401(k) Compliance isn't always automatic
- Claire Baker
- May 25
- 2 min read
A process without context is like pulling the pin and handing off a grenade to someone who doesn't know what they're holding.
When it blows up, you both get burned.

"David just asked why he needs to take $5,000 out of his 401k. What happened?"
Crap. I was hoping to get in front of this.
"Remember last year when we suggested adding a 401k match after the layoffs? Yeah... this is why."
The company had pivoted, cutting a product line and shifting to a leaner, less specialized team. The new strategy was working, but it shifted the compensation dynamics.
A less experienced team meant lower salaries and not much left over for retirement, making the leadership team's contributions disproportionately high.
We knew the compliance risks when we picked the non-Safe Harbor 401k option. We thought we were keeping an eye on it.
"But I thought we were running quarterly reports to check this?" The controller was already buried finalizing last year's books. This was just one more damned thing on her plate.
"I spoke to McKenzie. She was running the reports, but she... uh..."
How do you say someone missed something without throwing them under the bus?
"...she thought downloading the report was the whole task. She didn’t even know what an HCE was."
The controller said a bad word. "I created a process to prevent this. I don’t think McKenzie is working out."
I'd seen the SOP. It listed the steps, but didn’t explain what any of it meant. McKenzie did the task. She just didn’t know what she was looking for.
If you're going to delegate compliance, you have to tell people when to escalate.
McKenzie didn't need to know about the details of nondiscrimination testing or the ADP tests. She just needed to know how to spot a problem and clear "if:then" instructions.
A few more details would have changed everything:
→ "Check these 12 rows. Make sure they're still with the company."
→ "Make sure this cell is less than 1.25."
→ "Make sure this part of the dashboard doesn't say 'At Risk'."
→ "If any of the above, export the report and email Vanessa."
But not all controllers are good technical writers.
Policy. Process. People.
If they’re not talking to each other, that’s your first red flag. ⛳️
Struggling to turn complexity into compliance? We can help.
Comments