What Retirement Plan Providers Need to Know about Secure Act 2.0 Section 101

In December 2022, Congress passed the SECURE Act 2.0, which builds on retirement savings regulations set forth by the original SECURE Act of 2019. Written to expand coverage and increase retirement savings for millions of Americans, SECURE Act 2.0 introduces some major changes to retirement plans nationwide. 

Since certain sections of SECURE Act 2.0 are already in effect—and even more will go into effect soon—retirement plan providers must act swiftly to ensure compliance. In this post, we offer an overview of Section 101, the automatic enrollment and increases clause, then compare four methods for becoming compliant, and finally recommend a timeline for fulfilling your obligations. 

What is SECURE Act 2.0, and why was it enacted?

SECURE stands for Setting Every Community Up for Retirement Enhancement. Now in its second iteration, SECURE Act 2.0 is designed to help employers provide easier and more affordable retirement plans for their employees. 

While some Americans are finding ways to save, the nation’s collective fear of not having enough money to retire is valid: The average retirement savings in the United States is only $65,000. 

To address this concern and unburden the American worker, SECURE 2.0 is creating more accessible opportunities to save for retirement. 

Read our new whitepaper: The Changing Retirement Landscape: How 401(1) Recordkeepers Can Thrive Under SECURE 2.0.

What is Section 101? The automatic enrollment and increases clause

One of the primary reasons so few Americans have sufficient retirement savings is because, even when employers do sponsor plans, many employees don't take the steps necessary to enroll. To address this problem, Section 101 of SECURE 2.0 requires all new employer-sponsored 401(k) and 403(b) plans adopted after December 29, 2022, to automatically enroll employees at an amount equal to at least 3% of the employee’s pay but not more than 10%.

Of course, Section 101 stipulates that employees have the right to opt out of participation, but the small friction of doing so is usually enough to keep many employees enrolled. In fact, studies demonstrate that automatic enrollment increases employee participation across the board, particularly among Black, Latinx, and lower-wage employees. Additionally, Fidelity Investments found that, among its clients, 90% of auto-enrolled employees stay enrolled in their plans.

In addition to auto-enrollment, Section 101 requires that each participant's contribution amount be automatically increased by 1% each year until it reaches at least 10%, but not more than 15%. The legislation does allow exceptions to both of these requirements for small businesses with 10 or fewer employees, new businesses that have been operating for less than three years, church plans, and governmental plans, but most 401(k) and 403(b) plan providers should anticipate that most of their new plans will ultimately be affected. 

Section 101 is effective beginning January 1, 2025, which means that 401(k) and 403(b) providers must soon put in place and test the technology they will need to automatically enroll and increase the contributions of millions of participants. Failure to do so correctly and on time could result in noncompliance, stiff fines, and legal fees associated with disputing any penalties in court.

How 401(k) and 403(b) providers should prepare for Section 101

If you are among the plan providers affected by Section 101, your first step to preparing is to understand the legislation inside and out. Once you are confident that you know what is required of you, you need to determine how you are going to auto-enroll participants in the years ahead. 

By nature, auto-enrollment and contribution increases necessitate the regular sharing of large volumes of data between you and the employers who sponsor your plans, including sensitive personal identifiable information (PII) and payroll details for every participant. To transfer this data, which is largely stored in employers’ payroll systems and human resources information systems (HRIS), you can implement one of four approaches—some more seamless and effective than others:

Manual data entry

Manual data entry can have its benefits. It allows plan sponsors to stick with a data collection system that works for them and it is almost always the least expensive option in terms of hard, upfront costs. That said, the potential downfall from manual data entry cannot be understated. 

• Manual entry is prone to errors, which can lead to improperly tracked data, Section 101 compliance violations, and penalties from regulatory bodies.
• It can also lead to inaccurate retirement plan balances and contributions, resulting in penalties from the IRS.
• Manual data entry does not adequately protect PII such as Social Security numbers and bank account information. Without safeguarding highly sensitive data, you run the risk of exposing employees to data breaches and potential identity fraud. 
• Manual data entry puts undue burden on sponsor admins, as it requires hours of their time and attention every month that could be spent on higher-value tasks.

SFTP or flat files

Secure file transfer protocol (SFTP) and flat files offer another way to transfer retirement plan data. 

With SFTP, you can bulk transfer large files of data in tables (in the form of CSV, JSON, and XML files, for example) over a secure network. The benefits of SFTP methods are that they’re generally easier for most in-house developers to build compared to custom, direct integrations (more on those next). But there are also significant drawbacks:

• SFTP requires sponsor admins to compose custom reports for each data sync and upload them correctly. This often presents technical challenges for your customers, who may be responsible for inputting host domains, keys, and other server-specific information into their system to establish a scheduled sync. 
• SFTP relies on manual data entry to a certain extent, which raises risks and means data has to be validated to avoid errors—a process that drains time and resources for all parties.
• SFTP doesn’t allow for real-time data access, precluding your ability to power the seamless, next-generation functionality business customers are looking for in their technology solutions.

This method is especially cumbersome when data syncs need to happen often and regularly, which will be the case for plan providers and plan sponsors who need to comply with auto-enrollment and auto-contribution increase requirements.

Also Read: If you're a recordkeeper or TPA working with SFTP to get necessary payroll data, Finch can help you quickly scale your SFTP connections. Learn more about Finch Flatfile in our detailed guide, Finch Flatfile: All the Benefits of Unified API, No Engineers Requried.‍

Custom integrations

A more sophisticated approach involves direct integrations with the HRIS and payroll systems that house the data you need to perform auto-enrollment and auto-contribution increase functions. 

The beauty of direct integrations is that data syncs happen automatically and in real time, driving efficiencies for all parties, providing your customers with an optimally seamless experience, and giving you the peace of mind that you are always in compliance with Section 101. Crucially, custom integrations can be built to provide read and write capabilities, which means you can also use them to automatically push changes back to HRIS and payroll systems. This is especially valuable when it comes to contribution management. 

Custom integrations also present significant challenges: 

• There are more than 5,700 HRIS and payroll systems in the U.S. market. To adequately cover your customer base, you will need to build custom integrations to at least hundreds of them.
• Building custom integrations in-house is technically complex and requires specialized engineering skills and experience.
• They are also expensive to build and maintain, both in terms of time and money. If you assume that three engineers will work on a single custom integration for three months, that puts the soft costs of just your initial buildout in the ballpark of $200,000. Then, there are the hard, ongoing costs to consider, like the fees many HRIS and payroll systems charge to use their API. For access to a legacy system like ADP, the hard and soft costs combined can run in excess of $1 million.

Unified employment APIs

To get all of the advantages of custom integrations without the cost or hassle of building them in-house, you can turn to a unified employment API, which aggregates connectivity to many HRIS and payroll systems at once with a single integration. A unified employment API does the hard work of building and maintaining the integrations, and standardizing and abstracting all incoming data, so your team doesn’t have to. They are infinitely more efficient than custom integrations, so you can get to market faster and, ultimately, at less cost.

Learn more about the advantages and disadvantages of buying a unified employment API versus building integrations in-house.

A Section 101 implementation plan for 401(k) and 403(b) providers

To ensure you have a solution in place to comply with Section 101 by the deadline, we recommend:

• Evaluating your options and making a decision by July 30, 2023
• Implementing a solution no later than September 30, 2023 (keeping in mind that some solutions take much longer to implement than others)
• Spending the rest of the year validating and testing your solution
• Rolling out your solution to all users in 2024 and monitoring performance for complete and compliant functionality. This will give you time to make necessary adjustments before January 1, 2025.

The bottom line: Becoming compliant takes time

As you prepare for SECURE Act 2.0 to come into effect, don’t lose sight of the fact that it will take time to prepare to be compliant with Section 101. The least risky way to ensure compliance—not to mention the most time- and cost-effective solution—is to integrate with a unified employment API like Finch.

Finch does the hard work of integrating with HRIS and payroll providers to facilitate the secure, permissioned flow of critical business data. Our dynamic, unified employment API offers:

• Easy integration: Finch makes it easy for retirement plan providers to integrate with 200+ HRIS and payroll systems, covering approximately 88% of the market. 
• Automated enrollment and contribution management: With Finch, retirement plan providers instantly access the real-time employee directory and payroll data they need to automate 401(k) and 403(b) enrollment, and push contribution changes directly to payroll—no manual intervention needed.
• Increased efficiency: Finch is a pre-built solution that’s ready to use. Plan providers waste no time building and maintaining custom integrations, and plan sponsors save dozens of admin hours a month—a win-win for you and your customers.
• Confident compliance: Finch replaces error-prone manual processes with seamless integrations that let retirement plan providers meet the stipulations in Section 101 of SECURE Act 2.0.
• Strong security: Finch is a pass-through system, and is SOC2 Type 2, CCPA, and GDPR compliant.

Talk to our sales team today to explore ways you can use Finch to ensure compliance with Section 101 of SECURE 2.0 and improve your customer experience overall.