Nonprofit Resources
Third-Party Administrators vs. Retirement Plan Sponsors: Who’s Responsible for What?
Many organizations contract a third-party administrator (TPA) to handle day-to-day administrative tasks related to their employee retirement plan. And many organizations mistakenly believe that if they have a TPA, their own fiduciary responsibility is significantly reduced or alleviated.
The reality is that if your organization sponsors an employee retirement plan, you are responsible for complying with the complex standards and regulations. It’s vital to understand what your responsibilities as the plan sponsor are, versus the responsibilities you may contract out.
The Key Players
There are several different roles within retirement plans. Your plan may have some or all of the following:
- Plan sponsor – The organization that initially set up the retirement plan. This is typically the employer.
- Plan administrator – The individuals responsible for running the plan. These are typically employees of the organization — often the human resources manager or chief financial officer, or both.
- TPAs and recordkeepers – Companies such as Fidelity, TIAA-CREF, and Envoy that you can contract in various capacities to help with recordkeeping for the plan. Some of these roles can overlap with trustees and custodians, so you might have an organization serving as custodian of your plan while also providing recordkeeping or even investment advisor services.
- Trustees and custodians – Companies that actually hold the assets for the plan, such as Capital Bank & Trust, Reliance Trust Company, and MG Trust Company. As mentioned above, TPAs may also fill these roles.
- Investment advisors and managers – Companies that review the investment information and provide guidance on plan statistics, benchmarking investment options, and fees.
- Contracted fiduciaries – Organizations that help take on some of the burden of fiduciary responsibility. There are two main types of contracted fiduciaries. The first, 3(38) fiduciaries, take on the liability of investment decisions as the investment manager, but plan sponsors are still responsible for monitoring their decisions. Section 3(21) fiduciaries can make recommendations and provide some assistance and advice to plan sponsors, but cannot make decisions on behalf of the plan. Note that you cannot completely eliminate your fiduciary responsibility. If your organization uses either type of contracted fiduciary, you are still responsible for monitoring them.
Having a good understanding of the key players on your plan, and who is responsible for what, will help you remain in compliance.
Service Auditor Reports
A service auditor report, which may be referred to as a SOC 1 or SSAE 18 (formerly SSAE 16), describes controls at the service organization. The service auditor report provides descriptions of controls in place at the service organization and an independent auditor’s opinion on the design and operation of the controls. As the fiduciary, you should be obtaining this report as part of your employee benefit plan process. This is the way most service organizations provide key information to their clients, and it’s available annually. Some organizations will only receive the service auditor report if the auditor asks for it, but it is a best practice for your retirement committee or plan administrator to make sure they review and understand the report annually.
The report also includes a section called “Complementary User Controls.” This really should be named “Essential User Controls,” because it outlines what the TPA needs from your organization to perform its role correctly. If you provide inadequate or incorrect data, the TPA will provide inadequate or incorrect reports. It’s important for your organization to review the list of user controls and document how you are fulfilling each one on an annual basis.
Common Challenges
In our employee benefit plan audit work, we often see breakdowns in plan roles that put the plan sponsor at risk of significant penalties. Common challenges include:
- Reporting plan amendments to the service provider – If you amend any portion of your plan, be sure to communicate it to the appropriate service provider so they can perform their role fully and correctly.
- Reporting eligibility of new participants and reporting new participants – Institute a process for notifying your TPA of new plan participants as well as employees who have become eligible to participate.
- Reporting changes in deferrals if not maintained through feedback files – Some TPAs enable participants to make election changes through their website. The TPA will then communicate that change back to the plan sponsor in a feedback file so the sponsor knows to make the appropriate adjustments to payroll withholding. Feedback files can help streamline the process for participants and employers, and we recommend asking your TPA about this option if it is not currently offered.
- Reporting terminated participants – If an employee’s termination date isn’t reported to the TPA, the TPA won’t know that it can authorize a distribution to the employee.
- Approving hardship withdrawals – It usually remains a plan sponsor decision to review paperwork and compliance with the plan document, and then provide authorization to the TPA to disburse the funds. The plan sponsor then also needs to make sure employee contributions are suspended as required under the plan document.
- Calculating forfeited amounts – If the plan requires a certain number of years of service before the participant can withdraw employer-contributed funds, the TPA will need the years of service earned to properly calculate the distribution. The TPA may also require the plan to provide that calculation for each distribution before it is made.
These items can cause issues if you’re not certain who is responsible for what.
In addition, you should review and sign the service agreement for your TPA annually. Make sure you’re getting the pertinent information to your TPA.
Ultimately, anyone who makes a decision for your organization’s retirement plan is a fiduciary. For example, an individual approving a contribution for remittance, approving plan documents, or signing plan amendments is a plan fiduciary.
Your Responsibility as Plan Sponsor
The key takeaway is that plan activities not done by the plan sponsor must still be monitored by the plan sponsor for compliance with regulations. We recommend retaining the minutes from your retirement committee meetings to help document what your organization is monitoring, discussing, and deciding as plan sponsor.
Please contact us with any questions about the roles within your organization’s retirement plan. Our dedicated team of employee benefit plan auditors is experienced at working with plans at nonprofit organizations, and we offer a range of audit services as well as compliance assessments.
Emily Toler
Emily serves as a partner in the Indianapolis office and as the firm’s Employee Benefit Plan Services Director. Emily has 20 years of experience providing audit and tax services for employee benefit plans, with a primary focus on 403(b) plans. She currently oversees approximately 70 benefit plan audits and related filings. Emily also is a member of the AICPA Employee Benefit Plans Audit Quality Center Executive Committee.