401(k) Plan Distributions – A Plan Administrator’s Guide

As 401(k) plan administration becomes increasingly digital, plan sponsors must adjust to evolving responsibilities around participant distributions. While many plan providers process transactions entirely online, this convenience doesn’t absolve plan sponsors from their fiduciary duties.

From termination payouts to hardship withdrawals, understanding how different types of distributions work is critical to maintaining compliance and protecting participant assets.

Below, we outline the most common distribution types, your responsibilities as a plan sponsor, and practical tips to stay compliant in an increasingly digital environment

Digital Distributions and New Cybersecurity Risks

Traditional, paper-based distributions are rapidly becoming a thing of the past. Today, participants can request distributions online or over the phone through a recordkeeper. These digital conveniences come with heightened cybersecurity risks, especially as AI deepfake technology makes it easier for criminals to verbally impersonate participants.

“Fun” social media challenges can often reveal answers to common security questions, such as the street they grew up on or their childhood pet’s name. Criminals can easily use this information to reset passwords and compromise accounts to make fraudulent distribution requests.

If a participant’s funds are stolen, both the plan sponsor and the service provider can face litigation. Even when outsourcing to a third-party administrator, plan sponsors can be held liable if they’re unable to prove they have proper controls in place, regardless of how long ago the theft took place. Without the records to show the funds have been distributed to the correct account, the law places the burden of repayment on the employer, not the employee.

Review your third-party provider’s SOC report to understand their cybersecurity controls and your responsibilities as the plan sponsor.

Termination Distributions

When participants leave employment, either voluntarily or involuntarily, they may request to withdraw or roll over their 401(k) balance. Distributions are typically initiated by the participant online through the plan service provider.

Plan Sponsor Responsibilities

  • Verify Employment Data: Ensure that hire and termination dates are entered correctly before authorizing distributions, as vesting calculations rely on these dates.
  • Understand Vesting Rules: Review your vesting schedules, particularly if they’re non-standard formulas. It’s not uncommon to confuse formulas based on calendar year versus hourly, leading to severe errors. Remember that different types of employer contributions can have different vesting schedules. Keep employees educated about your standard, especially those in payroll.  
  • Clarify Third Party Administrator Roles: Some plan providers are “full service,” meaning they’ll process nearly every type of distribution without intervention from the plan sponsor. Others expect the plan sponsor to direct them while others require the plan sponsor to authorize each transaction. Confirm specific procedures by reviewing your provider’s plan administration handbook, which may be available online.
  • Use a Termination Checklist: Include a step for 401(k) plans to remind participants to take action on their account. An exit letter can outline a participant’s benefits, what’s available to them now and where they can find it.
  • Enforce De Minimis Rules: Consider adding de minimis rules to close accounts with small balances. Doing so can:
  • Maintain Records: What are your document retention policies for terminated employees? Discarding these documents too quickly can cause issues with your 401(k) plan audit if a distribution error is discovered. Your plan document should hold the answer. You should also keep your participant records updated. A cell phone number may be more helpful than an address to track someone down.

Retirement Distributions

Retirement distributions operate similarly to termination distributions but are often accompanied by required minimum distributions (RMDs) for participants who leave funds in the plan.

Plan Sponsor Responsibilities

  • Identify Retirees Early: Create a system in your payroll or HR software to flag employees nearing retirement age. Track birth dates and check for errors.
  • Educate Participants: Provide educational materials about RMD rules to help retirees avoid tax penalties.
  • Keep Contact Information Current: Outdated addresses and phone numbers, or missing beneficiary forms can create confusion and disorder, delaying or even preventing participants from accessing their funds.

Death or Disability Distributions

While less common, distributions due to death or disability can be complex. The process will vary by provider, but plan sponsors should be ready to coordinate with recordkeepers and beneficiaries.

Plan Sponsor Responsibilities

  • Know the Process: Contact your service provider immediately to determine the required forms and steps.
  • Keep Beneficiary Forms Updated: Encourage employees to review their beneficiary designations annually. A single oversight, like a divorce or remarriage, can create disputes between multiple claimants.

Hardship Withdrawals

SECURE Act 2.0 brought significant updates to hardship withdrawals. The retirement legislation introduced other distribution options that qualify as hardships, such as domestic abuse, and allows participants to self-certify their eligibility. Employees are also no longer required to take a loan under these conditions. While this simplifies access for participants, there are consequences that they need to be educated about in order to make an informed financial decision. 

Plan Sponsor Responsibilities

  • Understand Provider Rules: Some recordkeepers handle tax withholding automatically, but others don’t. Educate participants about the tax implications of their choice. If tax isn’t taken out up front, it can lead to an unexpected tax bill.
  • Review Documentation Policies: Is your plan sponsor expected to approve any required documentation? Your plan document should have information about your document retention policy concerning financial hardship documentation. Your auditor will likely ask for those documents, so maintain them carefully according to your plan document.
  • Remind Participants About Self-Certification: Participants certify hardship withdrawals under penalty of perjury. The IRS or Department of Labor will expect your participants to provide proof of their claims to prove they’re qualified distributions. Educate them on the importance of documenting their claims for their own protection.
  • Protect Sensitive Information: Hardship documentation can include confidential details such as medical records, adoption plans or domestic abuse reports. Verify that your provider’s systems safeguard this data.
  • Confirm Demographic Data: Hardship withdrawals are only going to be on 100% vested funds, so you have to make certain that your demographic data is correct.

QDRO Distributions

Qualified Domestic Relations Orders, or “QDROs” typically arise during divorce proceedings and are governed by a court order. Work closely with your third-party administrator and recordkeeper to ensure documentation is accurate and vesting percentages are correct. Errors here can result in costly legal delays for your participants.

59½ In-Service Distributions

Participants aged 59½ or older may be eligible to withdraw funds without leaving employment, provided your plan allows it. Your service provider will determine eligibility. Confirm that birth dates in your system are accurate so eligibility can be properly verified.

Vesting and Forfeitures

Vesting determines how much of the employer-contributed balance a participant is entitled to keep. Errors in vesting schedules are a frequent audit finding and can be costly to correct.

When unvested funds are forfeited, they move into a 401(k) forfeiture account that can be used to offset employer contributions or plan expenses. However, if an error results in improper forfeitures, the employer may have to restore funds to the plan using company assets.

Regularly review your vesting schedules and reconcile forfeiture accounts with your service provider.

Spousal Consent Requirements

Spousal consent rules vary by plan document and provider, but the intent is to prevent one spouse from withdrawing funds without the other’s knowledge. Plan sponsors should confirm whether their plan requires spousal consent and how their recordkeeper manages it.

401(k) plan distributions are a natural part of the process, but with an expanding online world, and new cybersecurity threats, it’s time to take a look at your processes. Your controls will have to adjust to a new, cyber landscape to better protect your participants.

For more information on how our 401(k) audit team can help, request a free consultation below to discuss your unique 401(k) audit needs.

View all Blog Posts

Our firm provides this information for general educational guidance only and does not constitute the provision of legal advice, tax advice, accounting services, investment advice, or professional consulting of any kind. The information provided herein should not be used as a substitute for consultation with professional tax, accounting, legal, or other competent advisers. Before making any decision or taking any action, you should consult a professional adviser who has been provided with all pertinent facts relevant to your particular situation. Podcasts posted by Anders CPAs + Advisors are not intended to be used and cannot be used by any individual or business, for the purpose of avoiding accuracy-related penalties that may be imposed on the taxpayer. The information is provided "as is," with no assurance or guarantee of completeness, accuracy, or timeliness of the information, and without warranty of any kind, express or implied, including but not limited to warranties of performance, merchantability, and fitness for a particular purpose. Please note that some content may be generated using artificial intelligence and is intended for educational and informational purposes only. In no way does listening, reading, emailing or interacting on social media with our content establish a professional relationship.