
Audit Ready: Protect Your Benefit Plan from Costly Compliance Mistakes
As organizations face increasing scrutiny from regulatory bodies, ensuring your benefit plans are audit ready has become more critical than ever. A proactive approach to compliance can save organizations from monetary penalties, reputational damage, and employee dissatisfaction.
The Alliance recently held a webinar with John Barlament, a Shareholder at Reinhart Boerner Van Deuren to help employers understand how to maintain compliance and proactively prepare for potential audits. You can watch a recording of the webinar here.
Understanding the Audit Landscape: What, Who, Why, and How?
What: Employers and plan sponsors need to be ready for possible audits or investigations by agencies like the Department of Labor (DOL), Internal Revenue Service (IRS), or Health and Human Services (HHS). These audits usually focus on how plans are managed, regulation violations, and benefit payments.
Who: Compliance starts at the leadership level. Board members, plan administrators, and fiduciaries play key roles. Assigning responsibilities to a benefits committee—especially one experienced in managing health and welfare plans—can also help reduce risks and improve oversight.
Why: The DOL’s annual audits often uncover fiduciary breaches, which can result in financial penalties. Non-compliance can lead to penalties of $100 per day per affected individual, cause reputational damage, and even end in legal repercussions.
How: The first step is understanding which laws apply to your plans. For example, ERISA covers most plans, while non-ERISA plans must follow state laws. Next, stay updated on legal changes, revise plan documents as needed, and ensure vendor contracts clearly address compliance.
Key Benefit Laws to Focus On
While all benefit laws are important for employers and fiduciary parties to understand, from a risk perspective, here are some key laws to keep in mind:
The Employee Retirement Income Security Act (ERISA)
ERISA is a federal law that sets the standards for managing employee benefit plans. For self-funded employers, it’s important to understand ERISA because it requires them to act in the best interest of their employees, manage the plan carefully, and follow rules for reporting, disclosures, and avoiding conflicts of interest. Non-compliance can result in significant penalties, legal challenges, and reputational harm.
Mental Health Parity and Addiction Equity Act (MHPAEA)
MHPAEA is a federal law requiring health plans to provide equal coverage for mental health and substance use disorder (MH/SUD) benefits as they do for medical and surgical (M/S) benefits. For self-funded employers, understanding MHPAEA is crucial to ensure compliance with rules about coverage limits, costs, and treatment restrictions. Learn more about how to comply with MHPAEA here.
Consolidated Appropriations Act (CAA)
The CAA introduced significant compliance requirements for health plans to promote transparency and protect plan participants. Key provisions include the prohibition of gag clauses that limit access to cost or quality information, stricter rules around broker and consultant compensation disclosures, and detailed reporting for air ambulance services.
Affordable Care Act (ACA)
The ACA introduced key reforms that impact health plans. It requires plans to provide essential health benefits, cover preventive services without cost-sharing, and adhere to rules like prohibiting lifetime limits on coverage. Additionally, large employers must meet employer mandate requirements by offering affordable, minimum-value coverage to full-time employees or face penalties.
Consolidated Omnibus Budget Reconciliation Act (COBRA)
COBRA gives employees and their families the right to continue their health coverage temporarily after certain qualifying events. For self-funded employers, understanding COBRA is critical because it places the responsibility on them to offer continuation coverage, provide timely notices, and administer the program accurately.
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA sets rules to protect the privacy and security of individuals’ health information. For self-funded employers, understanding HIPAA is critical because they often handle sensitive employee health data through their health plans. Non-compliance with HIPAA can lead to fines, legal issues, and loss of trust from employees. So, employers must ensure proper safeguards are in place to protect this information, update security policies, train staff on privacy practices, and limit access to only those who need it.
The Role of Fiduciaries
Liability for benefit plan compliance often begins with the board of directors or trustees, but it can be helpful to delegate some tasks. A benefits committee, which is often used for retirement plans, can manage health and welfare plan oversight effectively. Internal coordination across legal, HR, finance, and risk management teams can ensure a holistic approach to compliance.
Fiduciaries must:
|
What to Expect During an Audit
When it comes to an audit, preparation is key. Designate a point person to coordinate document collection and engage legal counsel to review submissions. Respond promptly to avoid penalties for delays. Audits often start with a letter to the plan administrator requesting specific documents. These can include:
|
During audits or investigations:
- Cooperate with auditors: Be professional and avoid confrontation.
- Limit scope: Provide only what’s required and seek clarifications if requests are overly broad.
- Leverage legal support: Legal counsel can help protect privileged information and negotiate favorable outcomes.
Following the investigation, ensure policy changes are implemented and evaluate their impact on fiduciary insurance renewals.
Staying Ahead of an Audit: Benefit Plan Compliance
Benefit plan compliance is an ongoing process that requires continuous attention. To stay ahead, it’s important to set a schedule for regularly reviewing and updating plan documents. Keep track of regulatory changes and court decisions to make sure the plan remains compliant. Additionally, conducting regular vendor audits helps ensure that all parties are meeting their contractual obligations. Finally, educating plan fiduciaries about their roles and responsibilities is crucial to maintaining effective oversight and compliance.
Staying audit-ready is about more than avoiding penalties; it’s about safeguarding your organization’s integrity and your employees’ trust. By focusing on compliance, leveraging internal and external expertise, and fostering transparency with service providers, you can minimize risks and maintain a robust benefit plan. Remember, preparation today prevents costly mistakes tomorrow.
If you’d like to learn more about how to ensure compliance with ERISA and the CAA, register for our March webinar.