For the first time as a business owner I was faced with a decision to address Cybersecurity, an area of compliance my industry had not dealt with before.  I checked out a few IT companies which would offer this protection and toyed with the idea, since there was a sizable cost involved in setting this up, that I would let the Department of Financial Services come “knocking on my door” first.  Afterall, I am a one man show and why would they waste their time coming after me for this regulation.

After sleeping on it, I decided that the risk versus the possible fines for not complying was simply not worth it.  I had invested my heart and soul into my business, and I would not chance losing it.  What I also realized, however, was that many of my clients and prospects were carrying on with their businesses with exposure and potential penalties from their compliance gaps.  They were taking the same risk I had thought about – let them “come a knockin!”

Federal and State agencies are no longer sitting back and waiting for employees to notify them of incidences that may occur during employment to perform an audit.  Since the PPACA was passed in 2010, departments like the DOL and IRS, are proactively searching for small employers that are not meeting guidelines and procedures in a variety of areas.  These departments need the funding from non-compliance penalties.

The following are such regulations that are at risk for your business:

5500 Compliance requires detailed financial, actuarial, and other information on an annual basis for each employee benefit plan.  Risks are present if you did not file your 5500, did not provide a summary annual report (SAR) in a timely manner to participants, and/or did not maintain records on 5500 information.

Non-Discrimination Testing ensures cafeteria plans, like Flexible Spending Accounts (FSA’s), Premium Only Plans (POP’s) and Section 125 plans, do not favor highly compensated employees (HCE’s) and key employees.  Tests are complicated but, in general, are designed to protect employees from being discriminated with reference to eligibility, benefits, and utilization of the plan.  Risks include salary reductions or other benefits to HCE’s, or Key employees, to be taxable.

ACA Compliance requires providers of minimal essential coverage, typically a health insurance carrier and employers that sponsor self-insured plans, to report certain coverage information to the IRS and to covered individuals.  This normally applies to Applicable Large Employers (ALE’s), however small employers that offer Health Reimbursement Arrangements (HRA’s) would have obligations as they are sponsoring a self-insured plan.  There are multiple risks and potential penalties for failure to file, failure to distribute to covered employees, along with corrections from these failures.

COBRA Compliance enforces employer responsibilities to offer COBRA and/or Continuation Coverage for every qualified beneficiary who will lose group coverage as the result of a qualifying event such as termination of employment or loss of eligibility for benefits (ex. reduction in hours worked).  COBRA may also apply to other group benefits offered to the employee like Dental and Vision, HRA’s, EAP’s, discount and wellness programs.  Risks involve excise tax penalties and statutory penalties under ERISA.

ERISA Compliance requires detailed disclosure to covered individuals, both employees & beneficiaries, and detailed reporting to the government.  There are many compliance obligations that are addressed when an employer has provided their employees with a Summary Plan Description/Wrap Document. This document contains most of the responsibilities under ERISA as it includes pertinent information for the employee to understand the benefits they are offered, along with their rights as a participant in the plan.  The risks associated with not being compliant with ERISA involve both civil penalties and criminal punishment.

Should you be a firm looking to proactively address regulations mentioned above, I am very excited to announce my partnership with PrimePay, enabling my firm to offer a Compliance Tool to help employers measure and mitigate their compliance risk.  It is a step-by-step intuitive questionnaire and, at its conclusion, provides a report to address the gaps you need to stay compliant with regulations.  Please reach out to and I will send out this Compliance Tool with absolutely no obligation, other than to enable peace of mind for you – and your company.