Compliance September 17, 2024

2025’s Tax Sunset and DC Plans

The first article in this quarter’s PLANADVISER In-Depth series, which considers the state of retirement in the U.S., looks at the potential for policymakers to look at tax-deferred workplace programs to make up revenue.
Reported by

As the federal deficit balloons and 2025 nears—bringing the expiration of many provisions from the Tax Cuts and Jobs Act of 2017—some industry experts worry that 401(k) and other tax-deferred programs will be in the spotlight for reductions.

The National Association of Plan Advisors, for instance, said earlier this year that the retirement plan advisory industry must guard against potential scale-backs.

Never miss a story — sign up for PLANADVISER newsletters to keep up on the latest retirement plan adviser news.

Tax-deferred savings plans have become a cornerstone for how many Americans save for their futures. But “as one of the two largest tax expenditures in the federal budget along with health care, the pension tax preferences will be seen as a prime source of revenue that might be repurposed,” says Mark Iwry, a former senior adviser to the U.S. Secretary of the Treasury who is currently a nonresident senior fellow at the Brookings Institution. “There will be competition for limited tax dollars, as there always is, and the large tax preference for retirement savings will present an inviting target.”

Potential for Unprecedented Reductions

Historically, there is not much precedent for cutting these tax-deferred savings to help with the federal deficit, says William McBride, vice president of federal tax policy at the Tax Foundation.

“These are popular programs,” McBride says, specifically calling out 401(k)s, health savings accounts and 529 college savings accounts. Despite HSAs still being underutilized more than 20 years after their inception, “they’re considered untouchable.”

McBride says that, based on conversations with employees on Capitol Hill who work in these areas, the general consensus is that rollbacks of these incentives are not on the table.

But he acknowledges that this is an unprecedented situation due to the size of the deficit the U.S. is incurring: The debt is rising at an unsustainable trajectory in the coming decades, the Congressional Budget Office’s most recent budget outlook showed.

“In that sense, we could be doing things that are unprecedented, and we could be doing those things very soon,” McBride says. “It’s certainly possible. I’m just saying that, to date, we haven’t gone there.”

Many members of Congress find the tax cuts passed in 2017 to be good policy and are likely going to want to renew at least some of the benefits—and that will come at a cost, says Michael Kreps, chair of the retirement services group at the Groom Law Group.

Covering that cost could either come in the form of raising taxes or limiting the tax deductions, exclusions and other exceptions that exist in taxation. In 2017, making adjustments that would have made it more difficult for people to save for retirement was a leading proposal to pay for tax reform.

“When push comes to shove and they need to raise $5 trillion to $6 trillion, they’re going to be looking for material revenue raisers,” Kreps says. “In the court of congressional scoring, the retirement system is one of the larger tax expenditures.”

What Reductions Could Look Like

There are various ways these rollbacks could happen, if they happen at all, Iwry says. One is additional “Rothification” of the 401(k) system, which could pick up where SECURE 2.0 left off by requiring more of the existing tax-favored contributions to take the form of Roth in order to appear to save revenue.

“The Rothification of catch-up contributions—essentially imposing lower limits on pre-tax contributions—could also be extended to non-catch-up contributions,” Iwry says. Alternatively, there could be proposals that further limit tax-favored contributions, whether Roth or pre-tax, or restrict retirement savings tax preferences in other ways.

Kreps says this “Rothification” is much more likely than lowering contribution limits, which would be a very unpopular move.

Bolstering the 401(k) Against Potential Tax Reductions

It will be incumbent upon advocates for the system to make sure that policymakers understand the real damage that would occur in cutting back incentives for retirement savings, says Brian Graff, CEO of the American Retirement Association.

“Every other industry is going to be lining up to protect its stuff, whether it’s energy, defense [or] insurance,” Graff says.

He added that while industry actors sense risk, not everybody agrees on the degree of that risk—and the degree of risk will be contingent on the upcoming presidential election.

“From ARA’s perspective, we are getting prepared,” Graff says.

In 2017, a coalition called Save Our Savings sought out to try and protect elements of the system, and Graff says similar coalitions could emerge this year. Save Our Savings was extremely effective, Kreps adds.

“There were no material changes to the tax incentives for retirement savings in the Tax Cuts and Jobs Act, and that was entirely due to the fact that that coalition convinced Congress—and quite frankly, the administration at the time—that it was a political loser to attack the retirement system,” Kreps says.

Education and advocacy are an important part of protecting retirement savings programs. But the best defense for the private pension system is to “do more of what should be done in any event,” Iwry says.

That includes reforming the system to make it more inclusive, equitable and pension-like, as well as expanding coverage through automatic individual retirement accounts nationwide. It also means, to Iwry, “reducing leakage and reorienting the system around the worker and retiree, especially those moderate- and lower-income households who most need the help.”

 

 

More on this topic:

Who Is Most at Risk for Retirement Shortfall?
How to Contribute Amid Retirement ‘Challenges’
Social Security: Beyond the Headlines
Define ‘Crisis’
In Practice September 3, 2024

Cybersecurity Best Practices for Retirement Plans

The game is continually evolving for keeping plan data and systems safe. In this special coverage article, experts discuss how plan fiduciaries can stay up to speed.
Reported by
Art by Giulio Bonasera

It’s a cybersecurity jungle out there. Plan sponsors must defend against participant impersonation, account takeovers, hackers and phishers. And it’s getting worse: Artificial intelligence deepfakes, including fraudulent correspondence, voice impersonations and videos are hitting financial institutions and their customers.

There is no single solution for managing these threats, especially as AI-based methods continue to evolve. However, plan advisers and their sponsor clients can implement cybersecurity plans that will help keep the bad guys at bay.

Want the latest retirement plan adviser news and insights? Sign up for PLANADVISER newsletters.

Cover The Essentials

Marino Monti, Voya Financial’s chief information security officer, says cybersecurity ultimately comes down to people, processes and technology.

He notes that: People need ongoing training and tools to stop fraud. Plans need controls and standards that they regularly review and update. Technology is constantly evolving, and sponsors need insights and data protection. They also need basic resiliency.

“When a breach happens, how resilient are you?” he asks. “Do you have a backup plan? Can you recover? What’s your incident response plan?”

The SPARK [Society of Professional Asset Managers and Recordkeepers] Institute’s “Plan Sponsor & Advisor Guide to Cybersecurity; SPARK Data Security Best Practices: Seventeen Control Objectives” addresses these issues and more. SPARK provides guidance on multiple aspects of a cybersecurity program, with components organized by objectives and control benchmarks. These objectives include security policy, asset control, access control, operational/business resiliency, vendor management and cloud security.

Per the publication: “These control objectives are consistent with and aligned to the Department of Labor Cybersecurity Program Best Practices (April 2021) and satisfy the requirement for ‘Reliable Annual Third-Party Audit of Security Controls’ as applied to recordkeepers.”

The Department of Labor’s list of cybersecurity best practices is helpful, but Scott Carroll, a senior consultant with plan consultants Agilis, suggests sponsors go beyond the DOL’s recommendations.

Carroll says plan committees should consider adding information technology representation to educate the committee, ensure company policies are being followed and ask the right questions to vendors. Should the committee face an audit or investigation, it is helpful to have a member who can demonstrate that the committee understood the relevant risks and plan policies.

Carroll maintains sponsors should also take an active role when conducting cybersecurity reviews. The review should be more than simply having the recordkeeper provide a 30-minute overview at a committee meeting, he says: “Take ownership of the process, including issuing a questionnaire to your vendors. In cases where IT is not represented on the committee, it is valuable to have them report their findings to the committee as part of the periodic review, and this often prompts some discussion on having IT representation on the committee.”

Nick Brezinski, the director of information security and network with CAPTRUST, recommends that sponsors take multiple steps to implement cybersecurity best practices. The first step is to provide regular employee training to create a robust awareness of the problem and the procedures employees should follow. Certifying employees annually with ongoing training helps maintain a defensive posture.

Rigorous due diligence on vendors is another critical step, as is having a third party review and assess the sponsor’s cybersecurity efforts. That review will result in a detailed list of any problem areas, with suggestions to close the gaps, whether by implementing technology, updating a process or removing a process, says Brezinski.

The fourth step is implementing a robust access control policy, including enforcing least-privilege access in any instance where it is available.

Sponsors need to make sure they “have a well-defined incident response plan,” Brezinski adds. “Security incidents will happen, and we should be prepared for them. But technical outages like losing an internet circuit or some sort of hardware could take down your infrastructure, causing loss of facilities.”

Recognizing the AI Threat

Recent media reports have described the use of generative AI to commit financial fraud against banks and businesses. Given the large amount of money in retirement plans, they will likely face similar threats soon, if they have not already, says Matthew Corwin, a managing director at Guidepost Solutions, a security, compliance and investigations firm. Corwin explains that the exposures can originate throughout a plan’s financial ecosystem, including third-party vendors, affiliates, advisers and participants.

“Keep in mind that those generative AI risks can take the form of everything from voice and video spoofing to AI-generated financial documents and statements, other identity verifications, IDs, including government issued IDs,” notes Corwin. “All of these things, to some extent, existed prior to the current AI boom. But the AI we’ve seen has enabled some of these cybercriminals to produce increasingly sophisticated … attacks.”

In the wrong hands, AI capabilities increase the risk of identity theft and account takeover, says Kimberly Sutherland, vice president of fraud and identity strategy at LexisNexis Risk Solutions.

“Having a bad actor either stealing information or gaining unauthorized access is going to be the biggest threat as people are trying to save money in their plans,” she says.

Sutherland believes it is going to “take AI to fight AI.”

“We are seeing the importance of having adaptive fraud model and adaptive risk signals—the days of static approaches will continue to lessen,” she says. “Adaptive solutions that will be AI- driven will help fight against AI fraud attacks.”

For example, behavioral biometric intelligence uses technology and methodologies to analyze and authenticate individuals based on how they interact with digital devices. According to search engine Perplexity AI, this approach leverages artificial intelligence and machine learning to monitor and analyze various parameters of user behavior continuously, distinguishing legitimate users from potential fraudsters.

«