Credential Sharing is Here...

[austin3515]

The EBSA today announced that the EFAST2 electronic filing system for Forms 5500 and 5500-SF employee benefit plan annual reports has a new e-signature option. This option is designed to simplify the electronic filing process, especially for small businesses that use service providers to complete and file their annual reports.

Effective Jan. 1, 2010, retirement and welfare plans required to file an annual Form 5500 or 5500-SF must file electronically using the department’s new EFAST2 electronic filing system. More than one million Form 5500 reports are filed each year to satisfy annual reporting requirements under the Employee Retirement Income Security Act and the Internal Revenue Code.

EFAST2 is designed to improve the receipt and processing of the Forms 5500 and 5500-SF.

Under the new e-signature option, service providers that manage the filing process for plans can get their own signing credentials and submit the electronic Form 5500 or 5500-SF for the plan. The service provider must confirm that it has specific written authorization from the plan administrator to submit the plan’s electronic filing. In addition, the administrator must manually sign a paper copy of the completed filing, and the service provider must attach a PDF copy of the manually signed Form 5500 or 5500-SF as an attachment to the electronic filing submitted to EFAST2.

　

The service provider must communicate to the plan administrator any inquiries received from EFAST2, the Department of Labor, the Internal Revenue Service or the Pension Benefit Guaranty Corp. regarding the filing, and inform the plan administrator that, by electing to use this option, the image of the plan administrator’s manual signature will be included with the rest of the annual return/report posted by the Labor Department on the Internet for public disclosure.

　

The additional e-signature option will be available in the government-sponsored IFILE application beginning May 13, 2010. Filers using EFAST2 approved software to complete and file the Form 5500 or Form 5500-SF should contact their software vendors for information regarding availability of this new e-signature option as part of their software.

The current EFAST2 frequently asked questions have been updated, and a new fact sheet and set of frequently asked questions have been developed to help small businesses understand this new option. Those materials are available through http://www.efast.dol.gov. Assistance with the EFAST2 system and the Forms 5500 and 5500-SF is also available toll-free at 866-463-3278.

# # #

[Jim Chad]

This is great news!!

One little question.....well comparatively little....

What do you all think of someone's signature being public information?

[austin3515]

To say the least I have mixed emotions...

We have spent an exorbitant amount of time writing efast credential instructions, efiling mailings, and setting up our web client efiling portal with all custom language, etc. One of the owners of my firm wants to can all this and do it the "new way" to avoid the "support" calls with clients and potential frustration, even though I think it will be very very easy to have them efile with relius' web client.

But absolutely, the number one reason NOT to do this is the public disclosure of your signature. Hmmm, what could a criminal do with that I wonder?

I'm very hopeful that we'll end up at least trying the efiling/web client thing in the beginning and see how it goes... It's certainly a LOT easier on us that way, assuming (as expected) that clients are going to be able to follow simple instructions to do this.

[Bird]

I figured the chances of this were Slim and None but put a small bet on Slim anyway (by waiting and doing nothing in terms of getting clients to register). Slim pulled it out!

I figure most of my clients will take the public signature over doing their own registration, and will send them the forms and authorization to sign and give them the option of registering if the public signature bothers them. Submitting the signed form as a pdf is a little silly and obsessive but I'll take it; it's great to have the choice.

[david rigby]

IMHO, a publicly available signature is not acceptable.

[austin3515]

I completely agree with you...

[Peter Gulia]

EBSA's procedure seems to lack a means for comparing a handwritten signature to a previous example of expected handwriting. If a Form 5500 page has on it a squiggle that's not especially recognizable as a particular natural person's handwriting, do we imagine that EBSA might question whether the squiggle truly is the plan administrator's signature? And if EBSA inquires, wouldn't the plan administrator answer that its officer or employee had written the squiggle with the intent to authenticate the Form 5500 as the administrator's annual report?

[Belgarath]

I really can't imagine why any employer who actually understood this would choose this option. Was this perhaps the DOL's backdoor method of ensuring that employers don't use an option that the DOL never wanted to allow in the first place?

[austin3515]

I'm soliciting a friend of mine forensic accountant for an assessment of just how big of a trainwreck this is... I'll let you know what he says, but if anyone has any inside scoop on how criminals could use this, I would appreciate it...

I also thought of just telling clients to hand write their name in all capital letters, or at least just in print.

[GMK]

IMHO, a publicly available signature is not acceptable.

For the current discussion, I agree ...

but does that also mean you won't sign my autograph book?

[david rigby]

but does that also mean you won't sign my autograph book?

You are the first to imply that my autograph is worth having.

I'll sign your book, but if you post it on the internet, be prepared to hear from my vast staff of attorneys.

[Bill Presson]

Well, apparently actuaries thought it was a big enough deal to work to convince the DOL that they don't have to sign the SB or MB, only initial.

[austin3515]

Page 46 of the 5500 instrutions for this little gem...

In my opinion, I would be more than comfortable telling a client to intial as opposed to signing based on that reference.

[Jim Chad]

Austin,

What did you find on page 46 about initialing or signing?

[Belgarath]

I was wondering this too. There's a reference on page 45, but that is for an actuary's signature on a MB. I don't see how this can be read to permit Plan Administrator initialling rather than signature on the 5500 itself?

[austin3515]

I thought it was page 46, but yes I was referring to the actuary stuff on initialing.

I'm applying the same logic to the plan administrator signature as the DOL has already applied to the actuary signature. In other words, they've already set the precedent that for security purposes, actuaries are allowed to NOT sign the returns, and instead initial it.

I spoke with a forensic accountant who gave me a list of things a crook could do with my signature if he had the opportunity:

-Apply for a loan

-Sign checks (say, if an employee the businedss checkbook on a table)

-Obtain power of attorney

Based on that conversdation, I would definitely NOT recommend anyone advise their clients sign their actual signature. And if the DOL ever really gave a client a hard-time about this, I think a perfectly reasonable response is to site security concerns.

[Belgarath]

The DOL doesn't, at least yet, care about the security concerns.

While I admire your courage and willingness to accept the liability for advising a client that an initial counts as a signature, I'll cower in the rear echelon and have them sign IF they choose to do it this way.

[austin3515]

I just think a) this "manual" filing mehtod is legitimately the only conceivable option for some plan sponsors, and b) it should not be availalbe only at the risk of identiy theft, which as we all know is a huge national problem. We haven't officially decided what we are going to do but if we do tell them they must sign, it will have very very strong language suggesting that identity theft is a very very possible outcome from this.

[Bird]

I spoke with a forensic accountant who gave me a list of things a crook could do with my signature if he had the opportunity:

-Apply for a loan

-Sign checks (say, if an employee the businedss checkbook on a table)

-Obtain power of attorney

Except for signing a check, I don't see how having an actual signature to work from for forgery purposes gives an advantage - it's not like the lender or notary signing the power of attorney has a signature to compare the forgery, or random signature, against. And if we're talking about checks left on a table in an office, I'm sure the employee has plenty of opportunities to find a signature somewhere else. I think it (the signature requirement) is silly and hope it is relaxed, but let's prioritize our concerns - I'm sure our clients take a bigger risk of getting killed when they get in their cars and go to work, and don't give it a second thought.

[K2retire]

Not to mention that the same could be done with any check you've ever written, or letter you've signed, or any other document containing your signature.

As a recent victim of identity theft, I can say that the theives didn't need my signature to set up bank accounts online.

[Mike Preston]

It is not the client's risk I'm worried about. It is mine. No matter how remote, I don't want the client to think that, should they find themselves the victim of identity theft, that the method used to file with the DOL was a portion of the problem. That might lead them to think my firm shares n the liability, and that is something I do not want.

[austin3515]

Amen to that, Mike Preston!

About the other instances of your signature being out there, the distribution is profoundly limited when comparing it to wide open distribution over the interent, accessible to billiosn of people, including the crooks..

[Belgarath]

Austin - FWIW, here's an excerpt from Sungard's blurb on this issue:

A concern in using this alternative system is that the client’s signature will appear on the Internet for the entire world to view, thereby increasing the client’s vulnerability to identity theft. When actuaries were presented with this same issue with regard to Schedule SB or MB, the DOL allowed them to type their names and initial the return. There is no such capability here. The preparer must warn the client that the client’s signature will appear on the net.

[Guest Sieve]

I don't prepare 5500s, but why is this a one-size-fits-all proposition? Can't you give the client the option in writing, explaining the risk--that the signature will appear online--and ask for a signed authorization to do one or the other? You could send that out each year when you request informatin from the client as part of your Form 5500 due diligence, couldn't you?

As a lawyer, I deal with these things everyday when I give advice, so I make sure the client understands the risks when I give that advice or recommend a course of action (& then, when possible, I send a CYA memo, e-mail, letter, whatever). Having malpractice or E&O coverage doesn't hurt, either. But isn't that all part of doing business as professionals?

[Jim Chad]

Considering the way most signatures are "written", wouldn't it be an easy matter to change the scribble a little for this?

What qualifies as a legal signature? Any attorneys want to join this thread?

[austin3515]

A concern in using this alternative system is that the client’s signature will appear on the Internet for the entire world to view, thereby increasing the client’s vulnerability to identity theft. When actuaries were presented with this same issue with regard to Schedule SB or MB, the DOL allowed them to type their names and initial the return. There is no such capability here. The preparer must warn the client that the client’s signature will appear on the net.

Can you put the link out here for where this blurb came from?

[austin3515]

Found it in today's benefitslink newsletter...

http://www.relius.net/News/TechnicalUpdates.aspx?ID=514

[GMK]

Any attorneys want to join this thread?

See post #24

[Guest Bob Kayak]

I posted a similar question on the thread in the 5500 section, but will post here as well.

Does this really allow for sharing of credentials? Is the understanding of this relief one where a firm will get a signer credential that will be shared with all employees of that firm, or is it that each individual in the firm will get signer credentials? If the latter, then won't the authorization letter from the client need to name the TPA firm employee that will be signing on their behalf?

Seems odd that the DOL would be rather insistent about not sharing credentials, then decide to say, sure go ahead.

Any thoughts?

[austin3515]

Bad name for the subject... I though about changing it earlier on, but there were already several posts. I used it because that's what we were all asking for on the asppa petition, but you're right, there is no credential sharing allowed.

[Peter Gulia]

For decades, relevant law has recognized as a signature any kind of writing (including a name, symbol, or mark) made (or adopted) with an intention to authenticate a document as made by the signer.

So again, let's ask ourselves: If a Form 5500 page has on it the signer's name in block (not cursive) letters, do we imagine that EBSA might question whether such a name or mark truly is the plan administrator's signature? And if EBSA inquires, wouldn't the plan administrator answer that its officer or employee had written that signature with the intent to authenticate the Form 5500 as the administrator's annual report?

[Guest Bob Kayak]

Bad name for the subject... I though about changing it earlier on, but there were already several posts. I used it because that's what we were all asking for on the asppa petition, but you're right, there is no credential sharing allowed.

So, if there is no sharing than each firm employee must get signer credentials? And if so, then the client authorization should name the individual signing on their behalf, correct?

Thanks

[austin3515]

From the DOL;s FAQ's

The signer of the 5500 certifies "(1) that the service provider has been authorized in writing by the plan administrator/plan sponsor to electronically submit the return/report; "

To me, that means the organization, not the individual. I woudl assume that depending on the size of the organization, a dew designated "senior" people should do the signing.