Picture this: you signed with a PEO two years ago, handed over benefits administration, and moved on. The whole pitch was that compliance would be handled. Then an IRS letter arrives. Or a DOL audit notice. And suddenly you’re on the phone with your PEO asking who actually filed what — and the answers aren’t as clean as you assumed.
This happens more than it should. Not because PEOs are dishonest, but because benefits compliance reporting is genuinely complicated, and the co-employment model creates a shared responsibility structure that most business owners never fully map out. The PEO takes on a lot. But not everything. And the gaps between what they own and what you still own are exactly where problems surface.
This article breaks down the specific reporting requirements tied to employer-sponsored benefits under a PEO, how responsibility gets divided, where compliance gaps tend to appear, and what you should actually be verifying before you assume you’re covered.
The Federal and State Reporting Stack You’re Already In
Before you can understand who handles what, you need a clear picture of what “benefits compliance reporting” actually includes. It’s not one filing. It’s a layered set of obligations across multiple federal agencies and, increasingly, state regulators.
At the federal level, the major reporting frameworks are:
ACA Employer Mandate Reporting (Forms 1094-C and 1095-C): Applicable Large Employers (ALEs) — generally those with 50 or more full-time equivalent employees — must file annually with the IRS and distribute 1095-C forms to employees. These filings document whether qualifying coverage was offered and at what cost. Businesses unfamiliar with how PEOs manage this process should understand how PEO ACA reporting services actually work.
ERISA Reporting: Employer-sponsored benefit plans subject to ERISA require annual Form 5500 filings with the DOL, Summary Plan Descriptions (SPDs) under 29 CFR 2520.102-3, and Summary of Benefits and Coverage (SBC) documents. SPDs must be provided to participants within specific timeframes, and the DOL can assess meaningful penalties for failure to produce them on request.
COBRA Notices: Under ERISA Title I, Part 6, employers must provide timely general notices, qualifying event notices, and election notices to covered employees and dependents. Timing failures here create real liability.
HIPAA: Employers sponsoring self-funded health plans have privacy and breach notification obligations. Even fully insured plans have some HIPAA responsibilities at the employer level depending on plan design.
Section 125 Nondiscrimination Testing: If you offer a cafeteria plan — which most PEO-sponsored benefit packages include — annual nondiscrimination testing is required to ensure the plan doesn’t disproportionately benefit highly compensated employees.
Then there’s the state layer, which is expanding fast. States like California, New York, Washington, Colorado, and Oregon have enacted paid family and medical leave programs with their own employer reporting and contribution requirements. State continuation coverage rules (mini-COBRA) apply in many states and operate differently from federal COBRA. State health insurance marketplace notices and benefit disclosure requirements add another layer that varies by jurisdiction. Businesses operating across state lines face an especially complex version of this challenge, which is why multi-state payroll compliance deserves careful attention.
The reason benefits compliance reporting is harder than payroll tax filing isn’t just volume. It’s that multiple agencies are involved, deadlines don’t align neatly, the penalties escalate quickly for late or incorrect submissions, and the consequences of getting it wrong often don’t show up until months or years later during an audit.
The Co-Employment Split: Who Files What
Here’s where most business owners have a fuzzy understanding, and it’s worth being precise about.
In a PEO relationship, the PEO becomes the employer of record for many purposes — payroll, tax withholding, and often benefits administration. But “employer of record” doesn’t mean the PEO owns every compliance obligation. The specific split depends on how the PEO structures its benefits offerings and what your service agreement actually says. For a broader look at what PEOs actually manage, our guide on PEO benefits administration covers the full scope.
The most common split looks like this:
PEOs typically handle: ACA reporting (Forms 1094-C and 1095-C) when they sponsor the benefits plan and serve as the ALE or are part of an aggregated ALE group. They also generally manage COBRA administration, including notices and election processing, and handle Section 125 plan documentation and nondiscrimination testing for their master plan.
Where it gets complicated — Form 5500: Whether the PEO or the client company files Form 5500 depends on a critical structural question: who is the plan sponsor? If the PEO offers benefits through a Multiple Employer Welfare Arrangement (MEWA) — which many do — the MEWA itself may be required to file Form M-1 with the DOL under ERISA Section 3(40), and Form 5500 obligations flow from there. If the client maintains its own stand-alone benefit plan (which happens in some PEO arrangements), the client is the plan sponsor and the client files.
The question you should ask every PEO before signing — and most don’t volunteer this clearly — is: who is the plan sponsor and who is the plan administrator for each benefit plan I’m enrolling in? Those two roles determine who files what and who faces penalties when something is missed.
Plan sponsor and plan administrator can be the same entity or different ones. The plan administrator is the party legally responsible for ERISA compliance, including SPD distribution and Form 5500 filing. If your service agreement doesn’t explicitly assign that role to the PEO, it defaults to the employer under ERISA.
Some PEOs are very clear about this. They’ll give you a written compliance responsibility matrix that maps each filing to a responsible party. Others use language like “compliance support” or “compliance assistance” — which means they’ll help, but they’re not necessarily taking ownership. That distinction matters enormously when a penalty notice arrives.
Where Compliance Gaps Actually Show Up
Most compliance failures under PEO arrangements aren’t dramatic. They’re quiet gaps that accumulate until an audit or a triggered IRS inquiry makes them visible.
ACA headcount miscounts near the 50 FTE threshold: The ACA employer mandate applies at 50 full-time equivalents, and the calculation includes part-time hours aggregated across the workforce. When a business is near that threshold, how the PEO counts combined headcount across its client base — and how it attributes employees to your company specifically — matters. If you’re close to 50 FTEs and the PEO’s aggregation methodology is inconsistent or poorly documented, you may be treated as an ALE without realizing it, or vice versa. The IRS sends penalty letters to the entity listed as the ALE, which may be your company, not the PEO.
ERISA wrap document failures: This is probably the most common and least discussed gap. Most PEOs provide benefits through their master plan, but the master plan’s SPD is written for the PEO’s entire client population. Your employees are technically entitled to an SPD that accurately describes their specific benefits, eligibility rules, and plan terms. Many PEOs don’t automatically produce a “wrap” SPD document that incorporates the master plan documents into a client-specific package. In a DOL audit, the absence of a proper wrap SPD — or an SPD that doesn’t match the actual plan terms employees were given — is a real exposure point for the client company, not just the PEO. Understanding the full scope of compliance reporting requirements helps you identify these gaps before auditors do.
State-specific mandate gaps: PEOs operating across multiple states don’t always handle newer state mandates consistently. Paid family leave contribution reporting in Oregon looks different from Washington’s requirements, which differ again from Colorado’s. If your PEO’s operational footprint doesn’t include strong state-level compliance infrastructure, these filings may be falling through the cracks — and you may not find out until a state agency sends a notice. The client often assumes the PEO has it covered because “they handle compliance.” The PEO may assume the client is handling state-specific filings because they’re not part of the standard service scope.
The gap, in most cases, isn’t intentional negligence. It’s a lack of explicit assignment. Nobody said who owns it, so nobody owned it.
The Cost of Getting It Wrong
The penalty structure for benefits compliance failures is worth understanding at a general level, even if specific dollar amounts change annually with IRS and DOL adjustments.
ACA penalties under IRC Section 4980H are assessed per employee and can accumulate quickly for businesses that fail to offer qualifying coverage or file incorrectly. The IRS sends penalty letters — Letter 226-J — to the entity it identifies as the ALE. If that’s your company, the penalty notice comes to you regardless of what your PEO agreement says. You can dispute it and work with your PEO to respond, but the burden of that process falls on you initially. Beyond regulatory penalties, there are broader financial reporting risks that compound when compliance failures go undetected.
ERISA penalties for late or missing Form 5500 filings, failure to provide plan documents on request, and fiduciary breaches are enforced by the DOL. The DOL can assess penalties per day for failure to provide plan documents when a participant requests them — and those daily penalties add up fast if the issue isn’t caught quickly. Fiduciary breach claims carry their own exposure, including personal liability for plan administrators.
Here’s the part that often surprises business owners: the indirect costs frequently exceed the regulatory penalties themselves. Audit defense requires legal counsel, staff time, and document reconstruction. Employee lawsuits over denied claims — particularly when plan documents are missing, inconsistent, or don’t match what employees were told — are expensive regardless of outcome. And if your PEO agreement doesn’t clearly assign responsibility for the filing that was missed, you may find yourself in a dispute with your PEO about who owes what, while the penalty clock is still running. Understanding how PEOs affect your labor cost reporting can help you anticipate some of these downstream financial impacts.
The regulatory fines are painful. The downstream litigation and operational disruption are often worse.
How to Audit Your PEO’s Coverage Before Something Goes Wrong
You don’t need to become a benefits attorney to do this. You need to ask the right questions and know what a credible answer looks like.
Request the compliance responsibility matrix. Reputable PEOs — especially IRS-certified CPEOs — maintain a written document that maps each compliance obligation to a responsible party. If your PEO can’t produce this, that’s a significant red flag. If they can, cross-reference it against your service agreement and verify it covers the filings relevant to your size, state, and benefit structure.
Ask specific questions about Form 5500 and SPD ownership. Don’t accept “we handle ERISA compliance” as an answer. Ask directly: who is the plan administrator for my employees’ health plan? Who files Form 5500? Who is responsible for producing and distributing the SPD to my employees? If the answers are vague or the PEO representative needs to “check with the compliance team,” that tells you something about how clearly these responsibilities are actually assigned.
Watch for these red flags in your service agreement:
Vague compliance language: Terms like “compliance support,” “compliance assistance,” or “compliance resources” indicate the PEO is helping, not owning. These are not the same thing.
No state-specific addendum: If you operate in states with active paid leave programs or state continuation coverage requirements and your agreement doesn’t address them specifically, assume there’s a gap.
No proactive communication about regulatory changes: A PEO that doesn’t notify clients about new state mandates or ACA threshold changes until after the deadline has already passed is not running a proactive compliance operation.
For businesses in states with aggressive enforcement — California and New York come to mind — or in industries with unique benefit structures like construction, healthcare, or staffing, bringing in outside benefits counsel for an annual review isn’t overkill. It’s a reasonable cost relative to the exposure. Construction businesses in particular face layered compliance demands, which is why understanding PEO benefits for construction is worth the effort. Your PEO handles the volume; outside counsel catches the edge cases your PEO’s standard process wasn’t designed for.
Evaluating PEOs on Compliance Depth, Not Just Price
Not all PEOs approach benefits compliance the same way, and the differences don’t usually show up in sales presentations.
IRS-certified CPEOs — those certified under IRC Section 7705, established by the Tax Increase Prevention Act of 2014 — have additional reporting obligations and financial assurance requirements that provide meaningful protections for clients. The IRS maintains a public list of certified CPEOs, which you can verify independently. CPEO status doesn’t guarantee perfect benefits compliance coverage, but it does signal a higher baseline of operational accountability and a clearer tax reporting structure.
The more important distinction is between PEOs that file on your behalf and PEOs that provide templates and expect you to file. This difference is almost never highlighted in a sales conversation. You have to ask directly: for each of the filings we discussed, does your team submit them, or do you provide us with what we need to submit them ourselves? If you’re weighing whether a PEO or an independent broker better fits your compliance needs, our comparison of PEO vs benefits broker models breaks down the key differences.
Some PEOs handle ACA filings end-to-end. Others generate the 1095-C data and hand it to you. Both approaches exist in the market. Neither is inherently wrong, but you need to know which model you’re buying before you assume coverage you don’t have.
When comparing PEOs, compliance depth deserves the same scrutiny as pricing and benefits options. A PEO that costs slightly more but owns the ACA filing, manages the ERISA wrap documents, and proactively handles state mandate changes may be the better financial decision once you account for the cost of managing those responsibilities yourself — or the cost of getting them wrong. Running a thorough cost comparison of internal HR vs PEO expenses helps quantify that tradeoff.
The Bottom Line on Benefits Compliance Under a PEO
The co-employment model genuinely shifts a significant compliance burden off your plate. That’s real, and it’s one of the legitimate reasons businesses choose PEOs. But benefits compliance reporting isn’t a black box you hand over and forget.
The filings are split. The responsibilities are shared. And the gaps between what your PEO owns and what you still own are exactly where audits find problems and penalties land.
Knowing which reports your PEO files, which ones remain yours, and where the gray areas sit is the difference between smooth operations and an expensive, time-consuming surprise. It’s not about distrust — it’s about having a clear picture of who’s responsible for what so nothing falls through the cracks.
Before you sign a renewal or evaluate a new provider, treat compliance transparency as a real selection criterion. Ask for the responsibility matrix. Verify the SPD structure. Understand the state-level coverage. And compare providers on what they actually own, not just what their sales deck implies.
Don’t auto-renew. Make an informed, confident decision. PEO Metrics gives you a clear, side-by-side breakdown of pricing, services, and compliance coverage so you know exactly what you’re getting — and what you’re not — before you commit.
