SECURE Act 2.0: Key Provisions Plan Sponsors Need to Address Now

SECURE Act 2.0: Key Provisions Plan Sponsors Need to Address Now

The SECURE 2.0 Act of 2022, enacted as part of the Consolidated Appropriations Act of 2023, introduced a phased series of changes to defined contribution retirement plans that continue to take effect through 2026 and beyond. For plan sponsors, HR directors, and fiduciary committees, the compliance timeline is active: several provisions with mandatory effective dates have already passed, and additional requirements take effect in 2026. Plan documents, payroll systems, and administrative procedures may require review and amendment to reflect current law.

Three provisions are most likely to require immediate attention: mandatory auto-enrollment, catch-up contribution changes, and student loan matching. Each carries distinct administrative requirements, documentation obligations, and, in the case of mandatory provisions, potential fiduciary exposure for plans that have not yet implemented compliant features.

Mandatory Auto-Enrollment: Effective for Plan Years Beginning After December 31, 2024

Automatic enrollment is now a statutory requirement for most newly established 401(k) and 403(b) plans. Under SECURE 2.0, plans established after December 29, 2022 and with plan years beginning after December 31, 2024 must automatically enroll eligible employees at an initial deferral rate between 3% and 10% of compensation. That rate must then escalate by at least 1% annually until it reaches a minimum of 10%, but no more than 15%, of compensation.

Employees retain the right to opt out or adjust their deferral rate. Existing plans, plans maintained by businesses in existence for fewer than three years, and plans sponsored by employers with 10 or fewer employees are generally exempt from this requirement.

The fiduciary implication is direct: plan sponsors of newly established plans that have not yet implemented compliant auto-enrollment features may be operating outside the terms of current law. Plan documents that predate this amendment cycle may not reflect the required default deferral rates or escalation schedules. Sponsors working with third-party administrators and recordkeepers may find it useful to confirm that system configurations align with the statutory defaults before the next plan year opens.

Catch-Up Contribution Changes: Two Distinct Rules, Both Effective 2026

The catch-up contribution rules under SECURE 2.0 involve two separate changes with different administrative implications.

Enhanced catch-up limits for ages 60 to 63: Beginning in 2026, participants who are age 60, 61, 62, or 63 at any point during the plan year may contribute an enhanced catch-up amount. The 2026 limit for this age band is $11,250, compared to the standard age 50+ catch-up limit of $8,000. Combined with the 2026 base elective deferral limit of $24,500, eligible participants in this age range may contribute up to $35,750 in total deferrals.

Roth-only catch-up requirement for high earners: Also beginning in 2026, participants age 50 or older whose prior-year wages subject to FICA taxes exceeded $150,000 (indexed for inflation) may only make catch-up contributions on a Roth (after-tax) basis, provided the plan offers a Roth feature. The IRS issued final regulations on this provision in 2025, and multiemployer plans received additional transition guidance given the complexity of administering income-based rules across collectively bargained arrangements.

For plan sponsors, this provision has layered administrative requirements. Plans that currently offer catch-up contributions but do not offer a Roth option may need to add one. Otherwise, high-earning participants over 50 could be effectively precluded from making catch-up contributions at all. Payroll systems will need to identify affected participants based on prior-year FICA wage data and route contributions to the correct source type. Plans that have not yet updated their documents and payroll integrations to reflect these rules may benefit from engaging their recordkeeper and legal counsel ahead of the January 1, 2026 effective date.

Student Loan Matching: Optional, but Increasingly Adopted

SECURE 2.0 permits, but does not require, plan sponsors to treat qualified student loan payments (QSLPs) as elective deferrals for purposes of employer matching contributions. Under this provision, an employee who is repaying student loans and therefore contributing less to the plan may still receive employer matching contributions based on their loan payments, up to applicable plan limits.

This provision became effective for plan years beginning after December 31, 2023. The IRS issued proposed regulations on QSLPs in August 2024, providing guidance on certification procedures, anti-abuse rules, and nondiscrimination testing implications.

Adoption of this feature is voluntary. Plan sponsors evaluating implementation may find it useful to assess the nondiscrimination testing implications, particularly whether QLSP matching interacts with existing ACP (Actual Contribution Percentage) test structures. Sponsors who have already adopted the feature without updating their plan documents to reflect the proposed IRS regulations may want to revisit their documentation with counsel.

Plan Document Amendment Deadlines

SECURE 2.0 established a general plan amendment deadline for most provisions. Under IRS Notice 2024-2, the deadline for amending qualified plans to reflect SECURE 2.0 changes is generally December 31, 2026, or January 1, 2027 for governmental plans and collectively bargained plans.

For calendar-year plans, this means the amendment deadline for most SECURE 2.0 provisions is December 31, 2026. Plans that are already operating in compliance with the statutory provisions, even without a formal amendment, are generally permitted to do so under IRS interim amendment procedures, but the formal document update remains a compliance obligation with a defined deadline.

ERISA Enforcement Context

The Department of Labor's Employee Benefits Security Administration (EBSA) reported recovering approximately $1.4 billion in direct payments to plans, participants, and beneficiaries in fiscal year 2023 through its enforcement program. Civil investigations closed with corrective action in that year numbered in the thousands, reflecting ongoing scrutiny of plan administration practices across plan types and sponsor sizes.

Plan sponsors who fail to implement mandatory provisions, such as required auto-enrollment for newly established plans, may face potential liability under ERISA's fiduciary standards, including claims related to plan operation inconsistent with plan documents. Fiduciary committees may find it useful to document their review process and any decisions related to optional SECURE 2.0 provisions as part of standard governance record-keeping.

Considerations for Fiduciary Committees

Several questions may be relevant for fiduciary committee agendas in 2025 and 2026:

• Has the plan been reviewed to confirm whether the mandatory auto-enrollment requirement applies, and if so, whether the plan document and payroll systems reflect compliant default rates and escalation schedules?
• Does the plan currently offer a Roth contribution feature? If not, and the plan has participants over age 50 with prior-year FICA wages above the applicable threshold, what is the plan's approach to the 2026 catch-up requirement?
• Has the plan sponsor evaluated the student loan matching feature, and if adopted, has the plan document been updated to reflect IRS proposed regulations?
• Are plan amendment deadlines tracked and incorporated into the plan's compliance calendar?

Individual circumstances vary. The applicability of each SECURE 2.0 provision depends on plan type, sponsor size, plan year, and existing plan design. Sponsors may find it useful to engage ERISA counsel and their plan's third-party administrator to assess which provisions apply and what documentation updates are required.

Learn more at: siebert.com/401k