SECURE Act 2.0: Key Changes to Employee Benefit Plans Audits

Passed in December 2022, the Secure Act of 2022 (Secure 2.0) is a comprehensive retirement reform aimed at expanding access to retirement plans, reducing the cost of offering plans for employers, and easing the administrative burden of managing plans. Below is a quick reminder of the Secure 2.0 provisions, their impact on employee benefit plans, and guidance on how employers can prepare.

Expansion of Automatic Enrollment 

Beginning in 2025, new 401(k) plans must include an eligible automatic contribution arrangement that automatically enrolls employees in the plan with a default contribution rate between 3% and 10%. Employers may opt out of this within 90 days of automatic enrollment. New 401(k)s must also include an auto-escalation requirement of 1% of compensation annually (up to a maximum of at least 10% annually).  

Eligibility for Part-Time Employees 

Under the 2019 Secure Act, 401(k) plans were required to permit employees to contribute to the plan if they worked at least 500 hours annually for three consecutive years and were at least 21 years old by the end of the three-year period. 

Effective for plan years beginning after December 31, 2024, part-time employees may contribute to a 401(k) plan after a two-year period under the Secure Act 2.0.

Increased Catch-Up Contributions Limit 

Employees aged 50 and older are eligible to make catch-up contributions in addition to their standard deferral contribution amounts. The Secure Act 2.0 increases the catch-up contribution limit for active participants aged 50 and older to $7,500 and raises the catch-up contribution limit for those aged 60 to 63 to $11,250.  

Pre-Tax Catch-Up Contributions 

If permitted by the plan, participants could make catch-up contributions on a pre-tax or Roth basis before the Secure Act 2.0 took effect. Under Secure 2.0, employees aged 50 and older who made more than $145,000 in the previous plan year must have all catch-up contributions made to Roth accounts (effective for tax years beginning after December 31, 2023). 

Beginning in 2026, employees who make $145,000 or less may continue to make catch-up contributions to pre-tax 401(k) accounts, and employees who make over $145,000 must make Roth 401(k) catch-up contributions using post-tax dollars.  

Note that employers with non-calendar year plans must track employee compensation by the calendar year, not the plan year. 

Nonelective Contributions and Roth Matching 

Prior to Secure 2.0, employers had to make matching and non-elective contributions on a pre-tax basis. Under the Secure Act 2.0, employers can allow 401(k) plan participants to elect that non-elective or matching contributions be made as after-tax, Roth contributions, even if the plan does not permit Roth elective deferrals. Employees must be 100% vested in their non-elective or matching contributions when allocated to their account to designate these contributions as Roth. 

Matching Contributions for Qualified Student Loan Payments 

Prior to Secure 2.0, employers could not make 401(k) matching contributions based on the amount of an employee’s student loan payments. Effective for plan years beginning after December 31, 2023, employers can treat all student loan payments as elective deferrals and make matching contributions on those payment amounts. 

Short-Term Emergency Savings Accounts 

Secure 2.0 permits employers to amend plan documents to offer employees short-term emergency savings accounts (ESAs). ESA contributions are capped at $2,500 (indexed for inflation) and can only be funded with post-tax Roth contributions. Employers can automatically enroll their employees in ESAs at a maximum rate of 3% of the employee’s compensation. 

Emergency Expense Withdrawals 

Effective for distributions made after December 31, 2023, employees can take one penalty-free withdrawal of up to $1,000 annually under Secure 2.0, and the plan sponsor may rely on participant self-certification. 

Hardship Withdrawal Self-Certification 

The IRS permitted hardship withdrawal self-certification before the Secure Act 2.0; however, the 401(k) plan was responsible for maintaining documentation related to the participant’s hardship needs. 

For 401(k) plan years beginning after December 31, 2022, Secure 2.0 allows employers to rely on an employee’s self-certification that they have a hardship and that the distribution amount does not exceed their need. 

Distributions for Domestic Abuse Victims 

Effective for distributions made after December 31, 2023, Secure 2.0 allows retirement plans to permit participants who are victims of domestic abuse to request a distribution for up to $10,000 (indexed for inflation) or 50% of the participant’s vested account balance, whichever is less. In addition, victims of domestic abuse can access retirement savings without being subject to the 10% early withdrawal penalty. 

Updated Mandatory Distribution Limits 

Employers can distribute former employees’ 401(k) balances and roll them over to an IRA if that former employee’s balance is less than $7,000 for distributions made after December 31, 2023. 

Increased Required Minimum Distribution Limit 

The Secure Act 2.0 increases the required minimum distribution (RMD) age from 72 to: 

• 73 for employees who turned 72 after December 31, 2022, and will turn 73 before January 1, 2033 

• 75 for employees who will be age 74 after December 31, 2032 

This provision is effective for all distributions made after December 31, 2022, and applies to employees who were 72 years old after December 31, 2022. 

Preparing for 2025 Employee Benefit Plan Audits 

Changes from the Secure Act 2.0 will make upcoming employee benefit plan audits more challenging for employers as they adjust to the new requirements. Employers should review their employee benefit plan details carefully to be sure they are in compliance and up to date. If you need assistance with preparation or have questions, please contact us today using the form below.