Key Updates for Your 2025 Employee Benefit Plans

Serving as a fiduciary on an employee benefit plan is an important responsibility. And with often-changing regulatory requirements, it can be challenging to stay on top of them all.

Learn some of the new regulations and insights you should know as a plan advisor.

Secure 2.0 Act update

The SECURE 2.0 Act of 2022 introduces significant changes to enhance and protect retirement security. Key provisions include:

• Mandatory automatic 3% enrollment for new retirement plans
• Increased starting age for required minimum distributions
• Enhanced catch-up contributions
• Matching contributions for student loan repayments instead of matching retirement plan contributions

Other new changes include increasing incentives and credits for small businesses to offer retirement plans, allowing 403(b) plan sponsors to join multiple employer and pooled employer plans, enhancing the saver’s credit, reducing excise tax penalties for failing to take RMDs, and establishing penalty-free withdrawals for domestic abuse victims and terminally ill individuals.

DOL focus on audit quality

Earlier this year, the Department of Labor (DOL) issued the results of its most recent audit quality study, which focused on the financial statement audits of employee benefit plans covered under the Employee Retirement Income Security Act (ERISA) for the 2020 filing year.

The study showed 30% of audits had at least one deficiency, an improvement from 39% in the previous study. Additionally, only 8% of audits had five or fewer deficiencies, compared to 48% previously. Most deficiencies were found in testing participant data and contributions.

The DOL found a strong link between the number of audits a firm performs and the quality of those audits. Firms conducting at least 25 audits annually had a major deficiency rate of 25%, while those with fewer than 25 audits had a rate of 55%. Firms with 100 or more audits had the lowest rate at 17%.

Recent audit standard changes

Starting December 15, 2023, new auditing standards (SAS 143–145) are in effect. These changes are driven by updates in international accounting standards and observations from AICPA peer reviews. SAS 143 focuses on auditing accounting estimates, requiring auditors to assess inherent and control risks separately. This means auditors will need to understand the plan, system, and internal controls better to evaluate estimates accurately.

SAS 144 and 145 bring additional clarity and enhancements. SAS 144 addresses the use of specialists and pricing information, which may lead to more specialists being involved in audits of complex investments. SAS 145 updates the approach to understanding an entity and its environment, emphasizing IT risks and a holistic risk assessment. These standards aim to improve audit quality by modernizing and clarifying the auditing process.

New contribution limits

In November 2024, the IRS released the 2025 contribution and income limits for retirement accounts. These limits typically increase annually to reflect cost-of-living adjustments.

Recommended practices for plan management

Cybersecurity

Retirement plans often hold millions of dollars or more in assets and maintain participants’ personal data, which can make them attractive targets for cybercriminals. 

The DOL’s Employee Benefits Security Administration recommends a cybersecurity plan that includes, among other items, cybersecurity program and awareness trainings; internal or third-party audits of the plan’s cybersecurity system; and regular, documented reviews of users with administrative access to key IT systems.

Responsibilities of an ERISA fiduciary

Under ERISA, fiduciaries have a legal obligation to act in the plan’s best interests. To help fulfill your role successfully:

• Regularly evaluate and assess the performance and fees of vendors and service providers to verify they meet obligations and align with plan objectives.
• Monitor plan performance and benefits and follow the plan document.
• Report and disclose all required information, including government forms and annual audited financial statements.
• Keep comprehensive records of all plan-related activities and seek professional guidance if uncertain about any aspect of your duties.

Service organization control reports

The AICPA and DOL have continued to emphasize the need for benefit plan administrators to review and understand service organization control (SOC) reports and confirm the relevant financial reporting controls are adequately designed and operating effectively. Additionally, management should verify adequate complementary user entity controls have been effectively implemented at the user entity level.

Fee reasonableness

Fee reasonableness continues to be a key issue in plan lawsuits and fees continue to be in the spotlight. Consider conducting benchmarking studies internally or through an investment advisor.

DEIB considerations

Today’s workforce includes a variety of skills, profiles, and backgrounds representing remarkable value. Taking time to understand diversity, equity, inclusion, and belonging (DEIB) and recognize these differences can help achieve your goals when offering, communicating, and promoting your company’s retirement plan. Find differences that may exist between diversity groups (e.g., age, race, ethnicity, gender), and view plan data to identify groups that could benefit from additional resources.

How CLA can help with employee benefit plans

By implementing robust policies and diligently monitoring legislative changes, employers can help protect their employees’ assets and operate a more successful benefit plan.

CLA has provided employee benefit plan audit, tax compliance, wealth advisory, and consulting services for more than 60 years. Our team is available to provide guidance and insights that can help prepare your organization for evolving benefit plan legislation.

Review our comprehensive EBP reports from previous years

• Key Updates for Your Employee Benefit Plans
• 2022 Employee Benefit Plan Updates

Contact us

Are you up to date on the latest employee benefit plan rules? Complete the form below to connect with CLA.