COBRA Litigation Risk on the Rise

If you are an employer that is subject to COBRA, you are probably aware that there are significant penalties that the Department of Labor can assess if you fail to offer coverage or give proper COBRA notice to employees or beneficiaries who lose the health coverage that you provide. These penalties are up to $110 per day for each violation, and they can add up quickly. This alone causes most employers and vendors to take COBRA compliance seriously. What you may not know is that these same employees or beneficiaries can also sue you for common and inadvertent COBRA compliance issues.

COBRA Litigation Risk on the Rise

COBRA Lawsuits

Unfortunately, there appears to be a new wave of class-action lawsuits targeting employers who may have used an outdated COBRA notice or maybe did not give clear instructions on where to mail COBRA premiums or really any number of other COBRA compliance violations.

One of the firms filing these lawsuits is Visiting their web site you will note a list of common mistakes employers make that can lead to litigation. These mistakes involve more than just missing deadlines in providing a COBRA election notice. The list includes contacting only the employee losing health coverage and forgetting to also contact the covered spouse and dependent children—remember each covered family member has an individual COBRA election right.

The website also boasts about million dollar settlements recently won on behalf of individuals whose COBRA rights were either violated or not administered properly. This should be a wake-up call for employers to examine their COBRA procedures to ensure full compliance. Given the number of furloughs and lay-offs occurring throughout the U.S. due to COVID-19, this COBRA examination or audit becomes urgent.

Reviewing COBRA Practices

Findley stands ready to assist employers in reviewing their COBRA practices. This can even be in the context of a full ERISA audit. Since many employers outsource COBRA administration to a third party, Findley can also help employers review those administrative agreements and recommend changes to indemnification provisions to protect the employer from the administrator’s failures or omissions.

For more information about auditing COBRA administration and litigation risk, please contact Bruce Davis in the form below.

Published May 29, 2020

Print this article

Copyright © 2020 by Findley, Inc. All rights reserved.

Audit Survival Tips for Retirement Plans

Although only a small fraction of retirement plans are audited each year, over time it’s almost certain that you and your plan will be audited by either the Internal Revenue Service (IRS) or the Department of Labor (DOL). Your preparation for an audit and your approach to an audit will save your organization thousands of dollars in productive time, penalties, and interest.

Audit or Investigation: A rose by any other name still has thorns

While both the DOL and IRS perform plan audits, their enforcement powers are governed by different laws and regulations, and they focus on different issues.

The DOL is responsible for the enforcement of labor laws, including the Employee Retirement Income Security Act (ERISA). The DOL has the power to exact penalties for breaches of fiduciary conduct, and if it chooses, it can sue fiduciaries for these breaches on behalf of a plan. In cases of egregious misconduct, it can initiate litigation that may put a plan’s fiduciaries in jail. The DOL’s investigation and enforcement emphasis is on fiduciary breaches and prohibited transactions. The DOL calls its enforcement program the Employee Benefit Plan Investigation Program.

The IRS is responsible for the management of our tax system through the Internal Revenue Code (the Code) and has the power to enforce infractions under the Code. When infractions are found, it can impose taxes, penalties, and interest. The IRS’s audit and enforcement emphasis is on compliance with the requirements of the Code, which rolls up under the umbrella of the plan’s tax qualification. The IRS calls its enforcement program the Employee Benefit Audit Program.

Both the DOL and the IRS select plans for audit primarily by random selection; however, there are a number of other audit triggers that sponsors should keep in mind. Answers to certain questions on the Form 5500 may trigger an audit. For example, checking the box indicating this is the plan’s final 5500 return or answering “yes” to the question, “Was there a failure to transmit to the plan any participant contributions within the time period described in the DOL regulations?” can trigger an audit. Participant or union notifications, complaints, or lawsuits also often trigger DOL investigations.

Bankruptcy filings and reports from the media can also trigger an investigation. In the spirit of interagency cooperation, the DOL may refer a case to the IRS if it discovers compliance infractions that are subject to penalties and interest under the Code.

While selection is generally random, there are certain audit initiatives that may focus on types of plans or sizes of employers, thus increasing the audit-selection odds for plans that fall within the initiative’s criteria. In 2014, 50 large employers were part of a program to determine the audit focus on future nonqualified plan audits. It is not uncommon for the IRS to issue plan sponsor questionnaires designed to help determine areas of audit focus, and—we suspect—to mark a certain number of plans for later audit. Failure to respond to an IRS questionnaire is comparable to sending the IRS an invitation to audit your plan.

Although the odds of your plan being audited are low, if the DOL or the IRS perceives some elevated risk of noncompliance, your chances of an audit will go up substantially.

It Begins with a Letter

The DOL and the IRS initiate their audit process through what they call an Information Request Letter. The Information Request Letter indicates the date the audit team plans its on-site visit to review documents and conduct interviews with individuals who have responsibilities in the administration of the plan. The letter also lists specific information that is to be made available to the auditor(s). This list often provides insight into the types of violations the auditor will be looking for during the audit.

The following list summarizes a DOL Information Request Letter that was recently sent to one of our clients regarding its pension plan. Looking at the list, it is apparent the focus is on fees and expenses.

  1. Corporate minutes
  2. Trust reports showing all receipts and disbursements
  3. Detailed documentation of fees and expenses paid from the trust
  4. Documentation regarding alternative investments
  5. Documents showing valuation of assets if assets are not readily tradable
  6. Service agreements and engagement letters
  7. Fee disclosure statements
  8. List of parties-in-interest
  9. Organization chart of the plan sponsor
  10. Trustee and investment committee minutes
  11. Plan documents, summary plan description, trust agreements, investment policy statements
  12. Summary annual reports
  13. Participant statements
  14. Evidence of fidelity bond, fiduciary liability insurance policy, if any
  15. Fiduciary training

For this client, follow-up questions focusing specifically on items 3, 6, and 7 required more detailed responses about the nature of the services provided and the fees charged. In DOL audits of defined contribution plans, we typically see a focus on fees and the timing of deposits.

Preparing for the Audit

It goes without saying, both preparation and attention to detail are essential for a positive audit experience. If you receive an Information Request Letter, don’t panic, but do recognize that you’ll need to immediately begin preparing for the audit process.

Your goal for the on-site visit is to make the auditors’ tasks as efficient as possible. Being difficult, defensive, or uncooperative is counterproductive; it wastes time, and it won’t make the auditors go away. Instead, use your time to review all of your plan documentation and begin collecting and organizing the information requested before the first auditor steps through your door. Investing ample time and energy before the on-site visit will insure that your entire team is fully prepared for dialogue, questions, and requests for further information during the on-site visit.

As part of the preparation process, we recommend that you defer or delegate projects due at the time of the scheduled audit, and you should also clear your calendar during that time in order to be available for dialogue and questions. Depending on your other responsibilities and projects, it may be wise for you to delegate the management of the audit to another team member while you retain decision-making and internal management reporting responsibilities.

It’s also essential that you notify other members of your plan administration team that your plan is entering into an audit to ensure they will be available to the auditors. Keep in mind that your plan team includes more than just fellow employees who work on the plan; it also includes your ERISA attorney, plan consultant, administrator, investment advisor, and trustee. You may want to consider having your legal counsel or consultant manage the audit for you. This is particularly useful if your provider is supporting you in most of the advisory roles of the plan.

Schedule a team meeting prior to the on-site visit to review the Information Request Letter, review plan provisions and procedures, and prepare for any questions. Having your plan documents and plan governance documentation organized, labeled, and bound makes the auditor’s job more efficient and conveys the message, “We’re ready for this audit, and we are not worried about anything.”

Finally, whether it’s the DOL or the IRS, if your schedule doesn’t permit you to be fully prepared or responsive, don’t be afraid to ask for more time before the on-site visit. The regulators recognize and appreciate it when you ask for a different schedule for good reasons. Like you, they can’t afford to waste time in an inefficient audit.

The Audit

Auditors are looking for specific information, so provide only what is requested. Ideally, your plan is in good condition, but if it isn’t, providing more information than is requested is like giving a hangman extra rope. During the audit, proactively address any issues of concern raised by the auditor, be available and responsive, and be patient with the process. In addition to the on-site visit, the audit team may take certain documents for further review.


The DOL focuses its examinations on prohibited transactions. The most common forms of “technical prohibited transactions” are late deposits of deferrals, problems with loans to participants, and improper processing of qualified domestic relations orders (QDROs). And as we saw in the Information Request Letter above, fees are of particular interest to the DOL. With most fees now paid by plan participants, the DOL focuses on enforcement of the fundamental fiduciary conduct that:

  • The fiduciary is acting at all times in the best interests of plan participants,
  • That fees paid by the plan (and its plan participants) are reasonable, and
  • Fiduciaries are diligent to avoid conflicts of interest in their hiring of advisors and service providers to the plan.


While the DOL focuses on participants and fiduciary roles and responsibilities, there is clearly a shared focus with the IRS on compliance (i.e., compliance with the plan document, compliance with regulations, etc.). Obviously, tax-related issues, such as current deductions or delaying the recognition of income, are in the IRS’s jurisdiction. So is compliance with the regulations that pertain to plan qualification, including nondiscrimination testing and all limits.

The IRS also looks at compliance with the plan document, which includes consistency among all your plan documents and plan operation, compliance with constantly changing regulations, and administration of plan eligibility. More recently, the IRS has become concerned with improper investment valuations in cases where an asset is illiquid or is not readily valued, which can cause an undervalued or overvalued benefit distribution.

The IRS will request information on your nondiscrimination and limits testing, including the primary data. You can expect your recordkeeper to provide the reporting of this testing and the primary data for their review.

The following is a list of the 12 most common issues the IRS finds in its audits of retirement plans:

  • Plan document not up-to-date
  • Plan operation doesn’t follow the plan document
  • Plan definition of compensation not followed
  • Matching contributions not made to all eligible employees
  • ADP/ACP test performed improperly
  • Eligible employees not allowed to defer
  • Deferral limits exceeded
  • Deferral deposit delay
  • Participant loans don’t follow plan documents, procedures and/or law
  • Hardship distributions improperly administered
  • Top-heavy requirements ignored
  • Failure to file Form 5500 timely

The process for both agencies becomes more complex if enforcement issues are found.

After the Audit

Most auditors we meet are assigned to multiple cases, so while you should be prepared to hurry up for them, you must also be prepared to patiently wait for their responses to you. Once the audit is completed, the auditor will follow-up with a phone call to verbally convey the audit findings; this phone call is followed by a written audit findings letter.


In the best case, the result of a DOL investigation is a “no action” letter. The plan has passed the DOL’s testing, and no further action is being pursued by the DOL. The letter may include disclaimer language that says there may be ERISA violations in certain areas, but no such activity was found during the investigation.

The more common letter these days is a Voluntary Compliance Letter, which documents that certain infractions were found (most commonly late deferrals or issues relating to the loan program), and certain corrective action under the Voluntary Fiduciary Compliance Program (VCP) is required. When egregious compliance errors are found, the DOL can sue for civil penalties on behalf of plan participants and initiate litigation against fiduciaries for breach of fiduciary responsibilities.


For an IRS audit, the best case is an audit findings letter showing that no further actions are necessary and that the audit file has been closed. If errors are found, then certain corrective action may be necessary through the IRS’s Audit Closing Agreement Program. Here, the general principle is to make the plan and its participants whole. This often includes a corrective contribution plus interest to plan participant accounts, excise taxes required by Code Section 4975, and other fees and penalties payable to the IRS.

If you and your legal counsel disagree with the audit conclusions in some way, there is an appeals program that enables another review of the audit findings and your position.

Fortunately for plan sponsors, the voluntary corrections and audit corrections programs have made plan disqualification extremely rare.

Staying prepared: a different kind of “selfie”

Because plan administration is so complex, it’s common for plan sponsors to have some correction issues at some point in the life of the plan. Many of the errors that occur and corrections that need to be made arise out of a triggering event, such as payroll staff turnover, system changes, one-off processing events, annual limits, or business reorganizations.

If you’ve had a potential error-inducing event, it may be time to conduct a self-audit to ensure that your plan’s operation is consistent with plan documents and all laws. Performing regular self-audits will give you greater protection against an IRS or DOL audit.

As a plan sponsor, there are three things you can do to make your plan audit-ready, should that letter arrive from the DOL or the IRS: organize, review, and retain. We’ve provided a list of action steps below. You’ll notice that organize and retain steps are simple and really only involve good record-keeping practices, while some of the steps in the review phase may involve engaging an advisor to ensure the correct result.


  • Current records
  • Records eligible for summarization and archiving


  • Updated roster of key plan officials, including external advisors
  • Investment policy statement, loan procedures, QDRO procedures documents
  • Determination letter and upcoming determination letter cycles
  • Service agreement for necessary changes to reflect actual operation of plan, changes in law or regulation
  • Documentation of internal controls and update as needed
  • Fees and fee changes, fee disclosures, and documentation
  • Plan and data transmission requirements with payroll staff
  • Plan document and summary plan descriptions against plan operation
  • Fidelity bond coverage
  • IRS 401(k) Fix-It Guide and make self-corrections as necessary
  • Plan operation relative to terms of plan
  • All documentation related to corrections under SCP or VCP


  • Signed plan documents, trust agreements, plan amendments, and board resolutions
  • Summary of materials modifications, summary annual reports, and other required participant notices and document their dates of distribution
  • Investment process documentation and decisions, committee minutes
  • Compliance testing, participant allocation, and other plan operation reports
  • Current Form 5500, schedules, and audit report
  • All documentation related to corrections under SCP or VCP

As you can see, this process is similar to the year-end close of a corporation’s financial statements and tax return filings, and it’s an opportunity for you to review, update, and finalize your records for the year. You should adopt this practice as part of your year-end close or annual review and planning process.

Correcting Errors

If you find a problem during the self-audit of plan operations or in your review of plan documentation, there are ways to voluntarily correct these problems. Depending upon the nature of the issue, you may be able to self-correct your plan, document the corrections for the file, and move forward without a formal filing with the IRS or the DOL. More significant issues, such as failing to amend the plan timely or failing a nondiscrimination test and discovering the problem in a later plan year, generally require filing for and obtaining approval of the self-correction methodology.

The more common the problem, the more likely it is that other plan sponsors have experienced the same thing. The IRS and the DOL continually publish new procedures for automatic corrections and guidance on how to perform formal corrections, so it’s likely that an issue you’ve uncovered can be corrected efficiently through a self-correction program before being discovered during an audit.

In Perspective

While getting that letter from the IRS or the DOL is never pleasant, if you do receive one of those much-dread letters, there are things plan sponsors can do to prepare. Reviewing the Information Request Letter, collecting the required information, being thoroughly familiar with your plan’s operation, and of course, fully cooperating with your auditors will go a long way in getting you through the audit.

And while the chances of being audited are relatively low, the most successful approach is to assume that you will be audited and prepare accordingly by performing an annual self-audit. Adding a self-audit to your annual compliance calendar will save you time and your organization dollars. And if that’s not enough motivation, consider these words of wisdom from Dave Barry: “We’ll try to cooperate fully with the IRS, because, as citizens, we feel a strong patriotic duty not to go to jail.”

For more information contact Tom Swain at 615.665.5319 or or the Findley consultant with whom you normally work.

Print this article