While the sweltering roil of temporary regulatory changes related to the COVID-19 pandemic may have cooled and the initial burst of SECURE 2.0 steam begins to dissipate, sponsors of employee benefit plans should keep their eyes on several hot button issues during the remainder of 2024 as these issues continue to percolate.

1. SECURE 2.0 Optional Provisions & Additional Regulatory Guidance

Due to the graded nature of effective dates for many SECURE 2.0 provisions, plan sponsors must continue to watch the proverbial pot of retirement plan regulations boil as more and more provisions are added into the mix in 2024. A number of provisions under SECURE 2.0 became effective for plan years beginning after December 31, 2023. In addition, the haze surrounding certain SECURE 2.0 provisions was recently addressed head-on by the IRS in new guidance issued on December 20, 2023. Some of the more important SECURE 2.0 provisions with upcoming implementation requirements, or for which this new guidance provides clarification, include:

• Roth Treatment for Matching and Nonelective Contributions at the Participant’s Election
• Self-Certification for Hardship Distributions
• Automatic Enrollment Requirements for New Retirement Plans
• Student Loan Payments Treated as Elective Deferrals for Matching Contribution Purposes
• Distributions for Domestic Abuse Victims
• In-Plan Emergency Savings Accounts
• Safe Harbor Corrections of Automatic Enrollment Errors

For additional information on the prior SECURE 2.0 requirements, please refer to our previous January 2023 blog post. As employers continue to grapple with retention and hiring efforts in an uncertain labor market, we recommend considering the array of permissible retirement plan changes that are available to bolster any benefits package and ease plan administration.

2. Prescription Drug Prices and State PBM Legislation

Prescription drug prices continue to receive air time across the nation as lawmakers take actions that may not have the desired effects of fighting back against the rising costs of healthcare. From the much anticipated first drug price negotiations between Medicare and pharmaceutical companies to state and federal legislation targeting the pharmacy benefits management industry, prescription drugs’ impact on overall healthcare spending has taken center stage. As part of these efforts, pharmacy benefits managers (PBMs) have recently become the target of a litany of new laws at the state level. With these new rules, which vary across each state, plan sponsors of self-funded plans are not only faced with increased complexity in plan operations, but also with significantly increased costs. We are concerned that some plan sponsors have not yet realized the financial impact that these state laws will have on their plans.  

Right on cue, and in light of these novel PBM laws, ERISA preemption continues to evolve—showcased by the recent Mulready decision in the 10th Circuit. Mulready represents a win for self-funded health plans subject to ERISA, as discussed in our September 2023 Law360 article, with the court ruling that ERISA preempts a recent PBM law in Oklahoma. As more states push for restrictions on the design and operation of pharmacy benefit programs – which directly affect the design and cost of pharmacy benefits under employer-sponsored plans – the need for plan sponsors to navigate and understand the impact of these varying PBM laws grows.

3. Welfare Plan Compensation Disclosure and Fee Litigation

The Consolidated Appropriations Act of 2021 expanded ERISA’s compensation disclosure regime to encompass welfare plan service providers. Brokers and consultants providing services to group health plans subject to ERISA must disclose if they reasonably expect to receive at least $1,000 in direct or indirect compensation for their services. These disclosures must also include a description of the services, a statement regarding whether the service provider is a plan fiduciary, and a description of all compensation the service provider expects to receive in exchange for its services.

As these disclosures make their way into the hands of the public, the plaintiffs’ bar has recently begun to push a familiar cause of action into a novel sector: excessive fee claims, a common lawsuit in the retirement plan sphere, but now brought against health plan fiduciaries. The hot-off-the-press complaint in Lewandowski v. Johnson and Johnson is the first salvo here. On February 5, 2024, a Johnson & Johnson employee filed a proposed class action lawsuit in New Jersey federal court claiming that workers were overcharged for prescription drug benefits due to a lack of monitoring by plan fiduciaries. The complaint references the ERISA health plan service provider compensation disclosure rules, asserts claims reminiscent of retirement plan excessive fee litigation, and serves as a preview of potentially many more similar claims to come in the future.

As all signs point to an uptick in these new health plan excessive fee cases and the scope of plan fiduciary duties continues to expand, actions by plan fiduciaries can be taken now to insulate against liability. Watch for new content soon in which we will provide some actionable steps for plan sponsors to take to mitigate potential exposure and shore up health plan fiduciary practices.

4. Cybersecurity

Since the Department of Labor (DOL) announced new cybersecurity guidance for retirement plan stakeholders back in April 2021, the threat of data breaches and cyberattacks from unscrupulous online actors has only increased. While DOL audits of retirement plans now regularly include a deep dive into cybersecurity practices, lawsuits by participants against employers and plan sponsors have also started to include claims for breach of fiduciary duty based on cybersecurity incidents.

One such case to watch is Disberry v. Employee Relations Committee of the Colgate-Palmolive Company, in the Southern District of New York. Here, the plaintiff claimed that the plan administrator breached its fiduciary duties by allowing unauthorized distributions of plan assets after a fraudster gained access to her retirement account information. Insufficient cybersecurity measures open plan sponsors to not only the administrative and employee-relations troubles of being hacked, but also costly lawsuits.

As our previous blog post on cybersecurity indicates, there are numerous actions that plan sponsors may take to ensure they are meeting their fiduciary duties, protecting plan participants, and minimizing litigation and operational risk. Such actions include implementing an internal written cybersecurity policy and reviewing service provider agreements to ensure that these contain third-party cybersecurity protections.

5. Gender Affirming Care Considerations

A recent frequently asked question with respect to self-insured plan design is whether or not to provide coverage for gender affirming medical care. The current legal state of transgender rights makes this a difficult question. The Affordable Care Act’s (ACA) Section 1557 nondiscrimination rules may pose a challenge to employers seeking to exclude coverage if they are principally engaged in the business of providing healthcare or receive federal financial assistance. However, even for those plans to which Section 1557 does not apply, Title VII of the Civil Rights Act may be a concern, as the Supreme Court held in Bostock v. Clayton County that Title VII also prohibits discrimination based on sex and gender, and the Constitution’s Equal Protection Clause is waiting in the wings to threaten further liability.

However, the decision to provide coverage also comes with it potential risks. If a group health plan provides any level of coverage for medically necessary gender affirming care, the Mental Health Parity Act would require the plan to cover gender dysphoria mental health treatment “in parity” with medical/surgical benefits. In addition to federal concerns, an increasing number of states are enacting strict restrictions prohibiting providers from performing, and employer sponsored health plans from covering, medical procedures aimed at addressing gender dysphoria. These new state level restrictions may come with criminal penalties, further complicating plan sponsor reliance on general ERISA preemption protections.

Case law, federal requirements, and state laws combine here to make coverage or exclusion of gender-related treatment and services an evolving issue. Disputes over such coverage—some brought by plan participants, others by governmental enforcement agencies—and findings of employer liability are becoming increasingly common in this area. While it may be possible (and legal) for employers to design a welfare plan that satisfies a plan sponsor’s coverage goals for gender dysphoria treatments, any decision poses the risk of exposure to costly lawsuits, under either federal antidiscrimination laws or state laws seeking to restrict access to these procedures.

6. ACA Affordability Threshold

With the start of 2024 comes the lowest ACA affordability threshold to date. As discussed in our February 2024 blog post, this drastic decrease in the affordability threshold for group health plan cost sharing puts plans at risk of unanticipated ACA penalties for failing to offer affordable coverage. In order to be deemed affordable under the ACA, the cost of employee premiums for the lowest, self-only coverage option under an employer provided health plan must not exceed a certain percentage of an employee’s household income or other safe harbor metrics. At 8.39% for plan years beginning in 2024, group health plan sponsors should review their lowest cost, single-only coverage tiers to ensure their coverage is affordable and thus avoid the risk of applicable ACA penalties.