ESOPs, Benefits & Compensation Q3 2024 Client Update < Articles < News

ESOPs, Benefits & Compensation Q3 2024 Client Update

Fall greetings from the Kaufman & Canoles ESOPs, Benefits & Compensation team. We hope you’re enjoying the cooler weather, changing leaves, and—of course—the continual pace of change in employee benefits. Please find below a few of our thoughts on updates in third quarter; as always, feel free to reach out to a member of our team with any questions.

IRS Releases Initial Guidance on 401(k) Student Loan Matches

Several years after the IRS first informally approved the concept of employers matching student loan repayments, and nearly two years after SECURE 2.0 wrote it into law, employers now have a glimpse into how such a benefit will work. Although the IRS will issue formal regulations soon, it released initial guidance on several topics of note, including:

Identification of which types of student loans are eligible
Whose student loan, in relation to the plan participant, must be repaid to be eligible for a match
Ways to certify the participant’s obligation to repay the loan and the amount paid during a year
Rules for determining the amount paid that is eligible to be matched
Different options for meeting non-discrimination testing when matching student loan repayments
Rules on uniformity intended to ensure participants can receive student loan matches on roughly the same basis as the plan’s regular matches
Points where, despite the general rule of uniformity, student loan matches can differ from regular matches

As the above list may suggest, designing 401(k) student loan match programs will be complex and will require extensive participant data and operational attention. Employers—particularly small employers who may not be able to dedicate resources to tracking this information—should review this plan design with their advisors before taking the leap.

2025 ACA Affordability Standard Released

In mid-September, the IRS announced the 2025 Affordable Care Act affordability percentage, which determines whether employers have offered full-time employees “affordable” health insurance coverage. As a reminder, large employers subject to the ACA must offer health insurance to full-time employees that costs no more than a certain percentage of the employee’s household income.

For 2025, the newly released affordability percentage is 9.02%, meaning an employee cannot pay more than 9.02% of his or her household income toward the lowest cost self-only coverage offered by the employer. This is up from 8.39% in 2024. As employers usually will not know their employees’ total household income, nearly all rely on one of three affordability safe harbors: The federal poverty level (FPL) safe harbor; the W-2 safe harbor; or the rate of pay safe harbor. Under each of these, the employee can now pay up to 9.02% of the FPL, their total W-2 wages for the year, or their regular rate of pay.

For large employers seeking predictability—a guarantee they will meet the affordability standard for all employees—the FPL method offers the best alternative, because the FPL itself is fixed ahead of time. Under this method, employees can pay up to $113.20 per month for the lowest cost self-only coverage offered by the employer. This is up from slightly under $102 in 2024.

More SECURE Act Changes Taking Effect in 2025

Although many of the SECURE Act and SECURE 2.0 provisions affecting retirement plans have now taken effect, a few more are slated to apply starting in 2025:

Increased catch-up contributions will be available for participants between ages 60 and 63. For plans that allow catch-up contributions, the limit will increase to the greater of $10,000 or 150% of the regular catch-up limit, but only for participants who will reach age 60, 61, 62, or 63 during the year. This means plans will need to monitor catch-up limits not only by participants over age 50, but rather from ages 50-59; 60-63; and 64 and older.
Automatic enrollment will be mandated for many newer 401(k) plans. Under SECURE 2.0, most new 401(k) plans are required to automatically enroll eligible participants starting in 2025. This requirement generally applies to 401(k) plans that are adopted after SECURE 2.0’s date of enactment (December 29, 2022) and are sponsored by businesses that have been in existence for at least three years and have at least 10 employees.
Changes to long-term part-time employee measurement rules will take effect. Under the original SECURE Act, 401(k) plans were required to allow employees to contribute from their own pay if they worked at least 500 hours in three consecutive years. SECURE 2.0 reduced the measurement period to two consecutive years. This generally means employees who worked at least 500 hours in 2023 and 2024 must be allowed to contribute in 2025.

As always, it’s critical for employers not only to be aware of these requirements, but to understand how their plan vendors are implementing the changes on their behalf. Any employers that have not heard from their recordkeepers or third-party administrators about these provisions should reach out to understand any upcoming differences in their plan’s operation.

DOL Confirms that Cybersecurity Guidance Applies to All Benefit Plans

Lastly, the Department of Labor—in an attempt to clear up lingering confusion—confirmed that its cybersecurity guidance applies to all types of ERISA-covered benefit plans, not just retirement plans. The DOL in 2021 released informal guidance on its views of plan fiduciaries’ obligations under ERISA to provide appropriate cybersecurity measures to protect participant data and plan assets. Since then, the DOL apparently has received reports of vendors and other service providers taking the position that the cybersecurity guidance applies only to retirement plans, and not to health and welfare plans.

In re-issuing the guidance, the DOL clarified that the cybersecurity advice applies to all types of employee benefit plans that are subject to ERISA and provided additional resources aimed at cybersecurity measures in healthcare plans. Given the rise in data breaches, hacking attempts, and tremendous amount of money and personal data at issue, employers should take this issue seriously.