Starting a 401(k) sounds like the obvious next step for any business owner who wants to attract talent and lower their tax bill. The reality is messier. Most resources on this topic walk you through four generic steps, mention a tax credit, and move on. They skip the part where a 401(k) might not be your best option at all, where fiduciary liability follows you home, and where fees eat into your plan before a single employee contributes a dollar. The decision hinges entirely on your headcount, your revenue, your willingness to handle compliance, and how much you actually plan to contribute yourself. This article breaks down when a 401(k) makes sense, when another vehicle wins, where the setup process actually goes wrong, and what ongoing obligations most business owners discover too late.
A 401(k) Isn’t Always the Right First Move for a Small Business
The assumption that a 401(k) is the default retirement plan for any employer is widespread and often wrong. Your business size, income level, and administrative appetite should dictate which plan you choose, not what seems prestigious.
The income and headcount thresholds where a SIMPLE IRA or SEP IRA actually wins
If you run a business with fewer than 10 employees and no intention to contribute more than $16,000 per person per year, a SIMPLE IRA does the job at a fraction of the cost. There’s no Form 5500 filing, no nondiscrimination testing, and setup takes days, not weeks. The employer match obligation is modest: either 3% of compensation or a 2% non-elective contribution for all eligible employees.
A SEP IRA works even better for businesses where only the owner (or a handful of highly compensated people) will contribute. You can put away up to 25% of net self-employment income, capped at $69,000 for 2024, with zero employee payroll deductions to administer. The catch is that whatever percentage you contribute for yourself, you must contribute equally for every eligible employee. If you have staff, this gets expensive fast.
The breakpoint where a 401(k) starts making sense is typically when you need higher deferral limits (the 2024 employee limit is $23,000, plus $7,500 catch-up for those 50+), when you want a vesting schedule to incentivize retention, or when your workforce is large enough to justify the compliance overhead. Below that threshold, you’re paying more in administration and legal exposure than the plan is worth. For a deeper comparison of plan mechanics, see our guide on 401(k) Basics: How It Works, Types & Key Terms.
The hidden compliance burden that makes a 401(k) a liability under 10 employees
A 401(k) triggers obligations that SIMPLE IRAs and SEP IRAs avoid entirely. You must file Form 5500 annually with the Department of Labor. You must run nondiscrimination testing (ADP/ACP tests) every year unless you’ve elected Safe Harbor, and failing these tests means correcting contributions retroactively or refunding deferrals to highly compensated employees. You need a written plan document that complies with the IRS Code, a trust to hold assets, and a summary plan description distributed to every participant.
For a five-person company, this infrastructure costs between $1,500 and $5,000 annually in third-party administration fees alone, before any provider platform fees or investment expenses. That’s a significant per-employee cost when spread across a small headcount. A SIMPLE IRA, by comparison, can run on a custodial account with near-zero administrative overhead.
When a solo 401(k) outperforms every other structure for self-employed owners
If you’re self-employed with no full-time employees (a spouse can participate), the Solo 401(k) is the most powerful retirement vehicle available. You get the $23,000 employee deferral plus up to 25% of net self-employment income as an employer contribution, reaching the same $69,000 combined cap as a SEP. The difference is that you can also add a Roth component, take participant loans of up to $50,000, and you won’t file Form 5500 until plan assets exceed $250,000.
No SEP IRA offers loans or Roth contributions. No SIMPLE IRA comes close to the contribution ceiling. The solo 401(k) combines the highest savings potential with the lowest compliance burden of any plan, as long as you remain a one-person (or spousal) operation. The moment you hire a full-time W-2 employee, the structure changes entirely and testing requirements kick in.
Choosing Between Traditional, Safe Harbor, and Auto-Enrollment: The Real Trade-Offs
Once you’ve committed to a 401(k), you still face a plan design decision that most providers gloss over. Each variant locks you into different contribution obligations, testing requirements, and liability profiles.
Safe Harbor kills your flexibility in exchange for skipping nondiscrimination testing
A Safe Harbor 401(k) exempts you from the ADP/ACP tests that determine whether highly compensated employees (HCEs) are benefiting disproportionately. In exchange, you commit to one of three mandatory contribution formulas: a 100% match on the first 3% of compensation plus 50% on the next 2%, a dollar-for-dollar match on the first 4%, or a 3% non-elective contribution to all eligible employees regardless of whether they defer.
The part most guides skip: once you’ve elected Safe Harbor and given notice to employees (typically by October 1 of the prior year), you generally cannot reduce or suspend contributions mid-year unless the plan specifically allows for it and you meet strict IRS amendment procedures. If cash flow tightens in Q3, you’re still on the hook. Traditional plans let you adjust or eliminate employer contributions each year without this constraint. For businesses with volatile revenue, that flexibility has real value. Our 401(k) Employer Match guide explains how matching structures work in practice.
Auto-enrollment boosts participation but creates default investment liability
Auto-enrollment plans automatically deduct a default contribution rate (usually 3% to 6%) from every eligible employee’s paycheck unless they affirmatively opt out. Participation rates in auto-enrollment plans regularly exceed 90%, compared to voluntary enrollment rates that often stall around 60% to 70%.
The liability issue sits in the default investment. When an employee is auto-enrolled, the plan sponsor chooses where their money goes. Those defaults must qualify as a Qualified Default Investment Alternative (QDIA), typically a target-date fund or a balanced fund. If you select a QDIA that underperforms, charges excessive fees, or doesn’t align with the participant population’s risk profile, you carry fiduciary exposure for that choice. The employee never actively selected the fund, so the responsibility stays with you. This isn’t theoretical: ERISA litigation over default investment selection has increased steadily since auto-enrollment became widespread.
Why most advisors push Safe Harbor even when a traditional plan would cost you less
Financial advisors and plan providers earn more when employer contributions flow predictably. Safe Harbor guarantees that. It also simplifies their compliance work, since there’s no annual testing to administer. From the advisor’s perspective, Safe Harbor is the path of least resistance.
But if your workforce is relatively uniform in compensation (no large gap between owner pay and employee pay), a traditional 401(k) may pass nondiscrimination tests without any employer contribution at all. Running the ADP/ACP test costs a few hundred dollars through your TPA. If you pass, you’ve avoided committing 3% to 4% of total eligible payroll in mandatory contributions. For a company with 15 employees averaging $50,000 in compensation, that’s a potential savings of $22,500 to $30,000 per year compared to a Safe Harbor non-elective contribution. The test is worth taking before defaulting to what your advisor recommends.
The Four Steps To Set Up a 401(k), and Where Small Businesses Actually Get Stuck
The procedural steps are well-documented. What isn’t documented is where the friction actually occurs and what shortcuts create problems down the line. If you’re ready to proceed, our How to Set Up 401(k) for Small Business guide covers the operational details.
Drafting the plan document: what the IRS requires vs. what providers template for you
Every 401(k) must operate under a written plan document that satisfies IRC Section 401(a). The document defines eligibility, contribution formulas, vesting schedules, distribution rules, and loan provisions. Most providers offer a pre-approved (prototype or volume submitter) plan document that has already received an IRS opinion or advisory letter.
The risk is in the defaults. Providers template documents with their preferred settings: a specific vesting schedule, a default loan provision (or none), a particular definition of compensation, and eligibility conditions that may not fit your workforce. If you sign without reviewing these provisions, you may end up with a two-year eligibility wait you didn’t intend, or a six-year graded vesting schedule that doesn’t help retention the way you expected. The plan document is a legal contract between you and your employees. Treat it like one.
Selecting a trustee when you’re both the employer and the fiduciary
A 401(k) trust must have at least one trustee responsible for managing plan assets. In most small businesses, the owner names themselves. This is legal, common, and also the reason personal liability becomes real. As trustee, you’re personally responsible for ensuring contributions are deposited within seven business days of the payroll date (or as soon as administratively feasible), that investments are prudently selected and monitored, and that distributions follow the plan document.
Many small business owners don’t realize that late deposits of employee deferrals are one of the most common DOL enforcement actions. Even a few days’ delay is technically a prohibited transaction. Using payroll integration with your provider helps, but the legal obligation sits with the trustee. If you want to reduce exposure, appointing a corporate trustee or using a directed trustee arrangement (where the trustee only executes instructions rather than making investment decisions) shifts some, but not all, of the burden.
Recordkeeping mistakes that trigger DOL audits in the first three years
The DOL’s Employee Benefits Security Administration investigates plans based on complaints, random selection, and red flags in Form 5500 filings. For new plans, the most common triggers include late Form 5500 filings, discrepancies between reported contributions and payroll records, and failure to provide required participant notices on time.
Recordkeeping errors compound. If employee deferral amounts don’t match W-2 box 12 codes, the IRS and DOL both have grounds to investigate. If loan repayments aren’t tracked and a participant defaults, the plan must report a deemed distribution that the participant may not expect. If you switch recordkeepers in the first few years (which happens often when businesses outgrow a starter plan), data migration errors can create gaps that take months to reconcile. Choosing a recordkeeper with payroll integration from day one avoids most of these problems.
The summary plan description nobody reads but that protects you legally
The SPD is a plain-language document that explains the plan’s terms to participants. ERISA requires you to distribute it within 120 days of the plan’s effective date, and within 30 days of a new employee becoming eligible. It must cover eligibility requirements, contribution formulas, vesting schedules, claims procedures, and ERISA rights.
Here’s what matters: if a participant sues over a denied claim or a misunderstood benefit, the SPD is the document courts look at first. If the SPD contradicts the plan document, courts have historically sided with whichever version benefits the participant. If the SPD omits a provision, the employer can’t enforce it. Providers generate SPDs automatically, but the employer is responsible for ensuring accuracy and distribution. Keep proof of delivery. A signed acknowledgment or electronic confirmation isn’t optional, it’s your defense.
401(k) Fees Are Designed To Be Hard To Compare
Plan fees are the single largest drag on long-term participant returns, and the industry has no incentive to make them transparent. Understanding the fee structure before you sign a provider contract is worth more than any other due diligence step.
Asset-based vs. flat-fee pricing: how the wrong model quietly drains small plans
Most 401(k) providers charge one of two ways. Asset-based pricing takes a percentage of total plan assets, typically between 0.50% and 2.00% annually. Flat-fee pricing charges a fixed dollar amount per participant or per plan, regardless of asset size.
For a new plan with low assets, asset-based pricing looks cheap in dollar terms. A plan with $200,000 in assets paying 1% costs $2,000 per year. But as assets grow through contributions and investment returns, that cost scales. At $2 million, the same 1% fee costs $20,000. A flat-fee plan charging $150 per participant with 15 employees costs $2,250 regardless of plan size. Over a 10-year horizon, the difference compounds dramatically. Small plans with growth potential should default to flat-fee models. Plans that expect to stay small indefinitely may find asset-based pricing acceptable, but only at the lower end of the range.
Revenue sharing, 12b-1 fees, and the cost layers your provider won’t itemize
Beyond the headline fee, most plans include embedded investment costs. 12b-1 fees are marketing and distribution fees built into mutual fund expense ratios, typically 0.25% to 1.00% of fund assets annually. Revenue sharing is a portion of investment fees that fund companies pay back to the recordkeeper, effectively subsidizing platform costs but raising participant expenses.
These fees don’t appear on your provider invoice. They’re deducted directly from fund returns, so participants bear the cost without seeing a line item. A plan that advertises “no administration fees” may simply be funding its operations through higher-cost share classes. Ask your provider for a fee disclosure document (ERISA Section 408(b)(2)) that itemizes all direct and indirect compensation. If they can’t produce one clearly, that’s a signal.
The fee benchmarking trick that takes five minutes and can save thousands per year
The DOL requires that plan fiduciaries ensure fees are “reasonable” relative to services provided. The simplest way to verify this is to use a benchmarking tool like BrightScope (now part of ISS) or request a fee benchmarking report from your TPA. These tools compare your plan’s total cost against plans of similar size and design.
If your total plan cost (administration plus investment expenses) exceeds the median for your plan size by more than 20 to 30 basis points, you have leverage to renegotiate or switch providers. Many small business owners never benchmark because they assume fees are standard. They’re not. The spread between the cheapest and most expensive providers for a 15-person plan can exceed $10,000 per year in total participant costs.
Tax Credits Most New Plan Sponsors Leave on the Table
The SECURE Act 2.0 expanded tax incentives for starting a retirement plan, but the eligibility rules and credit mechanics are more specific than most summaries suggest.
The SECURE 2.0 startup credit math: up to $16,500 that offsets real costs
Eligible employers can claim a tax credit covering 100% of administrative costs up to $5,000 per year for three years, for a total of $15,000. An additional $500 per year for three years is available for plans with auto-enrollment, bringing the maximum to $16,500. The credit applies to employers with 100 or fewer employees who received at least $5,000 in compensation in the preceding year. If you’ve had any retirement plan covering substantially the same employees in the prior three years, you don’t qualify.
The credit is nonrefundable, meaning it reduces your tax liability but won’t generate a refund. If your business doesn’t owe $5,000 in income tax, you won’t capture the full credit in that year. For very early-stage businesses with low taxable income, this nuance matters. Unused portions can carry forward under general business credit rules, but cash-strapped startups shouldn’t plan around a credit they can’t use immediately.
Employer contribution credits capped at $1,000 per employee: who qualifies and who doesn’t
SECURE 2.0 introduced a separate credit for employer contributions of up to $1,000 per employee per year. The credit is 100% for employers with 1 to 50 employees and phases down for those with 51 to 100 employees (reduced by 2% for each employee above 50). This credit applies for five years total, with the percentage decreasing: 100% in years one and two, 75% in year three, 50% in year four, 25% in year five.
Critically, employees earning over $100,000 (indexed for inflation) are excluded from the credit calculation. And this credit does not apply to defined benefit plans, only to defined contribution plans including 401(k)s. If your workforce is small and modestly compensated, this credit can offset a significant portion of your employer match expense. If most of your team is highly compensated, the credit delivers little. Knowing your payroll composition before committing to a contribution formula prevents overestimating the subsidy. To understand how matching interacts with these credits, see our full breakdown on 401(k) Employer Match: How It Works & Maximizing It.
Why claiming the auto-enrollment credit requires a specific plan design choice
The $500 annual auto-enrollment credit requires that your plan include an eligible automatic contribution arrangement (EACA) or a qualified automatic contribution arrangement (QACA). Simply auto-enrolling employees outside of these specific regulatory frameworks doesn’t qualify.
A QACA requires a minimum default deferral rate of 3% in year one, escalating by 1% annually up to at least 6% (and no more than 15%). It also requires a Safe Harbor employer contribution, which brings its own cost and inflexibility. An EACA requires a uniform default deferral percentage but doesn’t mandate employer contributions. Both require specific 90-day permissive withdrawal windows for employees who want to reverse auto-enrollment. If your plan document doesn’t define one of these arrangements by name and meet every technical requirement, the credit isn’t available.
Fiduciary Liability: The Risk You Accept the Day You Launch a Plan
The moment you sponsor a 401(k), you become an ERISA fiduciary. This isn’t a disclosure footnote. It’s a personal legal obligation that survives business structure and can reach your individual assets.
Personal liability for investment menu failures most owners don’t know they carry
As a plan fiduciary, you must select and monitor every investment option in your plan’s lineup. ERISA’s prudent expert standard doesn’t ask whether you acted reasonably for a layperson. It asks whether you acted the way a knowledgeable investment professional would. If your plan includes a fund with excessive fees, chronic underperformance, or a style drift that makes it inappropriate for participants, you can be held personally liable for losses.
This isn’t hypothetical. The wave of 401(k) fee litigation over the past decade has targeted employers of all sizes. The defense is documentation: evidence that you conducted a regular (at least annual) investment review, compared fees against benchmarks, and replaced underperforming options. If you can’t produce that documentation, your exposure increases dramatically.
The three fiduciary breaches that generate the most ERISA lawsuits
The most litigated fiduciary failures are excessive investment fees (offering retail share classes when institutional shares are available), late deposit of employee deferrals (holding contributions beyond the DOL’s seven-business-day safe harbor), and failure to monitor service provider fees (paying administration costs that exceed market rates without periodic review).
Each of these has a simple fix, but the fix requires proactive action. Requesting institutional share classes from your fund lineup costs nothing. Setting up automatic contribution remittance through payroll integration eliminates late deposits. Running a fee benchmark annually proves you’re monitoring costs. The problem is that most small business owners don’t know these are requirements until they receive a DOL letter or a participant complaint.
How a 3(38) investment manager shifts liability away from you, and what it costs
A 3(38) investment fiduciary is a registered investment advisor who assumes full discretionary control over your plan’s investment menu. Unlike a 3(21) advisor (who only recommends and leaves the final decision with you), a 3(38) fiduciary takes legal responsibility for investment selection and monitoring. If a fund in the lineup underperforms or charges excessive fees, the 3(38) manager, not you, bears the liability.
This service typically costs between 0.15% and 0.50% of plan assets annually. For a plan with $1 million in assets, that’s $1,500 to $5,000 per year. Given that a single ERISA lawsuit can cost $50,000 or more in legal fees alone (regardless of outcome), the economics favor outsourcing for any plan sponsor who lacks investment expertise or time for regular monitoring. If you’re considering whether this level of delegation fits your situation, our [401(k) Plans: The Complete Guide to Retirement Savings](/401(k) Plans: The Complete Guide to Retirement Savings) walks through the full fiduciary framework.
What Happens After Launch: The Ongoing Obligations That Catch Employers Off Guard
Setting up the plan is the easy part. The annual compliance, reporting, and communication requirements are where most small businesses make mistakes that compound over time.
Annual Form 5500 filing and the audit threshold at 100 participants
Every 401(k) plan must file Form 5500 with the DOL annually, due by the last day of the seventh month after the plan year ends (typically July 31 for calendar-year plans, extendable to October 15 with Form 5558). Late filings carry DOL penalties of up to $250 per day with no cap, plus IRS penalties of $250 per day up to $150,000.
When a plan reaches 100 or more eligible participants at the beginning of the plan year, an independent audit by a qualified public accountant becomes mandatory. This audit adds $5,000 to $20,000 in annual costs depending on plan complexity. Many growing businesses are surprised by this threshold because it counts all eligible participants, not just those actively contributing. If you have 95 employees eligible in December and hire 10 in January, you’ve crossed the line. The 80-120 participant rule allows some flexibility (plans with 80 to 120 participants can maintain their prior year’s filing status), but planning around this threshold is worth doing deliberately.
Vesting schedule administration errors and their compounding cost
If your plan uses a vesting schedule (common in traditional 401(k) plans), tracking each employee’s vested percentage requires accurate records of their hours of service and years of credited service. Errors here compound. An employee who leaves after three years under a six-year graded schedule is entitled to 40% of employer contributions. If your records show two years instead of three, you’ve underpaid their distribution, and they have grounds for a claim.
The problem worsens with employee rehires. ERISA’s break-in-service rules determine whether prior service counts toward vesting upon return. If an employee leaves for 18 months and comes back, their prior service may or may not count depending on plan terms and the length of the break. Getting this wrong means either overpaying forfeitures or underpaying vested benefits. Both create liability. If you’re ever in a position where closing the plan seems simpler than fixing ongoing errors, see Can I Close My 401(k)? for what that process actually entails.
The participant disclosure calendar you need to follow every year
ERISA requires a series of participant notices throughout the year, each with its own deadline. The Safe Harbor notice must go out at least 30 days and no more than 90 days before the start of the plan year. The QDIA notice (if you use auto-enrollment) follows the same window. Fee disclosure (404a-5) must be provided annually and within specified timeframes for new participants. Blackout period notices must go out 30 to 60 days in advance of any blackout.
Missing a single notice doesn’t just create regulatory risk. For Safe Harbor plans, a late Safe Harbor notice can disqualify your Safe Harbor status for the entire year, retroactively subjecting you to nondiscrimination testing you weren’t prepared for. If you fail those tests, you face corrective contributions or refunds. The cascade from a missed deadline to a financial obligation happens faster than most plan sponsors expect.
FAQ
What is the minimum number of employees required to start a 401(k)?
There is no minimum. A 401(k) can be established by a business with just one employee, including the owner. A Solo 401(k) is specifically designed for self-employed individuals with no full-time employees other than a spouse. The practical question isn’t eligibility but whether the compliance costs justify the plan at very small headcounts. For businesses under five employees, a SIMPLE IRA or SEP IRA often delivers comparable retirement benefits with far less administrative burden.
Can I start a 401(k) mid-year or does it have to begin on January 1?
A 401(k) can technically start on any date, but most providers recommend a January 1 or October 1 effective date to simplify the first plan year’s compliance requirements. Starting mid-year means prorating contribution limits for the short plan year, which can confuse participants and complicate testing. Safe Harbor plans require employee notice at least 30 days before the plan year begins, so a mid-year Safe Harbor start needs careful timing to meet that window.
How long do employees have to wait before they can join the plan?
The plan document defines eligibility. The maximum waiting period allowed by law is one year of service (defined as 12 months from the hire date with at least 1,000 hours worked) and attainment of age 21. Many plans use shorter windows (90 days or immediate eligibility) to compete for talent. Under SECURE 2.0, long-term part-time employees who work at least 500 hours in two consecutive years (reduced from three years) must also be allowed to participate in the plan. If you want to understand the enrollment mechanics, our guide on How to Open a 401(k) covers participant-side steps.
What happens if my business can’t afford to make employer contributions one year?
With a traditional 401(k), employer contributions (matching or profit sharing) are entirely discretionary. You can reduce them to zero for any plan year without amending the plan, as long as your plan document describes them as discretionary. Safe Harbor plans are different: suspending Safe Harbor contributions mid-year requires a plan amendment, advance notice to participants, and the loss of your testing exemption for that year. If cash flow variability is a real concern, a traditional plan with a discretionary match preserves your flexibility.
Is it possible to offer both a Roth 401(k) and a traditional pre-tax 401(k) in the same plan?
Yes. Most modern 401(k) plans allow participants to designate all or part of their elective deferrals as Roth contributions, which are made after tax but grow and are distributed tax-free in retirement. The combined employee contribution limit ($23,000 for 2024, or $30,500 with catch-up) applies across both Roth and pre-tax deferrals. Under SECURE 2.0, employer matching contributions can also be designated as Roth, though the participant must pay income tax on the match in the year it’s contributed. Adding a Roth option costs nothing in plan design but requires your recordkeeper to track separate accounting for each source.