Already, 2023 is shaping up to be a significant year in the employee benefits and executive compensation space, as organizations grapple with a host of new regulatory requirements, mounting cyber risks and fallout from the reversal of Roe v. Wade. Just last week, pharmacy chain Walgreens announced it would stop selling abortion pills in 20 states after being threatened with legal action by Republican officials; the state of California has since announced plans to cut ties with the company.
This is just one of several critical benefits topics HR is grappling with. Below, we outline four of the biggest issues that employers should keep top of mind.
- Reproductive care coverage in a post-Dobbs world
The U.S. Supreme Court’s 2022 decision in Dobbs v. Jackson Women’s Health Organization overturned a half-century of precedent on abortion—and generated considerable uncertainty for companies’ health plans and employment policies. Now, employers must navigate a patchwork of state laws concerning abortion and other reproductive services. In some cases, employers must decide whether, and how, to continue providing insurance coverage for the procedure.
Employers with self-funded health plans will have greater control over abortion coverage than those with insured plans, which are subject to state insurance laws. For example, companies with self-funded plans can reimburse certain expenses related to obtaining care, such as transportation and lodging, in addition to covering the procedure. Employers with insured plans operating in states with abortion bans or restrictions may not be able to cover the procedure, but they might be able to offer some services outside of their health plans.
See also: Many companies responding to Roe reversal with abortion travel benefits
Before offering benefits separate from a health plan, employers should develop a formal policy that minimizes confusion, establishes standards and ensures consistent application. Employers should also weigh the risk of offering these benefits to employees in states like Oklahoma and Texas, which permit individuals to file civil actions against people or entities who aid or abet abortions.
- Enforcement of mental health and addiction parity requirements
Federal regulators are ramping up enforcement of laws requiring insurers and health plans to cover substance use disorder and mental healthcare. According to a Congressional report released in January 2022, health plans and insurers are not providing services as required under the Mental Health Parity and Addiction Equity Act of 2008 (MHPAEA).
To ensure compliance with MHPAEA, plan sponsors can do a few things. Sponsors should ask their third-party administrators (TPAs) to demonstrate they are complying with these components of care:
- Inpatient care (both in and out-of-network)
- Outpatient care (both in and out-of-network)
- Prescription drug care
- Emergency care
The Department of Labor provides a compliance tool that plans can use in the review.
Sponsors should also request that TPAs disclose whether any audits have been conducted. Information about past or current audits can help plans understand where TPAs are in the compliance process and any potential risks.
To protect against fees and penalties for noncompliance, sponsors of self-insured plans should ask their TPAs to represent that the plan will comply with the MHPAEA and for protection for any breach of the representation. TPAs may resist including these protections in a service agreement, but sponsors should raise the topic when discussing plan operations or compliance with their TPAs.
Lastly, sponsors should proactively conduct separate reviews to ensure regulatory compliance by their TPAs. Doing so will deliver better care to employees and help mitigate the risk of litigation and enforcement actions.
- Cybersecurity and retirement plans
Because retirement plan communications increasingly take place through electronic methods—and the plans themselves hold sensitive, personal data—this area is a ripe target for cyberattacks.
Fiduciaries looking to strengthen their plans’ cybersecurity policies should refer to the DOL’s cybersecurity guidance for retirement plans. Released in April 2021, it shares best practices for maintaining cybersecurity and protecting workers’ retirement benefits.
There is no way to eliminate all risk of cyberattacks, but fiduciaries can manage risk by developing strong policies and conducting employee training. Any cybersecurity policy should also include an incident response plan that applies if a plan is breached.
Working with third-party vendors also poses cybersecurity risks for retirement plans. Fiduciaries should develop a process early in the hiring process to determine the strength of a vendor’s cybersecurity procedures. Advocacy organization SPARK Institute has developed standards for evaluating third-party vendors, of which plans’ fiduciaries can take advantage. The Systems and Organization Control (SOC) 2 Report is another resource fiduciaries can use to evaluate vendors. Independent auditors will assess the extent to which a vendor complies with a set of trust principles they have developed, which include security, availability, processing integrity, confidentiality and privacy.
Fiduciaries also may need to comply with numerous state privacy and cybersecurity laws this year, so plans should stay abreast of the laws applicable to the jurisdictions in which they operate.
- SEC final pay vs. performance disclosure rules
Beginning with fiscal years ending on or after Dec. 16, 2022, public companies must comply with the most significant change in executive compensation disclosure in more than 15 years. The Securities and Exchange Commission (SEC) rules seek to help investors better understand the relationship between executive officers and corporate financial performance.
The rules involve three main requirements:
- A pay vs. performance table
- A description of the relationship between executive compensation and company financial performance, as well as the relationship between a company’s total shareholder return (TSR) and the TSR of its peer group
- A tabular list of performance measures a company determines are most important for deciding the pay of its named executive officers (NEOs)
Companies must disclose “compensation actually paid” to the CEO and the average compensation actually paid to the other NEOs. Other disclosures include net income, TSR, peer group TSR and three to seven financial measures the company selected as important links to pay and performance. If a company has had more than one CEO during the reporting period, it must include data for each individual CEO.
Companies have flexibility in deciding where to place the disclosures in proxy statements. For purposes of clarity, a company may decide to add a new section after the standard Compensation and Disclosure Analysis (CD&A) to set forth the disclosures required by the new rules, rather than include them as part of the CD&A itself. A new section may be most practical if the metrics actually used by the Compensation Committee in setting compensation do not line up neatly with those that must be illustrated under the new rules.
Though it’s too soon to know the full impact of the rules, companies should expect activist investors to use the data as a weapon. Activists may fight pay proposals and other initiatives if they think they find discrepancies between pay and performance.
While these are not the only issues facing employers this year, abortion coverage, mental health parity, cybersecurity and executive pay reporting will be among the most pressing. Employers should ensure they have compliance programs and procedures in place to adequately meet these challenges.
Jeffrey Bakker, Patricia Cain, Andrew Douglass, Sonya Rosenberg and David Wheeler contributed to this article.