As you know, we try to keep our alerts to a minimum as we know your inboxes are filled with “breaking news” from numerous outlets. However, as we approach the end of the year, we believe this is a good time to provide you certain benefit- and HR-related updates.
RETIREMENT PLANS
SECURE 2.0 (and SECURE 1.0) will require plan amendments and operational changes to reflect several required changes (e.g., rules regarding Roth deferrals and catch-up contributions, various changes to the required minimum distribution (“RMD”) rules, certain required automatic enrollment provisions for new plans, required paper statements, etc.), along with any optional plan provisions (e.g., emergency savings accounts, emergency withdrawals, domestic abuse and terminal illness distributions, distributions for long-term care premiums, etc.) that a sponsor would like to add.
The regulators have been busy issuing much-needed guidance interpreting several provisions of SECURE 2.0, SECURE 1.0, and other statutory provisions, such as guidance relating to (a) implementing penalty-free withdrawals for emergency personal expenses and domestic abuse distributions, (b) the RMD rules, and (c) implementing the long-term, part-time employee (LTPT) rules, among others. Plan sponsors should note, in particular, a couple of important pieces from this guidance:
Long-Term Part-Time Employees. As you may recall from our “SECURE 1.0” E-Alert (here), 401(k) Plans are now generally required to let certain LTPTs (who are age 21 and have completed at least 500 hours in three consecutive 12-month periods) make elective deferrals. Effective in 2025, SECURE 2.0 reduced “the three consecutive 12-month periods” to “two consecutive 12-month periods” and also applied these rules to 403(b) Plans. As a result, certain part-time employees (who were previously excluded from making elective deferrals under a 403(b) plan pursuant to the “less than 20 hours per week” universal availability standard), must be allowed to make elective deferrals if they meet the revised LTPT rules. Sponsors of 403(b) plans must be mindful of this new rule or consider making all employees eligible to make elective deferrals to avoid the administrative burden of complying with the LTPT rule. (Note that certain employees (e.g., students) can still be excluded under the 403(b) plan universal availability rule without consideration of the LTPT rule.)
RMD Changes. The IRS’s final regulations (coming in at well over 200 pages!) implementing recent statutory changes to the required minimum distribution (“RMD”) rules for certain plans include detailed rules regarding (a) the date by which participants must start their RMDs (based on the participant’s age), (b) the timing and/or calculation of RMD payments where an employee dies after payments have started (e.g., the elimination of the lifetime payment rule in certain cases) which generally applies in 2025 and results in the acceleration of when RMDs must be completed in many cases; and (c) the timing and/or calculation of RMD payments when a participant dies prior to his or her required beginning date, among other provisions.
Plan sponsors impacted by the above rules will need to work with their third-party administrators and ERISA counsel to ensure the plan’s compliance with these final rules both from an operational and document perspective.
Recommendations: We have prepared charts that describe the plan amendments that are mandated and that are permitted by SECURE 2.0 and SECURE 1.0, along with our recommendations for each amendment. WE DO NOT RECOMMEND implementing every permitted amendment under these statutes. For example, we are encouraging many of our clients to wait on implementing domestic abuse distributions until we receive additional guidance as there are many unanswered questions about how to legally administer such programs. Additionally, we generally do not recommend implementation of the “Pension Linked Emergency Savings Accounts”, and, to a lesser extent, emergency personal distributions (up to$1,000), both of which present increased costs and administrative risks.
Please contact us if you would like (1) to review and consider these design features, and/or (2) to set up a call to discuss our recommendations.
HEALTH & WELFARE
Health and welfare plans have seen a significant uptick in the amount of new guidance compared with a typical year. Below are some of those compliance updates/deadlines:
Gender Affirming Care Coverage. In May 2024, HHS issued its third round of regulations under ACA Section 1557 which makes it illegal for health programs that receive federal financial assistance to discriminate based on sex. Like the original HHS regulation issued in 2016, the new regulation restores gender identity as part of such prohibited sex discrimination. Although Section 1557 does not generally apply to employer-sponsored health plans, it does apply to health insurers and in some cases to third party administrators. Moreover, the new Section 1557 regulations specify that where a third party administrator plays no role in the development of a plan design, HHS will refer discrimination complaints to the EEOC or DOI for potential investigation. As a result, these regulations effectively preclude employer-sponsored health plans from categorically excluding gender affirming care (as such exclusions constitute sex/gender identity discrimination) — notwithstanding that employer-sponsored health plans generally are not Section 1557 covered entities.
Before the new regulations could take effect, however, a federal judge issued an order temporarily blocking HHS from enforcing certain parts of the regulations including provisions prohibiting discrimination on the basis of gender identity. Additionally, several other court cases have since ensued, resulting in substantial uncertainty about the future of Section 1557’s gender identity protections. Even without these protections, however, other nondiscrimination protections, such as Title VII of the Civil Rights Act of 1964, HIPAA and MHPAEA, may prohibit employer-sponsored health plan designs that exclude coverage for gender affirming care.
New HIPAA Protections for Reproductive Health Care. HHS issued HIPAA regulations in April 2024 creating new restrictions on the use and disclosure of protected health information related to “reproductive health care” by covered entities (including employer-sponsored health plans) and their business associates. Among other things, the new regulation prohibits the use or disclosure of PHI for a “prohibited purpose.” Prohibited purposes include conducting a criminal, civil, or administrative investigation into or imposing criminal, civil, or administrative liability on any person for the mere act of seeking, obtaining, providing, or facilitating lawful reproductive health care. Uses and disclosures of PHI for other purposes related to reproductive health care are still permitted, provided, however, that a covered entity or business associate must first obtain an attestation where the use or disclosure relates to health oversight activities, judicial proceedings, law enforcement, or coroner and medical examinations. In particular, anyone requesting PHI for any of those four purposes must attest (where the PHI is potentially related to reproductive health care) that the PHI will not be used for a prohibited purpose. Covered entities and business associates must comply with the new privacy standards by December 23, 2024.
As a result, plan sponsors of self-insured health plans should immediately (a) update the plan’s HIPAA privacy policies and procedures; (b) update template risk assessments used for breach responses; (c) review business associate agreements to determine if any changes may be required (for example, to identify who will be responsible for the prohibited purpose determination and the newly required attestations); (d) train the health plan’s workforce on the use and disclosure restrictions and when an attestation is required; and (e) consider whether a plan amendment is needed. (Note that the deadline to update the plan’s Privacy Notice is February 16, 2026.)
Medicare Part D Creditable Coverage Notices. There were significant changes to the Medicare Part D plan design for 2025 such as the reduction in the maximum out-of- pocket amount to $2,000 (a $6,000 reduction from 2024). This means that plan sponsors may have a higher threshold for meeting “creditable” plan status for its prescription drug benefit in 2025 and may need to take action to ensure Part D eligible employees understand what these changes mean for the 2025 plan year. While plan sponsors must notify certain employees of their plan’s creditable coverage status at various times, they are not required to offer creditable coverage so the employer is not required to make any plan changes. It is, however, important for plan sponsors to ensure that they are complying with these notice obligations (both to Medicare-eligible individuals and to the CMS). In that regard, an updated creditable coverage determination may need to be obtained in order to determine if any revisions need to be made to such notices. Relatedly, plan sponsors must also ensure that they are complying with Medicare Secondary Payer (MSP) rules which generally prohibit employers from encouraging employees drop employer coverage in favor of enrolling in Medicare.
MHPAEA — NQTL Comparative Analysis. In September 2024, final regulations were issued to reflect regulatory agencies’ interpretation of the NQTL Comparative Analysis requirements under the Mental Health Parity and Addiction Equity Act. Among other things, the MHPAEA prohibits health plans (and insurers) that provide both medical and
surgical (M/S) benefits and benefits for mental health and substance use disorders (MH/SUD) from imposing “nonquantitative treatment limitations” (NQTL) that place greater restrictions on MH/SUD benefits as compared to M/S benefits. Plans have been required to conduct and document a detailed, NQTL “comparative analysis” to demonstrate compliance with these NQTL requirements since 2021. Despite this, regulatory agencies have repeatedly reported widespread failures to comply with these requirements. The regulations therefore aim to enhance compliance by providing a comprehensive “roadmap” of the steps plan sponsors must follow to adhere to the “comparative analysis” requirements. This is a complex process requiring: (i) the collection of detailed clinical data from health plan vendors that establish and administer NQTLs; (ii) an associated analysis of that data (to demonstrate written compliance); (iii) testing of NQTL data (to demonstrate operational outcomes compliance); and (iv) the preparation of a report that comports with onerous content requirements. Moreover, employers and plan sponsors of ERISA-covered plans are now required to certify that they have engaged in a prudent process to select and monitor at least one qualified service provider to complete the required comparative analysis.
Regulators have indicated that while they have made efforts to give group health plans opportunities to cure deficiencies in their comparative analysis reports during the first few years of implementation, they now expect more complete reports. As a result, agency enforcement efforts are likely to be more aggressive now that regulations are in place. Moreover, several court cases have been filed alleging that various MH/SUD coverage limitations violate MHPAEA. To mitigate these regulatory and litigation exposures, plan sponsors should ensure that they update their NQTL comparative analysis to comply with the final regulations some of which are effective as early as January 1, 2025. Notably, the MHPAEA exemption previously available to self-funded non-federal governmental plans no longer applies thereby requiring such plans to begin performing a NQTL comparative analysis
Tobacco Premium Surcharge Challenges. There has been a recent surge in litigation involving health insurance premium surcharges for tobacco users. In addition to other claims, employees are claiming that these surcharges violate HIPAA wellness rules because the employer’s wellness notice does not properly disclose information regarding how to avoid the surcharge and/or the surcharge is ceased prospectively after completion of a tobacco cessation program without a refund of surcharges paid earlier in the year. Although these issues have not yet been resolved, employers that charge tobacco users higher premiums for health coverage should ensure they are (i) providing HIPAA- compliant disclosures describing how to avoid the surcharge in all plan materials that include information about the surcharge and (ii) properly administering any required refunds of the surcharge when a member completes a reasonable alternative standard such as a tobacco cessation program.
New Fixed Indemnity Notice. Final regulations issued in April 2024 require fixed indemnity insurance policies (e.g., accident, critical care, hospital indemnity) to include a notice advising employees that the policy is not comprehensive health insurance. The notice is required for plan years beginning on or after January 1, 2025 and must be
included on the first page of any fixed indemnity marketing, application, or enrollment materials. It must also adhere to specific font specifications for which a template is available. Employers offering these benefits should coordinate with their insurers to ensure compliance with the new notice requirement. For example, the notice should be included in any open enrollment materials that include information regarding fixed indemnity policies.
Extension of Cybersecurity Guidance to Health and Welfare Plans. Finally, plan sponsors should be aware that the Department of Labor remains focused on cybersecurity issues and recently issued guidance confirming that its prior “cybersecurity guidance” applies to health and welfare plans (and not just to ERISA-governed retirement plans). This informal guidance consists of best practices, tips of hiring service providers, and online security tips (to be provided to participants), and is available here. The DOL’s guidance suggests that, when hiring a Plan vendor, the fiduciary must ask about the vendor’s security standards, practices and policies and investigate the vendor’s history of compliance, among other things. We are seeing increased enforcement actions, participant complaints and potential lawsuits against plan fiduciaries and service providers alleging that such parties should have done more to prevent the theft of retirement plan accounts, participant information, etc. As a result, it is imperative that plan sponsors ensure that when hiring a plan vendor (e.g., third-party administrator), that the plan sponsor is considering the vendor’s cybersecurity practices and monitoring the vendors’ activities as it relates to cybersecurity (among other things).
Recommendations: Although some of the new regulations face legal challenges, and uncertainty under the new Administration, we recommend that we schedule a meeting with your personnel/committee responsible for the operation of your health and welfare benefit plans to discuss these and other legal issues and to evaluate these plans' compliance with these rules.
Please let us know if you would like to schedule such a meeting or if we can assist in any other way with your compliance efforts regarding the items discussed above.
ERISA LITIGATION
Recently, there have been a number of lawsuits filed against retirement plan sponsors alleging violations of fiduciary duties with respect to the use of retirement plan forfeitures. The essence of the forfeiture lawsuits is that use of the forfeitures to reduce employer contributions is a breach of fiduciary duty (i.e., because, according to the plaintiffs, the forfeitures should be used to pay plan expenses, thereby preserving the participants’ plan accounts rather than for the employer’s benefit by reducing the employer’s costs for contributions).
The legal theory articulated by the plaintiffs is that this long-standing practice of using forfeitures to reduce future employer contributions violates the plan fiduciary’s fundamental duty to act solely in the interests of participants and to defray costs of administration, etc. So far, these lawsuits have not reached any judgment on merits, but some courts have let cases proceed beyond the dismissal stage. It appears to us that plaintiffs’ arguments are at odds with long- standing regulatory guidance (from the IRS and DOL) which suggests that such a practice is acceptable so long as the forfeitures are used timely and in accordance with plan documents.
Recommendations: While we suspect these cases will not be overly meritorious, any successes for the plaintiffs will come from poor plan document language, so it is prudent for plan sponsors to review their plan document language regarding forfeitures with ERISA counsel.
On the health and welfare side of ERISA litigation, it appears our earlier predictions (here) are coming to fruition as litigation is ramping up. Just this year, a class action lawsuit was filed against a plan sponsor, alleging that it (a) breached its fiduciary duties by failing to ensure its plan costs were reasonable and (b) acted imprudently in selecting its pharmacy benefit manager (PBM). The lawsuit alleges that these fiduciary breaches led to participants significantly overpaying.
This lawsuit and others like it serve as an important reminder of the importance of understanding fiduciary duties and proper governance to ensure that the Plan fiduciaries are acting solely in the interests of participants, appropriately monitoring plan investments and service providers, the Plan is only paying reasonable and necessary fees, etc.
As with retirement plans, health and welfare plans are subject to fiduciary duties under ERISA. Having a “procedurally prudent” process in place is generally an effective shield for many plaintiff lawsuits.
Recommendations: In addition to the recommendations above, we recommend employers who do not have established committees on the health and welfare side (like most employers do on the retirement plan side) take the following steps:
- Establish a health and welfare plan committee and define its duties and powers in a charter;
- Document committee actions and decisions in contemporaneously-drafted and carefully- crafted meeting minutes;
- Develop committee processes for selecting third-party administrators, PBMs and the like and monitor those providers on an ongoing basis;
- Ensure receipt of service provider fee disclosures and carefully consider the reasonableness of the compensation of vendors;
- Ensure committee members are provided initial and periodic “fiduciary training”; and
- Ensure service provider contracts are fair and reasonable and do not contain any prohibited or objectionable provisions.
Please let us know if we can assist with the implementations of any of these recommendations.
NON-COMPETE CLAUSES
Earlier this year, the Federal Trade Commission (“FTC”) published its final rule (“FTC Rule”) prohibiting substantially all employee non-compete clauses (i.e., a condition that generally purports to bar or penalize a worker for seeking or accepting other employment or establishing a competing entity after the worker’s employment ends). In short, the FTC determined that it is unfair competition to: (i) enter into or attempt to enter into a new non-compete clause; (ii)
enforce or attempt to enforce an existing non-compete clause; or (iii) represent that the worker is subject to a non-compete clause.
The FTC Rule would bar both new and existing non-compete agreements with respect to regular workers (i.e. those who do not qualify as “senior executives” as defined below). Thus, any current non-compete agreements with these workers would be unenforceable. The FTC Rule would also require employers to provide clear and conspicuous notice to current and former workers that any existing non-compete clauses will not and cannot be legally enforced against them. With respect to “senior executives” (i.e., generally, workers who make more than $151,164 and are in certain policy-making positions), the FTC Rule would only bar new non-competes agreements that are implemented after the effective date of the FTC Rule. (There are certain exceptions that we have not addressed here for purposes of brevity.)
Importantly, the FTC Rule would not categorically prohibit other common employment-related restrictive covenants, such as non-solicitation, non-recruit, or non-disclosure agreements, as long as they are not overly broad such that they function to prevent a worker from seeking or accepting other work, or operating a business This determination will be made on a case-by-case basis.
A federal court recently issued a nationwide injunction preventing the enforcement of the FTC Rule which was scheduled to take effect last month, a decision that the FTC is appealing. It is too soon to predict with 100% certainty how this will play out. Employers should continue to monitor developments in this area and in the interim consider the potential impact of the FTC Rule on its employment agreements, handbooks, etc. if the FTC Rule goes into effect.
We realize the above is a lot to digest, but this is a fast-changing legal landscape. And there will likely be no rest for the weary as we anticipate there may be more changes as a result of the recent elections.
Please contact us if we can be of assistance with any of your compliance efforts and we hope for a terrific holiday season and year-end for all!