Know which agencies and compliance directives put your business at risk.

In 2012, the first wave of audits enforcing health care reform compliance directives under the Patient Protection and Affordable Care Act (ACA) ran its course. Just three years later, the risks have further elevated as other government bodies that co-enforce the ACA are introducing new audit activities of their own.

“The reality is that government entities are now working in tandem under inter-agency ‘memorandums of understanding’ that communicate with each other about their audit findings,” said Dennis Fiszer, Chief Compliance Officer, Eastern Region, HUB International. “If an auditor notices a problem outside of his or her enforcement zone, the auditor will often pass along specific ‘tips’ about which organizations have compliance weaknesses.”

The reason for this new surge in audits is three-fold:

  • ACA Funding Gap – As the gap grows larger, the government will become increasingly compelled to make up the shortfall by seeking penalty enforcement recoveries. 
  • ACA Complexity - ACA-related regulations are estimated to be over 25,000 pages. The scope of these requirements and the lack of detail on how it applies to real world situations all heighten the risk for compliance breakdown and therefore potential audits.
  • Employee or Plan Participant Complaints - Every agency now maintains an online presence soliciting the public to communicate with them directly about workplace issues they witness, which can trigger audits.

Employers must ramp up their efforts to ensure compliance ahead of a potential audit. The best way to do this is to know which government entities and laws could put your business at risk.

Common Employee Benefits Audit Triggers

In addition to some state exchanges, federal agencies including the Department of Labor (DOL), the Department of Health and Human Services (HHS), the Internal Revenue Service (IRS) and the Equal Employment Opportunity Commission (EEOC), have all increased audit activities, targeting specific directives (see side bar for a complete list). The following are a few common audit triggers that apply across markets.

DOL Audit Triggers 

  • Age 26 coverage: Health plans must provide a sample of the written notice describing enrollment rights for dependent children up to age 26 who have used the plan since September 23, 2010.
  • Retroactive coverage takeaways (recessions): If the plan has rescinded coverage, it must supply a list of all affected individuals and a copy of the written notice 30 days in advance of each rescission. For any identified rescissions, the auditor will seek to discern whether the ACA’s fraud standard, or an intentional misrepresentation of a material fact, justified the rescission. 
  • Grandfather status: Employers that are retaining grandfathered plan status must provide documentation to substantiate that status, as well as a copy of the required annual notice distributed to participants advising of the plan’s grandfather protections. Not surprisingly, the agencies are generally unfriendly to grandfather protections and may scrutinize the validity behind an employer’s attempt to assert such status. 
  • Waiting periods: Plan sponsors are precluded from using waiting periods that delay coverage beyond 90 days from hire date. The DOJ may examine whether that occurred in a representative number of situations, but most especially if an employee has complained of a potential violation. 

IRS Audit Triggers

  • ACA reporting: The ACA now requires a self-reporting employer mechanism to assist the IRS with oversight of the federal mandate to offer full-time employees “minimum value” health coverage at an “affordable” contribution. In the future, failures associated with employer reporting (primarily the 1094-C and 1095-C forms) can trigger penalties of $100 per incident up to $1.5 million.  Employer reporting could also reveal additional underlying employer health coverage mandate violations. Although those penalties are triggered separately, mistakes have the potential to produce substantial fines. And assessments exceeding $3,000 annually may be triggered for specific people if the coverage is not actually affordable, even if the employer has comprehensively offered coverage to its entire full time workforce. 
  • Hours tracking: Under the ACA, the standard for eligibility has been set at 130 hours per month. An employer with a workforce that keeps unpredictable hours - including those expected to work fewer than 130 hours per month - will necessitate the use of complicated “variable hour” tracking and status designations, which can invite significant enforcement scrutiny. 

Ramp Up Compliance Efforts Today

Just as audit failures can result in significant penalties for organizations that sponsor employee benefit programs, similarly enforcement agencies benefit greatly from this supplemental revenue, even using it to hire more auditors (as has been seen with CMS Medicare Secondary Payer enforcement).  

“Although federal regulators have publicly indicated that for the initial phases of ACA compliance, the agencies ‘wish to cooperate’ with employers to help them understand the new law before throwing the book at anyone, HUB recommends that employers ramp up compliance efforts now to help ensure they do not bump into problems down the road,” said Fiszer.  

For any employer that is contacted by an enforcement body, HUB suggests a comprehensive and organized response to help push the government towards an easier target. The more prepared and organized a plan sponsor is in advance, the more efficiently and swiftly a plan-related compliance audit can be resolved. For more information on how to avoid these and other penalties triggered by an audit, contact your HUB Employee Benefits team.