Retirement Plan Developments

Fiduciary Rule Delay

Consistent with prior guidance, on April 4, 2017, the Department of Labor ("DOL") officially announced that it would extend for 60 days the applicability date of the fiduciary rule published on April 8, 2016.  The DOL also extended for 60 days the applicability dates for the Best Interest Contract Exemption, the Class Exemption for Principal Transactions, the amendments to the Prohibited Transaction Exemption 84-24 (related to annuity recommendations) and the amendments to other previously granted exemptions.  As a result, the new definition of "fiduciary" and the impartial conduct standards in the exemptions are applicable on June 9, 2017.  Compliance with the other requirements in the exemptions (e.g., written disclosures) are applicable on January 1, 2018.

Federal Judge Rules Against Employee Stock Ownership Plan ("ESOP") Trustee

On April 17, 2017, the District Court for the District of New Jersey determined that First Bankers Trust Services, Inc. breached its fiduciary duties of prudence and loyalty in connection with the purchase of company stock by the company's ESOP.  First Bankers had been hired as the independent fiduciary to determine the share price in connection with the ESOP's purchase of shares from the majority shareholder.  The Department of Labor alleged that First Bankers caused the ESOP to pay over $9.4 million in excess of fair market value.  After a 17-day trial, the court determined that First Bankers did not conduct a sufficient investigation regarding the fair market value of the shares and relied on unrealistic projections of the company's future earnings.

There are currently three additional cases involving First Bankers in which the DOL alleges a failure to properly determine the value of shares.  This case and the pending cases against First Bankers demonstrate the DOL's continuing scrutiny of transactions involving the sale of employer stock to ESOPs.

Judge Grants Partial Summary Judgment in Favor of Investment Management Firm in 401(k) Excessive Fee Lawsuit

In Brotherston v. Putnam Investments LLC, the plaintiffs, participants in a 401(k) plan, alleged that the defendants (which included the plan sponsor and investment manager) invested in proprietary funds without considering other options in unaffiliated funds, and that these ill-advised investments cost the plan millions of dollars in excess fees.  The plaintiffs attempted to prove their allegations by comparing Putnam's funds to Vanguard's passive funds to demonstrate that Putnam's fees were excessive.

However, the court distinguished Vanguard's index funds, which were operated "at-cost," from Putnam's mutual funds, which were operated for a profit and included index as well as active funds.  The court concluded that the fees were not comparable.  The court also determined that there was no prohibited transaction because the management fees were paid out of mutual fund assets rather than plan assets.  While summary judgment was granted on some of the claims, the court determined that there are genuine issues of material fact on three of the plaintiffs' claims and one of the affirmative defenses, which means that the case will move forward to trial.  This case demonstrates that courts will likely require that funds have a certain degree of similarity before comparing them to assess the reasonableness of fees.

Health and Welfare Plan Developments

Department of Health and Human Services ("DHS") Finalizes Marketplace Stabilization Rule

On April 13, 2017, DHS issued the final Marketplace Stabilization Rule, which finalizes the proposed rule issued on February 10, 2017.  The rule is meant to address issues such as premium increases, reduction in plan options and insurance issuers exiting the market.  For the most part, the final rule is consistent with the proposed rule.  The final rule is effective on June 19, 2017.

Office of Civil Rights ("OCR") Issues Guidance on Man-in-the-Middle Cyber Attacks

OCR issued guidance on man-in-the-middle ("MITM") attacks, which happen when a third party intercepts and possibly alters communications, unknown to the communicating parties.  MITM attacks can be used to obtain protected health information ("PHI") or for other unlawful purposes such as to expose information or modify information.  Many organizations use HTTPS interception products, which intercept data, decrypt it and then re-encrypt it.  These products require installation of certificates on client devices.  However, this method of security could leave organizations vulnerable because organizations cannot verify web server certificates or independently verify the security (i.e., organizations can validate only the connection between themselves and the interception product, not the server).  The HTTPS interception products often do not validate the certificate chain before re-encrypting and sending the information to the organizations, leading to potential MITM attacks.  In light of this, the United States Computer Emergency Readiness Team ("US-CERT") has recommended that organizations ensure that their HTTPS interception product properly validates certificate chains and sends warnings and errors to clients.

OCR's guidance suggests that covered entities and business associates that use HTTPS interception products review the risks of the electronic transfer of PHI over HTTPS.  Specifically, covered entities and business associates should review US-CERT alerts, along with recommendations of the National Institute of Standards and Technology, to educate the covered entity and business associate of potential violations of the HIPAA security rule and how to address risks.

Metro Community Provider Network ("MCPN") Enters Into $400,000 HIPAA Settlement

MCPN agreed to a $400,000 HIPAA settlement that included a three-year correction plan with OCR in connection with a phishing incident.  A Colorado health center filed a HIPAA Breach Notification Report after a phishing incident jeopardized PHI of over 3,000 individuals.  MCPN took the proper corrective action after the incident but failed to adopt procedures to prevent and remedy security breaches and to adopt measures to reduce risks and weaknesses.  As part of the corrective action plan put forth by OCR, MCPN is required to analyze risks and put in place a plan to reduce electronic PHI risks.  MCPN must also update its Security Rule training materials to include new information that its analysis reveals.

2016 was a record year in HIPAA enforcement by OCR, and so far in 2017, OCR has shown no signs of slowing its enforcement activities. This most recent HIPAA settlement underscores the importance of covered entities performing regular risk analyses to assess the vulnerabilities of their electronic PHI and implement corresponding risk management plans to address those vulnerabilities.

Wellness Program Case Settles

The Equal Employment Opportunity Commission ("EEOC") reached a settlement with Orion Energy Systems ("Orion") regarding Orion's wellness program.  The EEOC challenged the wellness program under the Americans with Disabilities Act ("ADA") and alleged that Orion terminated an employee in retaliation after the employee objected to the wellness program.  Orion claimed that the safe harbor for bona fide benefit plans permitted its wellness program.  The safe harbor provides that the ADA does not prohibit covered entities "from establishing, sponsoring, observing or administering the terms of a bona fide benefit plan that are based on underwriting risks, classifying risks, or administering such risks that are based on or not inconsistent with State law." The district court rejected this argument, citing the EEOC's recent regulations that specifically provide that the safe harbor does not apply to wellness programs.  The court noted that the safe harbor would not apply even if the new regulations were not in place.  However, the court also determined that the wellness program was lawful because participation was voluntary under the law in effect at the time.  After the court's ruling, there were issues of fact regarding whether the employee was fired as a result of her opposition to participation in the wellness program, which were resolved by the consent decree.

In connection with the settlement, Orion will pay $100,000 to the terminated employee and has agreed never to maintain a wellness program that asks disability-related inquiries or includes a medical examination that is not voluntary.  Orion also agreed not to retaliate against employees for objections regarding the wellness program.  Orion will inform its employees that concerns about the wellness program should be sent to its human resources department and will train management and employees on the ADA's anti-retaliation provisions.

Upcoming Compliance Deadlines and Reminders

Upcoming Health Plan Compliance Deadlines and Reminders

  1. New Summary of Benefits and Coverage ("SBC") Template.  Plans that maintain an open enrollment period must use the new SBC template on the first day of the first open enrollment period that begins on or after April 1, 2017.  Plans that do not use an open enrollment period must use the new template on the first day of the first plan year that begins on or after April 1, 2017.

Upcoming Retirement Plan Compliance Deadlines and Reminders

  1. Annual Funding Notice.  Calendar year defined benefit plans with over 100 participants must provide the annual funding notice to required recipients within 120 days of the end of the plan year.  Small plans (plans with 100 or fewer participants) generally have until the Form 5500 filing deadline to provide the annual funding notice.
  2. Change in Due Date for FBAR Filing for Certain Foreign Investments.  In prior years, persons who have a financial interest in, or signature or other authority over, foreign financial accounts were generally required to report on the Treasury Department Form TD F 90 22.1 (the "FBAR") by June 30 of each year. As a result of a recent law change, beginning in the 2017 calendar year, the annual due date for filing FBAR reports was moved from June 30 to April 15.  However, the U.S. Department of the Treasury recently granted an automatic extension for filing the FBAR to October 15 (specific requests for this extension are not required).While investments in most foreign hedge funds and private equity funds are not required to be reported on the FBAR, other accounts in foreign jurisdictions might be.  Plan sponsors should consult with tax and legal counsel to determine if any FBAR filing is required to be filed by the October 15, 2017 deadline.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.