I found thia article in the recent issue of Legal Times magazine; this is something you might want to talk to your financial advisor about if you have a 401k plan in your medical practice or healthcare business:
The Supreme Court ruled on Feb. 20 that an investor in a 401(k) plan can sue to recover losses from the plan's breach of fiduciary duty. How do companies need to respond?
In LaRue v. DeWolff, Boberg & Associates, the Supreme Court concluded that an individual participant -- not just the 401(k) plan, as in the past -- can recover losses under the Employee Retirement Income Security Act. James LaRue alleged that the 401(k) plan administrator breached its duties by failing to follow his investment directions, thereby costing him about $150,000.
Because of the explosion of 401(k) plans throughout the United States, the consequences of this legal action are potentially far-reaching. Although LaRue's suit dealt with the mishandling of investment selections, other areas of 401(k) plans may be affected in the future.
In responding to LaRue, companies and their in-house counsel should be thinking about the following issues:
Most obviously, companies should take steps to safeguard themselves against the mishandling of employees' investment instructions, the issue in LaRue.
If implementing investment instructions is delegated to a third-party service provider, you need to understand the provider's system for implementing the participant's investment selections accurately and timely. With the increase in paperless transactions, this becomes extremely important. The service provider should notify the participant immediately of all changes in investment selections.
Even if you delegate these functions to the service provider, I recommend that the administrator of the 401(k) plan should review or test the service provider's internal control system, before you use this provider.
Companies also need to be careful about their own delays in placing employee contributions into 401(k) accounts. The law requires employers to separate employee 401(k) contributions from their general assets as soon as practicable, but in no event more than 15 business days after the end of the month in which amounts are contributed or withheld from wages.
Employers might be tempted, either because of administrative convenience or cash flow needs, to delay contributions.
But, in addition to the legal requirement, there is also the risk of harm to the participant's investments. If the contributions are delinquent, these contributions are not being invested timely. With the potential of significant market changes every day, this could cause investment gains or losses. If a loss occurs as a result of delay, it may give rise to lawsuits or, at a minimum, the need to make the participant whole.
Too many times, I have seen employers think that the 15 days of the following month is the safe harbor rule. This is absolutely not true. As a practical matter, the time period in which to act could be when the paychecks go out.
There are a number of other issues relating to the 401(k) plan that need to be watched.
- How do you know if the employee contributions and investment earnings are being properly allocated to the participant? If a service provider provides a certification of investment activity, it is usually at the trust level only (the entire plan) and does not apply to the allocation of investment income to the participant's account. You will need to review the service provider's internal controls and any outside reports about these controls. If there has been no outside report, I strongly recommend that the plan review and test these controls, even independent of any financial audit.
- Do you ever verify that the total of the individual participant accounts equals the total amount of investments in the trustee report? If you don't, you should. Internal Revenue Service Revenue Ruling 70-125 requires this.
- In times of economic difficulty such as today, participants may be tempted to borrow from their 401(k) plans. Trustees need to verify that the proper amount is borrowed (there are limitations) and that the proper documentation is prepared, authorized and approved. The plan also needs to monitor the repayment of the loans. Delinquent loans are required to be reported to the Labor Department.
- In your administration of the 401(k) plan, you should verify that the plan has a fiduciary liability policy in force, with reasonable deductibles. You should review the policy to determine what exclusions exist, if any.
- Along with LaRue, one of the hottest issues in 401(k) plan management is investment fees. The public is being inundated with information about the effects of fees, including efforts by the Employee Benefits Security Administration of the Labor Department.
Understanding the plan fees is part of the plan sponsor's fiduciary responsibility. It is imperative that the trustees understand how the service provider is compensated and, when choosing among providers, compare fees. The Labor Department has a 401(k) fee disclosure form on its Web site that assists in determining the actual fees charged. (Remember, though, that cost is only one component in the evaluation of providers.)
Evaluating these details about the 401(k) plan is no easy task, and many corporate counsel, who don't specialize in ERISA matters, may wish to engage their outside auditor for this specific task. If so, keep several things in mind.
First, you should understand the difference between a “financial audit” and a more detailed compliance audit.
The financial audit is required by ERISA and must be performed by an independent, qualified public accountant. Generally (and there are exceptions), plans with 100 or more participants at the beginning of the year are required to have a financial audit. The auditor's objectives and responsibilities are established under generally accepted auditing standards. The audit is an important ERISA tool to protect plan participants, but this type of audit is not designed to ensure compliance with all legislative and regulatory requirements.
A compliance audit is much more detailed than a financial audit. It involves much more compliance testing, as well as other work that may not be required in a financial audit.
Even if a 401(k) plan has completed a financial audit, the plan may still be blindsided by problems that a compliance audit would have uncovered.
Second, you should ascertain that your auditor has experience with 401(k) plans. This is a specialized field. Knowledge of the Labor Department requirements are a must. Prohibited transactions, supplemental schedules, and certain footnote disclosures are unique to 401(k) plans. The more an auditor understands the 401(k) field, the more effective that audit will be.
Third, you need to provide the auditor copies of all agreements with third-party service providers. If the plan has reviewed the internal control structure of a service provider, that review should also be provided.
In any event, the auditor will need to satisfy himself of the internal control structure of the 401(k) plan and the provider's portions of the plan. This work should be performed before the audit.
Fourth, make sure that the audit complies with the new Statement of Auditing Standards No. 104 through No. 111, which apply to all audits for periods beginning on or after Dec. 15, 2006 (namely calendar year 2007). These standards, known as the risk assessment standards, require a vastly different approach than the ones applicable to previous audits. Different documentation, questions, and evaluations will be required that haven't been required in past audits.
Finally, you should make sure that the auditor has obtained all requested documentation before the audit. Contracts, investment statements, and participants' files are some of the more common requests. There should be agreement about who prepares the IRS Form 5500 to file with the government. If the auditor doesn't prepare the form, the auditor must review it.
Quality audits are very important to the 401(k) plan, and LaRue makes them even more so. The ultimate consequences of LaRue have yet to materialize, but careful review and monitoring of the 401(k) plan -- and especially of the plan's third-party service providers -- is the appropriate corporate response.
Joseph Musher is a certified public accountant and a senior partner on the employee benefit plans audit team in the Rockville, Md., office of Buchbinder Tunick & Co. He has more than 35 years of auditing and accounting experience.
Subscribe to Legal Times