Benefits Compliance: Human Resources Risks in 2020

HR professionals are breathing a sigh of relief now that benefits enrollment season is over. But that moment of catching your breath may soon be over as a hectic new year begins and you face new human resources risks.

Avoiding potential data and compliance headaches is the first order of business. And despite having a rich benefit portfolio, you'll also need to avoid potential human resources risks that are tricky and expensive to navigate.

Benefits Compliance

Benefits Eligibility

The new year is a great time to conduct an enrollment audit. As the first carrier bills arrive in January, ensure that all eligible employees, new hires, terminations, and changes in status are recorded. Auditing the first payroll will ensure that all paychecks reflect appropriate benefit deductions.

Auditing eligibility data helps you and your carriers, who are now cracking down on retroactive changes in eligibility, often limiting the timeframe to 60 days for you to identify errors and corrections.

COBRA Compliance

COBRA non-compliance is expensive. To begin with, there are statutory penalties. The IRS and DOL can assess a range of regulatory fines ranging from $110/day under ERISA and/or $200/day under §4980B of the tax code. The burden of proof is on the employer to show that they timely complied with all of the COBRA rules.

While most benefit managers focus on the active employee population, it is critical to evaluate your COBRA population for changes in rates, eligibility, and benefits. Did you send out timely notices to your COBRA participants for eligibility, open enrollment, or rate changes? Did you collect premiums on a timely basis? These errors can put your company at risk and require as much attention as your active population. In fact, litigation expenses for COBRA administrative errors and claim disputes are often far more costly than statutory fines.

ACA Reporting and Filing

Applicable Large Employers (ALEs), or firms with greater than 50 employees, are required to provide 1095 forms to their employees as well as to the IRS (along with the 1094 transmittal form). Recently, the IRS extended the date for filing ACA statements to employees from January 31st to March 2nd (2020). However, the filing deadline to the IRS remains the same (February 28, 2020 or March 31st if filing electronically). The ACA's reporting and filing requirements are complex, requiring even firms with fewer than 50 full-time employees, such as self-insured employers and those that belong to a controlled group of employers that collectively have 50 or more (full-time) employees, to meet the reporting/filing requirements.

Keeping up to date with ACA compliance issues can be tricky. Woodruff Sawyer's compliance team will keep you up to date, including ACA IRS alerts, to keep you up to date on these emerging issues. In the meantime, you can reduce this risk by keeping your HRIS system up to date with current eligibility, hiring and termination dates, and qualifying events. The IRS is no longer providing extensions for not filing, so maintaining accurate and timely information is essential.

Retirement Plan Compliance

Recent regulatory changes increased fines tenfold for late filing of Form 5500, registration of timely notices of plan changes, and failure to provide withholding notices. Overlooking these regulations, which went into effect at the end of 2019, can mean a costly expense for your organization.

New regulations now make it easier for retirement plan participants to obtain hardship withdrawals from their 401(k) and 403(b) plans. Plan loans are no longer required for participants to obtain a hardship withdrawal. In addition, deferring plan contributions for loan participants is no longer required. These changes went into effect on January 1st, 2020, so consult your plan advisor to make sure your procedures are compliant.

Administrative Compliance

FSA Non-Discrimination Testing

Non-discrimination testing must be performed on your Section 125 FSA and Dependent Care plans to ensure that Highly Compensated Employees (HCEs) are not bypassing taxation. You should consider running the tests a month or so before year's end to evaluate the compliance of your plan. It's sometimes a good idea to also perform the tests mid-year to get an early pulse on your plan's ability to pass the tests at the end of the year to get an early jump on any necessary adjustments that hopefully won't be as disruptive to your employees.

Luckily, many of today's payroll and HRIS providers simplify this testing, helping you remain compliant. You'll need to show the IRS that you performed the test in case your plan comes under audit in future years.

Wage and Hour Compliance

As your organization grows, it can be difficult to ensure that employees work appropriate hours without violating company policy or government mandates.

Your company must ensure that time is logged appropriately (regular, overtime, PTO), employees are properly classified (ex: employed versus contractor), and correct wages are paid. If not, you may be subject to a Fair Standards Labor Act (FSLA) claim, which can be expensive and damaging to your reputation.

In Woodruff Sawyer's How a Recent Ruling May Affect Insurance Coverage for Wage & Hour Claims, David Rocklin examined a recent ruling showing how even the best of insurance products, Employer Practice Liability (EPL), may not protect employers from missing the mark on labor standards. Both the EPL carrier and the court agreed that the employer was at fault, leaving the company without coverage and liable for FSLA claims.

At the beginning of the year, HR should identify potential outliers where employees are mis-classified or incorrectly paid and take steps to work with their department peers to correct the situation and avoid hefty fines.

HR Cyber Compliance

If you think that cyber compliance is just the responsibility of the IT department, think again. New trends directly impact the HR department, requiring them to protect employees information in new ways.

W2 Fraud Scams

HR is the owner of the sensitive employee data that includes employee names, Social Security Numbers, addresses, and family members data––a prime data target for hackers. And now that W2 season is here, scammers are upping their game to obtain that valuable data.

It can start with a simple, authentic looking email from an executive or peer requesting W2 information for employees. Without thinking, an HR employee answers the email, provides access to all employees' data, and unknowingly contributes to a data breach.

HR should work with IT to set up data access protocols to decrease the potential of a cyber incident. Double authentication and password protected HRIS access will help protect against an email or phishing scam.

In the event of a W2 related data breach, it's important for HR to act quickly. Dan Burke, Woodruffs' Senior Vice President, National Cyber Practice Leader shares how to address this issue in his recent insight.

CCPA: California Consumer Privacy Act

If you employ California residents, you may be impacted by the California Consumer Privacy Act (CCPA), a wide-sweeping act intended to let consumers control their personal data. Although the act does not currently mention employees or HR data specifically, it does not mean that employers should disregard the Act and its potential implications.

Woodruff Sawyer is keeping a close eye on how the CCPA will affect employers, as discussed in this insight. HR departments should act now to protect sensitive HR data, collecting it via a structured means like an online data form and avoiding unsecure channels like emails, chats, and paper.

HR Compliance is a Year-Round Job

January is a great time to kick off the year with steps to ensure you meet your obligations and mitigate human resources risks all year long, but next year will be here before you know it. Now is the time to schedule a plan review to ensure your benefits portfolio is competitive and compliant for the future.