Skip to main content
A business man and client discussing AICPA takeaways.

Key Takeaways From the AICPA EBP Regulatory Update

March 20, 2025
Explore essential employee benefit plan (EBP) industry updates and action items for plan sponsors.

Key Points

  • The American Institute of CPAs (AICPA) has responded to Department of Labor (DOL) feedback with plans to facilitate improvement.
  • Language included in nondisclosure agreements (NDAs) is creating issues for clients and audit firms.
  • Revenue-sharing agreements are under scrutiny.
  • There has been an increase in fraudulent activity within employee benefit plan (EBP) frameworks.

AICPA Response to DOL Audit Quality Review

  • During 2024, the DOL released its most recent study of audit quality. While there was some improvement in EBP audit quality over the previous study, the DOL believes that continuous improvement can and should be made.
  • The AICPA has responded to the DOL feedback with three key points to facilitate necessary improvement:
    • The AICPA will hold quarterly calls with the DOL to be able to more quickly respond to DOL concerns over audit quality.
    • The AICPA will develop an approach to address the top three deficient audit areas of contributions, distributions, and participant data.
    • Given the higher deficiency rate for initial audits, the AICPA will develop resources to assist practitioners in more effectively assessing and testing initial audits of plan financial statements.
  • Action Item: Look out for these expected resources from the AICPA related to initial audits.

Nondisclosure Agreements (NDAs)

  • Recently audit firms have seen third-party providers include wording in NDAs that can create issues including:
    • Violations of laws, regulations, and professional standards due to certain language included in the NDAs
    • Financial risks to the plan sponsor and audit firm
    • Inadvertent noncompliance with the NDAs
  • There is a recent Journal of Accountancy article on this particular issue.
  • Action Item: We recommend clients carefully read NDA language and consider having legal counsel look at the agreements before signing them.

Accurate Recording of Revenue-Sharing Agreements

  • Plans may have revenue sharing arrangements related to plan investment options. The amounts received related to these arrangements are used to offset administrative expenses related to the plan. There is diversity in practice for how these arrangements have been reflected in plan financial statements and are under increased scrutiny.
  • Action Item: Plan sponsors should consider:
    • The correct method to reflect revenue-sharing receipts within plan financial statements, as the Financial Reporting Executive Committee (FinREC) does not consider these amounts to be revenue per ASC 606
    • All relevant facts and circumstances, including terms of the agreement, to determine the correct presentation
    • The policy for recording should be consistent and comparable
    • Including an accounting policy related to these arrangements

Litigation Risk

  • Larger plans are seeing increased litigation related to the utilization of forfeitures in their plans.
    • Most plan documents are drafted in a way to allow the plan management to either use forfeitures of terminated participant accounts to reduce future employer contributions, pay plan expenses, or allocate the funds to existing participant accounts.
    • The litigation is arising from plaintiff attorneys asserting that if plan fiduciaries are acting in the best interests of the plan participants, then they should be interpreting the forfeiture provision in a way that would help maximize the participant account balances.
  • Action Items:
    • For those plan sponsors that elect to reduce future employer contributions with forfeitures, they need to explore the impact and potential risk to the plan sponsor of utilizing forfeitures in this manner.
      • Plan management should also review their policy for handling uncashed benefit payment checks to identify those responsible for monitoring this activity and confirm their policy is consistent with federal, state, and local escheatment guidance.
      • Plan management should monitor the balance in the forfeiture account on an interim basis to utilize the forfeitures on a timely basis and to be compliant with the plan document.

SECURE 2.0

  • Remember that certain provisions from SECURE 2.0 were effective during 2025, so please see our previous communication on this legislation and its impact on your retirement plan.

Regulatory Oversight

  • On December 27, 2024, the DOL launched the Retirement Savings Lost and Found database, which should assist plan participants and beneficiaries in identifying plan assets to which they are entitled as a result of their participation in retirement plans in the United States.
    • This resource was created by the SECURE Act of 2022 and provides participants with a central database they can search for lost or forgotten retirement plans they may have participated in for previous employers.
    • Given the portability of today’s workforce, this resource should assist workers in not only identifying what funds they may be entitled to but can also assist them in obtaining guidance on how to request their funds.
  • The DOL is scrutinizing Personally Identifiable Information (PII) included in Form 5500 filings in recent years, as many have included inappropriate PII. The following PII should not be included with the plan sponsor’s Form 5500 filing:
    • Social Security Numbers
    • Account Numbers
      • Do not attach IRS Form 8955-SSA to the Form 5500 filing.
      • Inclusion of Social Security Numbers could lead to a rejected filing.
    • Timely filing of Form 5500
      • Deficient filing means the filing was made but was inaccurate or was missing certain information. Delinquent filing indicates the Form 5500 was not filed for the plan.
      • A deficient filing is almost always preferable to a delinquent filing.
  • Action Items:
    • Plan management can utilize the above link to provide information to plan participants to assist them in researching funds they may have from previous employers.
    • Form 5500 review by plan management should include a focus on verifying the lack of any PII included in the filing.
    • Always prioritize responding to deficient or delinquent filing notices from the DOL, as the penalties generally begin on the original due date of the Form 5500 filing as opposed to when the issue was identified.

Employee Benefit Plan (EBP) Industry Fraud

  • Fraudulent activity within the framework of an EBP for many plan sponsors is generally not evaluated as a significant risk by the plan sponsor, given that a majority of plan activity is outsourced to third-party administrators.
  • Over the last several years, there has been an increase in fraudulent activity.
    • For the 2023 Form 5500 filing cycle, there were 94 plans that reported a loss due to fraud or theft in their EBP.
  • Examples of recent fraudulent activity in EBPs:
    • Fraudulent participant loans requested by hackers and others with system access
    • Manipulation of contribution data by those having access to such data to reallocate deferrals into their own participant accounts
    • Plan sponsors for defined benefit plans utilizing unrealistic discount or turnover rates to mask a significant understatement of the plan’s benefit obligations
    • Paying fraudulent plan expenses for vendors created by plan sponsor employees
    • Requesting unauthorized distributions of participant accounts for “lost” employees
  • Action Item: Plan fiduciaries need to evaluate the plan’s control structure to gauge the plan’s ability to identify and deter or prevent such instances of fraud as it relates to the EBP.

If you have questions or want to learn more about the current EBP landscape or any of the topics covered above, please reach out to an EBP audit professional at Forvis Mazars.

Related FORsights
Like what you see?
Subscribe to receive tailored insights directly to your inbox.