The word "leakage" is a term that most would not associate with retirement savings.  You hear the word leakage and immediately you have visions of water puddles collecting in your basement from old, rusty, dripping pipes.  Leakage in the retirement sense, however, is a much more serious problem.

Over the past few decades, we have seen a significant change in a worker's retirement.  Gone are the days of traditional employer-funded pensions combined with social security to cover workers' basic retirement income needs.  401(k) plans now represent the main way private sector workers save for retirement, and these accounts, along with 401(k) monies rolled over to Individual Retirement Accounts, will soon be the primary source of retirement income (other than social security).  The emergence of 401(k)'s and IRA's allows much more flexibility to access funds before retirement age when compared to their traditional pension counterpart; and because of this, individuals can access accounts during their work lives, resulting in the potential reduction of retirement assets or "leakage."  The Center for Retirement Research at Boston College (Center) defines retirement plan leakage as "any type of pre-retirement withdrawal that permanently removes money from retirement savings accounts." The Center recently published a study indicating that leakage can potentially lead to a reduction in total retirement assets of 20% to 25% over an employee's working years.

Plan leakages can occur through three methods:  in-service withdrawals, cash-outs, and loans.

In-service withdrawals:  In-service withdrawals encompass hardship withdrawals or withdrawals after the age of 59.5.  Hardship withdrawals allow participants to withdraw their funds for an "immediate and heavy financial need" based on a facts and circumstances determination.  These withdrawals are subject to a tax penalty of 10% (if applicable) and 20% withholding for income taxes.  Withdrawals after age 59.5 for active employees are penalty free and would be subject to the 20% withholding for income taxes if not rolled into another qualified plan.  Many identify this "penalty-free" distribution age as the time to withdraw funds; however, as more and more workers are finding themselves working into their mid to late 60's, a distribution at 59.5 (that has not been rolled over), undercuts the idea of preserving savings until retirement.

Cash-outs: Cash-outs arise upon job separation.  An employee can take a lump-sum cash withdrawal, leave the account with the employer's plan (if allowed), or can roll it into another qualified plan.  Employers can immediately cash-out balances that are below $1,000, and those balances between $1,000 and $5,000 must be directly rolled over.

Plan loans: Plan loans are the least likely offender of leakage; however, there is still risk of loss.  Plan loans are typically required to be repaid between a one and five year period.  If paid back in full, the withdrawal is not taxed; however, the retirement account loses the potential gains on those assets during the repayment period.  If the loan is not paid back because of default, the balance is treated as a lump-sum distribution subject to withholding taxes and a potential penalty (if applicable).

With the significant role that 401(k)'s and IRA's play in today's retirement environment (outside of social security), it is clear that retirement plan leakage should be a serious concern.  Outside of changing federal policy regulations which tighten the ability to withdraw funds out of these vehicles, workers need to understand the ramifications of how drawing funds out of their accounts today, will impact their account balances at retirement.

Author: Matt Neu, CPA

920.684.2549

mneu@hawkinsashcpas.com

There are four potential 401(k) trouble spots becoming a greater focus at the Department of Labor (DOL) in recent months.  Below is a list of the four trouble spots and ways to help assist you to make sure you are in compliance with each: 

Self-directed brokerage accounts, or "brokerage windows" allow participants to purchase individual securities.  The DOL is concerned that participants who do not do their homework on stocks and securities will purchase these investments when they are at their peak, watch the investment lose value as it was over priced, and then sell when the investment is at the bottom.   Plan sponsors need to have investment education plans in place to help teach those who want to have their own self-directed brokerage account in order to help prevent this from happening.  Only about one in five plans offer this type of option, and if they do, very few participants in those plans actually use the brokerage window. 

Lost participants:  Earlier in the year the DOL issued Field Assistance Bulletin 2014-01, which indicates the steps plan sponsor should be taking in order to track down participants who are invested in the Company's 401(k) plan, but correspondence to those individuals is not reaching their intended target.  Some tactics that can be used to track down these individuals include checking with the designated plan beneficiary, sending a notice using certified mail, checking the records of the employer or any related plans of the employer, and use web-based search tools to find lost participants after all other efforts have failed. 

Uncashed distribution checks:  Lost participants are usually determined to be missing when distribution checks, which are sent to the participants, are either returned with an incorrect mailing address or are never cashed.  The DOL's Field Assistant Bulletin provided options to the company on what it should do if it receives a returned distribution check or a check that is not cashed.  These options are to reinstate the former employee's account with the amount of the un-deposited check, hoping that the lost participant will resurface because they never received the money from you.  Another option is to open an IRA or special bank account for the lost participant.  The company is not able to stop payment on the check or forget about the lost participant.  The company needs to maintain records on the matter for tracking purposes. 

ERISA spending accounts:  These accounts have been set up to help minimize plan administrative costs.  Many times these revenue sharing payments were made to the plan's investment managers that otherwise would have gone directly to plan administrators.  Because of the unclear nature of these payments, the DOL issued new fee disclosures in 2012.  Now that these disclosures are being made, the DOL is looking to make sure these payments within a plan are reasonable in light of other available alternatives.  And if they are deemed to be a reasonable approach for a particular plan, the plan sponsor must ensure that its uses and complies with general expense payment, allocation, and depletion rules.   

Keeping up-to-date information on the above four items will help assist you in keeping your 401(k) plan in compliance with rules and regulations.  

Author: Jon Skroch, CPA

920.337.4552

jskroch@hawkinsashcpas.com

Last week, IBM Security reported on an active cyber attack campaign they called "Dyre Wolf."  This attack shows incredible innovation in using a form of malware called "Dyre" along with spearfishing, phishing, social engineering, and Denial of Service (DDoS) attacks in various combinations.  As part of the infection, the Dyre malware establishes a persistent service running on a victim's computer called "Google Update Service."  This service is set to run automatically every time the system starts.  At some point, a screen will pop up telling users that the bank's site is down, and to call a certain phone number.  When the victim calls this number, English-speaking cyber criminals extract banking details from the callers.  After this, large wire transfers are made from the compromised account.  The money is moved in and out of various international bank accounts until finally cashed out by mules.  As money is being moved, some victims also experience a DDoS attack so they are unable to use their web resources.  The thefts are discovered too late to do anything about them.  

What can you do about this?  First, realize that your organization is only as strong as your weakest link.  Proactive education and security awareness are critical.  Secondly, consider performing mock phishing attacks on your employees to see where your weaknesses are--you'll learn a lot.  Educate your employees on basic cyber security. Then, run the mock phishing attack again later to see if you've made any improvements and adjust.   Last, train employees in charge of corporate banking to never provide banking credentials to anyone. 

Author: Steve Kopp, Chief Information Officer at Hawkins Ash CPAs

608.793.3100

skopp@hawkinsashcpas.com