A Guide to ERISA Compliance for Small Businesses Running a small business means wearing a lot of hats. When you add federal benefits compliance to the mix, the complexity can feel disproportionate — especially when most small business owners assume laws like ERISA are designed for large corporations with dedicated legal teams.

They're not. ERISA applies to most private-sector employers regardless of company size. A two-person business offering group health insurance faces the same core obligations as a company with 500 employees — and the penalties for getting it wrong are real.

The DOL's Employee Benefits Security Administration oversees approximately 2.6 million health plans and 801,000 private retirement plans, covering more than 156 million workers. In FY 2024 alone, EBSA recovered $1.384 billion through enforcement actions and complaint resolutions. Small businesses are not immune.

This guide covers what ERISA requires, which plans trigger compliance obligations, the penalties for common violations, and practical steps — including how partnering with a PEO can take most of this off your plate.

Key Takeaways

  • ERISA applies to most private-sector employers offering benefit plans, regardless of company size
  • Compliance requires written plan documents, SPD distribution, fiduciary duties, and Form 5500 filing
  • Penalties for violations range from $110/day for missing document requests to $2,670/day for late Form 5500 filings
  • Insurance certificates from carriers do not satisfy ERISA's plan document or SPD requirements
  • PEOs take on most ERISA administrative obligations through co-employment, reducing your compliance burden

What Is ERISA and Why Does It Matter for Small Businesses?

ERISA exists to protect your employees — ensuring their benefit plans are administered fairly, funds are managed responsibly, and participants receive accurate information about what they're entitled to. For small business owners, that protection comes with real obligations attached.

Formally, ERISA (the Employee Retirement Income Security Act of 1974) is the federal law setting minimum standards for most voluntarily established employee benefit plans in the private sector. It covers both retirement plans (401(k)s, pensions, profit-sharing) and health and welfare plans (medical, dental, disability, life insurance).

The Three Pillars of Employer Responsibility

Every employer subject to ERISA must understand these three obligations:

  1. Disclosure — Providing participants with written information about their benefits, rights, and plan terms (SPDs, notices, annual reports)
  2. Fiduciary conduct — Acting solely in participants' best interests when managing plan assets and making plan decisions
  3. Government reporting — Filing required reports with the DOL and IRS, primarily Form 5500 for larger plans

Three pillars of ERISA employer responsibility disclosure fiduciary reporting

These aren't bureaucratic formalities. Each pillar carries real liability if ignored, including DOL audits, participant lawsuits, and civil penalties that can reach into the tens of thousands of dollars.

One misconception that trips up small businesses specifically: delegating plan management to a third-party administrator does not transfer fiduciary responsibility. The employer retains it. If the administrator makes a mistake or acts imprudently, the liability still lands on you.

Does ERISA Apply to Your Small Business?

The short answer: if you offer benefit plans to employees, ERISA almost certainly applies to your business.

There is no small-employer exemption under ERISA. The law's trigger is maintaining a covered plan — not your employee count. A business with two employees offering group medical coverage has the same core ERISA obligations as one with two hundred.

Plans That Trigger ERISA Coverage

ERISA applies when you offer any of the following:

  • Group medical, dental, or vision insurance
  • Life insurance and AD&D coverage
  • Short-term and long-term disability plans
  • Health FSAs and Health Reimbursement Arrangements (HRAs)
  • 401(k) plans, pension plans, and profit-sharing plans

Who Is Exempt

ERISA does not apply to:

  • Government employers — federal, state, and local entities
  • Churches and religious organizations — unless they voluntarily elect ERISA coverage
  • Employers offering no formal benefit plans
  • Plans maintained solely to comply with workers' compensation or disability insurance laws

One misconception worth flagging: the absence of an HR department or formal written documentation does not exempt your business. If employees are receiving benefits, ERISA likely applies — and "we didn't know" is not a defense the DOL accepts.

Plan funding structure doesn't change this calculus either. Both fully insured and self-funded plans are subject to ERISA. Fully insured plans may also face state insurance regulations under ERISA's savings clause, while self-funded plans are generally shielded from state law by the deemer clause.

Key ERISA Compliance Requirements for Small Businesses

Written Plan Documents

Every ERISA-covered plan must be established and maintained under a written instrument. This is not optional — it's a statutory requirement under 29 U.S.C. § 1102.

Many small employers assume the benefit booklet or certificate of coverage from their insurance carrier satisfies this requirement. It does not — carrier materials describe benefits but typically omit required ERISA plan document terms.

A separate written plan document is required. Many employers use a wrap document that consolidates multiple benefits into a single compliant instrument.

Summary Plan Description (SPD)

An SPD translates the plan document into plain language for participants. Timing requirements are strict:

  • New participants must receive an SPD within 90 days of becoming covered
  • For a new plan first subject to ERISA, distribution must occur within 120 days
  • When material changes occur, a Summary of Material Modifications (SMM) is generally due within 210 days after the plan year end, or within 60 days for material reductions in health benefits

Fiduciary Responsibilities

A fiduciary is anyone with discretionary authority over plan management or assets — and that includes the employer, even if a third-party administrator handles day-to-day operations.

Fiduciary obligations include:

  • Acting solely in participants' and beneficiaries' best interests
  • Following the written plan document
  • Managing plan assets prudently
  • Monitoring service providers to ensure they're meeting plan standards

Hiring a TPA shifts administrative tasks — not legal responsibility. If a TPA mismanages plan assets or fails participants, the employer can still face personal liability under ERISA.

Form 5500 Reporting

Beyond fiduciary duties, ERISA imposes direct reporting obligations on plan sponsors. Plans with 100 or more participants at the beginning of the plan year generally must file Form 5500 annually. The due date is the last day of the 7th calendar month after the plan year ends, with a 2.5-month extension available via Form 5558.

Smaller welfare plans (fewer than 100 participants) are generally exempt from Form 5500 if they're unfunded, fully insured, or a combination. However, certain arrangements — including multiple employer welfare arrangements — must file regardless of size.

Required Ongoing Notices

Notice Trigger / Timing
COBRA General Notice Within 90 days of coverage beginning
COBRA Election Notice Within 14 days of plan administrator receiving qualifying event notice
Summary of Benefits and Coverage (SBC) At application, enrollment, and renewal; 30 days before automatic renewal
Summary Annual Report (SAR) Within 9 months after plan year end

Common ERISA Violations and Penalties Small Businesses Face

Most small businesses don't discover an ERISA violation until they're already facing a penalty notice. Without dedicated HR or legal staff, compliance gaps build quietly — and the fines are steep.

Failure to Provide Plan Documents to Participants

Under ERISA Section 502(c)(1), if a participant or beneficiary makes a written request for plan documents and the employer fails to respond, courts may impose penalties of up to $110 per day.

Failure to File Form 5500

This is one of the costlier traps. The DOL can impose penalties of up to $2,670 per day for late or missing Form 5500 filings, with no prescribed maximum cap. The IRS adds a separate penalty of $250 per day, up to $150,000, under IRC Section 6652(e).

ERISA violation penalty amounts comparison chart for small business employers

Failure to Provide Documents to the DOL

When the DOL requests plan documents during an audit or investigation, non-compliance carries a penalty of up to $190 per day, capped at $1,906 per request.

Fiduciary Breaches

Fiduciary liability is personal. A fiduciary who breaches their duties is personally liable to:

  • Restore losses to the plan
  • Return profits gained through improper use of plan assets
  • Face equitable remedies, including removal from the fiduciary role
  • Share liability as a co-fiduciary if they knew about another fiduciary's breach and failed to act

The Most Common Small Business Mistake

Beyond these specific penalties, one underlying mistake drives a disproportionate share of small business violations: assuming the insurance carrier's benefit summary satisfies ERISA. It doesn't. Carrier booklets describe plan benefits but don't contain the full ERISA-required plan document or SPD content. Employers who rely on carrier materials alone are out of compliance and exposed to penalties, even when their employees have active coverage.

ERISA Compliance Checklist for Small Businesses

Use this as a baseline audit, not a one-time setup exercise. ERISA compliance is ongoing.

Documentation

  • Maintain a written plan document (or wrap document) for each covered benefit plan
  • Confirm carrier certificates are supplemented by proper plan documents — not used as substitutes
  • Keep plan documents updated when plan terms change

Participant Communications

  • Distribute SPDs to new participants within 90 days of coverage
  • Issue SMMs within required timeframes after material plan changes
  • Provide required notices: COBRA general notice, SBC, SAR

Reporting

  • Determine whether Form 5500 filing is required based on participant count and plan structure
  • File by the due date (last day of the 7th month after plan year end) or request an extension

Fiduciary Oversight

  • Identify all plan fiduciaries and ensure they understand their responsibilities
  • Review service provider agreements to confirm TPAs are meeting their obligations
  • Conduct an annual plan review

Free Resources The DOL's Employee Benefits Security Administration (EBSA) offers free compliance assistance, fiduciary guidance publications, and the Voluntary Fiduciary Correction Program (VFCP) for employers who identify violations and want to correct them before enforcement action. Free resources cover a lot of ground, but plan-specific questions — especially around fiduciary liability or multi-state coverage — typically require a benefits attorney or HR compliance expert. Many small businesses also offload ongoing plan administration to a PEO, which handles day-to-day ERISA obligations as part of its co-employment structure. A broker like HRO Advisors can match you with PEO providers that include built-in compliance support at no additional consultation cost.

How PEOs Help Small Businesses Manage ERISA Compliance

For small businesses without dedicated HR or legal staff, the administrative weight of ERISA compliance is significant. A Professional Employer Organization (PEO) can absorb much of that burden through the co-employment model.

PEOs frequently act as ERISA plan sponsors and named fiduciaries over the benefit plans they administer — meaning they assume responsibility for plan documentation, fiduciary oversight, and required disclosures. When a small business accesses health, dental, or retirement benefits through a PEO, those plans are typically already structured to meet ERISA requirements, including written plan documents and SPDs.

The access advantage matters, too. Only 16% of employees at companies with fewer than 10 workers have access to an employer-sponsored retirement plan. Among PEO clients in the same size range, that figure jumps to 40% — because PEOs offer large-group plan structures that individual small employers can't replicate independently.

Where HRO Advisors Fits In

Finding the right PEO for your ERISA obligations isn't straightforward — providers vary significantly in their fiduciary support, plan documentation practices, and benefits administration capabilities. HRO Advisors is a free PEO broker that compares up to 8 providers side-by-side, helping small businesses identify partners that match their specific compliance needs across both retirement and health/welfare plans.

The comparison process covers what matters for ERISA compliance:

  • Reviews your current benefits, HR costs, and compliance requirements
  • Analyzes a network of 500+ PEO providers for fit
  • Evaluates fiduciary support, plan documentation, and benefits administration capabilities
  • Delivers a side-by-side comparison in under two weeks

HRO Advisors PEO comparison process showing side-by-side provider analysis dashboard

The service costs the small business nothing. HRO Advisors is compensated by the selected PEO, and that compensation doesn't increase the client's costs. Clients report savings of up to 40% on HR costs through the process.

To get started, contact HRO Advisors at 866-755-0288 or info@hro-advisors.com.

Frequently Asked Questions

What are the requirements for ERISA compliance?

Core obligations include maintaining written plan documents for each covered benefit plan, distributing SPDs to participants within required timeframes, meeting fiduciary conduct standards, filing Form 5500 when required, and providing ongoing notices such as COBRA notices, SBCs, and SMMs.

Does ERISA apply to small businesses?

Yes. ERISA applies to most private-sector employers offering benefit plans regardless of company size. The trigger is maintaining a covered plan — not your employee count. Exemptions apply only to government entities, churches, and employers who offer no formal benefit plans.

What are common ERISA violations?

The most frequent violations include:

  • Failing to distribute an SPD to plan participants
  • Missing Form 5500 filing deadlines
  • Relying on insurance carrier materials instead of a proper written plan document
  • Breaching fiduciary duties by failing to monitor service providers

What employee benefit plans are covered under ERISA?

ERISA covers most employer-sponsored benefit plans, including:

  • Group health plans (medical, dental, vision)
  • Life and disability insurance
  • Health FSAs and HRAs
  • 401(k) plans, pension plans, and profit-sharing plans

Government and church plans are generally exempt.

What is a fiduciary under ERISA?

A fiduciary is anyone with discretionary authority over plan management or assets — including the employer. Fiduciaries are personally liable for losses resulting from a breach of duty and must act solely in participants' best interests, even when using third-party administrators.

Can a PEO help small businesses with ERISA compliance?

Yes. PEOs frequently act as plan sponsors and named fiduciaries, handling plan documentation, required disclosures, and benefits administration. HRO Advisors can match your business with an ERISA-compliant PEO at no cost, comparing up to 8 providers side-by-side to find the right fit.