March 18, 2025 • 13 mins
What is The SECURE Act 2.0?
Retirement planning is undergoing a seismic shift with the implementation of SECURE Act 2.0, and your financial future depends on understanding these critical changes. Melissa English, Audit Director with over 23 years of experience at MP CPAs, walks us through the five major changes hitting retirement plans in 2025 that will transform how Americans save for retirement.
The biggest revelation? Starting in January 2025, eligible employees must be automatically enrolled in retirement plans at 3-10% of their salary with annual increases—unless they actively opt out. This mandatory change aims to boost participation rates but comes with specific exceptions for certain businesses. We also explore super catch-up contributions, allowing those aged 60-63 to contribute an additional $3,750 beyond standard limits, and how long-term part-time employees will qualify for plans after just two years instead of three.
Whether you're a plan sponsor with fiduciary responsibilities or an individual preparing for retirement, this episode delivers actionable insights to optimize your financial strategy!
To learn more about MP CPAs visit:
https://thempgroupcpa.com/
MP CPAs
413-739-1800
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:01):
Welcome to the Knowing what Counts podcast, the
place where expert guidancemeets smart financial decisions.
Whether you're a high net worthindividual or a thriving
business, the experts at MPCPAsare here to help you protect and
optimize your wealth.
Let's get started, becausesuccess begins with Knowing what
(00:22):
Counts.
Because success begins withknowing what counts.
Speaker 2 (00:27):
Let's explore key changes in retirement planning
with the SECURE Act 2.0 and newcybersecurity measures to
protect your savings.
Welcome back everyone.
I'm Sofia Yvette, co-host slashproducer, back in the studio
with Melissa English, auditdirector with MPCPAs.
(00:47):
So, melissa, how's it goingtoday?
Very good, glad to be here,glad to have you on.
So, melissa, go ahead and tellus a little bit about yourself.
So.
Speaker 3 (01:00):
I'm currently an audit director with the firm.
I've been with the firm forabout 23 years.
I work on many clients over avariety of industries, mostly
managing small to medium-sizedbusinesses for like for-profits,
non-profits, and I alsospecialize in employee benefit
(01:21):
plans.
Speaker 2 (01:23):
What are some recent changes for employee benefit
plans?
Speaker 3 (01:28):
So, yeah, there's been a lot of significant
changes over the past few years,especially driven by
legislation, workforce needs andeconomic factors, the first
being the SECURE Act came outand became law in 2019 to help
make it easier for plan sponsorsto help manage retirement plans
.
And then, following the SECUREAct, came out SECURE Act 2.0,
(01:53):
which became law in 2022.
And this just enhancedopportunities and helped
simplify plan administrationplan administration.
We also had some recent changesto some of our audit standards,
so we do employee benefit planaudits and some of the auditing
standards that have come outover the past few years
(02:16):
especially SAS number 136,basically came out and changed a
little bit of how we'rereporting on our financial
statements.
So it helped us improve ouraudit quality, enhance
transparency.
It basically clarified both plansponsor and auditor
responsibilities and the biggestchange was it basically
(02:37):
eliminated the limited scopeaudits, replacing them with
ERISA section 103A3C audits, sobasically getting rid of the
scope limitation.
So that's basically been thesignificant changes on the audit
side.
But then there's also been somecybersecurity updates.
Recently, the DOL publishedCompliance Assistance Release
(02:59):
Number 2024-01 on cybersecurity2024-01 on cybersecurity.
This was issued in September2024 to clarify the 2021
cybersecurity guidance, whichbasically says all ERISA plans
are subject to this guidance,including health and welfare
plans, and I'm sure there'sgoing to be more changes up and
(03:20):
coming, especially with the newTrump administration, so plan
sponsors should really staytuned to see what is up and
coming down the pipeline.
Speaker 2 (03:29):
So, melissa, what changes will impact retirement
plans for 2025, specificallydefined contribution plans, 401k
and 403b plans?
Speaker 3 (03:44):
So With the SECURE Act 2, this impacted multiple
years, ranging from 2023, andit's going to go into 2026.
So there's going to be fivemajor changes that I want to
kind of touch on for 2025,becoming effective January 1st
2025.
So the first change I would sayis the automatic enrollment and
(04:07):
escalation change is theautomatic enrollment and
escalation change.
So under this change, eligibleemployees must be automatically
enrolled into a plan at adefault rate of between 3% and
10% of their salary, if theeligible participant has not
made a deferral election orhasn't opted out of the plan.
(04:27):
With this comes an escalationfeature, meaning that annually,
you need to increase thosecontributions 1%, reaching a
maximum rate between 10 and 15%,as determined by the employer
and what the plan document says.
Now, because at this point, ifyou're automatically enrolled
(04:52):
which means you didn't, as aparticipant, defer your own
election at this point, you'realso going to be invested in a
default investment option.
That is also in accordance tothe plan document.
So there's a few exceptions tothis guidance.
So if you were a plan adoptedbefore December 29, 2022, you're
(05:13):
exempt.
If you're a business that hasfewer than 10 employees, or
you're a church or governmentplan, or you're a business that
has not been in existence forthree years, then you're also
exempt from this guidance.
The whole goal of this changeis to try to increase plan
participation rates.
(05:33):
The second change is supercatch-up contributions.
So if you are between the agesof 60 and 63 by December 31st of
the calendar year, you can nowmake enhanced contributions.
So the limit that you cancontribute is the greater of
(05:54):
$10,000 or 150% of the standardcatch-up IRS limit, which
currently, in 2025, is $7,500.
So this would allow you to havean additional $3,750 of
catch-up contributions as tooppose to the $7,500.
(06:15):
The third change that is comingis regarding long-term
part-time employees.
So currently the guidance saysyou're eligible to participate
in a plan if you've worked atleast 500 hours for at least
three consecutive years.
The new change, basically, isreducing the three consecutive
(06:38):
years to two consecutive years.
However, this will not impactlike union or defined benefit
plans.
The fourth change is thelong-term care expenses.
So this allows you to basicallypay for qualifying long-term
care expenses through yourdistributions and this will not
(07:01):
trigger the early 10% withdrawalpenalty.
But this only applies if youhave a policy that provides high
quality coverage, and this willactually be starting December
30th of 2025.
And then the fifth and finalchange is really related to
(07:22):
mandatory Roth catch-upcontributions.
So if you're a highlycompensated employee who earns
over $145,000 in a year, you now, if you are making catch-up
contributions, you must have todo it on a Roth basis.
So, basically, if your plandoes not offer Roth
contributions in the plan, youmight want to consider amending
(07:44):
the plan to include Rothcontributions.
Otherwise, your highlycompensated employee over
$145,000 will not be able tomake catch-up contributions.
This was postponed to beeffective starting January 1st
2026.
So these are the five changesthat will impact our plans for
(08:05):
2025, going into 2026.
Speaker 2 (08:09):
So Melissa, are these changes mandatory or optional?
Speaker 3 (08:15):
So, yeah, they're a little bit of both.
Some of these changes aremandatory and some of them are
optional.
So, with the five changes thatare up and coming, three of them
are mandatory the automaticenrollment and escalation that
is a mandatory change.
The long-term part-timeemployees mandatory.
And also the Roth catch-upcontributions are mandatory.
(08:37):
The optional changes are thecatch-up contribution increases
and also distributions forlong-term care expenses.
Plans must adopt all themandatory changes, but you have
flexibility in the optionalchanges.
Plans are going to want to lookat those options to see if it's
something they want to adoptinto their plan document.
(08:59):
These adoptions must be madeprior to December 31st 2026,
even though they're going to becoming to operation during 2025.
Speaker 2 (09:08):
So, Melissa, what should plan sponsors do to be
prepared for these changes?
Speaker 3 (09:14):
Yeah.
So as a plan sponsor, you havethe fiduciary responsibility to
act in the best interest of youremployee.
So you're going to want to makesure you're navigating through
these changes, ensuringcompliance with these mandates.
Compliance with these mandates.
You're going to want to haveconversations with your
(09:35):
third-party administrators, withyour record keepers, to make
sure the implementation is donecorrectly and that it's
successful.
You also should be reviewingany of these upcoming changes.
Maybe you have a governingboard or in a committee that you
meet with on a regular basis tokind of go over these changes
and how to adopt them, and youshould be keeping good records
on all those decision making inregards to these changes and,
(09:58):
again, making sure that you'reamending your plan prior to
December 31st, 26th, so thatyou're in accordance with the
(10:24):
law.
And how does cybersecurity fitinto retirement plans as part of
our testing?
But nowadays everything is doneonline and remotely.
So you go right online and youwould choose your deferral.
Or you want to take a loan outand you're going online and
you're submitting theinformation for that loan or
distribution.
This requires personal,confidential data.
So the way cybersecurity fitsin is we plan sponsors and we as
(10:49):
participants are relying onthese service providers to keep
our information safe.
So with the cybersecurityguidance number 24-01, this
gives you some clarity or tipsfor hiring a service provider.
What are the best practices andwhat those tips are for using
(11:10):
online security what those tipsare for using online security.
Speaker 2 (11:18):
What should plan sponsors think?
Speaker 3 (11:19):
about regarding cybersecurity and what questions
should they be asking?
So everybody should start withreading the cybersecurity
guidance and making sure theyunderstand what it's saying.
I would suggest that you'rechoosing providers with an eye
towards monitoring cybersecurity, because I think that's very
important.
You're going to want to review,maybe, your current agreements
(11:40):
or contracts with these serviceproviders and making sure it
discusses what their bestpractices are.
So maybe asking what are theirstandards?
How do they validatecybersecurity?
What is their experience withbreaches?
What happened?
How did they respond to it?
So kind of basically lookinginto, like, their track record.
And I would also be asking, too, like do they have insurance to
(12:03):
cover any losses?
So what happens if there is aloss?
And internally as anorganization, everybody should
look at their own best practicesto see do they have something
in place that identifies orassesses both internal and
external risks?
Do they have their owncybersecurity program that they
should implement, or do theyhave insurance to cover any
(12:25):
losses as well?
And I would say, finally,making sure you're educating
your participants regardingonline security right, making
sure they're changing passwords,using strong passwords, using
multi-factor authentication,making sure they're routinely
monitoring your account.
Training is very important inmaking sure they're
(12:45):
understanding, like what arephishing attempts and how can
they report the incidents?
Speaker 2 (12:52):
Love it, melissa.
We'll catch you on the nextepisode.
Have a fantastic rest of yourday, thank you.
Speaker 1 (12:58):
Thanks for listening to the Knowing what Counts
podcast.
Ready to optimize your wealthand protect your future, visit
TheMPGroupCPAcom or call413-739-1800 to connect with our
team of experts.
Remember, success is aboutknowing what counts.
Welcome to the Knowing what Counts podcast, the
place where expert guidancemeets smart financial decisions.
Whether you're a high net worthindividual or a thriving
business, the experts at MPCPAsare here to help you protect and
optimize your wealth.
Let's get started, becausesuccess begins with Knowing what
(00:22):
Counts.
Because success begins withknowing what counts.
Speaker 2 (00:27):
Let's explore key changes in retirement planning
with the SECURE Act 2.0 and newcybersecurity measures to
protect your savings.
Welcome back everyone.
I'm Sofia Yvette, co-host slashproducer, back in the studio
with Melissa English, auditdirector with MPCPAs.
(00:47):
So, melissa, how's it goingtoday?
Very good, glad to be here,glad to have you on.
So, melissa, go ahead and tellus a little bit about yourself.
So.
Speaker 3 (01:00):
I'm currently an audit director with the firm.
I've been with the firm forabout 23 years.
I work on many clients over avariety of industries, mostly
managing small to medium-sizedbusinesses for like for-profits,
non-profits, and I alsospecialize in employee benefit
(01:21):
plans.
Speaker 2 (01:23):
What are some recent changes for employee benefit
plans?
Speaker 3 (01:28):
So, yeah, there's been a lot of significant
changes over the past few years,especially driven by
legislation, workforce needs andeconomic factors, the first
being the SECURE Act came outand became law in 2019 to help
make it easier for plan sponsorsto help manage retirement plans
.
And then, following the SECUREAct, came out SECURE Act 2.0,
(01:53):
which became law in 2022.
And this just enhancedopportunities and helped
simplify plan administrationplan administration.
We also had some recent changesto some of our audit standards,
so we do employee benefit planaudits and some of the auditing
standards that have come outover the past few years
(02:16):
especially SAS number 136,basically came out and changed a
little bit of how we'rereporting on our financial
statements.
So it helped us improve ouraudit quality, enhance
transparency.
It basically clarified both plansponsor and auditor
responsibilities and the biggestchange was it basically
(02:37):
eliminated the limited scopeaudits, replacing them with
ERISA section 103A3C audits, sobasically getting rid of the
scope limitation.
So that's basically been thesignificant changes on the audit
side.
But then there's also been somecybersecurity updates.
Recently, the DOL publishedCompliance Assistance Release
(02:59):
Number 2024-01 on cybersecurity2024-01 on cybersecurity.
This was issued in September2024 to clarify the 2021
cybersecurity guidance, whichbasically says all ERISA plans
are subject to this guidance,including health and welfare
plans, and I'm sure there'sgoing to be more changes up and
(03:20):
coming, especially with the newTrump administration, so plan
sponsors should really staytuned to see what is up and
coming down the pipeline.
Speaker 2 (03:29):
So, melissa, what changes will impact retirement
plans for 2025, specificallydefined contribution plans, 401k
and 403b plans?
Speaker 3 (03:44):
So With the SECURE Act 2, this impacted multiple
years, ranging from 2023, andit's going to go into 2026.
So there's going to be fivemajor changes that I want to
kind of touch on for 2025,becoming effective January 1st
2025.
So the first change I would sayis the automatic enrollment and
(04:07):
escalation change is theautomatic enrollment and
escalation change.
So under this change, eligibleemployees must be automatically
enrolled into a plan at adefault rate of between 3% and
10% of their salary, if theeligible participant has not
made a deferral election orhasn't opted out of the plan.
(04:27):
With this comes an escalationfeature, meaning that annually,
you need to increase thosecontributions 1%, reaching a
maximum rate between 10 and 15%,as determined by the employer
and what the plan document says.
Now, because at this point, ifyou're automatically enrolled
(04:52):
which means you didn't, as aparticipant, defer your own
election at this point, you'realso going to be invested in a
default investment option.
That is also in accordance tothe plan document.
So there's a few exceptions tothis guidance.
So if you were a plan adoptedbefore December 29, 2022, you're
(05:13):
exempt.
If you're a business that hasfewer than 10 employees, or
you're a church or governmentplan, or you're a business that
has not been in existence forthree years, then you're also
exempt from this guidance.
The whole goal of this changeis to try to increase plan
participation rates.
(05:33):
The second change is supercatch-up contributions.
So if you are between the agesof 60 and 63 by December 31st of
the calendar year, you can nowmake enhanced contributions.
So the limit that you cancontribute is the greater of
(05:54):
$10,000 or 150% of the standardcatch-up IRS limit, which
currently, in 2025, is $7,500.
So this would allow you to havean additional $3,750 of
catch-up contributions as tooppose to the $7,500.
(06:15):
The third change that is comingis regarding long-term
part-time employees.
So currently the guidance saysyou're eligible to participate
in a plan if you've worked atleast 500 hours for at least
three consecutive years.
The new change, basically, isreducing the three consecutive
(06:38):
years to two consecutive years.
However, this will not impactlike union or defined benefit
plans.
The fourth change is thelong-term care expenses.
So this allows you to basicallypay for qualifying long-term
care expenses through yourdistributions and this will not
(07:01):
trigger the early 10% withdrawalpenalty.
But this only applies if youhave a policy that provides high
quality coverage, and this willactually be starting December
30th of 2025.
And then the fifth and finalchange is really related to
(07:22):
mandatory Roth catch-upcontributions.
So if you're a highlycompensated employee who earns
over $145,000 in a year, you now, if you are making catch-up
contributions, you must have todo it on a Roth basis.
So, basically, if your plandoes not offer Roth
contributions in the plan, youmight want to consider amending
(07:44):
the plan to include Rothcontributions.
Otherwise, your highlycompensated employee over
$145,000 will not be able tomake catch-up contributions.
This was postponed to beeffective starting January 1st
2026.
So these are the five changesthat will impact our plans for
(08:05):
2025, going into 2026.
Speaker 2 (08:09):
So Melissa, are these changes mandatory or optional?
Speaker 3 (08:15):
So, yeah, they're a little bit of both.
Some of these changes aremandatory and some of them are
optional.
So, with the five changes thatare up and coming, three of them
are mandatory the automaticenrollment and escalation that
is a mandatory change.
The long-term part-timeemployees mandatory.
And also the Roth catch-upcontributions are mandatory.
(08:37):
The optional changes are thecatch-up contribution increases
and also distributions forlong-term care expenses.
Plans must adopt all themandatory changes, but you have
flexibility in the optionalchanges.
Plans are going to want to lookat those options to see if it's
something they want to adoptinto their plan document.
(08:59):
These adoptions must be madeprior to December 31st 2026,
even though they're going to becoming to operation during 2025.
Speaker 2 (09:08):
So, Melissa, what should plan sponsors do to be
prepared for these changes?
Speaker 3 (09:14):
Yeah.
So as a plan sponsor, you havethe fiduciary responsibility to
act in the best interest of youremployee.
So you're going to want to makesure you're navigating through
these changes, ensuringcompliance with these mandates.
Compliance with these mandates.
You're going to want to haveconversations with your
(09:35):
third-party administrators, withyour record keepers, to make
sure the implementation is donecorrectly and that it's
successful.
You also should be reviewingany of these upcoming changes.
Maybe you have a governingboard or in a committee that you
meet with on a regular basis tokind of go over these changes
and how to adopt them, and youshould be keeping good records
on all those decision making inregards to these changes and,
(09:58):
again, making sure that you'reamending your plan prior to
December 31st, 26th, so thatyou're in accordance with the
(10:24):
law.
And how does cybersecurity fitinto retirement plans as part of
our testing?
But nowadays everything is doneonline and remotely.
So you go right online and youwould choose your deferral.
Or you want to take a loan outand you're going online and
you're submitting theinformation for that loan or
distribution.
This requires personal,confidential data.
So the way cybersecurity fitsin is we plan sponsors and we as
(10:49):
participants are relying onthese service providers to keep
our information safe.
So with the cybersecurityguidance number 24-01, this
gives you some clarity or tipsfor hiring a service provider.
What are the best practices andwhat those tips are for using
(11:10):
online security what those tipsare for using online security.
Speaker 2 (11:18):
What should plan sponsors think?
Speaker 3 (11:19):
about regarding cybersecurity and what questions
should they be asking?
So everybody should start withreading the cybersecurity
guidance and making sure theyunderstand what it's saying.
I would suggest that you'rechoosing providers with an eye
towards monitoring cybersecurity, because I think that's very
important.
You're going to want to review,maybe, your current agreements
(11:40):
or contracts with these serviceproviders and making sure it
discusses what their bestpractices are.
So maybe asking what are theirstandards?
How do they validatecybersecurity?
What is their experience withbreaches?
What happened?
How did they respond to it?
So kind of basically lookinginto, like, their track record.
And I would also be asking, too, like do they have insurance to
(12:03):
cover any losses?
So what happens if there is aloss?
And internally as anorganization, everybody should
look at their own best practicesto see do they have something
in place that identifies orassesses both internal and
external risks?
Do they have their owncybersecurity program that they
should implement, or do theyhave insurance to cover any
(12:25):
losses as well?
And I would say, finally,making sure you're educating
your participants regardingonline security right, making
sure they're changing passwords,using strong passwords, using
multi-factor authentication,making sure they're routinely
monitoring your account.
Training is very important inmaking sure they're
(12:45):
understanding, like what arephishing attempts and how can
they report the incidents?
Speaker 2 (12:52):
Love it, melissa.
We'll catch you on the nextepisode.
Have a fantastic rest of yourday, thank you.
Speaker 1 (12:58):
Thanks for listening to the Knowing what Counts
podcast.
Ready to optimize your wealthand protect your future, visit
TheMPGroupCPAcom or call413-739-1800 to connect with our
team of experts.
Remember, success is aboutknowing what counts.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Special Summer Offer: Exclusively on Apple Podcasts, try our Dateline Premium subscription completely free for one month! With Dateline Premium, you get every episode ad-free plus exclusive bonus content.