Adopting a Wrap Document Decreases Plan Administration Costs, Streamlines Reporting and Disclosure Obligations, And Helps Employers Satisfy Their Compliance Obligations.
Wrap Documents Are A Cost-Effective Approach To Help Ensure Compliance With ERISA and Mitigate Risks of Department of Labor Penalties and Participant Lawsuits.
Employers are continuously looking to cut costs while retaining talent in the workforce. Attracting and retaining talent often requires offering meaningful employee benefits. Yet, offering employee benefit plans adds to an employer’s administrative costs and compliance obligations. A cost-effective fix to decrease an employer’s administrative expenses and satisfy IRS and Department of Labor compliance obligations is for an employer to adopt a wrap document.
What is a Wrap Document?
A “wrap” document wraps around an insurance certificate or benefits booklet to fill in the gaps of the insurance certificate or benefits booklet by including benefit plan provisions required by ERISA. The wrap document and the insurance certificate (or third-party booklet), together make up the plan document.
Employers that adopt a wrap plan document for their welfare benefit plan(s) are able to satisfy ERISA’s plan document and Summary Plan Description (SPD) requirements. Each welfare benefit plan can have a separate plan document and a separate SPD, or only one wrap document that serves as both the plan document and the SPD.
“Umbrella” Wrap Plans Decrease Plan Administration Costs
A wrap document is also used to reduce the costs of filing multiple annual reports, such as IRS Form 5500s. By combining each welfare benefit plan into an “umbrella” wrap plan, only one Form 5500 has to be filed, eliminating the need to file multiple Form 5500s for each welfare benefit plan. For example, assume an employer sponsors a medical plan, vision, dental, and life insurance, flexible spending account, disability, and a severance pay plan. If the employer adopts a wrap document that “wraps” all these welfare benefit plans into an umbrella plan, it generally has to file only one IRS Form 5500 Annual Report, rather than seven separate IRS Forms 5500 for each plan every year.
Compliance Obligations Under ERISA
The Employee Retirement Income Security Act of 1974 (ERISA) requires that employer-sponsored employee welfare benefit plans satisfy certain compliance obligations. Employee welfare plans subject to ERISA include group health plans, health reimbursement accounts, plans providing dental, vision, prescription drug benefits, health flexible spending accounts, employee assistance plans and wellness programs (when medical care is provided), group term life, and group short term and long term disability plans. An employer’s welfare benefit compliance requirements include maintaining written plan documents and distributing a SPD to plan participants that describes the plan’s terms and includes required information. ERISA’s plan document and SPD requirements apply to employers with as few as two employees. In addition, many employers are required to file an IRS Form 5500s and Summary Annual Report with respect to each welfare benefit plan (see discussion above).
Insurance certificates or benefit booklets provided by an insurance company or other third party rarely satisfy ERISA’s content requirements for plan documents and SPDs because they do not include all the provisions required by ERISA. For example, plan documents that employers receive from their insurance carriers or third-party administrators often do not adequately explain which employees are eligible to participate in the plan, and omit several other provisions that are required to be included in the plan and SPD. Importantly, under ERISA, employers are fiduciaries and are ultimately responsible for compliance with ERISA, not insurers.
Employers who fail to provide an SPD or plan document within 30 days of a participant’s request may trigger a fine of $110 day per day per participant. These penalties are subject to cost-of-living adjustments. As you can imagine, employers who have multiple plans subject to ERISA can run up significant fees for each plan’s failure to satisfy ERISA’s plan document and SPD requirements.
Employers without plan documents/SPDs, may also be vulnerable to lawsuits from plan participants who claim past practice or other evidence to support their claims for benefits. Without ERISA-compliant plan documents, an employer/plan administrator may not be able to prove that the terms of the plan support benefit decisions.
The attorneys at Day Rettig Martin, P.C. provide a full complement of affordable employee benefit plan services. If you have any questions about creating a wrap plan, or any questions concerning your compliance obligations under ERISA, please contact Attorney Teresa Domek at (319) 365-0437 or at Tdomek@drpjlaw.com.
1. ERISA welfare plans generally must file an annual Form IRS 5500 but some plans are exempt from this requirement. A welfare plan that covers fewer than 100 “participants” at the beginning of the plan year is exempt if it is unfunded, fully insured, or a combination of the two. “Participants” include individuals covered under the plan and former employees receiving continuation coverage.
2. Private sector employers that sponsor certain employee benefits are subject to ERISA. However, governmental and church employers are exempt from ERISA’s welfare benefit plan provisions.
Imagine. It is a powerful tool each of us have. In fact, “Imagine” was the most successful single recording of The Beatles’ John Lennon’s solo career. The song has been covered by artists ranging from Liza Minnelli to Stevie Wonder to Neil Young to Lady Gaga and performed at venues ranging from The Olympics to Concerts for Peace.
While the impact and influence of the song “Imagine” reaches across the globe, and the lyrics such as “imagine no possessions, I wonder if you can” may trigger a mosaic of different emotions, the reality is approximately 74 million Baby Boomers will reach age 65 in just five years without imagining and planning for how their affairs will be settled once they die.
Despite studies showing those 74 million Boomers may have over $30 trillion in assets to leave their heirs, the majority of Boomers either; dismiss estate planning because they mistakenly believe it is only necessary for “rich folks”; or, they procrastinate. In the US, over 55% of Boomers don’t expect to have any money to pass on. About 45% don’t have a Will. Even those with money don’t always plan. A few years ago, Aretha Franklin died without a Will and her Estate was tied up in the inevitable snarl of Legal Administration, a state court process where loved ones can be consumed in the quick sand of time-consuming, confusing, expensive and bureaucratic processes of settling the deceased individual’s affairs.
Face it. Estate planning issues are not reserved to Boomers. All of us now have a digital legacy such as email messages, online financial and social media accounts, digital photos, videos, etc. As people live longer and die online, family members, friends, executors, administrators are left to sift through the daunting task of navigating access to passwords without authority to manage the online accounts of the deceased. Loved ones will face a gauntlet of security hurdles to retrieve information necessary to settle final bills and secure a deceased’s individual’s financial information where fraudster’s are applying for credit in the deceased’s name.
Given the statistics of Boomers not wanting to imagine how to settle their affairs once they are no longer here, and considering the rest of the folks who simply do not understand the implications of the Wild, Wild, West of the Digital Age, it is not surprising that most of us do not have a plan for managing our affairs in the digital world. But is that how we want to leave things for our loved ones? Is that who we are? Is that our legacy?
The good news is; all of us can take a few simple steps to have a plan in place in the event of our death. Fortunately, Robin Williams did. With his tragic suicide came the inevitable fall out associated with three marriages and three children wanting a piece of the pie. But Robin had imagined. Robin had a Will, a Revocable Living Trust and had entered into a Prenuptial Agreement with his third wife. Although his heirs still battled over his Estate, by planning ahead, Robin was able to diminish a lengthy legal battle which had the potential of devastating his family. See https://www.reelz.com/extra/no-stranger-legal-battles-robin-williams-protected-family-similar-fate-death/
While “imagination” is a powerful tool, it is also complex. It is a call for us to imagine something that seems unimaginable in the current world we live in. Yet, the lyrics of “Imagine” have no less relevance in the uncertain world of 2022 than they did in John Lennon’s 1971. Isn’t it time to step up and imagine how you want to leave your affairs when you are no longer on this planet?
The attorneys at Day Rettig Martin, P.C. provide a full complement of affordable estate planning services. If you have any questions about creating or amending a Will or estate plan, please give us a call at (319) 365-0437.
Employee benefit plans subject to the Employee Retirement Income Security Act (“ERISA”), including retirement and health and welfare plans, are attractive targets for hackers, particularly given their potential access to plan assets and participant information. The U.S. Department of Labor (“DOL”) realizes employee benefit plans are vulnerable to cyberattacks and on April 14, 2021, it issued a three-part cybersecurity guidance package containing:
- A cybersecurity best practices summary Cybersecurity Program Best Practices (dol.gov)
- Tips for hiring service providers Tips For Hiring a Service Provider With Strong Cybersecurity Practices (dol.gov)
- A model notice offering participants and beneficiaries online security tips. Online Security Tips (dol.gov)
The DOL’s recent guidance emphasizes that sufficient measures are needed to protect participants and plan assets from cybersecurity threats. The DOL specifically states that responsible plan fiduciaries have an obligation to ensure proper mitigation of cybersecurity risks. Since plan sponsors and plan fiduciaries also have fiduciary obligations to prudently select and monitor service providers, the cybersecurity practices of their service providers should be a significant consideration in carrying out their fiduciary obligations.
While some of the DOL guidance is aimed at retirement plans subject to the Employee Retirement Income Security Act (“ERISA”), and does not specifically address ERISA group health and welfare plans, there appears to be no reason why the reasoning of the approach and the best practices and tips identified would not apply to such plans — and many health and welfare trusts are already proceeding with this approach. That makes sense since fiduciary obligations apply to plan sponsors and fiduciaries of ERISA retirement plans and health and welfare plans.
Plan sponsors and fiduciaries often rely on service providers to maintain plan records and keep plan information and participant data confidential. According to the DOL, plan sponsors and fiduciaries should select service providers that follow strong cybersecurity practices.
Note that the DOL has issued information and document requests in connection with their audit initiatives that focus on retirement plan cybersecurity practices. This will likely extend to health and welfare plans. Accordingly, ERISA plan sponsors and fiduciaries should review and evaluate how their existing programs measure up to the DOL’s recommendations and develop their cybersecurity programs accordingly.
A summary of the DOL’s guidance to help plan sponsors and fiduciaries meet their obligations to prudently select and monitor service providers follows below.
I. TIPS FOR HIRING A SERVICE PROVIDER WITH STRONG CYBERSECURITY PRACTICES
DOL’s cybersecurity guidance advises plan sponsors to include certain inquiries regarding selecting, evaluating and monitoring processes of plan service providers. These inquiries are summarized below.
A. DOL’s Tips for Sound Due Diligence Regarding A Service Provider’s Cybersecurity Practices
- Ask about the service provider’s documented cybersecurity program, including the service provider’s information security standards, policies and procedures, and audit results and compare them to industry standards used by other service providers.
- Confirm whether and how the service provider validates its information security practices and standards.
- Assess the service provider’s track record in the industry, including public information regarding information security incidents, other litigation, and legal proceedings related to the vendor’s services to address the security incidents.
- Ask whether the service provider has experienced past security breaches, what happened, and how the service provider responded.
- Confirm that the service provider has insurance to cover losses caused by data breaches and cybersecurity-related losses.
II. TIPS FOR CONTRACTING WITH PLAN SERVICE PROVIDERS
A. DOL’s Tips
Make sure that your contract with a service provider:
- Commits the service provider to support a DOL audit;
- Requires ongoing compliance with cybersecurity and information security standards;
- Limits the use and sharing of data (particularly confidential information);
- Requires notice of data breaches or cyber incidents;
- Includes provisions that do not limit the service provider’s responsibility for IT security breaches.
- Requires compliance with privacy, security and data retention laws;
- Requires the service provider to maintain cyber-insurance;
- Provides a right to audit the service provider’s compliance with its information security policies and procedures; and
In light of the DOL’s guidance and audit initiative, plan sponsors and fiduciaries are encouraged to review their cybersecurity practices, as well as their service providers’ cybersecurity programs, to mitigate cybersecurity risks to their ERISA plans.
The attorneys at Day Rettig Martin, P.C. provide a full complement of data breach coaching services to benefit plan sponsors, healthcare providers, and businesses, including data breach notification to individuals and various government entities. In addition, we counsel clients on the creation of information privacy and security plans, gap assessments, breach prevention and the development and implementation of policies and procedures.
If you have any questions about designing and/or administering employee benefit/executive compensation plans, issues arising under information privacy laws such incident responses to data breaches under state and federal laws, or labor/employment practices, please give us a call at (319) 365-0437.