Plan Sponsors and Fiduciaries: Beware the High Costs of Prohibited Transactions
When a plan fiduciary permits certain statutorily forbidden transactions, participants in the transactions may be heavily taxed and penalized for the transaction, even years later. The Internal Revenue Code (IRC) and the Employee Retirement Income Security Act of 1974, as amended (“ERISA”), both aim to prevent certain financial transactions (“Prohibited Transactions”) between a qualified retirement plan and specified people with control or influence over the plan, such as plan fiduciaries. The IRC refers to these people as Disqualified Persons, while ERISA refers to them as Parties in Interest. For simplicity, we will refer to them here as Disqualified Persons.
The goal of the Prohibited Transaction provisions is to avoid use of plan assets to enrich Disqualified Persons. Such enrichment includes both self-dealing by a Disqualified Person and the plan lending or otherwise transferring plan assets to the Disqualified Person. The provisions generally apply to those transactions which carry a risk of Disqualified Persons receiving better treatment than disinterested parties would in the same situation. While penalties differ under IRC and ERISA, both sets of penalties apply to Prohibited Transactions. The Internal Revenue Service (IRS) may assess a 15 percent tax per year and a 100 percent tax if the Prohibited Transaction is not corrected prior to IRS discovery. Under ERISA, the Department of Labor (DOL) may issue penalties of between five percent and 100 percent of the amount involved. Additionally, ERISA requires the plan fiduciary to restore the plan for the benefit of the plan participants. Numerous statutory Prohibited Transaction Exemptions exist to prevent these rules from limiting otherwise legitimate transactions, and when applicable Prohibited Transaction Exemptions allow the underlying transaction without penalty to the Disqualified Person.
Prohibited Transactions require participation by a Disqualified Person in a listed transaction; Disqualified Persons typically have a close relationship to the plan or to the employer sponsoring the plan, and they may include:
- Those providing services to the plan;
- Plan sponsors and those owning significant interests in plan sponsors; and
- Relatives of any of the previously mentioned people.
Most direct and indirect transactions between Disqualified Persons and the plan are Prohibited Transactions, and it is the plan fiduciary’s obligation to avoid them. Prohibited Transactions include the sale, lease, or transfer of any property between the Disqualified Person and the plan. Neither party can lend money or extend credit to the other. One party cannot provide goods, services, or facilities to the other. Most importantly, the plan cannot transfer plan assets for use by or on behalf of a Disqualified Person.
Certain Prohibited Transactions occur only when the plan fiduciary is dealing with the plan. The fiduciary cannot deal with plan assets for the fiduciary’s own interest. Additionally, the fiduciary cannot act on behalf of any party whose interests diverge from those of the plan. Finally, the fiduciary cannot receive any compensation from parties managing plan assets.
Prohibited Transaction Exemptions
As written, the Prohibited Transactions statutes are overly broad, and they stifle legitimate transactions occurring between Disqualified Persons and the plan. For example, the plan fiduciary is often a plan participant. Because the plan fiduciary is a Disqualified Person, the Prohibited Transaction rules prevent the plan from transferring any plan assets to the fiduciary, thus preventing the plan from paying retirement or health benefits to a legitimate plan participant. Prohibited Transaction Exemptions (PTEs) cover situations like this by allowing transactions that would otherwise be classified as Prohibited Transactions. The statutes contain over a dozen specific PTEs addressing a wide variety of specific situations. For example, one PTE allows Disqualified Persons to provide services required for plan operation, such as legal and accounting services, provided that no more than reasonable compensation is paid. Another PTE allows plan loans to be made to Disqualified Persons, provided that the loan is made according to the plan document and on terms available to other plan participants.
The DOL also allows for non-statutory exemptions known as administrative exemptions and class exemptions. Administrative exemptions are individual exemptions approved by the DOL. Administrative exemptions apply only to the person who requested the exemption, while class exemptions apply to any person who meets the class exemption requirements.
Penalties Associated with Prohibited Transactions
The IRC and ERISA each have their own set of penalties and excise taxes associated with Prohibited Transactions. The IRS has authority to enforce IRC penalties, and the DOL enforces ERISA penalties. Despite individually assessed penalties, the DOL and IRS are known to communicate with one another upon discovering Prohibited Transaction issues.
The IRS can assess a tax equal to 15 percent of the amount involved in the Prohibited Transaction for each year or part of a year until the Prohibited Transaction is corrected or draws certain action from the IRS. If the IRS discovers an uncorrected Prohibited Transaction, an additional 100 percent tax applies, making uncorrected Prohibited Transactions a costly liability.
Penalties assessed by the DOL are similarly harsh. The DOL may assess a five percent penalty for each year or part of a year in which a Prohibited Transaction continues to occur. Disqualified Persons have 90 days to correct a Prohibited Transaction after notice from the DOL. Failure to do so subjects the Disqualified Person to an additional penalty of up to 100 percent of the amount involved in the transaction. In addition to these penalties, ERISA permits recovery by the plan or plan participants of losses resulting from a breach of fiduciary liability, including all Prohibited Transactions. It is critical that Disqualified Persons and plan fiduciaries avoid the costly penalties, taxes, and liabilities related to Prohibited Transactions.
If your plan has uncorrected Prohibited Transactions or wishes to proactively avoid Prohibited Transactions, Hall Benefits Law encourages you to seek counsel from experienced ERISA attorneys.
UPDATE: In prior HR Alerts, we addressed the implementation of the DOL’s Fiduciary Rule. Previously, many parts of the Fiduciary Rule came into effect on June 9, 2017, but the DOL stated that it would not fully enforce the Rule until January 1, 2018. The DOL has indicated a proposed additional delay until July 1, 2019. The delay is not yet effective and must be approved by the Office of Management and Budget prior to changing the Fiduciary Rule implementation timeline.
Why Care About HIPAA Violations?
July’s HR Alert featured an article titled “We’re Under Cyberattack, What Do We Do Now?” Most of that article focused on the new “Quick-Response Checklist” (“Checklist”) issued by the United States Department of Health and Human Services (“HHS”), Office of Civil Rights (OCR). OCR is responsible for investigating and enforcing HIPAA Privacy and Security Rules, and the Checklist provides guidance to covered entities and business associates responding to ransomware attacks or other cyber-related security incidents. Understanding how to mitigate breaches of protected health information (PHI) under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) is critical in today’s global electronic society.
Mitigating the risk associated with potential breach of PHI is critically important because of the potential penalties that may be levied against covered entities and business associates for violations under HIPAA. For example, HHS issued a press release on February 16, 2017 announcing a settlement in the amount of $5.5 million with Memorial Healthcare System (MHS) for HIPAA violations. Details of this case include:
- On April 12, 2012, MHS filed a breach report with OCR, advising that two unauthorized employees inappropriately accessed PHI;
- MHS amended its breach report on July 11, 2012, advising that twelve additional unauthorized users accessed PHI;
- The breach affected a total of 115,143 individuals; and
- OCR’s investigation revealed the following:
- A former employee’s log-in credentials were used to access PHI each day from April 1, 2011, through April 27, 2012, affecting 80,000 individuals; and
- MHS failed to implement policies and procedures regarding workforce security and reviewing information system activity, as required under HIPAA.
In addition to the monetary settlement, MHS was also required to implement a robust corrective plan, vividly illustrating the importance of implementing, and reviewing with employees, HIPAA policies and procedures.
It would be a mistake to assume that HHS focuses exclusively on PHI breaches affecting 500 or more individuals. On December 28, 2012, HHS entered into a settlement agreement with Hospice of North Idaho (HONI) in the amount of $50,000 for HIPAA violations affecting 441 individuals. The settlement required HONI to enact a corrective action plan. The facts of the case are as follows:
- HONI filed a breach report on February 16, 2011, regarding the theft of a laptop containing the electronic PHI of 441 individuals;
- OCR’s investigation revealed the following:
- HONI failed to conduct an analysis of the risk to the confidentiality of electronic PHI on an ongoing basis as required under HIPAA’s Security Rule from the date of required compliance to January 17, 2012;
- HONI also failed to adopt or implement security measures for the electronic PHI using portable devices as required under HIPAA’s Security Rule from the date of the required compliance to May 1, 2011.
The HONI case emphasizes that all covered entities, regardless of size, must meet HIPAA regulations to avoid liability. Additionally, OCR announced on August 18, 2016, that it will step up investigation of breaches affecting fewer than 500 individuals.
Hall Benefits Law recommends all Covered Entities and Business Associates review their HIPAA Privacy and Security Procedures to ensure compliance under HIPAA. Having procedures in place is not enough; Covered Entities and Business Associates must ensure that said procedures are being followed to mitigate the risk associated with breach of PHI. The HBL team is happy to assist you with any needs you may have regarding HIPAA compliance matters, including getting policies and procedures in place and providing team training.
Copyright © 2017 Hall Benefits Law, All rights reserved.
This newsletter is intended to provide a Firm update to clients and friends. It is intended to be informational and does not constitute legal advice regarding any specific situation. This material may also be considered attorney advertising under rules of certain jurisdictions.