Data and Research July 6, 2021

A Closer Look at S-Corporation Employee Ownership

Several bills circulating in Congress would streamline and promote S-corporation employee stock ownership plans. One expert says such ‘S-ESOPs’ benefit owners, workers and entire communities.

Reported by

Given the nature of its coverage topics, PLANSPONSOR Magazine speaks frequently with professional associations and industry advocacy groups involved in the financial services and retirement planning industries.

Among these are the Insured Retirement Institute (IRI), the American Council of Life Insurers (ACLI), the Financial Services Institute (FSI) and the Investment Company Institute (ICI), to name a few. The most recent organization to talk with PLANSPONSOR is the Employee-Owned S Corporations of America (ESCA) organization, as represented by its president and chief executive officer, Stephanie Silverman.

For more stories like this, sign up for the PLANSPONSOR NEWSDash daily newsletter.

Topics covered in the discussion, which is edited and presented in part below, included the introduction of the Promotion and Expansion of Private Employee Ownership Act in the U.S. House of Representatives by Representatives Ron Kind, D-Wisconsin, and Jason Smith, R-Missouri, as well as new research showing the way broad employee ownership of private companies benefits individuals and communities. Silverman says she is cautiously optimistic, thanks to the current economic and political environment, that business owners and lawmakers will come to see the significance of expanding employee stock ownership plans (ESOPs) in employee-owned S corporations, or S-ESOPs.

PLANSPONSOR: Can you please tell us about the ESCA’s history and mission?

Silverman: Certainly. The ESCA is an organization that was created in the aftermath of lobbying work that I and others were involved during the mid-1990s. Our goals and focus were to enable broader creation of employee stock ownership plans, which at the time required a pretty significant and complex series of changes to tax laws and regulations under the Employee Retirement Income Security Act [ERISA] in order to be more appealing and efficient.

This work continued until 1999, when the administration at the time proposed the elimination of the S-corporation ESOP, or ‘S-ESOP,’ as a way to raise short-term revenues. This might seem like a strange proposal today, but at the time there was widespread concern that the originally designed structure of the S-ESOP could be abused by unscrupulous business owners. All of that to say, we created the ESCA to craft and enact anti-abuse rules, to ensure the S-ESOP did what it’s supposed to do, which is create broad-based ownership of companies in a way that does not unfairly favor the wealthy.

I will say, we made a mark on the U.S. Treasury people at the time, and we continue to partner with them in our advocacy. We are now a 20-year-old organization, but our job is still to make sure that the benefits of the S-ESOP stay fully in place. It’s a full-time gig for us.

PLANSPONSOR: What challenges do you face in your advocacy? And, are you optimistic about making progress during the current Congress?

Silverman: As you know, Congress has turned over many times since our founding, especially the membership and leadership of the key committees that work on legislation in the areas of tax policy and spending. Also consider that any regulating or lawmaking in this area is by necessity really technical and complex. I say all this to explain that the danger of inadvertent harm via well-meaning policy action is almost as big as the danger of purposeful harm being done through legislation that specifically targets S-ESOPs.

We have been successful by working to educate both lawmakers and the public. The leaders in Washington say all the time that they love ESOPs, and that nobody wants to hurt them. Even if that is true, the tax codes and ERISA are really complex.

In terms of potential progress, there is currently legislation on the table in Congress that could make some positive change. The House’s bipartisan bill will promote employee ownership of private businesses by incentivizing owners of S corporations to sell their stock to an employee stock ownership plan. It also encourages the flow of banking capital to ESOP-owned S corporations as a means to ease the liquidity burden of an ownership transition event. Other provisions provide needed technical assistance for companies that may be interested in forming an S-ESOP, while ensuring small businesses that become ESOP companies retain their Small Business Administration (SBA) certification.

A companion bill with 25 original co-sponsors was recently introduced in the U.S. Senate. These bills include some real steps that we think would make company leaders more likely to transition their businesses to an ESOP.

PLANSPONSOR: Do you encounter any common misconceptions that make your job harder?

Silverman: Yes, we do, in fact. There are a few recurring misconceptions that get in the way of progress, apart from the legislative sluggishness we all face. First, there is sometimes a presumption that people will have all of their eggs invested in one basket if they have ESOP access, and this is a legacy issue from the Enron scandal and other similar cases. In those cases, employees had lost retirement savings, substantial savings, but that’s not what happens with S-ESOPs today.

Today, employers who offer S-ESOPs also have other plans, often 401(k)s. Beyond this fact, the rate of bankruptcies for S-ESOPs is actually very low compared to the broader economy, which makes sense, because of the culture of embracing a long-term strategic vision that considers the best interest of the employees and customers.

Another challenge we face is that there is a very active and aggressive regulatory regime for S-ESOPs, which we know is necessary and which we appreciate, but this fact is not necessarily broadly understood. You may recall the Chicago Tribune case, were a very wealthy business man came in, bought the company, created an S-ESOP, and then basically leveraged the debt in a completely inappropriate way. That was terrible for the company and its employees, and it attracted a lot of negative press. A lot of people, I think, missed the end of the story. The man was punished significantly, and it sent a signal to the rest of the professional marketplace that accountability is real, but not everyone got that message, frankly.

PLANSPONSOR: Can you explain the benefits brought about by employee ownership, both for individuals and for communities?

Silverman: Absolutely. I can point to a new survey published by John Zogby Strategies, which tells a tale of two economies during the pandemic. Simply put, workers at employee-owned S corporations (S-ESOPs) report being on significantly more stable financial ground than other U.S. workers. During the COVID-19 emergency, ESOP employees have experienced dramatically less financial adversity. They have had more stable jobs and better housing security and retirement savings than their non-ESOP counterparts.

Zogby surveyed a sample of mid- and lower-level employees at employee-owned private companies and a sample of other non-ESOP employees and found a world of difference between the two groups in key measures. Non-ESOP employees reported experiencing job losses or downsizing at six times the rate of their peers at employee-owned companies. At the same time, non-ESOP workers have been adversely affected by the pandemic economy at more than three times the rate of employees at ESOP companies.

Other stats show twice as many non-ESOP respondents as ESOP respondents are concerned about their ability to pay down debt, while three times as many ESOP employees say they are able to cover an emergency $500 expense, as compared with their non-ESOP counterparts. Twice as many ESOP workers expect to retire by the age of 60 compared with workers at non-ESOP companies.

Finally, and perhaps most remarkably, not a single ESOP respondent in the survey of more than 200 people from across the U.S. reported being behind on their rent or mortgage, compared with more than a quarter of their non-ESOP peers.

Opinions July 6, 2021

Cybersecurity for Plan Fiduciaries: Focus on Account Theft

Jeanne Klinefelter Wilson, with Groom Law Group, discusses how to help participants avoid the nightmare of losing their DC plan account balances to cybercriminals.

Reported by

This spring, the Department of Labor (DOL) put plan fiduciaries on notice that they have a duty to mitigate cybersecurity risk. If the latest news on cyber incidents hadn’t been enough to rouse those responsible for the safety of participant accounts, the DOL’s guidance is stirring the waters. 

Retirement account theft is one of the risks cropping up in the employee benefits community. If you are a plan sponsor or a plan fiduciary, it’s important to make sure you’ve thought about how to address this risk that is now well above the horizon.

Never miss a story — sign up for PLANSPONSOR newsletters to keep up on the latest retirement plan benefits news.

Retirement Account Theft: When Lightning Strikes

Imagine one of your retirees, who faithfully contributed to her defined contribution (DC) plan account for a lifetime, logs in online to check her latest earnings. The account is empty—a zero balance. She thinks, “there must be some mistake,” so she calls the recordkeeper to point out the error. 

The recordkeeper’s call center tells her there is no error; the balance is zero. The call center explains that the retiree herself requested and received a full distribution of the account. Over the next few hours, an absolute nightmare unfolds. 

Your retiree’s personal email was hacked. Maybe the hacker was able to get into her email account through a backdoor vulnerability in the email provider’s system. Maybe he just guessed it through automated repetitive password generation. Maybe the hacker already knew the retiree’s email password because she reused that same password for several online merchant accounts. If just one of those merchant accounts was hacked, the retiree’s email address, username and password might have been listed for sale on the dark web. Either way, the hacker got into the retiree’s email and was lurking, but the retiree didn’t even know.

The hacker could have learned other personal information about the retiree once he was in her email, including that she has a DC plan account and the location of that account, so he logged into her account. Maybe he already had the account password because the retiree used the same password as her email password. Maybe the hacker didn’t have the password and requested a password reset using the retiree’s email. He then erased the password change notifications and any other security alerts sent by the recordkeeper to the retiree’s email. Once into the retirement account, the hacker swiftly took steps to change the minimal amount of information necessary to request and receive a distribution and went through with the request.

It’s logical to think that the distribution can be traced to the bank account that received the distribution. Unfortunately, it’s not so easy. Most likely, as soon as the money landed in that account, it was transferred overseas. When that overseas transfer starts, there is very little time to recover the money—hours, days, maybe three days at most—and then it’s gone. Worse, there is no federal insurance in place to repay the loss and no Federal Deposit Insurance Corporation (FDIC) guarantee. The retiree learns she has lost a lifetime of savings.

One Lightning Strike Is Too Much

Unfortunately, retirement accounts are a tempting target for cybercriminals since balances might be large. Plan fiduciaries who are aware of account theft risk likely know about it because of a very few well-publicized cases that proceeded to litigation. But other instances of retirement account theft were probably not reported, perhaps because the plan sponsor or recordkeeper restored the account.

Whether in the public eye or not, retirement account thefts are rare, but they do happen—and have been happening for a long time. The salient point is this: One case can take your participant and you down a rabbit hole that might not have a great ending. The recordkeeping industry has built and operates vigorous systems to protect participant accounts. But no matter how vigilant your plan’s recordkeeper is, plan sponsors, plan fiduciaries and plan participants can and should take steps to protect retirement accounts from cyber theft. The recent DOL guidance is designed to outline what those steps might be.

Protecting Participants

What can a plan sponsor or plan fiduciary do? To start, they should arm participants to be part of the solution through education. Although the Employee Retirement Income Security Act (ERISA) does not require cybersecurity education, it can be an invaluable tool, and there are many issues that a plan sponsor or plan fiduciary might consider educating their participants about.

First, one of the most important steps a participant can take to protect her retirement savings is to register her account online and monitor it. Some participants think that it might be safer not to establish their online account, but that is not true. If a participant hasn’t registered her own account, it’s easier for a criminal to register it for that participant.

Further, when a participant registers her online account, she should provide the recordkeeper with her full contact information. If a participant provides multiple points of contact—such as email addresses or phone numbers—she is more likely to receive security alerts even if one of her email accounts is compromised. It’s important for a participant to monitor and respond to security alerts as well. A participant’s online ownership and oversight of her account is sometimes referred to as “naming and claiming” the account and is an important protective step.

Second, participants should use complex passwords that are unique to their account. For example, if a participant uses a password for a routine app and that app is breached, that password has been exposed. An exposed password may later be sold on the dark web. It is cheap and easy for the purchaser to run that password through millions of databases, including email accounts and DC plan recordkeeping platforms, to see if lighting will strike.

Third, plan fiduciaries and participants should consider adopting enhanced security practices available from their recordkeepers. A common start is multifactor authentication. Multifactor identification as a prerequisite to online access is a strong tool for protecting against fraud. Plan participants should be educated about the value of multifactor identification. 

Fourth, plan participants should use good online hygiene as well. No participant should log in to her retirement account in a public place where she can be recorded entering her password. Further, a participant logging on to his retirement account should think carefully before using potentially unsecure public WiFi to do so. Other sources of vulnerability include phishing attacks. Participants should, as a matter of course, never click on links or respond to requests for confidential information. Participants should keep their home computer and smartphone software up to date by installing any recommended software patches. 

Finally, one great way for an ERISA fiduciary to educate participants about online security is to distribute the DOL’s “Online Security Tips” directly to participants. These tips teach participants how to reduce the risk of fraud and loss to retirement accounts. Some plan sponsors have already put these tips on their websites and have sent them to participants by mail. Others are even including them in summary plan descriptions (SPDs).

Account Guarantees

Some recordkeepers provide “account guarantees” or other programs to protect participant accounts from fraudulent distributions. When selecting and monitoring their recordkeepers, plan fiduciaries can check with their recordkeepers to see what guarantees they provide. Sometimes there are conditions to the guarantee (e.g., checking your account balance at least once a month) that can be communicated to participants. And, as always, where possible, getting a service provider’s guarantee in writing can benefit both plan fiduciaries and participants.

Conclusion

Don’t let lightning strike in your plan. If you are an ERISA fiduciary, you play a key role in helping your participants guard against the theft of their accounts at the hand of cybercriminals. Take the steps noted above and stay abreast of developments in this rapidly evolving area. 

 

Jeanne Klinefelter Wilson is a principal with Groom Law Group. She has served as ERISA [Employee Retirement Income Security Act] counsel for over 15 years. Wilson led the Department of Labor (DOL)’s Employee Benefits Security Administration (EBSA) from 2017 until earlier this year in the roles of acting assistant secretary and deputy assistant secretary. 

This feature is to provide general information only, does not constitute legal or tax advice and cannot be used or substituted for legal or tax advice. Any opinions of the author do not necessarily reflect the stance of Institutional Shareholder Services Inc. (ISS) or its affiliates.

«