Seyfarth Synopsis: The DOL updated its voluntary fiduciary correction program (“VFCP”) which was introduced over 20 years ago to allow plan sponsors to corrected enumerated fiduciary breaches. The amended VFCP now allows for self-correction of the failure to timely remit contributions and loan repayments withheld from participants’ salary to the plan.

The prior VFCP required the administrator to make a formal submission to the DOL, along with full correction of the delinquency (i.e., remittance of all contributions and loan repayments withheld from participants’ salary, adjusted for “missed” earnings, in order to receive a “no action letter” under which the DOL would agree not to assert a fiduciary breach. Additionally, if other requirements are met, the DOL would not assert a prohibited transaction (PT) and provided for an exemption from the payment of an excise tax on such PT. 

Recognizing that making the submission to the VFCP was a time consuming and expensive proposition for sponsors, the updated VFCP now provides for a “self-correction” approach that foregoes the need to submit a formal application to the DOL. While the plan must provide notice to the DOL that it is using the self-correction approach, the DOL will provide an acknowledgement of the self-correction but, of course, does not result in the DOL issuing a no action letter.

The DOL also has expanded the self-correction approach under the VFCP to cover certain inadvertent eligible loan failures under the expanded IRS correction procedures mandated by SECURE 2.0. To use the VFCP to self-correct inadvertent loan failures, once again, notice must be given to the DOL under the new procedure.

For more information on the when the self-correction approach is available and the steps that must be taken, please see our Legal Update here

Of course, feel free to reach out to your Seyfarth employee benefits lawyer with any questions.

Seyfarth Synopsis:  Over the years, plan sponsors and administrators have wrestled with the question of what to do with the accounts of participants who left employment years earlier and cannot now be located.  Notwithstanding their best efforts, plans continue to maintain accounts of participants who are either missing or unresponsive to plan correspondence (“missing participants”). On January 14, 2025, the DOL issued Field Assistance Bulletin (FAB) 2025-01 that allows sponsors and administrators of ongoing defined contribution (DC) plans to transfer unclaimed small accounts to a state unclaimed property fund of the participant’s last known address provided the fund satisfies certain requirements.

The issue of what to do with the accounts of missing participants is an age-old question. In 2014 the DOL issued FAB 2014-01, stating that an IRA was the preferred destination for unclaimed defined contribution (DC) plan accounts. That same FAB also acknowledged that IRAs may not be available for terminating DC plans, and suggested that in certain circumstances, a state unclaimed property fund or an interest-bearing FDIC-insured bank account might also be appropriate. More recently, the DOL became concerned that IRAs may not be the sole (or even most) appropriate destination for unclaimed plan accounts, as IRAs charge fees that often exceed the investment returns of small accounts, resulting in the account being eaten away by fees. In fact, when plan sponsors started looking to IRAs as the destination of its unclaimed account balances, the sponsors found it challenging to find an IRA provider who would accept all accounts, particularly small accounts, and that the limited choices resulted in front end, back end, and/or annual fees that would quickly exhaust the account balance. From the fiduciary perspective, many plan fiduciaries were reluctant to make such transfers. As time passed, however, more IRA providers became available and fees dropped. But not necessarily to zero.

Continue Reading Missing Participants – What to do With Abandoned Accounts

Seyfarth Synopsis: New proposed regulations issued by The Department of Treasury and IRS provide guidance on the provisions related to catch-up contributions that were included under SECURE 2.0 Act of 2022 (“SECURE 2.0”).

The recently issued proposed regulations address several changes to the catch-up contribution provisions made by SECURE 2.0, including the following:

  • Section 603, which requires that catch-up contributions for certain participants be made on a Roth basis (i.e., the Roth Catch-Up Requirement); and
  • Section 109, which increased the applicable catch-up dollar limit for those who attain age 60, 61, 62 or 63 during the plan year.

The much-welcomed proposed regulations answer a number of open questions that we had been grappling with following the issuance of SECURE 2.0.

Click here to read our full Legal Update which discusses the proposed regulations, answered (and unanswered) questions addressed by the proposed rules, as well as a few administrative considerations for plan sponsors and administrators.

We encourage you to speak with your Seyfarth Shaw Employee Benefits attorney to update plan documents and participant communications and prepare for the implementation of these provisions.

Seyfarth Synopsis: On January 16, 2025, the IRS issued proposed regulations under Section 162(m) of the Internal Revenue Code of 1986 (the “Code”), which limit the amount of compensation a publicly held corporation may deduct for wages paid to its “covered employees” to $1 million per year. Section 162(m) has been amended over the years to expand the definition of a “covered employee,” which originally was limited to a corporation’s principal executive officer (“PEO”), principal financial officer (“PFO”), and its next three most highly compensated executive officers. Most recently, in 2021 the American Rescue Plan Act of 2021 (“ARPA”) amended the definition of “covered employee” to include, for tax years beginning after December 31, 2026, the corporation’s five highest compensated employees other than its PEO, its PFO and its next three most highly compensated executive officers. The proposed regulations provide guidance on determining and applying Section 162(m) to these next five most highly compensated employees.

Continue Reading How Now, High Five? IRS Issues Proposed Regulations for the Expanded Definition of “Covered Employee” Under Section 162(m) that Applies Beginning in 2027

Seyfarth Synopsis: On December 17, 2024, the House Ways and Means Committee and the Senate Finance Committee presented two bills – the Paperwork Burden Reduction Act (HR 3797) and the Employer Reporting Improvement Act (HR 3801) – to President Biden, which he signed into law on December 23, 2024. Both laws modify provisions under the Patient Protection and Affordable Care Act (the “ACA”) related to the 1095-B and 1095-C tax forms.  Below are some highlights of the acts.

The Paperwork Burden Reduction Act

The Paperwork Burden Reduction Act (PBRA) amends the Internal Revenue Code (the “Code”) and reduces unnecessary paperwork related to health insurance coverage reporting for employers and employees. Previously, employers that provided minimum essential coverage were required to report this information to the Internal Revenue Service (“IRS”) and provide each covered individual with a 1095-B or 1095-C tax form by January 31 of each year. Effective for tax forms starting with the 2024 calendar year, the PBRA provides for the following changes:

  • Employers are no longer required to send the 1095-B and 1095-C tax forms to covered individuals unless a form is requested. However, employers must inform covered individuals of their right to request a form; and
  • If a 1095-C tax form is requested, it must be furnished to the individual by January 31 or 30 days after the date of the request, whichever is later.

In sum, the IRS allows the 1095-B tax form to be made available to individuals only upon request. The PBRA extends the same flexibility to the 1095-C tax form. This means forms which would otherwise be required to be sent out this month, January 2025, will now only be required to be sent upon request.

The Employer Reporting Improvement Act

As mentioned above, previously employers were required to provide each covered individual with a 1095-B or 1095-C tax form by January 31 of each year. Employers must report required information using the covered individual’s Tax Identification Number (“TIN”).  Additionally, if a large employer (i.e., that has 50 or more full-time employees) receives a proposed assessment from the IRS (i.e., a Letter 226-J), the employer only had 30 days to respond.

Effective for tax forms due after December 31, 2024, the Employer Reporting Improvement Act (ERIA) provides for the following changes:

  • Codifies the IRS’ current practice of allowing an individual’s date of birth to be substituted for the individual’s TIN if the TIN is not available.
  • Codifies the IRS’ current practice of allowing employers to offer the 1095-B and 1095-C tax forms to individuals electronically if an individual affirmatively consented to receive forms electronically at any prior time. However, an individual may revoke such prior consent in writing.
  • Extends to 90 days the time for employers to respond after receiving its first Letter 226-J regarding a notice of proposed assessment; and
  • Implements a six-year statute of limitations for collecting penalty assessments.

These bills provide relief to large employers and reduce their burden under the ACA’s reporting requirements. Please contact your employee benefits attorney at Seyfarth if you have any questions.

test

Seyfarth Synopsis:  Since September 2023, there have been at least 25 lawsuits filed claiming the ability to choose between using 401(k) forfeitures to reduce plan expenses or the plan sponsor’s contributions is a fiduciary choice, and that choosing to reduce the plan sponsor’s contributions constitutes a violation of ERISA’s fiduciary duties.  In the latest decision in connection with a defendant’s motion to dismiss such a 401(k) plan forfeiture claim, in Barragan v. Honeywell Int’l, Inc. 24cv4529 (EP) (JRA), the United States District Court for the District of New Jersey (Judge Padin) granted defendant Honeywell’s motion and dismissed the plaintiff’s complaint without prejudice.  This is the seventh decision on a motion to dismiss in a 401(k) plan forfeiture case, with only two cases surviving the motion. In Barragan, Judge Padin dismissed the case’s ERISA claims without prejudice, meaning the plaintiffs have an opportunity to revive the case with an amended complaint.

Similar to numerous other 401(k) forfeiture cases, the plaintiffs in Barragan argued that a decision to use the forfeitures to reduce the plan sponsor’s contributions violated ERISA’s fiduciary duties.  The Honeywell plan provided that forfeited amounts could be applied: (1) to reduce a variety of employer contributions provided for under the plan, (2) to defray the plan’s administrative expenses, (3) to correct allocation errors, (4) to restore participant forfeitures, or (5) for any other purpose permitted under IRS rules.  The plaintiffs argued that Honeywell always used forfeitures to reduce employer contributions, and that its decision to do so constituted a breach of ERISA’s fiduciary duties of loyalty and prudence, as well as a breach of the “anti-inurement” provision in section 403(c)(1) of ERISA (generally providing that “the assets of a plan shall never inure to the benefit of any employer and shall be held for the exclusive purposes of providing benefits to participants in the plan and their beneficiaries and defraying reasonable expenses of administering the plan), and a prohibited transaction under Section 406 of ERISA (both a transaction with a party in interest in violation of Section 406(a) of ERISA, and a prohibited use of plan assets by a plan  fiduciary for its own benefit in violation of Section 406(b) of ERISA).

The threshold question in this motion was whether Honeywell’s decision regarding which of the plan’s permitted uses of forfeitures to choose was a “fiduciary” or “settlor” decision.  The court concluded it was a fiduciary decision, noting that while a decision regarding what provision to include in a plan is a design decision made in a settlor capacity, the decision to use one authorized option in a plan rather than another was a fiduciary decision.

However, while the complaint adequately alleged Honeywell acted as a fiduciary, the court reasoned that the plaintiff’s allegation to the effect that any time a plan administrator chooses to use forfeitures to reduce employer contributions it violates its fiduciary duties under ERISA is so broad as to be implausible (implicitly accepting IRS guidance indicating that plan assets could be used to reduce employer contributions).  Rather, the plaintiff had to plead particular circumstances or a particular context in this case that would render such use a breach of fiduciary duty. 

Accordingly, the plaintiff’s first two claims, that Honeywell breached its duties of loyalty and prudence, were dismissed without prejudice, giving the plaintiff an opportunity to explain how the context and circumstances in this particular case render the decision to use forfeitures to reduce employer contributions disloyal or imprudent). 

As for the claim that using forfeitures to reduce employer contributions violated ERISA’s anti-inurement provision, the court concluded, because “these forfeited amounts do not leave the Plan and are used to satisfy Honeywell’s obligations according to the Plan’s language . . . Honeywell is not acting in violation of the anti-inurement provision.”  Again, the court dismissed the claim without prejudice.

Finally, the court concluded that the complaint did not plausibly allege a prohibited transaction under either Section 406(a) or 406(b) of ERISA, because the use of plan assets to reduce employer contributions did not constitute a “transaction” of the type prohibited by Section 406.  The court concluded that such a transaction is a “commercial [bargain] that presents a special risk of plan underfunding” because it is between the plan and a plan insider, and presumably not at arm’s length.  In this case, the court noted the “transaction” involved the reallocation of forfeitures to different participants and did not involve a transaction with a plan insider.  Accordingly, the court dismissed the plaintiff’s prohibited transaction claims, again without prejudice.

The District of New Jersey court’s dismissal of the claims in Barragan represents another win for defendants in a series of 401(k) plan forfeiture cases.  Still, there are two notable examples of courts refusing to grant motions to dismiss in these cases, the complaints and facts of each case differ, and so far the dismissals have been without prejudice. Whether plaintiffs will gain traction with these forfeiture suits remains very much an open question.

Seyfarth Synopsis: As employers consider the rising costs of coverage of semaglutide drugs like Ozempic and Wegovy in their health plans, a recent class action complaint alleging obesity-related discrimination could be a sign of things to come for more legal challenges. As the use of such drugs explodes in popularity across the country, insurers and health plans may face increasing pressure, in and out of the courts, to remove or justify any exclusions of coverage.

In Whittemore v. Cigna Health and Life Insurance Company, filed in the United States District Court for the District of Maine, Plaintiff Jamie Whittemore alleges Cigna has engaged in disability discrimination under the Affordable Care Act (ACA) by declining coverage for semaglutide drugs to treat obesity in the health plans it administers – including fully insured and self-insured plans it administers for employers. The Complaint’s background facts are extensive and detail a societal shift in the perception and treatment of obesity. The Complaint alleges that while historically attributed to a lack of willpower and largely considered a mere risk factor for covered conditions, obesity has been increasingly perceived as a complex but treatable condition in and of itself. The Complaint notes that, in 2013, the American Medical Association described obesity as a “disease state” requiring “a range of interventions.” Most recently, one such treatment is semaglutide, which operates by mimicking the body’s natural appetite regulator, glucagon-like peptide-1 (GLP-1). The success of semaglutide drugs in double-blind trials has led to a flurry of research, prescriptions, and optimism for obesity treatment. In light of the high cost, however, not all health plans cover these drugs.

Whittemore was enrolled in a Cigna-administered health plan and sought coverage for medications for obesity treatment. Cigna declined coverage under the plan. Whittemore’s allegations regarding Cigna’s plan focus on what Whittemore deems the “Obesity Exclusion”: the plan’s exclusion of coverage for medications, specifically semaglutide drugs, when used to treat obesity. Whittemore claims Cigna’s own internal policies consider these interventions “medically necessary to treat obesity” but that Cigna administers plans that exclude coverage for treatment of obesity. The health plan in which Whittemore participated allegedly includes Wegovy and Zepbound, two semaglutide drugs, on its covered prescription drug list, but excludes coverage when the drugs are utilized for obesity treatment in particular.

Whittemore alleges that because the drugs are excluded only if prescribed for obesity, but are covered when used for another condition (namely diabetes), the plan violates Section 1557 of the ACA by treating one disease or disability differently from another. Section 1557 of the ACA prohibits discrimination on the basis of disability in a health program or activity that receives federal financial assistance.. The Complaint alleges both disparate treatment and disparate impact discrimination on the basis of disability under Section 1557.

At this early stage of not only Whittemore’s case but those like it, several questions remain unanswered. For instance, whether obesity will be considered a disability under Section 1557 is far from clear. Notably, under the Americans with Disabilities Act, the vast majority of federal courts, including the First Circuit which includes the District of Maine, do not consider obesity a physical impairment unless it is a symptom of an actual or perceived underlying physiological disorder or condition, such as diabetes. If obesity is not considered a disability for purposes of Section 1557, these discrimination allegations would not succeed. In addition, even if obesity is deemed a disability, questions remain regarding whether a self-funded plan would be subject to Section 1557.

Because of the novelty of semaglutide drugs as an available treatment, cases challenging noncoverage are also in their infancy. As the use of these drugs exponentially increases, however, a rise in such litigation may be inevitable.

Please contact the employee benefits attorney or ERISA litigator at Seyfarth Shaw LLP with whom you usually work if you have any questions regarding health plan coverage of semaglutide drugs.  We will be monitoring this case and other cases to see how the scope of Section 1557 is addressed by the courts.

Seyfarth Synopsis: Recently HHS issued a memorandum announcing the maximum annual limitation on cost sharing (a/k/a out-of-pocket maximum) for 2026 and the IRS issued Rev. Proc. 2024-40 announcing the cost-of-living adjustments to certain welfare and fringe benefit plan limits for 2025.

2026 Out-of-Pocket Maximum

On October 8, 2024, the Department of Health and Human Services (HHS) released a memo announcing the 2026 cost-sharing limits applicable to health and welfare plans.  The Affordable Care Act requires group health plans to have an out-of-pocket maximum which limits overall out-of-pocket costs or cost sharing on essential health benefits (EHBs) covered by a plan.  The cost-sharing limit applies to deductibles, coinsurance, copayments, and any other expenditure required of an individual which is a qualified medical expense with respect to EHBs covered under the plan.  Plans are not required to apply the out-of-pocket maximum on benefits that are non-EHBs.

The 2026 out-of-pocket maximums are $10,150 for self-only coverage and $20,300 for other than self-only coverage (e.g., family coverage, self plus one, etc.).  This represents an approximate 10.3 percent increase from the 2025 limits which were $9,200 and $18,400, respectively.  Note that the cost-sharing limits for high deductible health plans, which tend to be lower, will be announced at a later date.

2025 Limits for Certain Health and Fringe Benefits

Hopefully in time for open enrollment, the IRS has announced 2025 cost-of-living adjustments to various tax related limits, including the dollar limits for contributions to health flexible spending accounts (Health FSAs) and qualified transportation fringe benefit programs.  The 2025 cost-of-living adjustments (and the changes from 2024) for these plans are summarized in the table below:

Health and Welfare and Related Plan Limits20242025Change
Qualified Transportation Fringe Benefit Monthly Limit (commuter highway vehicle, transit pass and qualified parking)$315$325+$10
Health Flexible Spending Account (Health FSA) Maximum Annual Pre-Tax Contribution$3,200$3,300+$100
Health FSA Maximum Carryover$640$660+$20
Dependent Care Flexible Spending Account (Dependent Care FSA) * Maximum Annual Pre-Tax Contribution – Employee is married and filing a joint return or Employee is a single parent
– Employee is married but filing separately
           





$5,000        



$2,500
           





$5,000        



$2,500
No change
* Dependent Care FSA limits are set by statute and do not adjust for inflation.

Please contact the employee benefits attorney at Seyfarth Shaw LLP with whom you usually work if you have any questions regarding these or other limits on health and welfare and related plans.

On September 6, 2024, the U.S. Department of Labor (DOL) issued Compliance Assistance Release No. 2024-01, titled “Cybersecurity Guidance Update.” The updated guidance clarifies that the DOL cybersecurity guidance applies to all ERISA-covered plans, and not just retirement plans, but also health and welfare plans. Also, as a direct response to service providers’ concerns, the DOL expanded its 2021 guidance to emphasize that plan sponsors, fiduciaries, recordkeepers, and participants should adopt cybersecurity practices across all employee benefit plans. With cyber risks continually evolving, the update highlights the importance of implementing robust security practices to protect participant information and plan assets.

Background

When the DOL initially issued its cybersecurity guidance in April 2021, it was intended to help ERISA plan sponsors, fiduciaries, service providers, and participants safeguard sensitive data and assets. Some interpreted the guidelines as applicable only to retirement plans and not service providers or recordkeepers, which led to industry calls for clarity. The 2024 Compliance Assistance Release addresses these concerns by confirming that the DOL’s cybersecurity expectations indeed are intended to extend to all ERISA-covered employee benefit plans, including health and welfare plans.

Expanded Guidance Highlights

The updated guidance maintains the original three-part format, emphasizing Tips for Hiring a Service ProviderCybersecurity Program Best Practices, and Online Security Tips. Here’s a breakdown of these components and key updates from the recent guidance:

1. Tips for Hiring a Service Provider

Plan sponsors and fiduciaries have a critical responsibility when selecting and monitoring service providers to ensure strong cybersecurity practices are in place. The updated DOL guidance advises fiduciaries to thoroughly vet potential providers by asking specific, detailed questions. One key area to examine is insurance coverage. Fiduciaries should be verifying that the prospective provider’s insurance includes coverage for losses resulting from cybersecurity incidents.

In addition, fiduciaries should review the provider’s security history and validation processes. This involves requesting records of past security incidents, recent information security audits, and any evidence of the provider’s compliance with cybersecurity standards. Finally, it is essential to establish clear contractual obligations with service providers. Contracts should contain provisions addressing data confidentiality, timely breach notification, ongoing compliance monitoring, and well-defined incident response protocols.

By specifying these points, the DOL aims to provide plan fiduciaries with concrete criteria for evaluating potential third-party providers, especially those managing sensitive health and welfare data.

2. Cybersecurity Program Best Practices

Educating participants plays a crucial role in reducing cyber risks, and the DOL encourages plan sponsors to empower participants with resources that strengthen their account security. One fundamental aspect of this education involves password management and the use of multi-factor authentication (MFA). The DOL recommends that participants use longer, unique passwords and change them annually. This approach offers a balance, maintaining security without overwhelming users with frequent updates.

Sponsors should also encourage participants to enable MFA wherever possible, as this extra layer of protection makes it significantly harder for unauthorized users to gain access. Additionally, the DOL highlights the importance of cyber threat awareness. Educating employees on recognizing phishing attempts, avoiding free public Wi-Fi when accessing sensitive accounts, and keeping contact information up to date are essential to safeguard against fraud. By understanding and implementing these practices, plan participants can actively contribute to the security of their accounts.

3. Online Security Tips for Participants

The updated guidance underscores the need for a comprehensive cybersecurity framework to protect ERISA plans. A cornerstone of this approach is conducting regular cybersecurity risk assessments. By identifying potential vulnerabilities, plan sponsors and fiduciaries can better understand the specific risks to their data and implement targeted access controls to ensure that only authorized individuals can access sensitive information. Data encryption is also a vital part of the DOL’s recommendations. Encrypting data both in transit and at rest adds a critical layer of defense, protecting information from unauthorized access, even if the data is intercepted or compromised.

These tips further highlight the DOL’s focus on enhanced MFA. Service providers, in particular, are encouraged to implement phishing-resistant MFA, especially for systems exposed to the internet or areas containing highly sensitive data. By deploying these robust authentication methods, ERISA plan administrators can significantly reduce the risk of unauthorized access and bolster overall security. Additionally, the DOL pointed health and welfare plan sponsors to resources from the Department of Health and Human Services (HHS), including the Health Industry Cybersecurity Practices and guidelines tailored for smallmedium, and large healthcare organizations.

Takeaways and Action Items for Plan Sponsors and Fiduciaries

The updated guidance reinforces the importance of cybersecurity across all ERISA-covered plans. To adhere to the DOL’s expectations and mitigate cyber risks effectively, plan sponsors and fiduciaries should consider these actions:

  • Evaluate Service Provider Cybersecurity: Conduct due diligence by asking for information on service providers’ cybersecurity policies, audits, and breach history. Include clear cybersecurity terms in contracts and ensure vendors have applicable insurance coverage.
  • Implement Robust Cybersecurity Policies: Ensure your organization’s cybersecurity policies align with DOL guidelines, including regular risk assessments, strong encryption practices, and incident response planning.
  • Educate Participants: Provide ongoing resources to educate plan participants on online security, focusing on best practices like strong passwords, MFA, and phishing awareness.
  • Leverage HHS Resources for Health Plans: For health and welfare plans, use the HHS cybersecurity guidance to align your practices with industry-specific standards.
  • Conduct a Cybersecurity Self-Audit: Consider conducting a self-audit or hiring a cybersecurity expert to assess and improve your cybersecurity practices. Health plans, in particular, should coordinate these audits with HIPAA privacy and security requirements.