Form 5500 must be filed electronically beginning with the 2009 plan year. All Form 5500s and 5500-SF (Short Form) Annual Returns/Reports for plan years beginning on or after January 1, 2009 must be filed electronically on EFAST2, the electronic system scheduled to be available in January 2010 on the EFAST2 Web site (www.efast.dol.gov). Filers of the Form 5500 or 5500-SF may either use EFAST2-approved software vendors or the United States Department of Labor's (DOL) IFILE application, suitable for “plain vanilla” filings. Both the list of EFAST2-approved software vendors and the IFILE application will be available on the EFAST2 Web site. EFAST2 electronic credentials (user ID and pin) are required to sign and/or submit the Form 5500 or Form 5500-SF or to prepare a return/report in IFILE. Beginning in January 2010, the electronic credentials can be obtained by registering on the EFAST2 Web site. Although Form 5500s generally are not due until seven months after the end of a plan year, plan sponsors are urged to start preparing for the transition to electronic filing.  

The FTC announced that it has postponed enforcement of the “Red Flags Rule” from August 1, 2009 to November 1, 2009, and has updated FAQs on its Web site. (The FTC announcement postponing enforcement of the Red Flags Rule: http://www.ftc.gov/opa/2009/07/redflag.shtm; the FAQs: http://www.ftc.gov/bcp/edu/microsites/redflagsrule/faqs.shtm) Under the FTC's “Red Flags Rule,” certain financial institutions and creditors must implement a written Identity Theft Prevention Program to detect warning signs or “red flags” of identity theft in their day-to-day operations. As part of its guidance aimed at educating small businesses and other entities about compliance with the Red Flags Rule and at easing compliance, the FTC updated the FAQs on its Web site, several of which address employee benefit plans.

The FTC states in one FAQ that neither the plan sponsor of an individual retirement plan such as a 401(k) plan nor the plan itself is a “creditor” under the Red Flags Rule by virtue of the fact that the plan allows participants to get loans from their own plan account. Also, for a company that is a “creditor” or “financial institution” under the Red Flags Rule, the company's employees' 401(k) accounts are not with the company or plan sponsor but with the plan itself, a separate legal entity. Therefore, the company would not need to include the retirement plan accounts in a written Identity Theft Prevention Program.

The FTC also stated in one FAQ that in the case of a company who offered its employees health care flexible spending accounts and reimbursed the employees for elected amounts that were more than they contributed to date ? for example, because an employee left the company ? neither the company nor the third-party administrator that maintained the employee accounts would be a “creditor” under the Red Flags Rule. Finally, the FTC stated if an entity administers flexible spending accounts and gives customers a debit card to access benefits, it would be considered a “financial institution” under the Red Flags Rule. The FTC's guidance helps to ease some of the concerns employee benefit plan sponsors and administrators had regarding the Red Flags Rule and its applicability to them, although some questions as to the reach of the rule remain.

In Revenue Procedure 2009-36, the IRS has modified the remedial amendment cycle for Internal Revenue Code (Code) Section 414(d) governmental plans. Under Revenue Procedure 2009-36, the remedial amendment cycle with respect to a governmental plan generally will not end before 91 days after the close of the first legislative session that begins more than 120 days after a determination letter is issued for the plan. Revenue Procedure 2009-36 also provides that the sponsor of an individually designed governmental plan may elect Cycle E instead of Cycle C as the initial (EGTRRA) remedial amendment cycle for the plan. The election is made by filing a determination letter application for the plan during the one-year submission period for the initial Cycle E (February 1, 2010 through January 31, 2011). No election form or notice to the IRS is required. A sponsor's election of Cycle E applies only to that cycle. For any subsequent remedial amendment cycle, the plan's cycle will revert to Cycle C.

The IRS requests comments on new guidance for eligible combined plans. (Notice 2009-71) The U.S. Department of the Treasury and the IRS plan on issuing guidance relating to eligible combined plans under Code Section 414(x) and requested in Notice 2009-71 comments on issues presented under that Code Section. With an eligible combined plan, an employer can maintain both a defined contribution plan and a defined benefit plan on a combined basis, thereby cutting down on the administrative burdens and costs of maintaining separate plans. Generally, only those employers who employ at least two but no more than 500 employees may maintain an eligible combined plan. Section 414(x) is effective for plan years beginning after December 31, 2009. The IRS said in the Notice that it anticipated that the guidance under consideration would be prospective.

The IRS has set forth seven steps for plans to follow before making hardship distributions. In its summer 2009 “Retirement News for Employers” newsletter, the IRS noted that in the current economic climate, participants may seek hardship distributions from their retirement plans. The IRS outlined seven steps that plans should take before making hardship distributions:

Step 1: Review the terms of your plan, including: (1) whether the plan allows hardship distributions; (2) the procedures the employee must follow to request a hardship distribution; (3) the plan's definition of a hardship; and (4) any limits on the amount and type of funds that can be distributed as a hardship from an employee's accounts.

Step 2: Ensure that the employee complies with the plan's procedural requirements. For example, make sure the employee has provided a statement or verification of his or her hardship in the form required by the plan.

Step 3: Verify that the employee's specific reason for hardship qualifies for a distribution using the plan's definition of what constitutes a hardship. For instance, the plan may limit a hardship distribution to pay burial or funeral expenses and not for any other reason.

Step 4: If the plan, or any of your other plans in which the employee is a participant, offers loans, document that the employee has exhausted them prior to receiving a hardship distribution. Likewise, verify that the employee has taken any other available distributions, other than hardship distributions, from these plans.

Step 5: Check that the amount of the hardship distribution does not exceed the amount necessary to satisfy the employee's financial need, including amounts needed to pay any taxes or penalties that are due because of the hardship distribution.

Step 6: Make sure that the amount of the hardship distribution does not exceed any limits under the plan and is made only from the amounts eligible for a hardship distribution. For example, the plan may permit a hardship distribution of only 50 percent of an employee's salary reduction contributions.

Step 7: Most plan specify that the employee is suspended from contributing to the plan and all other plans that the employer maintains for at least six months after receiving a hardship distribution. Inform the employee and enforce this provision. Failing to enforce the plan's suspension provision is a common plan error but may be corrected through the Employee Plans Compliance Resolution System (EPCRS).

Welfare Plans

On its Web site, the IRS posted a reminder that individuals who received the COBRA health insurance subsidy and who have become eligible for other group health coverage are required to notify the plan in writing that they are no longer eligible for the COBRA subsidiary. (http://www.irs.gov/businesses/small/article/0,,id=212421,00.html) If an individual continues to receive the subsidy after he or she is eligible for other group health coverage such as coverage from a new job or Medicare eligibility, the individual may be subject to a penalty of 110 percent of the subsidy provided after the individual becomes eligible for the new coverage. Anyone who suspects that someone may be receiving the subsidy after becoming eligible for other group health coverage may report this to the IRS by completing Form 3949-A, Information Referral.

The United States Department of Health and Human Services (HHS) has released an interim final rule requiring that health care providers, health plans, and other HIPAA-covered entities notify individuals when their protected health information is breached, as required by the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed as part of the American Recovery and Reinvestment Act of 2009 (ARRA). (45 CFR Parts 160 and 164) These “breach notification” regulations require health care providers, health plans, and other HIPAA-covered entities to promptly notify affected individuals of a breach. Where a breach affects more than 500 individuals, the HHS Secretary and the media also must be notified. Breaches affecting 500 or fewer individuals must be reported to the HHS Secretary annually. Business associates of HIPAA-covered entities also are required to notify the covered entity of breaches at or by the business associate.

The HHS also issued an update to its guidance specifying encryption and destruction as the technologies and methodologies that render protected health information unusable, unreadable, or indecipherable to unauthorized individuals. Where there has been a breach of information that has been secured as specified by the guidance through encryption or destruction, no notification of such breach is required. The new breach notification regulations address, among other topics, what constitutes a breach requiring notification, when a breach is treated as discovered, the time frame within which notification of a breach must be provided, the method of notification, and the content of the notification. The HHS interim final regulations are effective for breaches that are discovered by a covered entity or business associate on or after September 23, 2009, although the HHS will not impose sanctions for failure to provide the required breach notification for breaches that are discovered before February 22, 2010.

As a result of the HHS interim final rule, HIPAA-covered entities should determine what steps should be taken to comply with the new rules, including for example implementing reasonable systems for discovery of breaches in accordance with the regulations. Covered entities also may want to consider adopting destruction and encryption technologies and methodologies with respect to protected health information such that notification will not be required in the event of a breach. Business associate contacts also should be reviewed and revised to the extent necessary.

The FTC issued companion breach notification regulations that apply to vendors of personal health records and certain others not covered by HIPAA. The FTC final rule is effective on or after September 24, 2009, although the FTC will refrain from bringing an enforcement action for failure to provide the required notification for breaches discovered before February 22, 2010.

Executive Compensation

IRS Chief Counsel Memorandum AM 2009-006 held that (1) for purposes of Code Section 162(m), the date of grant of a stock option is the date the granting corporation completes the corporate action constituting an offer of sale to an individual of a certain number of shares of stock at a fixed price per share, and (2) discounted stock options are not qualified performance-based compensation under Code Section 162(m) even if, before or after exercise the executive reimburses the employer for the discount or the option is “repriced” based on the fair market value on the actual date of grant. (IRS Office of Chief Counsel Memorandum No. AM 2009-006) Code Section 162(m) provides a $1 million limit on the deduction for compensation to covered employees of publicly held corporations for a taxable year, but there is an exception for “qualified performance-based compensation.” The exception applies to stock options when the exercise price of the option is at least equal to the fair market value of a share on the grant date. Although Section 162(m) does not define “grant date,” the IRS in the Chief Counsel Memorandum looked to Regulations under Code Sections 421 and 409A and determined that the standard for determining the grant date in those Regulations, which is based on the date the corporation completes the corporate action constituting an offer of sale of a certain number of shares of stock to a designated individual at a set price, is a reasonable and appropriate standard for purposes of Section 162(m).

If the payment of performance-based compensation for performance periods beginning after January 1, 2009 is guaranteed upon involuntary termination of employment or retirement, such compensation will not be qualified performance-based compensation under Code Section 162(m). (Revenue Ruling 2008-13). Under Section 162(m), qualified performance-based compensation must be payable solely on account of the attainment of one or more performance goals, although a plan or arrangement may allow compensation to be payable upon death, disability, or change of ownership or control. This note serves as a reminder that, in 2008, the IRS issued Revenue Ruling 2008-13 in which it held that compensation payable upon an involuntary termination of employment without cause or for good reason, or upon retirement, is not compensation payable solely on account of the attainment of one or more performance goals and, therefore, the compensation is not qualified performance-based compensation under Section 162(m).

For calendar year performance periods, Revenue Ruling 2008-13 generally will apply for the performance period beginning on January 1, 2010, except in the case of compensation paid pursuant to the terms of a contract as in effect (without respect to future renewals or extensions, including those that occur automatically) on February 21, 2008. Thus, any provisions in employment agreements or other agreements for certain employees of publicly held corporations guaranteeing the payment of performance-based compensation upon involuntary termination of employment or retirement generally must be removed prior to January 1, 2010, in order to preserve the full deductibility for the performance-based compensation earned in the performance period beginning on such date.

Internal Revenue Service regulations generally require that, for purposes of avoiding United States federal tax penalties, a taxpayer may only rely on formal written opinions meeting specific requirements described in those regulations. This newsletter does not meet those requirements. To the extent this newsletter contains written information relating to United States federal tax issues, the written information is not intended or written to be used, and a taxpayer cannot use it, for the purpose of avoiding United States federal tax penalties, and it was not written to support the promotion or marketing of any transaction or matter discussed in the newsletter.