How to Prepare for Section 125 of Secure Act 2.0: An Implementation Plan

In December 2022, Congress passed the SECURE Act 2.0, which builds on retirement savings regulations set forth by the original SECURE Act of 2019. Written to expand coverage and increase retirement savings for millions of Americans, SECURE Act 2.0 introduces some major changes to retirement plans nationwide. 

Since certain sections of SECURE Act 2.0 are already in effect—and even more will go into effect soon—retirement plan providers must act swiftly to ensure compliance. In this post, we offer an overview of Section 125, the part-time employees clause, then compare four methods for becoming compliant, and finally recommend a timeline for fulfilling your obligations. 

What is SECURE Act 2.0, and why was it enacted?

SECURE stands for Setting Every Community Up for Retirement Enhancement. Now in its second iteration, SECURE Act 2.0 is designed to help employers provide easier and more affordable retirement plans for their employees.

While some Americans are finding ways to save, the nation’s collective fear of not having enough money to retire is valid: The average retirement savings in the United States is only $65,000. 

To address this concern and unburden the American worker, SECURE 2.0 is creating more accessible opportunities to save for retirement. 

What is Section 125? The part-time employees clause

Signed into law in 2019, the SECURE Act mandates that employers allow long-term, part-time employees to participate in their 401(k) plans. The original legislation dictates that employees must have worked at least 1,000 hours in their first year or accumulated a minimum of 500 hours of service over three consecutive years.

SECURE Act 2.0, which passed in 2022, reduces the three-year rule to two years. It also stipulates that long-term, part-time employees must also be allowed to participate in 403(b) plans that are subject to ERISA. 

The new provisions under Section 125 are effective for any plan starting after December 31, 2024, which means that 401(k) and 403(b) providers must soon put in place and test the technology they will need to automatically enroll long-term, part-time workers. 

Failure to do so correctly and on time could result in stiff fines as well as the legal fees associated with disputing any penalties in court.

Read our new whitepaper: The Changing Retirement Landscape: How 401(1) Recordkeepers Can Thrive Under SECURE 2.0.

How 401(k) and 403(b) providers should prepare for Section 125

If you’re among the retirement plan providers affected by Section 125, your first step to preparing is to understand the legislation inside and out. Once you are confident that you know what is required of you, you need to determine how you are going to identify part-time employees, track how many hours they’ve worked, over what period, and auto-enroll those who qualify, as stipulated by Section 101.

By nature, this provision necessitates the regular sharing of large volumes of data between you and the employers who sponsor your plans, including sensitive personal identifiable information (PII) and payroll details for every participant. To transfer this data, which is largely stored in employers’ payroll systems and human resources information systems (HRIS), you can implement one of four approaches—some more seamless and effective than others:

Manual data entry

Manual data entry has its benefits. It allows plan sponsors to stick with a data collection system that works for them, and it is almost always the least expensive option in terms of hard, upfront costs. That said, the potential downfall from manual data entry cannot be understated:

• Manual data entry is prone to errors, which can lead to improperly tracked data, Section 125 compliance violations, and penalties from regulatory bodies.
• It can also lead to inaccurate retirement plan balances and contributions, resulting in penalties from the IRS.
• Manual data entry does not adequately protect PII, such as Social Security numbers and bank account information. Without safeguarding highly sensitive data, you run the risk of exposing employees to data breaches and potential identity fraud. 
• Manual data entry puts undue burden on sponsor admins, as it requires hours of their time and attention every month that could be spent on higher-value tasks.‍

‍SFTP or flat files

Secure file transfer protocol (SFTP) and flat files offer another way to transfer retirement plan data. 

With SFTP, you can bulk transfer large files of data in tables (in the form of CSV, JSON, and XML files, for example) over a secure network. The benefits of SFTP methods are that they’re generally easier for most in-house developers to build compared to custom, direct integrations (more on those next). But there are also significant drawbacks:

• SFTP requires sponsor admins to compose custom reports for each data sync and upload them correctly. This often presents technical challenges for your customers, who may be responsible for inputting host domains, keys, and other server-specific information into their system to establish a scheduled sync. 
• SFTP relies on manual data entry to a certain extent, which raises risks and means data has to be validated to avoid errors—a process that drains time and resources for all parties.
• SFTP doesn’t allow for real-time data access, preventing you from delivering the seamless, next-generation functionality business customers are looking for in their technology solutions.

This method is especially cumbersome when data syncs need to happen often, which will be the case for plan providers and plan sponsors who must comply with auto-enrollment and auto-contribution increase requirements.

Note: If you're a recordkeeper or third-party administrator (TPA) looking to quickly scale your SFTP integrations check out Finch's new product Flatfile. We not only simplify SFTP builds, but offer you vetted, standardized data from multiple providers that's ready to use.

Custom integrations

A more sophisticated approach involves direct integrations with the HRIS and payroll systems that house the data you need to perform auto-enrollment and auto-contribution increase functions. 

The beauty of direct integrations is that data syncs happen automatically and in real time, driving efficiencies for all parties, providing your customers with an optimally seamless experience, and giving you the peace of mind that you are always in compliance with Section 101. 

Crucially, custom integrations can be built to provide read and write capabilities, which means you can also use them to automatically push changes back to HRIS and payroll systems. This is especially valuable when it comes to contribution management. 

Custom integrations also present significant challenges: 

• There are more than 5,700 HRIS and payroll systems in the U.S. market. To adequately cover your customer base, you will need to build custom integrations to at least hundreds of them.
• Building custom integrations in-house is technically complex and requires specialized engineering skills and experience.
• They are also expensive to build and maintain, both in terms of time and money. If you assume that three engineers will work on a single custom integration for three months, that puts the soft costs of just your initial buildout in the ballpark of $200,000. Then, there are the hard, ongoing costs to consider, like the fees many HRIS and payroll systems charge to use their API. For access to a legacy system like ADP, the hard and soft costs combined can run in excess of $1 million.‍

‍Unified employment APIs

To get all of the advantages of custom integrations without the cost or hassle of building them in-house, you can turn to a unified employment API, which aggregates connectivity to many HRIS and payroll systems at once with a single integration. A unified employment API does the hard work of building and maintaining the integrations, and standardizing and abstracting all incoming data, so your team doesn’t have to. They are infinitely more efficient than custom integrations, so you can get to market faster and, ultimately, at less cost.

Learn more about the advantages and disadvantages of buying a unified employment API versus building integrations in-house.

A Section 125 implementation plan for retirement providers

To ensure you have a solution in place to comply with Section 125 by the deadline, we recommend:

• Evaluating your options and making a decision by July 30, 2023
• Implementing a solution no later than September 30, 2023 (keeping in mind that some solutions take much longer to implement than others)
• Spending the rest of the year validating and testing your solution internally
• Rolling out your solution to all users in 2024 and monitoring performance for complete and compliant functionality. This will give you time to make any required adjustments before December 31, 2024.

The bottom line: Becoming compliant takes time

As you prepare for SECURE Act 2.0 to come into effect, don’t lose sight of the fact that it will take time to prepare to be compliant with Section 125. The least risky way to ensure compliance—not to mention the most time- and cost-effective solution—is to integrate with a unified employment API like Finch.

Finch does the hard work of integrating with HRIS and payroll providers to facilitate the secure, permissioned flow of critical business data. Our dynamic, unified employment API offers:

• Easy integration: Finch makes it easy for retirement plan providers to integrate with 200+ HRIS and payroll systems, covering approximately 88% of the market. 
• Automated enrollment and contribution management: With Finch, retirement plan providers instantly access the real-time employee directory and payroll data they need to automate 401(k) and 403(b) enrollment, and push contribution changes directly to payroll—no manual intervention needed.
• Increased efficiency: Finch is a pre-built solution that’s ready to use. Plan providers waste no time building and maintaining custom integrations, and plan sponsors save dozens of admin hours a month—a win-win for you and your customers.
• Confident compliance: Finch replaces error-prone manual processes with seamless integrations that let retirement plan providers meet the stipulations in Section 125 of SECURE Act 2.0.
• Strong security: Finch is a pass-through system, and is SOC2 Type 2, CCPA, and GDPR compliant.

Talk to our sales team today to explore ways you can use Finch to ensure compliance with Section 125 of SECURE 2.0 and improve your customer experience overall.