401k lesson on whiteboard A 401(k) can be one of the most valuable benefits you offer your employees, but for employers, it comes with legal and financial responsibility that can create real risk if it’s not managed correctly.

You don’t need to be an expert. You just need to understand how the plan works, where problems tend to happen, and what to check on a regular basis.

What does offering a 401(k) make me responsible for?

A 401(k) is generally governed by federal law under the Employee Retirement Income Security Act (ERISA) for private-sector employers. Public-sector and church-sponsored plans typically follow different rules and are not subject to ERISA in the same way.

When you offer a 401(k), you take on what’s called a fiduciary role, which means you’re legally responsible for acting in your employees’ best interest when it comes to the plan.

That includes choosing providers and things such as making sure fees aren’t excessive, the plan is operating according to federal regulations, and that employees are treated fairly under plan rules. This isn’t something you can set up once and assume is being handled correctly forever.

If you already have a plan in place, a good starting point is confirming a few basics:

Who your providers are (recordkeeper, advisor, payroll)

How your plan fees are structured

Who internally is responsible for oversight

If you can’t answer those questions confidently, it’s often the first sign the plan isn’t being actively managed.

Who is involved in running the plan and how do I keep them aligned?

Rather than a single entity managing everything, it takes a specialized team to keep the plan running smoothly.

Each group has a defined role, but problems usually don’t come from one party failing; they come from disconnects between them.

Payroll → calculates and sends contributions

Recordkeeper → tracks employee accounts

Third-Party Administrator (TPA) → handles compliance, testing, filings

Advisor → investment guidance

A TPA is typically responsible for making sure the plan is operating according to IRS and Department of Labor rules. This work (such as eligibility tracking, nondiscrimination testing, and annual filings) often relies on data provided by payroll and the recordkeeper.

You, as the employer and plan sponsor, are responsible for making sure all of these pieces are working together.

If you choose to ‘bundle’ some of these roles, a single provider will handle several of them under one platform. Large national providers like Fidelity Investments offer a ‘bundled’ approach, often acting as your recordkeeper, investment manager, and administrator all in one.

How do I know if my 401(k) fees are reasonable?

As a plan sponsor, you have a fiduciary duty, which means a legal obligation to act in your employees’ best interest. Part of that includes making sure plan fees are reasonable for the services being provided. Reasonable doesn’t mean the lowest; it means appropriate for the size of your plan and the services you’re receiving.

Most plans include administrative fees, investment fees (often called expense ratios), and sometimes advisor fees. Some fees are built into investment options and aren’t always obvious at first glance because some are deducted from investment returns rather than billed directly. These fees are often paid by employees through their accounts, not directly by the business.

If you haven’t reviewed your plan fees in the past year or two, that’s a practical next step. Ask your 401(k) provider for a fee breakdown and a comparison to similar plans. This is often called a fee benchmark, which simply means comparing your plan costs to others like it to see if they are in line.

If I hire experts, am I still responsible for the plan?

Yes, and this is where outsourcing can create a false sense of security.

You can hire experts to help manage the plan, and in some cases, they can take on specific fiduciary roles. But you’re still responsible for choosing those partners carefully and monitoring them over time.

You can delegate tasks, but not responsibility.

That doesn’t mean it would need constant involvement. It means having a regular check-in to review how the plan is performing, whether fees still make sense, and whether your providers are doing what they’re supposed to do. For many businesses, doing this at least once a year is a practical baseline.

How fast do employee contributions need to be deposited?

The rule isn’t based on a fixed deadline. Instead, the Department of Labor (DOL) requires contributions to be deposited as soon as you’ve finished running payroll and the money is ready to be sent to the plan provider, but no later than the 15th business day of the following month

Essentially, the DOL requires you to deposit funds as quickly as your process reasonably allows. While they generally consider 7 business days a safe harbor for small plans (fewer than 100 participants), it’s not a free pass; if you can send them in two days but wait for seven, you could still be flagged for a late deposit.

For Example:

You run payroll on Friday and withhold the contributions. If that money sits in your business account for two or three weeks instead of being sent the following week, it’s a late contribution.

Even if the delay was unintentional, it triggers IRS penalties, lost earnings corrections, and extra IRS reporting. In the eyes of the law, this is more than just a late payment; it is a “prohibited transaction”. This means you have mishandled employee trust funds, which can trigger an automatic 15% excise tax for every year the money is late. If it isn’t fixed quickly, that penalty can skyrocket to 100% of the amount involved.

This is why timing and consistency matter more than most employers realize.

Why should I be paying attention to this right now?

Many states have created retirement savings programs that are designed for workers whose employers do not provide a 401(k) or similar retirement plan.

The details are not the same in every state. Requirements can vary based on how many employees you have, how long you’ve been in business, and when the state rolled the program out. Some states require employers to register and automatically enroll employees, while others have different timelines or rules.

Because of that, it’s important to check the requirements in the specific states where your employees work. If you already offer a 401(k), you can usually avoid having to participate in a state program.

The “Setting Every Community Up for Retirement Enhancement Act of 2022” (SECURE 2.0 Act ) made two important changes for many workplace retirement plans.

First, some long-term part-time employees must be allowed into 401(k) plans after two consecutive years with at least 500 hours of service, instead of three. But, employers are not required to offer matching or other contributions to those individuals (unless they choose to) under the law. This change applies to plan years beginning after December 31, 2024. For ERISA-covered 403(b) plans, similar long-term part-time employee rules also take effect for plan years beginning after December 31, 2024.

Secondly, SECURE 2.0 added automatic enrollment requirements for many 401(k) and 403(b) plans established on or after December 29, 2022. In general, these rules apply to plan years beginning after December 31, 2024, meaning many calendar-year plans were affected starting January 1, 2025

Some employers do not have to follow the automatic enrollment rule right away – or at all. The main exceptions include plans that were already in place before December 29, 2022, as well as governmental plans and church plans.

There are also exceptions for certain smaller or newer employers. For example, the rule does not apply to employers that have been in business for less than three years, or that normally have 10 or fewer employees.

If you’re an established business with more than 10 employees and you’re starting a new retirement plan, there’s a good chance these automatic enrollment rules will apply to you. To learn more, a good next step is to review the latest IRS guidance on retirement plan requirements.

What should I be reviewing on a regular basis?

You don’t need to be hands-on with your 401(k) every week, but you do need a reliable way to confirm that the fundamentals are being handled correctly over time.

A practical baseline for most employers includes checking the following at least once a year:

Contribution timing – Are employee deferrals and employer contributions being deposited as quickly as your payroll process allows, every payroll, without exceptions or workarounds?

Fees and plan costs – Have you reviewed what employees are actually paying, and whether those fees still make sense for a plan of your size, within the past year or two?

Eligibility and enrollment – Are employees being included in the plan at the right time based on your plan rules?

Provider coordination – Are payroll, your recordkeeper or TPA, and any advisors aligned on roles and data flow? And is it clear who is responsible when something doesn’t line up?

Ownership and accountability – Internally, is there a clearly defined person responsible for oversight, questions, and follow-up related to the plan?

Plan fit – Does the plan still reflect your workforce today, especially if you’ve grown, hired across states, or changed how employees are paid?

These reviews don’t need to be complex or time-consuming. What matters is that they happen consistently, and that responsibility isn’t assumed or left undefined.

Supporting your employees without creating unnecessary risk

A well-run 401(k) does more than help employees save for retirement. It signals that you’re a thoughtful employer who takes responsibility seriously.

But that benefit only works if the plan is understood, monitored, and supported by the right systems.

Most employers who run into trouble didn’t make reckless decisions. They relied on manual processes, unclear handoffs, or outdated assumptions about how their plan was being managed …until something surfaces during an audit, employee question, or compliance review. Then it becomes harder and more expensive to fix.

That’s where having the right support matters.

Where CommPayHR Fits in and How We Support You

At Commonwealth Payroll & HR, our role is to make sure payroll isn’t just “submitting contributions,” but actually working in sync with your 401(k) plan the way it should. And if something comes up, you’re not calling into a general support line. You’re reaching your dedicated Customer Service & Support Specialist who already knows your account and can jump in without you having to explain everything all over again.

If you’d like a clearer picture of how this could work for your business, let’s connect. We’re always happy to walk through it with you.

All Insights & Resources

Upcoming Webinar

Stop Playing Referee: Help Managers Handle Conflict

The 401(k) Responsibilities Employers Can’t Afford to Miss

What does offering a 401(k) make me responsible for?

Who is involved in running the plan and how do I keep them aligned?

How do I know if my 401(k) fees are reasonable?

If I hire experts, am I still responsible for the plan?

How fast do employee contributions need to be deposited?

Why should I be paying attention to this right now?

What should I be reviewing on a regular basis?

Supporting your employees without creating unnecessary risk

Where CommPayHR Fits in and How We Support You

Related News

Your Workforce Has Changed. Are Your Benefits Keeping Up?

SECURE 2.0 Changes Are Here. Is Your Payroll Ready?

Paid Family Medical Leave: What Employers Need to Know About Private Plans