On December 23, 2022, Congress passed the Securing a Strong Retirement Act of 2022 (Secure 2.0) as part of the Consolidated Appropriations Act of 2023, which President Biden signed into law. The Secure Act 2.0 will require several changes for retirement plans. The act’s provisions have a variety of effective dates, so the discussion below is organized chronologically.

Provisions Effective January 1, 2023

Required minimum distribution age raised.

The original Secure Act of 2020 raised the age at which participants in employer-sponsored defined contribution plans [including 401(k) plans] must begin taking required minimum distributions from 70½ to 72.

Secure Act 2.0 further raises the age for starting required minimum distributions for terminated employees who are participants, as well as 5% owners from 72 to 73 (and thereafter to 75 in 2033). The change applies to distributions made after Dec. 31, 2022, for individuals who turn 72 after that date.

Penalty for a missed RMD reduced.

Secure Act 2.0 decreases the penalty for a failure to take a required minimum distribution from 50% of the underpaid amount to 25%.

Roth employer match.

Secure Act 2.0 enables employers to permit plan participants to elect to receive vested employer matching contributions or vested employer non-elective contributions on a Roth (i.e., after-tax) basis, rather than only on a pre-tax basis. This optional provision treats employer contributions as Roth contributions.

To take advantage of this provision, plan participants elect a Roth, pay taxes up front, and later take out the matching contributions or non-elective contributions, and any earnings thereon tax-free.

It is advisable for plan sponsors to await regulatory guidance as to whether a plan needs to fully and immediately vest employer matching contribution accounts (or employer non-elective contribution accounts) to offer Roth treatment for employer contributions or, alternatively, whether the plan can continue to apply an existing vesting schedule and the employee making the election has to be fully vested in their employer contribution account to make the election.

Gift cards.

Employers may now hand out de minimis financial incentives (e.g., a small cash payment or gift card) that are not paid for with plan assets in order to encourage employees to contribute to their plan. Prior law prohibited employers from requiring employees to contribute to a plan as a condition for receiving a payment, and the only benefit that could be related to an employee participating was a matching contribution made to the plan.

Overpayments may remain in the plan.

The law now permits employers to not recoup overpayments from retirees in the event of a mistaken overpayment of benefits. Good faith relief is available for the recovery of benefit overpayments predating enactment of Secure Act 2.0. Overpayments may also be rolled over.

Penalty free withdrawal for terminal illness.

Secure Act 2.0 eliminates the 10% early distribution penalty for a withdrawal made by a terminally ill individual.

Reduced service required of part-time, long-term employees.

The new law reduces the length of service required for part-time, long-term employees (those who have reached age 21 and performed at least 500 hours of service in consecutive years) to be included in the plan from three years to two years. This builds upon the expanded eligibility provided by the original Secure Act.

Plan sponsors are not required to match elective deferrals made by part-time, long-term employees. The part-time, long-term employee provision now also applies to ERISA-covered IRC section 403(b) plans.

Hardship withdrawal self-certification.

Employers may now rely on an employee self-certification that they have experienced a hardship for purposes of taking a hardship withdrawal from retirement plan accounts, which is in addition to the existing self-certification that the employee has no other funds available to satisfy the hardship.

Nevertheless, the legislation does not specifically exempt employers from procuring adequate documentation, although the Coronavirus Aid Relief and Economic Security (CARES) Act enabled employers to rely on COVID-19 self-certifications without liability unless they knew, or should have known, that no hardship existed.

Cautious employers may continue to require participants to submit documentation to support a hardship withdrawal request due to the uncertainty as to how IRS agents and plan auditors will handle examinations and audits, respectively, given this provision.

Recordkeepers continue to offer online self-certification for hardship withdrawals without requiring participants to submit documentation. Nevertheless, IRS agents conducting examinations and plan auditors conducting financial audits have asked employers for proof that the withdrawals were made on account of hardship.

It is advisable for plan sponsors to await regulatory guidance as to whether they will be required to maintain adequate documentation if they permit employees to self-certify to obtain a hardship withdrawal.

IRS relief.

Secure Act 2.0 expands the IRS Employee Plans Compliance Resolution Systems (EPCRS) program to cover additional types of operational errors, including most inadvertent failures to comply with tax-qualification rules that are eligible for self-correction, assuming IRS practices and procedures were in place to prevent such errors.

The additional types of operational errors include participant loan errors, whereas the IRS practices and procedures in place to prevent errors include a participant contribution deposit procedure and hardship withdrawal administrative procedure.

Secure Act 2.0 enables employers to permit plan participants to elect to receive vested employer matching contributions or vested employer non-elective contributions on a Roth (i.e., after-tax) basis, rather than only on a pre-tax basis.

Notice requirements for unenrolled participants eliminated.

Employers are no longer required to provide certain notices to participants who are eligible but have elected not to participate in the plan (e.g., unenrolled). But employers must still provide the summary plan description in connection with initial eligibility under the plan and an annual reminder notice of the participant’s eligibility to participate in the plan and any applicable deadlines.

Deferred annuities.

Secure Act 2.0 provides a safe harbor from the minimum distribution rule for employers offering a qualified longevity annuity contract, into which a participant may allocate up to $200,000 from their account to make guaranteed payments at the end of an individual’s life expectancy.

Provisions Effective January 1, 2024

Age-based catch-up contributions.

Secure Act 2.0 requires catch-up contributions made at age 50 or older be treated as after-tax (i.e., Roth) contributions for employees whose wages (as defined for Social Security FICA tax purposes) exceed $145,000 (indexed for inflation) in the prior calendar year.

Employees whose wages are equal to or less than $145,000 are permitted to make catch-up contributions on a pre-tax or after-tax (Roth) basis.

Accordingly, plan sponsors that want to offer catch-up contributions to participants whose earnings exceed $145,000 must offer Roth catch-up contributions. If a plan only offers pre-tax catch-up contributions, participants with wages exceeding $145,000 will be precluded from making catch-up contributions.

Participants must pay tax on these catch-up contributions, but they may withdraw these post-tax contributions and earnings thereon tax-free.

Currently, catch-up contributions can be made on either a pretax basis or after-tax (Roth) basis, if they are permitted by the plan.

Matching student loan payments.

Employers will be permitted to make matching contributions to retirement plans based upon employees’ student loan payments. The matching contributions on student loan payments must vest under the same schedule as other matching contributions under the plan. Accordingly, plan sponsors may treat qualified student loan repayments as employee elective deferrals for purposes of matching contributions in a retirement plan. These matching contributions have to be made available to all match-eligible participants.

Qualified student loans include any indebtedness incurred by an employee solely to pay qualified higher education expenses. Employees who receive these matching contributions are required to certify annually to the employer that payment has been made on the qualified student loan.

Employers may now rely on an employee self-certification that they have experienced a hardship for purposes of taking a hardship withdrawal from retirement plan accounts.

A plan may separately test employees who receive matching contributions on student loan repayments for purposes of the annual nondiscrimination test. Student loan payments will not be treated as plan contributions for purposes of the test.

This provision in the law is a codification of a 2018 private letter ruling permitting an employer to establish a student loan program in its 401(k) plan and make non-elective contributions for participants making student loan repayments.

It is advisable to match student loan payments to be competitive and thus attract and retain quality personnel, even though it would increase the cost of the employer match.

Emergency savings accounts.

Secure Act 2.0 permits plan sponsors to add an emergency savings account to their retirement plan, designated as an after-tax (Roth) account. Sponsors may automatically enroll non–highly compensated employees (e.g., those earning up to $150,000 in 2023) at no more than 3.0% of their compensation, not to exceed $2,500 annually (or lower, as set forth in the plan).

Contributions are made post-tax and are treated as employee elective deferrals for purposes of matching contributions. Once the $2,500 annual cap has been reached, the excess in an emergency savings account becomes pre-tax retirement plan savings. Employer matching is also capped at $2,500 annually. Withdrawals from emergency savings accounts will be tax-free and penalty-free.

Plan administrators will be permitted to rely upon a participant’s self-certification, whereas the IRS needs to issue guidance for situations in which the plan administrator has actual knowledge that there are employee misrepresentations.

It is advisable to provide emergency savings accounts to be competitive and thus attract and retain quality personnel, even though it would increase the cost of the employer match.

Penalty-free withdrawals.

Under the legislation, no 10% early distribution penalty will be assessed on a withdrawal of up to $1,000 before age 59½ that is used for emergency expenses that are unforeseeable or immediate financial needs relating to personal or family emergency expenses.

Taxpayers can repay the withdrawal within three years; however, no further emergency withdrawals are permitted during this period unless repayment occurs.

Domestic abuse survivors may access their retirement accounts of an amount equal to the lesser of $10,000 (indexed for inflation) or 50% of the participants’ account, which will not be subject to the 10% early distribution tax. Participants must self-certify that they experienced domestic abuse. A participant can repay the withdrawn amount over three years and will be refunded income taxes on the repaid amount.

Automatic enrollment relief.

The new law will permit employers to self-correct automatic enrollment mistakes without penalty up to nine months after the end of the plan year in which the mistake was made, upon establishing automatic enrollment and contribution escalation arrangements.

Other provisions.

Secure Act 2.0 will permit recordkeepers to provide plans with automatic portability services, including the automatic transfer of a participant’s default IRA (established with an automatic rollover from a former employer’s plan) into a new employer’s plan, unless the participant affirmatively elects otherwise.

The new law will increase the automatic rollover amount from $5,000 to $7,000, for terminated vested employees. The legislation will exempt Roth accounts in retirement plans from the required minimum distribution requirement.

Provisions Effective January 1, 2025

Catch-up contributions.

Effective January 1, 2025, Secure Act 2.0 increases the annual participant catch-up contribution limit to the greater of $10,000 (indexed for inflation), or 50% more than the regular catch-up limit for individuals age 60 through 63 ($7,500 to $11,250 in 2023).

Automatic enrollment for new plans.

The new law will require employers establishing new plans after enactment to automatically enroll employees upon becoming eligible by at least 3.0%, and not more than 10%, increasing by 1.0% annually up to a maximum of 10%. Existing plans are grandfathered.

Employees can opt out of automatic enrollment after an employer automatically enrolls them, whereas some plans offer a distribution of the automatically enrolled amounts.

All current 401(k) plans are grandfathered, which means that employers sponsoring existing 401(k) plans are not required to add automatic enrollment.

This provision does not apply to employers with 10 or fewer employees or to employers in business for less than three years.

National database.

Employers ready to pay benefits but unable to find retirees because former employees have changed their addresses (or names) will be able to search a Department of Labor database to be created by January 1, 2025.

Other Provisions Effective January 1, 2026 and Beyond

Unless a participant elects otherwise, an employer is required to provide a paper defined contribution plan benefit statement at least annually.

Employers may amend their plan to take into account Secure 2.0 Act provisions by December 31, 2026, provided their plan operates in accordance with such amendment as of its effective date (i.e., plan sponsor practices must be operationally compliant in order for plan sponsors to retroactively amend their plan).

Action Items

Responsible federal agencies will provide regulatory guidance to implement Secure Act 2.0. Plan sponsors need to monitor their record-keeper’s new processes and adopt their conforming amendment to administer and carry out Secure Act 2.0 provisions.

CPAs and retirement advisors should evaluate the opportunities and implications of Secure Act 2.0 on the retirement plans sponsored by their clients with parties charged with governance as soon as practicable.

Sheldon M. Geller, JD, CPA, is the president of Stone Hill Fiduciary Management, LLC, Great Neck, N.Y. He is a member of The CPA Journal Editorial Advisory Board.