United States: Benefits Counselor May 2017

Retirement Plan Developments

Fiduciary Rule Delay

Consistent with prior guidance, on April 4, 2017, the Department of Labor ("DOL") officially announced that it would extend for 60 days the applicability date of the fiduciary rule published on April 8, 2016.  The DOL also extended for 60 days the applicability dates for the Best Interest Contract Exemption, the Class Exemption for Principal Transactions, the amendments to the Prohibited Transaction Exemption 84-24 (related to annuity recommendations) and the amendments to other previously granted exemptions.  As a result, the new definition of "fiduciary" and the impartial conduct standards in the exemptions are applicable on June 9, 2017.  Compliance with the other requirements in the exemptions (e.g., written disclosures) are applicable on January 1, 2018.

Federal Judge Rules Against Employee Stock Ownership Plan ("ESOP") Trustee

On April 17, 2017, the District Court for the District of New Jersey determined that First Bankers Trust Services, Inc. breached its fiduciary duties of prudence and loyalty in connection with the purchase of company stock by the company's ESOP.  First Bankers had been hired as the independent fiduciary to determine the share price in connection with the ESOP's purchase of shares from the majority shareholder.  The Department of Labor alleged that First Bankers caused the ESOP to pay over $9.4 million in excess of fair market value.  After a 17-day trial, the court determined that First Bankers did not conduct a sufficient investigation regarding the fair market value of the shares and relied on unrealistic projections of the company's future earnings.

There are currently three additional cases involving First Bankers in which the DOL alleges a failure to properly determine the value of shares.  This case and the pending cases against First Bankers demonstrate the DOL's continuing scrutiny of transactions involving the sale of employer stock to ESOPs.

Judge Grants Partial Summary Judgment in Favor of Investment Management Firm in 401(k) Excessive Fee Lawsuit

In Brotherston v. Putnam Investments LLC, the plaintiffs, participants in a 401(k) plan, alleged that the defendants (which included the plan sponsor and investment manager) invested in proprietary funds without considering other options in unaffiliated funds, and that these ill-advised investments cost the plan millions of dollars in excess fees.  The plaintiffs attempted to prove their allegations by comparing Putnam's funds to Vanguard's passive funds to demonstrate that Putnam's fees were excessive.

However, the court distinguished Vanguard's index funds, which were operated "at-cost," from Putnam's mutual funds, which were operated for a profit and included index as well as active funds.  The court concluded that the fees were not comparable.  The court also determined that there was no prohibited transaction because the management fees were paid out of mutual fund assets rather than plan assets.  While summary judgment was granted on some of the claims, the court determined that there are genuine issues of material fact on three of the plaintiffs' claims and one of the affirmative defenses, which means that the case will move forward to trial.  This case demonstrates that courts will likely require that funds have a certain degree of similarity before comparing them to assess the reasonableness of fees.

Health and Welfare Plan Developments

Department of Health and Human Services ("DHS") Finalizes Marketplace Stabilization Rule

On April 13, 2017, DHS issued the final Marketplace Stabilization Rule, which finalizes the proposed rule issued on February 10, 2017.  The rule is meant to address issues such as premium increases, reduction in plan options and insurance issuers exiting the market.  For the most part, the final rule is consistent with the proposed rule.  The final rule is effective on June 19, 2017.

Office of Civil Rights ("OCR") Issues Guidance on Man-in-the-Middle Cyber Attacks

OCR issued guidance on man-in-the-middle ("MITM") attacks, which happen when a third party intercepts and possibly alters communications, unknown to the communicating parties.  MITM attacks can be used to obtain protected health information ("PHI") or for other unlawful purposes such as to expose information or modify information.  Many organizations use HTTPS interception products, which intercept data, decrypt it and then re-encrypt it.  These products require installation of certificates on client devices.  However, this method of security could leave organizations vulnerable because organizations cannot verify web server certificates or independently verify the security (i.e., organizations can validate only the connection between themselves and the interception product, not the server).  The HTTPS interception products often do not validate the certificate chain before re-encrypting and sending the information to the organizations, leading to potential MITM attacks.  In light of this, the United States Computer Emergency Readiness Team ("US-CERT") has recommended that organizations ensure that their HTTPS interception product properly validates certificate chains and sends warnings and errors to clients.

OCR's guidance suggests that covered entities and business associates that use HTTPS interception products review the risks of the electronic transfer of PHI over HTTPS.  Specifically, covered entities and business associates should review US-CERT alerts, along with recommendations of the National Institute of Standards and Technology, to educate the covered entity and business associate of potential violations of the HIPAA security rule and how to address risks.

Metro Community Provider Network ("MCPN") Enters Into $400,000 HIPAA Settlement

MCPN agreed to a $400,000 HIPAA settlement that included a three-year correction plan with OCR in connection with a phishing incident.  A Colorado health center filed a HIPAA Breach Notification Report after a phishing incident jeopardized PHI of over 3,000 individuals.  MCPN took the proper corrective action after the incident but failed to adopt procedures to prevent and remedy security breaches and to adopt measures to reduce risks and weaknesses.  As part of the corrective action plan put forth by OCR, MCPN is required to analyze risks and put in place a plan to reduce electronic PHI risks.  MCPN must also update its Security Rule training materials to include new information that its analysis reveals.

2016 was a record year in HIPAA enforcement by OCR, and so far in 2017, OCR has shown no signs of slowing its enforcement activities. This most recent HIPAA settlement underscores the importance of covered entities performing regular risk analyses to assess the vulnerabilities of their electronic PHI and implement corresponding risk management plans to address those vulnerabilities.

Wellness Program Case Settles

The Equal Employment Opportunity Commission ("EEOC") reached a settlement with Orion Energy Systems ("Orion") regarding Orion's wellness program.  The EEOC challenged the wellness program under the Americans with Disabilities Act ("ADA") and alleged that Orion terminated an employee in retaliation after the employee objected to the wellness program.  Orion claimed that the safe harbor for bona fide benefit plans permitted its wellness program.  The safe harbor provides that the ADA does not prohibit covered entities "from establishing, sponsoring, observing or administering the terms of a bona fide benefit plan that are based on underwriting risks, classifying risks, or administering such risks that are based on or not inconsistent with State law." The district court rejected this argument, citing the EEOC's recent regulations that specifically provide that the safe harbor does not apply to wellness programs.  The court noted that the safe harbor would not apply even if the new regulations were not in place.  However, the court also determined that the wellness program was lawful because participation was voluntary under the law in effect at the time.  After the court's ruling, there were issues of fact regarding whether the employee was fired as a result of her opposition to participation in the wellness program, which were resolved by the consent decree.

In connection with the settlement, Orion will pay $100,000 to the terminated employee and has agreed never to maintain a wellness program that asks disability-related inquiries or includes a medical examination that is not voluntary.  Orion also agreed not to retaliate against employees for objections regarding the wellness program.  Orion will inform its employees that concerns about the wellness program should be sent to its human resources department and will train management and employees on the ADA's anti-retaliation provisions.

Upcoming Compliance Deadlines and Reminders

Upcoming Health Plan Compliance Deadlines and Reminders

  1. New Summary of Benefits and Coverage ("SBC") Template.  Plans that maintain an open enrollment period must use the new SBC template on the first day of the first open enrollment period that begins on or after April 1, 2017.  Plans that do not use an open enrollment period must use the new template on the first day of the first plan year that begins on or after April 1, 2017.

Upcoming Retirement Plan Compliance Deadlines and Reminders

  1. Annual Funding Notice.  Calendar year defined benefit plans with over 100 participants must provide the annual funding notice to required recipients within 120 days of the end of the plan year.  Small plans (plans with 100 or fewer participants) generally have until the Form 5500 filing deadline to provide the annual funding notice.
  2. Change in Due Date for FBAR Filing for Certain Foreign Investments.  In prior years, persons who have a financial interest in, or signature or other authority over, foreign financial accounts were generally required to report on the Treasury Department Form TD F 90 22.1 (the "FBAR") by June 30 of each year. As a result of a recent law change, beginning in the 2017 calendar year, the annual due date for filing FBAR reports was moved from June 30 to April 15.  However, the U.S. Department of the Treasury recently granted an automatic extension for filing the FBAR to October 15 (specific requests for this extension are not required).While investments in most foreign hedge funds and private equity funds are not required to be reported on the FBAR, other accounts in foreign jurisdictions might be.  Plan sponsors should consult with tax and legal counsel to determine if any FBAR filing is required to be filed by the October 15, 2017 deadline.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

In association with
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement

Mondaq.com (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of www.mondaq.com

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about Mondaq.com’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.


Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.


Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to unsubscribe@mondaq.com with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.


A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.


If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.


This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to webmaster@mondaq.com.

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to EditorialAdvisor@mondaq.com.

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at enquiries@mondaq.com.

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at problems@mondaq.com and we will use commercially reasonable efforts to determine and correct the problem promptly.