Is It Time to Start an Administrative Committee for Your ERISA Benefit Plans? Part 1B: Maintaining Records

Part 1B: Maintaining Records

Fiduciary responsibility standards have applied to employee benefit plans since The Employee Retirement Income Security Act of 1974 (ERISA) came into law 47 years ago. However, in light of the new Statement on Auditing Standard 136 (SAS 136), greater responsibility is now required of management than ever before.

In response, auditors of benefit plans will be focusing on management’s practices and increasing communication with management and governance on any errors or deficiencies found, regardless of materiality.

In the posts over the next few weeks, we will dive into management’s responsibility addressed in SAS 136 and specific ways to ensure management is fulfilling their fiduciary responsibility.

SAS 136 clarifies that it is management’s responsibility to maintain the current Plan instrument, including Plan amendments. This includes, but is not limited to:

  • Selecting and monitoring service organizations
  • Maintaining and protecting records
  • Establishing and following internal controls over financial reporting and safeguarding Plan assets

This post will focus specifically on maintaining and protecting records.

It is management’s fiduciary responsibility to maintain and protect Plan records. These include forms filed with government agencies, participant benefit, accounting and Plan governance records. Some records are related to operations and maintained on a Plan level (Plan document and investment contracts), other records are participant specific (benefit payments, contribution history, employment information). Various departments can maintain these records for management (human resources, payroll, accounting, investment custodians and third parties).

In addition, records can be stored electronically or in paper format. If management elects to store records electronically, safeguards must be established to ensure the integrity, accuracy and safety of the electronic records.

At a minimum, management must maintain the following Plan records:

  • The original signed and dated Plan document and any amendments
  • Summary Plan Description and summaries of material modifications
  • Determination, advisory or opinion letter on the Plan’s tax qualification status
  • Contracts with service organizations
  • List of related parties
  • Proof of the Plan’s ERISA fidelity bond and fiduciary insurance
  • Participant records including date of birth, date of hire and rehire, termination date, Social Security number, marital/family status, employee classification, rate of pay and hours worked, other forms of compensation and support for hours worked
  • Participant enrollment and election forms including salary deferrals, health and welfare options, investment elections, beneficiaries and dependent information
  • Payroll records
  • Nondiscrimination and coverage test results
  • Reporting and discourse in regulatory filing and the Plan’s financial statements
  • Actuarial valuations and reports
  • Plan accounting records
  • Minutes, board resolutions, written Plan policies and other governance documents

Along with maintaining certain Plan records, ERISA and U.S. Department of Labor (DOL) have specific record retention requirements, protecting personal information and implications to management for failing to properly retain records.

ERISA Section 107 requires Plan records used to support filings, including the Form 5500, to be maintained for six years from the filing date. This includes, but is not limited to:

  • Copies of the Form 5500, including required schedules and attachments
  • Nondiscrimination and coverage test results
  • Required employee communications
  • Financial reports and supporting documentation
  • Evidence of the Plan’s ERISA fidelity bond
  • Corporate income tax returns

ERISA Section 2019 requires records be maintained that are used to determine benefits that are or may become due to an employee or beneficiary. These are to be maintained “as long as possibility exists” and include, but are not limited to:

  • Census data and support for census information
  • Participant account records
  • Supporting documentation for Plan loans, withdraws and distributions

As discussed above, ERISA requires management to retain a broad category of records to meet fiduciary responsibility. To ensure adequate record retention, management is encouraged to establish a written record retention policy governing how the organization reviews, updates, preserves and discards documents related to Plan administration. Those charged with governance and ERISA counsel should approve the policy. If service organizations maintain Plan records, management needs to understand the retention policies of those organizations. As we discussed in the previous post, the use of a service organization does not alleviate management’s responsibility.  Once the policy is established, management should establish controls to monitor compliance within the organization and monitor the service organization’s compliance.

In addition to writing and monitoring a retention policy, management is encouraged to categorize and organize Plan records in a way they are easily accessible. And, because ERISA Section 209 does not provide a specific period of time for retaining records, these records should be kept for an indefinite period of time.

There can be severe ramifications when management does not maintain or secure the proper Plan records. When management is unable to provide requested data, the auditor will have to consider if alternative procedures can be performed. If not, the auditor may not be able to obtain sufficient appropriate audit evidence in order to form an opinion on the financial statements. It is important to note that if the auditor issues a modified opinion (other than limited scope), the DOL will reject the 5500 Form filing. In addition to rejecting the Form 5500, the DOL has the right to assess penalties of up to $2,194 per day (indexed annually), without limit, on management for the deficient filing. In addition, fiduciaries who do not follow the basic standards of conduct may be personally liable to restore any losses to the Plan.

As part of its fiduciary responsibility, management is responsible to determine whether they meet ERISA, DOL and IRS record retention requirements. Management must make best efforts to meet the stated requirements, or risk potentially severe penalties.

About the Author

Cami L. Grimm, CPA, is a Manager at Brown Schultz Sheridan & Fritz (BSSF) with over five years of public accounting experience. Cami specializes in providing accounting and auditing services to for-profit and nonprofit entities and has worked within a variety of industries.

Disclaimer: Information provided by Brown Schultz Sheridan & Fritz (BSSF) as part of this blog post is intended for reference and information only. As the information is designed solely to provide guidance and is not intended to be a substitute for someone seeking personalized professional advice based on specific factual situations, responding to such inquiries does NOT create a professional relationship between BSSF and the reader and should not be interpreted as such. Although BSSF has made every reasonable effort to ensure that the information provided is accurate, BSSF makes no warranties, expressed or implied, on the information provided. The reader accepts the information as is and assumes all responsibility for the use of such information.