under the plan before taking a hardship distribution. (This change only applies to 401(k) plans but there is an expectation that the IRS will also extend it to 403(b) plans.)  

The intended collective impact of these new provisions is to provide help and flexibility to those participants who are facing financial challenges or difficulties and to ease the administrative burden on plan sponsors and record-keepers when hardship withdrawals occur.

The Budget Act changes are effective for plan years beginning after December 31, 2018 (for plan years ending December 31, 2019). 

It is not too early for plan sponsors to consider how these changes will impact their plans and the potential updates that will be needed to their hardship withdrawal procedures, plan amendments, Summary Plan Descriptions and/or Adoption Agreements. 

SOC Report. SSAE 16 or 18. What do these terms mean? Your employee benefit plan auditor may request these reports from you during a plan audit and you may be wondering what they are asking for.

A SOC (System and Organization Controls) report is a report on controls at a service organization which are relevant to the user entities’ internal control over financial reporting. The report is also referred to as an SSAE (Statement on Standards for Attestation Engagements) 18 report (formerly 16 until May 2017), which is a regulation created by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) for defining how service organizations should report on various compliance type controls. Basically, when you hire a third party service provider to do a service for you, you are relying on their internal controls as an extension of your controls. Your employee benefit plan auditor will typically want to review those reports to see if your service providers (record-keepers, trust companies, payroll providers, etc.) have certain controls in place, whether those controls have been tested, and if there are issues with the controls. They use the report to help determine how much audit testing is needed.  

Plan sponsors have a responsibility to understand this report as well since it is considered an extension of their controls. The service provider is handling sensitive data of your plan participants. If your service provider is having a lot of issues, you may need to implement more controls on a plan sponsor level or it may be enough to warrant switching service providers.

Some Key Components of the SOC Report to Review and Understand

Service Auditor’s Report

When reviewing a SOC report, one of the first components to review is the service auditor’s report. There are some key things to look for when reviewing.

Is it a Type 1 report or a Type 2 report?

Another term you may hear your employee benefit auditors refer to is a type 1 or type 2 SOC report. In essence, a type 1 report simply lists the controls the service provider has in place, whereas a type 2 SOC report actually does some tests on those controls and comes to a conclusion on the effectiveness of the controls. In an employee benefit plan audit, it is the hope to be able to obtain a type 2 SOC report so your auditor can feel comfortable that the internal controls are not only in place but that they have been tested by an independent party as well. When reviewing the service auditor’s report, if they don’t refer to the effectiveness of the controls, it is most likely a type 1 report (meaning no detailed testing was done on those controls).

Does it cover a recent period?

You will want the audit report to cover a recent timeframe—preferably the timeframe that correlates with the year of the employee benefit plan you are having audited. It isn’t uncommon for these audits to be done on a different timeframe than your plan year, but try to make sure it is the most recent report available, and request a bridge or gap letter to cover any months they are not covering of your plan year.

Is it a reputable auditor?

You will also want to see who is preparing the service auditor’s report. Is it a well-known reputable accounting firm? If you are not familiar with the name of the firm, you may want to do some inquiries to make sure it is a firm that is indeed competent and capable of issuing quality work.

Subservice Organizations

Oftentimes service providers may outsource some of their functions as well. You will want to see what they are outsourcing, and if you feel that item is significant, you may even want to obtain a SOC report for that subservice organization as well to make sure they don’t have any major compliance issues.

Complementary User Controls

The plan sponsor will want to pay close attention to the complementary user control section of the SOC report. The service provider is relying on their customers (the plan sponsor in this example) to have certain controls in place on their end in order for the service provider controls to be effective. The plan sponsor will want to get familiar with those controls and make sure if they do not have those controls in place that they get them implemented.

Description of Tests of Controls and the Results of Testing (In the Case of a Type 2 Report)

The report will go through the various controls that are in place, describe the tests that were performed to test those controls, along with the results of the testing. Typically your employee benefit plan auditor will look to see if tests were performed in the following areas and will want to see if there were a lot of negative testing results (some of the areas recommended to be reviewed by the AICPA Employee Benefit Plan Audit Quality Center): 

Regardless of whether or not your plan needs an audit, it is recommended that you get familiar with these reports to ensure optimal internal controls. As a plan sponsor, it is your responsibility to protect participant data. When switching service providers, you may want to review these reports as well prior to making the decision to switch to them to make sure the results are positive and the controls are in line with what you would like to see tested.