Leaderboard

Do not appease. Escalate!!

Yes, it's a cut back. No can do. You can change the interest crediting rate on hypothetical allocations not yet made.

Hi Peter. In our experience, the guarantee is set by the provider and doesn't vary for mega or small plans. It's either wide or narrow, and plan size/desire to retain the client doesn't play much of a role. Perhaps a truly mega plan could negotiate laxer guarantee standards, but I haven't seen that happen--and our largest plan clients are measured in the billions. Details about lockout protocols are not publicized, to protect against "bad actors" gaming the protocols, but my experience is that the lockout typically lasts approximately ten business days, which allows the RK the opportunity to confirm the change (address change or other) with the participant. We recently had an experience with a client that was looking to complete a plan termination, and one of the few remaining (former) participants had moved, so had processed a change of address, which locked them out from a distribution. The participant was able to confirm her identity with the call center, have the lockout lifted, and receive her distribution. So there's flexibility in the lockout, the approach should perhaps be described as "enhanced security procedures" rather than truly as a lockout. Hope that helps with your questions!

Our firm posed questions regarding cybersecurity compliance practices to many of our recordkeeper partners, and cohosted webinars with the recordkeepers to communicate each organization's approach. We compiled responses from twenty-five recordkeepers, and hosted twelve webinars. Big picture, I'd suggest that while there are similarities in approach, there are some material differences between different providers, and generally, the larger the provider, the deeper the cybersecurity compliance approach. Here are some areas of difference that I noted: Customer guarantee. Most offer reimbursement if security is breached, distinctions arise regarding conditions to qualify for reimbursement. Best simply require attestation that login credentials weren't shared and agreement to support efforts to prosecute if the thief is apprehended. Worst guarantees require documentation that all security recommendations were followed (e.g., regularly changing password, maintaining antivirus, updating systems, etc.). The worst guarantees are, IMO, unlikely to payout following a breach. Number of employees dedicated to cybersecurity. Largest entities have almost 1,000 people in this role. And they take it seriously, running "red team" / "white team" exercises regularly. Proactive vs. reactive. Some providers will actively search dark web and will notify participants if they find evidence that their credentials have been breached BEFORE there's an attempt at a hack. Kind of creepy, perhaps, but but could be necessary to avoid losses. Use of advanced techniques. Two factor authentication is almost universal. Newer techniques like voice authentication are less common. Lockouts on certain transactions for some time period following "high risk" events (e.g. address changes) are increasingly common. Different levels of ISO certification. Most feature ISO 27001 certification. https://www.iso.org/isoiec-27001-information-security.html. Some go all the way to ISO 27002. We think of ourselves as primarily investment consultants to retirement plan sponsors. But increasingly, the scope of our consulting advice is expanding to administration, compliance, plan design, and now, to cybersecurity. Just part of the world, so we do our best to stay informed on topics that historically haven't come under our purview.

Tommy - FWIW, I don't think that 12 providers/vendors/platforms or whatever are necessarily too many. We are just a fee-for-service TPA, and many of our referrals come from CPA's and investment Advisors. They, and their clients, choose the investments and the platform. So we work with a lot of platforms/providers. Mind you, it would be NICE if they'd work with a limited number, but we have no control...

If this gets challenged it is the retroactive changing of what the deposits were. I have always thought this is a bit aggressive. It happens in ESOPs somewhat frequently when they find out they are violating 415 so they suddenly claim the contribution was a dividend. I haven't seen a plan that does this get audited but my guess if the auditor detected the retroactive nature of the transaction that is where the objection is going to be.

Partners getting W-2s, shareholders getting 1099s from their own corps, S-corps using K-1 income as plan comp, sole props deducting plan contributions in excess of SE income, SEP contributions for owners only, not covering employees, partner PC in an ASG sponsoring a plan just for the PC. All this stuff goes on all the time, apparently with little to no enforcement. Bringing it up is usually met with the reply “I’ve been doing this for years with all my clients, we’ve been thru audits, no problem”. Whatever.

Somebody should be pointing out to this doctor and his accountant that he can't do what he's been doing! If the IRS comes in and redirects how things should have been he's likely to have a nasty surprise. Somebody ought to tell him.

If he's an employee of the PC he should receive a W-2 and the PC could adopt a Plan. If he's an independent contractor he would file a schedule C for earned income and could adopt a plan for the that. There are a number of adjustments to his Schedule C Net income to determine his pensionable income such as reducing it for 1/2 his SE tax as well as any employer contribution he makes for himself. And as Bill mentions, both entities may have to adopt the plan. You might want to have a talk with his accountant to see what he is doing.

I don't mind all the questions. It just bugs me you are a Mets fan.