Skip to Main Content

In light of the recent cyberattacks in higher education across the US, more and more institutions are finding themselves no longer immune to these activities. Security by obscurity is no longer an effective approach—all institutions are potential targets. Colleges and universities must take action to ensure processes and documentation are in place to prepare for and respond appropriately to a potential cybersecurity incident.

Best practices for financial institution contracts with technology providers

As the financial services sector moves in an increasingly digital direction, you cannot overstate the need for robust and relevant information security programs. Financial institutions place more reliance than ever on third-party technology vendors to support core aspects of their business, and in turn place more reliance on those vendors to meet the industry’s high standards for information security. These include those in the Gramm-Leach-Bliley Act, Sarbanes Oxley 404, and regulations established by the Federal Financial Institutions Examination Council (FFIEC).

Who has the time or resources to keep tabs on everything that everyone in an organization does? No one. Therefore, you naturally need to trust (at least on a certain level) the actions and motives of various personnel. At the top of your “trust level” are privileged users—such as system and network administrators and developers—who keep vital systems, applications, and hardware up and running.

Law enforcement, courts, prosecutors, and corrections personnel provide many complex, seemingly limitless services. Seemingly is the key word here, for in reality these personnel provide a set number of incredibly important services.

Best Practices for Educating Your Financial Institution’s Board of Directors on Cybersecurity

According to Cybersecurity Ventures, cybercrime will account for $6 trillion annually by 2021—that’s more than the global trade of all major illegal drugs combined.  Data breaches and other information security events adversely impact organizations through significant losses in revenue, erosion of customer trust, substantial remediation costs, increased insurance premiums, and more.

All teams experience losing streaks, and all franchise dynasties lose some luster. Nevertheless, the game must go on. 

The world of professional sports is rife with instability and insecurity. Star athletes leave or become injured; coaching staff make bad calls or public statements. The ultimate strength of a sports team is its ability to rebound. The same holds true for other groups and businesses.

Any sports team can pull off a random great play. Only the best sports teams, though, can pull off great plays consistently — and over time. The secret to this lies in the ability of the coaching staff to manage the team on a day-to-day basis, while also continually selling their vision to the team’s ownership.

A professional sports team is an ever-changing entity. To have a general perspective on the team’s fluctuating strengths and weaknesses, a good coach needs to trust and empower their staff to discover the details. Chapter 5 in BerryDunn’s Cybersecurity Playbook for Management looks at how discovery can help managers understand their organization’s ever-changing IT environment. 

Just as sports teams need to bring in outside resources — a new starting pitcher, for example, or a free agent QB — in order to get better and win more games, most organizations need to bring in outside resources to win the cybersecurity game.

It may be hard to believe some seasons, but every professional sports team currently has the necessary resources — talent, plays, and equipment — to win. The challenge is to identify and leverage them for maximum benefit.

It’s one thing for coaching staff to see the need for a new quarterback or pitcher. Selecting and onboarding this talent is a whole new ballgame. Various questions have to be answered before moving forward: 

For professional baseball players who get paid millions to swing a bat, going through a slump is daunting. The mere thought of a slump conjures up frustration, anxiety and humiliation, and in extreme cases, the possibility of job loss.

As the technology we use for work and at home becomes increasingly intertwined, security issues that affect one also affect the other and we must address security risks at both levels.

During my lunch in sunny Florida while traveling for business, enjoying a nice reprieve from another cold Maine winter, I checked my social media account.

Read this if your healthcare organization is facing workforce challenges. 

Retain, cross-train, and mentor your healthcare finance staff for greater continuity.

Like many industries, healthcare finance is experiencing high attrition among its staff, placing a larger burden on the employees who remain, and just as importantly, reducing the depth of knowledge within the organization. Experienced finance staff are becoming more difficult to replace as senior levels are aging out and retiring while many CFOs and CEOs are transitioning within the health systems due to increased mergers and consolidations of independent hospitals.

So what can healthcare organizations do to minimize the impact of attrition in their finance departments and create smoother workplace transitions? Here are five ways to create more continuity in your healthcare finance department through sharing knowledge and developing career pathways for employees.

1. Develop and clearly document policies and procedures

Most hospitals and other healthcare facilities have developed some written policies and procedures to aid in training new staff and ensuring consistency and adherence to regulations and best practices. These documents should be continually updated and improved. Ask the finance and accounting staff to use these procedures as they perform their work and make additions and improvements as needed. Newly hired staff will feel more confident and be more efficient if they have updated, professional policies and procedures to guide them. Additionally, documented procedures take some of the burden from the staff training of new employees.

2. Build up your healthcare facility’s education and training infrastructure

Develop and train rising leaders on both the operational and the financial side of the healthcare business. In monthly meetings, share the hospital’s patient bed volume and payor reimbursement mix so staff can better understand the monthly financial results. Often larger hospitals intentionally divide the financial analysis side of the finance department from the accounting side. However, smaller community hospitals often don’t have the luxury of staffing two separate departments. In these cases, senior management often carries the burden of explaining the reasons behind the variances in net revenues and decreases in labor productivity resulting in higher costs. When these senior managers leave, the knowledge also goes with them.

Involve all of the accounting staff in the preparation of the budget and annual audit. The learning during these two larger projects is invaluable and allows less experienced staff to better support the finance department going forward. And don’t forget training. Budget professional development for your finance team. Also, participate in industry-specific associations and community events.

3. Build relationships and share knowledge through mentoring

Cross-train finance staff by asking them to sit for a day each month with a co-worker who does different work. In addition, visit with other departments periodically to better understand the operational flows and information needs of the entire organization.

For high-performing employees, offer a formal mentorship with a C-suite executive. These opportunities are incredibly valuable for employees and their professional growth, and can be an effective incentive for them to stay with the organization for the long term.

Develop a strong relationship with a trusted advisor in the industry, such as a peer at another facility or an outside consultant. Schedule regular mentoring meetings with this trusted advisor in order to obtain insight on how other organizations do business and are solving problems.

4. Keep the lines of communication open

As more positions are working remotely, good communication may take additional effort, but it can be done and it’s worth it. During department meetings, ask staff to share and be active in leading the meetings. Prioritize learning and welcome questions from staff. Intentionally solve problems together. Effective team and relationship building among staff can help employees feel integral to the department and may help you retain your employees.

5. Provide periodic performance reviews

Periodic performance reviews provide the opportunity for employees to reflect on their achievements, celebrate wins, and receive constructive feedback from management on how to better achieve their goals. Setting aside dedicated time for these discussions confirms to the employees that their roles in the organization are important and allows them to better understand what changes in performance may need to be made for future advancement and higher merit pay increases. Collaborative, scheduled discussions with management allow high performing employees to view their positions as ones with a long-term career path within the facility. Career growth opportunities usually greatly help retain the important finance roles.

If you’re struggling with staffing, BerryDunn’s healthcare outsourced accounting team can help whether you need extra assistance in your office during peak times or interim leadership support during periods of transition. We offer the expertise of a fully staffed accounting department for short-term assignments or long-term engagements―so you can focus on your business. Contact Lana Davidson.

Protect your healthcare finance team from the shiftings of the labor market

Read this if you are a community bank.

The Federal Deposit Insurance Corporation (FDIC) recently issued its fourth quarter 2022 Quarterly Banking Profile (QBP). The report provides financial information based on Call Reports filed by 4,706 FDIC-insured commercial banks and savings institutions. The report also contains a section specific to community bank performance. In fourth quarter 2022, this section included the financial information of 4,258 FDIC-insured community banks. BerryDunn’s key takeaways from the report are as follows:

Full-year net income was above the pre-pandemic average, despite being marginally lower than 2021. 

Community banks’ quarterly net income increased 14.8% in fourth quarter 2022 from fourth quarter 2021. Despite increased quarterly net income, 2022 full-year net income was $87.1 million lower than 2021. Lower noninterest income, higher noninterest expense, realized losses on securities, and higher provision expense led to the slight decline. Higher compensation expense and data processing expense drove a noninterest expense increase of $765.4 million (4.7%) from third quarter and $855.7 million (5.2%) from fourth quarter 2021 to $17.2 billion. 

Community banks’ net interest margins (NIMs) continued to widen, ending the quarter at 3.71%, surpassing the pre-pandemic average of 3.63%.

The full-year NIM increased 17 basis points to 3.45%, the largest annual expansion since 1992. The average yield on earning assets rose 44 basis points while the average cost of funding rose 37 basis points from the previous quarter. The average funding costs more than doubled the 18 basis-point increase from the second quarter to the third quarter. Yields on total loans increased 34 basis points from the prior quarter and 57 basis points from the year-ago quarter to 5.20%.

Loan and lease balances continued to grow in fourth quarter 2022, with 82.1% of community banks reporting quarterly loan growth. 

Loan and lease balances continued to see widespread growth in fourth quarter 2022. Community banks saw loan growth in all major portfolios, with the exception of commercial real estate and construction, which saw a slight contraction. Construction and development loans exhibited the most growth from third quarter at 5%, followed by residential real estate at 4.1%. For the year, 87.9% of community banks reported loan growth. The most significant growth was seen in the construction and development category, which increased 23.7%, and the residential real estate category, which increased 16.3%. Excluding the effect of declines in Paycheck Protection Program loans, annual total loan growth would have been 16.2% and annual commercial and industrial loan growth would have been 18%.

Community banks reach a new record low for the noncurrent loan rate since QBP data collection began in first quarter 1984. 


Loans and leases 90 days or more past due or in nonaccrual status reached a new record low of 0.44%, dating back to the start of FDIC data collection in first quarter 1984. Over half of community banks reported quarter-over-quarter reductions in noncurrent loan balances. The reserve coverage ratio hit a new QBP record high of 274.3%, as noncurrent loan balances continued to decline and the allowance for credit losses increased. The coverage ratio for community banks is 62.3% above the coverage ratio for noncommunity banks.

Although community banks are coming out of yet another strong year, at times it may be difficult to fully recognize how strong a year it really was. As noted above, full-year net income was above the pre-pandemic average, although being slightly lower than 2021 net income. NIMs have seen the most movement in over a decade, with the Federal Open Market Committee having increased the target federal funds rate by 425 basis points in 2022 and another 50 basis points thus far in 2023 at the time of publishing this summary. Rising rates tend to be favorable for community banks; however, the magnitude of the increases and the speed in which the increases have been implemented have some concerned. Borrowing costs have skyrocketed, forcing would-be borrowers to reassess purchases and investments and, if still in a position to pursue, likely causing these would-be borrowers to adjust how much they are willing to borrow. Borrowers with variable interest rates have seen their debt service coverage ratios plummet, as the cost of their debt has increased along with the rising rates. As noted above, noncurrent rates continue to set record lows but, the rising rate environment has many wondering how long these low noncurrent rates can persist. 

If the above narrative hasn’t caused enough anxiety, we would be remiss if we didn’t mention the recent bank failures, which have caused ripple effects across the economy. With significant unrealized losses currently seen throughout investment portfolios, regardless of the size or type of institution, many community banks have been forced to take a hard look at their contingent liquidity sources to ensure they have adequate funding sources in the chance of a run on deposits. This allows them to not sell investments (and ultimately avoid significant losses). 

Community banks have been unfortunately looped into the recent bank failure discussion and have suffered from industry fallout; particularly publicly traded institutions that have seen stock prices drop. The silver lining of the crisis is that community banks can use the crisis as an opportunity to differentiate themselves from other institutions by re-affirming their commitments to their communities and the businesses in that community. Community banks can both reassure anxious customers and build trust with those that may be looking for a new banking relationship. As always, please don’t hesitate to reach out to BerryDunn’s Financial Services team if you have any questions.

FDIC Issues its Fourth Quarter 2022 Quarterly Banking Profile

Read this if you participate in onboarding healthcare providers. 

The last several years have certainly been challenging for healthcare. Fueled by the COVID pandemic, increased provider burnout is a huge issue that has organizations grasping to keep staffing levels high enough to provide exceptional patient care. Physician turnover (per physician) has been estimated to cost an organization between $400,000 and $1,000,000 when factoring in recruiting costs and lost patient billing revenue. For smaller organizations, that can be a major challenge. 

The US Department of Labor Statistics estimates that by 2030 the healthcare industry will grow more than 16%, adding over 2.6 million new jobs. With 5% of physicians turning over each year (this number doubles when including physician assistants and physical therapists) and 61% reporting burnout, organizations should take steps now to minimize attrition and ensure a stable clinical workforce. 

Provider onboarding as a retention strategy

Provider onboarding is a window into an organization’s culture and is the foundation of the provider experience. During this period, action and inaction, both real or perceived, will set a new hire’s impressions of the organization. A positive experience can ensure early buy-in from new providers, helping employers improve retention rates and provider satisfaction. 

For many organizations, onboarding and orientation are the same. However, there are differences. Orientation is a one-time event for tasks (i.e., completing an I-9 form, new-hire paperwork, discussing benefits). Onboarding is an experience that begins once a provider has accepted the position and will last at least 90 to 120 days. The provider will have contact with human resources, IT, the medical staff office, and finance/revenue cycle departments to gather much of the same data (e.g., licensure, CV, NPI, and other demographic information).

A well-organized and coordinated organization can reduce the number of times a provider is asked for the same information or documents. Clear communication and centralized points of contact and processes are critical to a smooth process. To help organize onboarding, you can download our Provider Onboarding Checklist.

Ensuring you have all the information and documents your organization will need from the provider for privileging, third-party payer enrollments, HR, and IT has additional benefits beyond provider experience. Preparing new providers to participate on a payer panel linked to the organization can be an exceptionally lengthy process, often exceeding 90 to 120 business days. Additionally, if your organization participates with a large volume of managed Medicare and Medicaid payers, gathering the information and beginning the process early through an efficient onboarding can ensure you decrease write-offs of billable services to the dreaded ‘provider not credentialed’ denial code.

Provider onboarding and timely, quality patient care

Equally important is the connection to delivering timely and quality patient care, as the third-party payer process directly impacts these activities. An unenrolled provider lacks the ability to order, prescribe, and refer. This necessitates additional touches, resulting in breakdowns in the workflow that can lead to unnecessary expense and provider dissatisfaction. The provider enrollment process must be initiated early, and frequent communication with all involved parties can alleviate any issues. 

Organizations should offer providers robust revenue cycle-related clinical systems training as part of the onboarding process and create a mechanism to identify potential errors that may lead to write-offs and compliance risks. Provider entry errors can result in a claim ending up in a work queue, never to be identified, submitted, or paid. You can mitigate revenue loss by monitoring entry errors and providing additional training. Wasteful workforce expenditures are created through revenue cycle teams chasing information to be corrected, causing rework. Education for providers and everyone supporting them in operations will also go a long way toward reducing errors, increasing satisfaction, and minimizing barriers to care and collection challenges. 

If you would like more information or have questions about your specific situation, please reach out to our credentialing consulting team. We’re here to help. 

Effective provider onboarding: Improve care, reduce turnover, and save money

The Consolidated Appropriations Act, 2023 (Public Law No. 117-328) that was signed into law on December 29, 2022 by President Joe Biden includes the SECURE 2.0 Act of 2022, which introduces over 90 changes to the federal rules governing workplace retirement plans. 

This landmark legislation builds on the original SECURE Act enacted on December 19, 2019, and aims to expand coverage and increase retirement savings while simplifying and clarifying retirement plan rules.

Every employer, whether for-profit or tax-exempt, that currently maintains a qualified retirement plan or is evaluating a future plan should consider implementing these new rules, since the changes are generally beneficial for employees.  

Unless the Internal Revenue Service (IRS) announces otherwise, employers that operate in accordance with the mandatory or optional changes in the law as of the provisions’ applicable effective date have until the end of the plan year beginning in 2025 to adopt the written amendment. Government employers have until the end of their 2027 plan year to amend their plan document. 

To help prioritize the evaluation of the changes, the following summary of the SECURE 2.0 provisions is organized by the year in which the change is required or may be incorporated into plan operations, without regard to the plan type. Future articles will discuss various aspects of SECURE 2.0, including strategic opportunities and implementation challenges for employers.

Changes with immediate effective dates

Insight: Employers need to consider immediately updating employee notices and plan procedures for these important changes in the law.

  • Later Required minimum distributions (RMDs). SECURE 2.0 increases the age at which retirement plan participants must begin receiving RMDs from 72 to 73, starting January 1, 2023. The original SECURE Act increased the starting age for RMDs from 70½ to 72. 
  • Aggregation of distributions on tax-preferred retirement accounts that hold annuities. Effective December 29, 2022, RMDs can be determined by aggregating distributions from both the annuity and non-annuity investments.
  • Reduced excise tax for a failure to take RMDs. Effective for taxable years beginning after December 29, 2022, the excise tax rate is reduced from 50% to 25% of the missed RMD for workplace retirement plans and IRAs. Further, if an IRA makes a corrective distribution generally within two years, the excise tax is reduced to 10% for the IRA (but not for workplace retirement plans).
  • Encourages life annuities. SECURE 2.0 eliminates certain actuarial tests in the RMD regulations that operated as barriers to the availability of life annuities in qualified plans and IRAs. Effective for contracts purchased or received in an exchange on or after December 29, 2022, SECURE 2.0 repeals the 25% limit and allows up to $200,000 (indexed) to be used from an account balance to purchase a qualifying longevity annuity contract (QLAC). It also clarifies that “free look” periods are permitted up to 90 days for contracts purchased or received in an exchange on or after July 14, 2014. 
  • Reduces disclosures for unenrolled employees. Effective for plan years beginning after December 31, 2022, employers are no longer required to provide most notices under ERISA or IRS rules to employees who do not participate in the employer’s retirement plan. However, employers must provide an annual reminder of the employee’s eligibility and deadline, if applicable, to participate in the plan. Employers must also provide such individuals with any plan documents they request.
  • Allows incentives for 401(k) and 403(b) elections. Effective for plan years beginning after December 29, 2022, employers may provide de minimis financial benefits, such as low-value gift cards, as an incentive for employees to elect to contribute to a 401(k) or 403(b) plan without violating IRS’s “contingent benefit rule.”

    Insight: The legislation does not define what dollar amount would be considered de minimis, so IRS guidance is needed. Based on long-standing IRS guidance in other contexts (for example, “de minimis” fringe benefits) the dollar value threshold is very low, which may not be sufficient to motivate anyone to enroll in the plan. The incentives cannot be paid from plan assets. 
  • Employer contributions may be designated as Roth contributions. Effective December 29, 2022, employers may allow plan participants to designate employer matching and nonelective contributions as after-tax Roth contributions. Such contributions would be included in the participant’s taxable wage income for the year made. Employer contributions designated as Roth contributions must be immediately 100% vested. 
  • Permanent relief for federally declared disasters. Effective for federally declared disasters occurring on or after January 26, 2021 (i.e., this provision is effective retroactively), plans or IRAs may allow affected participants additional access to retirement funds. Penalty-free distributions up to $22,000 per participant, per disaster may be taken into taxable income over three years and participants can recontribute those amounts to a tax-preferred retirement account within three years. Plans can also increase the affected participant’s loan limit to $100,000 (instead of the regular $50,000 loan limit) or the participant’s vested account balance. Also, if the affected participant has a non-disaster plan loan outstanding, the repayment period can be extended by one year. 

    Insight: This is permanent relief that eliminates the need for specific disaster relief to be issued by the IRS.
  • Reliance on employee’s certification for hardship distributions. For plan years beginning after December 29, 2022, plan sponsors can rely on employees’ self-certification that the employee has experienced a deemed hardship for purposes of taking a hardship withdrawal from a 401(k) or 403(b) plan and that the distribution is not in excess of the amount required to satisfy the financial need. Future regulations might restrict reliance if the sponsor has information that contradicts the employee’s certification. 
  • 10% early withdrawal penalty waived for terminally ill. Effective for distributions made after December 29, 2022, the 10% penalty on early withdrawals before age 59 1/2 is waived for distributions to terminally ill individuals whose physician certifies that they have a condition that is expected to result in death within 84 months.
  • Repayment of qualified birth or adoption distributions. Effective for distributions made after December 29, 2022 (and retroactively to the three-year period beginning on the day after the date on which such distribution was received), repayment of qualified birth or adoption distributions is limited to three years. Previously, such distributions could be recontributed at any time, but due to the IRS’s three-year statute of limitations to amend an income tax return, taxpayers might not receive a refund of the taxes that were paid in the year of withdrawal. This change aligns the repayment period with the eligibility for refund. 
  • Cash balance plan interest crediting rates. Effective for plan years beginning after December 29, 2022, cash balance plans with variable interest crediting rates may use a projected “reasonable” interest crediting rate that does not exceed 6%. This means that those plans can use graded pay credits that increase for older, longer service workers without risking failing the anti-backloading rules that otherwise may create problems for cash balance plans that use market-based interest crediting rates. 
  • Elimination of variable rate premium indexing. Effective on December 29, 2022, SECURE 2.0 replaces the “applicable dollar amount” language for determining the premium funding target for purposes of unfunded vested benefits and replaces it with a flat $52 for each $1,000 of unfunded vested benefits.
  • Correction of mortality tables. Effective December 29, 2022, pension plans are not required to assume certain mortality improvements. The IRS must amend the applicable regulations within 18 months.
  • 403(b) investments in Collective Investment Trusts (CITs). Effective December 29, 2022, CITs are permissible investments for 403(b) plans. Previously, under IRS rules, 403(b) plans could invest only in mutual funds or annuity contracts, which generally have higher fees than CITs.

    Insight: Although this changes the tax rules, it appears that federal securities laws will need to be updated before 403(b) plans can invest in CITs.
  • Multiple Employer 403(b) Plans. Effective for plan years beginning after December 31, 2022, 403(b) plans can participate in Multiple Employer Plans (MEPs).
  • Expanded Employee Plans Compliance Resolution System (EPCRS). Effective December 29, 2022, SECURE 2.0 enhances the IRS’s self-correction program to: (1) allow more types of errors to be self-corrected without an IRS filing, (2) apply to inadvertent IRA errors, and (3) exempt certain RMD failures from the otherwise applicable excise tax. For example, operational errors that can be self-corrected without an IRS filing now include significant errors and plan loan errors, provided the error is corrected within a reasonable time after it is discovered (and the IRS has not identified the error). Employers are no longer required to attempt to recoup certain overpayments made to participants. The IRS was directed to update the EPCRS revenue procedure accordingly within two years and the US Department of Labor (DOL) is required to coordinate its Voluntary Fiduciary Compliance Program (VFCP) accordingly.
  • Auditor’s report for “group of plans." Effective December 29, 2022, defined contribution plans filing a single Form 5500 as a “group of plans” must submit an auditor’s opinion if any plan in the group, individually, has 100 participants or more at the beginning of the plan year. The auditor’s report will relate only to each individual plan that would otherwise be subject to an independent accountant’s report. Thus, the DOL and the IRS will continue to receive the same number of audit reports (and content) about plans with 100 or more participants that would be filed if the “group of plans” was not filed as a single Form 5500.
  • $500 small plan tax credit for military spouses. Effective for taxable years beginning after December 29, 2022, employers with 100 or fewer employees earning at least $5,000 in annual compensation can receive a general tax credit of up to $500 for three years, if they make military spouses (1) eligible for defined contribution plan participation within two months of hire; (2) upon plan eligibility, they are eligible for any match or non-elective contribution that they would have been otherwise eligible for at two years of service; and (3) 100% vested in employer contributions. The credit is $200 per participating non-highly compensated military spouse, plus 100% of employer contributions made to the military spouse, up to $300. No credit is available for highly compensated employees. The credit is available for the year the military spouse is hired and the two succeeding taxable years. Employers may rely on the employee’s certification that they are an eligible military spouse.
  • Small employer plan start-up credit. Effective for taxable years beginning after December 31, 2022, the start-up credit for adopting a workplace retirement plan increases from 50% to 100% of administrative costs for small employers with up to 50 employees. The credit remains 50% for employers with 51-100 employees. Employers with a defined contribution plan may also receive an additional credit based on the amount of employer contributions of up to $1,000 per employee. This additional credit phases out over five years for employers with 51-100 employees. The start-up credits are available for three years to employers that join an existing MEP, regardless of how long the plan has been in existence. The MEP rule is retroactively effective for taxable years beginning after December 31, 2019.
  • SIMPLE and Simplified Employee Pension (SEP) Roth IRAs. Effective for taxable years beginning after December 31, 2022, SIMPLE IRAs can accept Roth (i.e., after-tax) contributions. In addition, employers can offer employees the ability to treat employee and employer SEP contributions as Roth contributions (in whole or in part).
  • SEPs for Domestic Workers. Effective for tax years beginning after December 29, 2022, employers of domestic employees (nannies, housekeepers, etc.) can provide retirement benefits for those employees under a SEP. Previously, employers were not permitted to offer domestic employees a workplace retirement plan because the employer was not engaged in a trade or business.

Changes effective in 2024

The following changes take effect in 2024. Employers should consider how these changes may affect their plan document and operation.

  • Elimination of RMDs for Roth 401(k) and 403(b) plans. Currently, Roth IRAs are not subject to RMDs before the account owner’s death, but RMDs from Roth 401(k) and 403(b) plans generally must begin at age 72. Effective for taxable years beginning after December 31, 2023, SECURE 2.0 eliminates the pre-death RMD requirement for Roth 401(k) and 403(b) plans. However, this change does not apply to distributions that are required with respect to years beginning before January 1, 2024 but are permitted to be paid on or after that date. 
  • RMDs for surviving spouses. Effective for calendar years beginning after December 21, 2023, surviving spouses can elect to be treated as the deceased employee for purposes of the RMD rules.
  • Student loan repayments matching contributions. Effective for contributions made for plan years beginning after December 31, 2023, employers may treat an employee’s qualified student loan payments as employee contributions to a 401(k) plan, 403(b) plan, governmental 457(b) plan, or SIMPLE IRA that is entitled to an employer matching contribution. For nondiscrimination testing of elective contributions, plans may separately test the employees who receive matching contributions on student loan repayments. Eligible student loan repayments include any indebtedness incurred by the employee solely to pay his or her qualified higher education expenses (in other words, student loan debt for an employee’s children is not eligible). 

    Insight: This provision is in response to years of retirement industry pressure, based on the notion that employees who are overwhelmed with student debt may not be able to save for retirement and are missing out on available matching contributions.
  • Emergency savings accounts. Effective for plan years beginning after December 31, 2023, employers may amend their defined contribution plans to offer short-term emergency savings accounts to non-highly compensated employees. These accounts will be funded with after-tax Roth salary deferrals up to $2,500 (indexed for inflation). Participants can make up to one withdrawal per month. Employers may automatically enroll employees into these accounts at no more than 3% of their salary. Contributions are treated as after-tax elective deferrals and are eligible to receive matching contributions. The first four withdrawals each plan year cannot be subject to any withdrawal fees. When employees terminate employment, they may take their emergency savings accounts as cash or roll them over into their new employer’s Roth 401(k) plan (if any) or into a Roth IRA. 

    Insight: Although this sounds simple, over 33 pages of legislative text amending both ERISA and the Internal Revenue Code (IRC) were needed to create this new law. IRS and/or DOL guidance will be needed before employers can implement this optional plan design feature.
  • Rothification of catch-up contributions for high earners. Effective for taxable years beginning after December 31, 2023, catch-up contributions for participants who are 50 or older and who earned more than $145,000 in the prior year (indexed for inflation) must be made on a Roth (after-tax) basis. Also, retirement plan service providers can provide automatic portability services (that is, the plan automatically could move such forced cash-outs into a default IRA or into the employee’s new employer’s retirement plan, unless the participant opts out).
  • Higher forced rollover limit. The involuntary IRA rollover limit is increased from $5,000 to $7,000 for distributions made after December 31, 2023. Thus, workplace retirement plans can force a tax-free rollover distribution without the participant’s consent if the participant’s account is over $1,000 but less than $7,000, when the participant is otherwise eligible to receive a distribution from the plan.
  • Retroactively amending plan to increase benefits for prior plan year. Effective for plan years beginning after December 31, 2023, employers can retroactively amend a workplace retirement plan to increase participants’ benefits for the prior plan year, so long as the amendment is adopted no later than the extended due date of the employer’s federal income tax return for the such prior year.

    Insight: For decades, employers could fund a workplace retirement plan for the prior year, so long as the contribution was deposited into the plan no later than the extended due date of the employer’s federal income tax return. The original SECURE Act improved on that concept by allowing employers to retroactively adopt a new workplace retirement plan (e.g., an ESOP, cash balance plan, or profit-sharing plan) for the prior year, so long as it was adopted no later than the extended due date of the employer’s federal income tax return for the prior year. That change allowed employers to finalize their financials for the tax year before contributing to the retirement plan. SECURE 2.0 further expands employer flexibility by allowing employers to retroactively adopt amendments to increase plan benefits for the prior plan year.
  • Waiver of early withdrawal penalties for certain distributions. Effective for distributions made after December 31, 2023, the 10% penalty on early withdrawals before age 59 1/2 is waived for certain distributions. Participants can self-certify that they meet the criteria for (i) up to $1,000 per year for certain unforeseen personal or family emergency expenses, and (ii) up to the lesser of $10,000 (indexed for inflation) or 50% of the participant’s vested account balance for distributions in connection with domestic abuse (for example, when the participant needs funds to escape an unsafe situation). Participants may repay the withdrawn money over three years and claim a refund for the income taxes paid on the distribution. However, additional emergency distributions are prohibited for three years unless repayment occurs.
  • Permanent safe harbor for correcting auto-enrollment and auto-escalation failures. Effective for errors that occur after December 31, 2023, the current safe harbor for correcting employee elective deferral elections becomes permanent. The existing safe harbor was scheduled to expire on December 31, 2023.

    Insight: Plans that use auto-enrollment and auto-escalation can avoid significant penalties for honest mistakes if notice is given to the employee, correct deferrals begin within certain time periods, and the employer provides the employee with any matching contributions that would have been made had the failure not occurred. Corrections generally must be made before 9 ½ months after the end of the plan year in which the mistakes were made.
  • Uniform rollover forms. No later than January 1, 2025, the IRS must issue sample forms for direct rollovers that may be used by the distributing or receiving retirement plan or IRA. This is intended to simplify and standardize the tax-free rollover process.
  • 403(b) hardship distributions conform to 401(k) rules. Effective for plan years beginning after December 31, 2023, SECURE 2.0 aligns the 403(b) plan hardship distribution rules with the 401(k) plan hardship distribution rules. This change brings the rules for the operation and administration of 403(b) plans closer to those for 401(k) plans.
  • Starter 401(k) or 403(b) plans. Employers that do not sponsor a workplace retirement plan may offer a new, safe harbor “starter” deferral-only plan that automatically enrolls employees at 3% to 15% of their compensation. The annual contribution limit is the same as for IRAs ($6,500, with an additional $1,000 for catch up contributions for employees who are age 50 or older). Starter plans are exempt from most nondiscrimination testing rules. This change is effective for plan years beginning after December 31, 2023.
  • Separate top-heavy tests allowed. Effective for plan years beginning after December 31, 2023, employers can separately test excludable and non-excludable employees when determining whether the plan is top heavy.

    Insight: This change may increase retirement plan coverage for more workers because it removes the general requirement for employers to contribute 3% of compensation to all employees who are eligible to participate in a top-heavy plan.
  • SIMPLE plan updates. Effective for plan years beginning after December 31, 2023, employers may replace a SIMPLE IRA during the plan year with a SIMPLE 401(k) that requires mandatory employer contributions. Also, employers with SIMPLE plans may make additional employer contributions above the existing 2% of compensation or 3% of employee elective deferrals requirement. Additional employer contributions must be uniformly made and cannot exceed the lesser of 10% of compensation or $5,000 (indexed for inflation). In addition, the annual deferral limit and the catch-up contribution at age 50 are increased by 10% percent in the case of an employer with no more than 25 employees. An employer with 26 to 100 employees would be permitted to provide higher deferral limits, but only if the employer either provides a 4% matching contribution or a 3% employer contribution.
  • Reform of family attribution rules. Effective for plan years beginning after December 31, 2023, two changes to the family attribution rules provide relief to certain related businesses. One change addresses inequities between spouses with separate businesses who reside in a community property state and spouses who reside in a separate property state. The other change modifies attribution of stock ownership between parents and minor children.

    Insight: These changes will help businesses owned by each spouse provide retirement benefits to their respective employees only.  
  • Improved defined benefit plan annual funding notices. Effective for plan years beginning after December 31, 2023, defined benefit plan annual funding notices will be revised to identify more clearly the plan’s funding status.
  • Indexing IRA catch-up limit. Effective for taxable years beginning after December 31, 2023, the $1,000 catch-up limit for IRAs for individuals 50 and older will be indexed annually for inflation, in multiples of $100 (rounding down to the next lower multiple of $100).
  • Section 529 rollovers. Effective for distributions after December 31, 2023, beneficiaries of an IRC Section 529 college savings account that has been open for more than 15 years can roll over up to $35,000 from any 529 account in their name to a Roth IRA over the course of their lifetime. Such rollovers are subject to annual contribution limits to Roth IRAs. This new rollover feature may encourage contributions to 529 plans since they can now be used for retirement and not just for college.
  • Retirement savings lost and found. DOL must create a lost and found database no later than December 29, 2024, to help reunite participants with money that they may have left behind in workplace retirement savings plans. 

    Insight: This may help employers deal with missing participants and uncashed checks.

Changes effective in 2025

The following changes take effect in 2025. Employers should consider how these changes may affect their plan document and operation.

  • Later RMDs. On January 1, 2025, the RMD starting age increases from 73 to 75. 
  • Mandatory automatic enrollment for new plans. New 401(k) and 403(b) plans adopted after December 29, 2022, must provide for automatic contributions for plan years starting after December 31, 2024. The deferral percentage must be between 3% and 10% of compensation, with automatic escalation of at least 1% per year up to a deferral rate of not less than 10% but not more than 15% (10% until January 1, 2025). Participants can opt out of automatic enrollment or automatic escalation.

    Insight: Plans in effect on or before December 29, 2022, are exempt from the new requirements.
  • Catch-up contribution increases. Participants age 50 and older can make a catch-up contribution in 2023 of $7,500, as indexed except in the case of SIMPLE plans that are limited to $3,500, as indexed.  Effective for taxable years beginning after December 31, 2024, the catch-up contribution limits for participants who are age 60 to 63 will increase to the greater of (i) $10,000 or (ii) 150% of the regular catch-up contribution limit for 2024 (indexed for inflation after 2025).
  • Coverage of long-term part-time employees. Under the original SECURE Act, part-time employees who work at least 500 hours per year for at least three consecutive years, and who have reached age 21 as of the end of the three-year period, must be allowed to enroll and make elective deferrals under the employer’s 401(k) plan at the end of the three-year period. Those employees also earn vesting credit for years with 500 hours of service. Effective for plan years beginning after December 31, 2024, SECURE 2.0 reduces the three-year period to two years and disregards service before January 1, 2021, for both eligibility and vesting. It also extends the rule to 403(b) plans that are subject to ERISA (not all 403(b) plans are subject to ERISA). This rule does not apply to union plans or defined benefit plans.
  • Distributions for certain long-term care premiums. Effective December 29, 2025, retirement plans can distribute up to $2,500 per year to pay for certain long-term care insurance premiums. Such distributions are exempt from the 10% early withdrawal penalty that might otherwise apply.

Next steps 

While many of the retirement plan provisions in SECURE 2.0 are not effective until later years (including some, like the new federal “Saver’s Match” and mandatory paper benefit statements, that will not take effect until 2026), a number of important provisions require immediate attention. Some of the changes are especially helpful to small employers. 

Almost all workplace retirement plans will need to be reviewed for possible amendments and operational changes to reflect SECURE 2.0. 

While further guidance on many of the new provisions is needed, employers should review their plan document and operations in the meantime to determine what, if any, amendments will be needed, what operations need to be changed, and what systems or processes should be updated. 

Written by Joan Vines and Norma Sharara. Copyright © 2023 BDO USA, LLP. All rights reserved.

Secure 2.0 Act of 2022 introduces key changes for workplace retirement plans

Read this if you are at a not-for-profit organization.

I’ve always wanted to learn how to be a carpenter. I’m secretly jealous of people who are able to create something from raw materials—oh how I wish I could do that! Some carpenters can tell a good board from a bad one just by looking at it or tapping it with a hammer, quickly evaluating it before accepting it as worthy of its intended purpose, or if it doesn’t pass muster.

So, what exactly does carpentry have to do with not-for-profits? Well, perhaps at first glance not much at all, except that they both rely in some part on solid boards! A very unique trait shared by all not-for-profit organizations is that they are not technically owned by anyone but are instead ultimately overseen and governed by a board of directors, who essentially are tasked with steering the organization and providing management oversight.

One question that is often asked (whether by board members themselves or various federal or state regulatory bodies tasked with overseeing not-for-profit organizations) is: “What makes for a good board?” This article will attempt to provide the tools you need to understand some of the basics and overall best practices related to not-for-profit board governance.

Board composition/structure

A not-for-profit organization’s board of directors should provide oversight of the management of the organization. To accomplish this, they should both meet regularly and be comprised of a reasonable number of members. Unfortunately, there’s no perfect answer to either of the above. A general guideline is that boards of directors should meet regularly, with board officers (i.e., chair, vice chair, treasurer, secretary) meeting more frequently than the entire board, if needed. Regarding board size, a board that is too big can lead to unproductive discussion, while being too small may not be representative of the community the organization serves. Based on the Form 990s we prepare, we see most organizations have a board consisting of somewhere between 10-20 members.

Additionally, the board should be comprised of individuals who are knowledgeable of or possess skills that benefit the organization. A board may want some members who have a background in accounting, legal, investing, or more industry-specific representation, like a healthcare worker sitting on the board of a hospital. Furthermore, organizations should consider the importance of diversity in board recruitment, striving to include members of different ethnicities, genders, and experiences whenever possible.


A well-governed not-for-profit organization should have policies in place outlining certain key areas. The IRS considers a well-governed exempt organization to have the following written policies:

  • Conflict of interest policy
  • Document retention and destruction policy
  • Whistleblower policy
  • Executive compensation setting procedures

The IRS specifically asks about these four policies in the Form 990, so it should come as no surprise that these are considered best practices. Of these, the conflict of interest policy is by far the most critical to board governance and independence.

A board of directors should at all times remain independent, meaning those on the board should never materially benefit from their board service, particularly from a financial aspect. Should the board need to vote on a matter in which someone does have a board conflict, the written policy should be clear as to how those issues are handled—generally with the conflicting member recusing themselves from any vote or discussion on the conflicting matter at a minimum. Board members are required to disclose any potential conflicts of interest at least annually (also a question on the Form 990), but a better practice would be to regularly and consistently monitor and enforce compliance with the organization’s conflict of interest policy.

Note: By IRS definition, some fact patterns automatically cause a board member to not be independent. Examples include if the board member or a family member is employed by the organization. Those sorts of independence issues often require some level of disclosure on the Form 990. Organizations should limit the number of non-independent board members as much as possible.

Our BerryDunn team has created a tool that can be used to assist boards in collecting and identifying any potential conflicts. Please contact a member of the NFP Tax Team should you be interested in learning more.

Other considerations

Items to keep in mind as a demonstration of sound board governance are as follows:

  1. Establish clear roles/responsibilities
    In addition to the fiduciary responsibilities all board members are bound by, reviewing the organization’s mission, budgets, compensation setting practices, and all other established policies should be required.
  2. Create separate committees
    Establishing smaller committees to focus on particular areas is a great example of strong board governance. They also tend to make full board meetings more productive. Some examples include a compensation committee, a finance committee, a diversity committee, and an executive committee.
  3. Document, document, document
    This too has its own line of questioning on Form 990. It should come as no surprise that documentation of meetings on a contemporaneous basis is a strong driver of board governance. Having discussions clearly documented in writing is an incredibly effective way to ensure something isn’t taken out of context. Contemporaneous is the key word here—meetings and minutes should be documented in writing as soon as possible. This applies to committees of the board as well (see #2 above).
  4. Consider establishing term limits for board members
    There’s something to be said about bringing in some new blood or a fresh set of eyes, experiences, and expertise, and boards of directors are no exception. Boards should have policies around board terms, particularly around the number of consecutive terms allowed.
  5. Continuing board education
    Sitting on a board of directors is no easy task and it’s essential that board members continue to be made aware of the legal and ethical responsibilities their positions carry not just within the organization, but also in the eyes of the general public. Establishing some education practices to help board members stay apprised of the rules is a best practice worthy of consideration.
  6. Use of advisors
    No one is an expert in every aspect of everything. While having a board with people who are well rounded in the areas of healthcare, finance, and legal responsibilities is preferred, at some point every organization is going to need the help of outside consultants and practitioners. It’s important that roles of advisors be clearly defined, and ultimately have an obligation to report back to either the full board or committee. Having established guardrails between the organization and its many advisors is crucial. Arrangements between the organization and its advisors should also be vetted for potential conflicts of interest. 
  7. Ask questions
    This goes hand in hand with the items above regarding advisors. If you’re joining a not-for-profit board of directors, it is to be assumed you did so because you had some sort of a particular interest in the organization’s well-being. That said, it should never be assumed that everyone knows all there is to know about the organization. We’ve seen cases where a board may just “go with the flow” or heed the advice of a single advisor or member of management who’s been working with the board for a long time. Having a board that is engaged and inquisitive is absolutely essential to the health and well-being of the organization. The old adage from high school still rings true: if you have a question about something, it’s a guarantee that at least one other person in the room has a similar question. Don’t be afraid to question something if it doesn’t seem right or doesn’t make sense to you.

While not exactly a hammer, we hope the above items assist your organization in establishing sound procedures in the areas of board governance. As always, we are here to help. Should you ever have any questions in the area of board governance, please do not hesitate to reach out to a member of the Not-for-profit Tax Team. We’re here to help.

What makes for a good board?