Todd Solomon and Brian Tiemann presented on alternative investments for pension plans during the Association for Financial Professionals (AFP) Conference in Chicago. They discussed various rules benefit plan investors should consider, including the “look-through” rule and the “significant” investment rule. They also addressed common hedge fund structural and operational issues, and problems if a fund holds ERISA plan assets.

View the full presentation.

The General Data Protection Regulation (GDPR) was the biggest story of 2018 in the field of global privacy and data protection. The GDPR became enforceable in European Union Member States on May 25, 2018, significantly expanding the territorial reach of EU data protection law and introducing numerous changes that affected the way organizations globally process the personal data of their EU customers, employees and suppliers. These important changes required action by companies and institutions around the world. In almost six months after the GDPR’s effective date, organizations are still working on compliance—and will be for years to come.

Critical provisions

The GDPR applies to organizations inside and outside the EU. Organizations “established” inside the EU, essentially meaning a business or unit located in the EU, must comply with the GDPR if they process personal data in the context of that establishment. The GDPR also applies to organizations outside the EU that offer goods or services to, or monitor the behavior of, individuals located in the EU.

The GDPR uses other terms not familiar to US businesses but which need to be understood. Both “data controllers” and “data processors” have obligations under the GDPR, and data subjects can bring actions directly against either or both of those parties. A data controller is an organization that has control over and determines how and why to process data. A data controller is often, but not always, the organization that has the direct relationship with the data subject (the individual about whom the data pertains). A data processor is an organization that processes personal data on behalf of a data controller, typically a vendor or service provider. The GDPR defines “processing” to mean any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means (e.g., collection, recording, storage, alteration, use, disclosure and structuring).

The GDPR also broadly defines “personal data” as any information directly or indirectly relating to an identified or identifiable natural person, such as a name, identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Organizations in the US are used to a narrower definition of personal data, which typically includes information that, if breached, would put an individual at risk of identity theft or fraud and require notice (e.g., Social Security numbers, driver’s license numbers, and financial account, credit and debit card numbers). Continue Reading GDPR 6 Months After Implementation: Where are We Now?

The US Court of Appeals for the First Circuit has solidified a circuit split on who has burden of proving loss causation in ERISA breach of fiduciary duty cases. The First Circuit joined the Fourth, Fifth and Eighth Circuits holding that once a plaintiff demonstrates a fiduciary breach, the defendant has the burden to negate loss causation. Other circuits, including the Sixth, Ninth, Tenth and Eleventh Circuits, have held that a plaintiff bears to burden to establish loss causation. This issue is ripe for Supreme Court review.

Access the full article.

President Trump signed an executive order last year directing the Secretaries of Labor, Treasury and Health and Human Services to consider proposing regulations to “increase the usability of HRAs.” This month, the collective departments issued proposed regulations containing changes to the prohibition on pairing HRAs with individual health policies, as well as other changes to the current HRA rules.

Proposed effective date January 1, 2020; comments due December 28, 2018.

Access the full article.

Join us Friday, November 2 for our monthly Fridays with Benefits webinar. With 2019 right around the corner, now is the time to dust off your year-end checklist and take stock of changes we have seen in 2018, and how they project to impact planning for the new year. Join us for an interactive discussion designed to draw attention to the key employee benefits issues you should tackle before New Year’s Eve. Our lively 45-minute discussion will include a tax reform update, an overview of retirement plan disaster relief, responding to new disability regulations from the DOL, and how to implement final regulations on QNECs and QMACs.

Friday, November 2, 2018
10:00 – 10:45 am PDT
11:00 – 11:45 am MDT
12:00 – 12:45 pm CDT
1:00 – 1:45 pm EDT

Register now.

During the Tax in the City event held in Dallas, Erin Turley and Allison Wilkerson gave an overview of benefit plan audits and the IRS examination process. They discussed various areas of focus, including, required minimum distributions, investment issues, benefit calculations and appropriate tax reporting. They provided attendees with best practices before an audit, as well as helpful resources from the IRS and DOL.

View the full presentation.

Late last month, the IRS released the latest version of its Employee Plans Compliance Resolution System, the IRS’s program for correcting retirement plan errors. The newest version of the correction program—effective beginning in 2019—includes mostly minor changes and clarifications. Most importantly, however, it requires electronic filing of Voluntary Correction Program submissions beginning April 1, 2019.

Access the full article.