Kainos Partners is proud to announce that we are now part of AssuredPartners. After joining the company in February 2021, we are taking steps to align with the identity and culture of our parent company, AssuredPartners. While this change means we have national resources available to us, we still operate locally offering the personal touch that you have come to expect and you will continue working with the account team you know and trust. We are committed to providing Power through Partnership. Learn more at AssuredPartners.com

DOL Audits Are Here – Are You Prepared?

Being selected for a DOL audit can have serious consequences for an employer. According to a DOL audit report for the 2013 fiscal year, almost 3 out of 4 investigations resulted in penalties or required other corrective action.

In addition, a DOL audit may negatively affect an employer’s normal business operations because the audit process can be both stressful and time-consuming. The best time for an employer to analyze whether it is ready for a DOL audit is before the DOL comes knocking.

Why Should I Be Worried About This Now?

Technically, many of these documents and notices have been required for years.

For example, a focus of current audits is on plan documents and Summary Plan Descriptions (SPDs), which have been required under ERISA since 1974. However, until recently, there was essentially no enforcement to assure employers had these documents in place. The passage of the ACA has changed this.

Governmental agencies have focused on ACA implementation and employer compliance with the new regulatory framework, and to be consistent have announced the active enforcement of previously established regulations as well as the new regulations under the ACA.

What Steps Should I Take Now?

As a practical matter, an employer has little control over whether it will be audited by the DOL. However, an employer can take the following steps to help minimize its exposure to a DOL audit:

Contact Kainos to discuss these issues and review options and customized solutions.
Have plan documents and SPDs in place for each plan you sponsor. Make timely updates to plan documents and SPDs to reflect legal and design changes. Note – insurance carrier provided Certificate of Coverage or Benefit Summaries typically do NOT fulfill the ERISA requirements of an SPD.
Distribute annual participant notices required by law (E.g., SBC, CHIP Notice, Medicare Part D Notice, WHCRA Notice, Patient Protections Disclosure, etc.).
Respond to participants’ benefit questions and requests for information on a timely basis.
File Form 5500 on time and make sure it is complete and accurate (Form 5500 is required for benefits plans with 100 or more participants at the beginning of the plan year).


Just because an employer has been selected for an audit does not mean that the employer has violated an employee benefits law. Even an employer in compliance can encounter an unexpected audit. A DOL audit is not a simple process. However, being “ahead of the game” can save an employer a large amount of money, time, and stress.

What Are the Potential Penalties?

Plan Document and Summary Plan Description (SPD)
Under ERISA, the plan sponsor may be charged $110 per day if it does not provide an SPD or SMM within 30 days after an individual’s written request.
Criminal penalties may be imposed on any individual or company that willfully violates any requirement of Title I of ERISA, which includes the SPD and plan document disclosure rules. The penalty per conviction could be $100,000 or imprisonment for up to 10 years. The fine can be increased up to $500,000 when it is imposed on a company.
5500 Filing and Summary Annual Report
DOL may assess a civil penalty against a plan administrator of up to $1,100 per day starting from the date of the administrator’s failure or refusal to file the Form 5500.
A willful failure to distribute a SAR or failure to complete 5500 reporting is criminal, punishable by a fine of not more than $100,000 or imprisonment for not more than 10 years, or both. In the case of a violation by a person other than an individual, the fine is limited to $500,000.
A participant requesting a SAR, who does not receive the summary within 30 days of that request, can be awarded up to $110 per day for each succeeding day (until the SAR is provided).
Summary of Benefits and Coverage (SBC)
A penalty of up to $1000 per failure.
CHIP Notice
IRS Civil Penalties – If a violation is discovered and is not corrected within 30 days of discovery, then the employer must self-report the violation on IRS Form 8928 and a civil penalty of $100 per day would be assessed. The tax increases to $200 per day if there is more than one qualified beneficiary affected to whom the failure relates (i.e., same family or multiple employees).
Additionally, legal action may be brought by either a participant or the U.S. Department of Labor (DOL), and a court could assess an ERISA statutory penalty up to $110 a day.
Finally, if a violation is discovered during an audit, the tax may not be less than the lesser of $2,500 or the regular tax amount determined above if the failure is discovered after the employer has received a Notice of Examination from the IRS. If the failure is more than de minimis (as determined by the IRS), $15,000 is substituted for $2,500.
WHCRA Notice
Legal action may be brought be participant and an ERISA $110 per day fine may be assessed.
HIPAA Notice of Privacy Practices
Generally only applies to self-insured plans. If a plan is fully insured and “hands-off” PHI, it is the responsibility of the insurer to provide this notice.
Civil penalties range from $100 to $50,000 per violations. Criminal penalties may also apply, including a fine of up to $250,000 and imprisonment up to 10 years.
HIPAA Notice of Special Enrollment Rights
If an employer fails to provide required HIPAA SERs or notifications, HHS may impose a penalty of $100 per failure to comply up to a maximum of $25,000 per year. If the violation is not corrected within 30 days of discovery, then the employer must self-report the violation to the IRS on Form 8928 and pay a civil penalty of $100 per day.
HIPAA Privacy/Security Policies and Procedures
Generally applies to “Covered Entities” and “Business Associates.”
Covered entities that fail to properly implement HIPAA security and/or privacy policies and procedures may be subject to civil penalties from $100 to $50,000 per violation. In certain circumstances, criminal penalties may also apply, including a fine of up to $250,000 and imprisonment for up to 10 years.
COBRA Notices
Legal action may be brought by participants or the DOL, and an ERISBine of $110 per day per violation may be assessed by a court. This penalty can be levied per each qualified beneficiary with no family maximum.
If violation is not corrected within 30 days of discovery, the employer must self-report the violation on IRS Form 8928, and a civil penalty of $100 per day will be assessed. If more than one qualified beneficiary is affected by the violation, such as a family, the penalty increases to $200 per day.
Failure to comply with new PPACA Notices
Failure to comply with new PPACA Notices (e.g., Patient Protections Notices, Rescission of Coverage Notice) – Excise tax of $100 per day for each individual for whom the failure applies, if the failure is not corrected within 30 days of knowledge. The tax would be self-reported on Form 8928.
FMLA Violations
An employer may be liable for compensation and benefits lost by reason of the violation, for other actual monetary losses sustained as a direct result of the violation, and for appropriate equitable relief, including employment, reinstatement, promotion, or any other relief.
Section 125 non-discrimination testing
Failure of Section 125 Non-discrimination testing – A “highly compensated” employee or “key” employee participating in a discriminatory cafeteria plan must include in gross income the value of the taxable benefit with the greatest value that the EE could have elected to receive, even if the EE elects to receive only the nontaxable benefits offered.