The executive's security program frequently involves people beyond the executive. A spouse who appears in public with the CEO. Children attending schools whose location is publicly associated with their parent. A residence that serves as the family home and a documented target in the same set of facts. When the threat to the executive is real, the threat to people close to the executive is often real as well.
Treasury Regulation §1.132-5(m) recognizes this. It allows the working condition fringe exclusion to extend to security measures that cover the executive's family members - but the extension isn't automatic. It requires documented justification tied to the underlying bona fide concern, and the structure of coverage has to follow from the analysis rather than the executive's preferences.
The regulatory basis for family coverage
The exclusion under §1.132-5(m) applies to employer-provided security measures that are part of an overall security program established because of a bona fide business-oriented security concern. When the ISS documents that the concern extends to family members - because the executive's public profile exposes their family, because specific threats have referenced family members, or because the residence serves as a documented target - the security measures protecting family members in connection with that concern can be part of the qualifying program.
This is a logical extension of the underlying purpose. If the concern that justifies the executive's program is real, and the facts establish that the same concern creates risk for people proximate to the executive, measures addressing that risk belong in the program. The regulation doesn't require that only the executive benefit for the exclusion to apply.
What the regulation does require is that the coverage be justified by the threat analysis, not added as a convenience. Family security that appears in an ISS because it was requested - rather than because it follows from the documented risk - is the kind of coverage an IRS examiner will scrutinize.
What typically qualifies
Three categories of family coverage appear regularly in defensible ISS programs.
Residential security covering all occupants. When the executive's primary residence is a documented part of the overall security program - perimeter controls, access management, alarm systems - the coverage extends to everyone living there. This doesn't require a separate finding for each family member. The residence is the subject of the security measures, and family members are covered as residents of a protected location. This is typically the least complicated category.
Spousal or partner coverage in public settings. When the bona fide concern includes risk at public events, transit, or other shared settings, the measures that apply in those contexts often appropriately extend to a spouse or partner who accompanies the executive. A ground transportation arrangement that covers the executive during work-related travel reasonably extends to their spouse during the same travel if the documented concern applies to the setting rather than to the executive exclusively.
Children coverage when specific exposure is documented. Coverage for children is more fact-specific and typically requires that the ISS document a concrete nexus between the threat and the children's exposure. A specific threat referencing the executive's family, public documentation of the children's school location or routines, or documented surveillance of the family home are the types of facts that support this. General parental concern about children's safety, without a documented business-oriented security nexus, doesn't meet the standard.
What doesn't qualify
The line the regulation draws is between coverage that follows from the documented concern and coverage that is personal in character.
A protection arrangement for a family member who doesn't share the executive's threat exposure - a sibling who lives in a different city, a parent whose connection to the executive's profile is minimal - isn't supported by the bona fide concern analysis and shouldn't appear in a qualifying ISS.
Personal travel security for family vacations, absent documented risk in the relevant locations, is personal in character. If the family travels to a high-risk geography, the geographic exposure analysis can address it. If they travel domestically to locations without documented risk, the coverage is a personal benefit.
Day-to-day household security arrangements that exist for reasons unrelated to the executive's role - a high-value residence in a high-crime neighborhood, a family history of residential incidents unconnected to the executive's corporate profile - may support some level of residential security but require careful analysis. The qualifying basis has to be the business-oriented security concern, not general residential risk management.
The documentation structure for family coverage
When an ISS extends coverage to family members, the documentation requirements track the same structure as the executive's own coverage - with an additional layer specifying the basis for the extension.
The study should document: who is covered and in what contexts; the specific facts that establish that the bona fide concern extends to those family members; and how the family coverage measures fit within the overall program structure. Vague references to the executive's family as part of a generally described program don't provide the audit defense that specific documentation does.
The implementation tracker - the document that maps each recommendation to a responsible party and records evidence of consistent application - should include family coverage measures the same way it includes executive-specific measures. A recommendation that was implemented for the executive but not consistently applied for covered family members creates the same gap that Example 5 of the regulation describes.
When family coverage changes
Family circumstances change. Children become adults. Spouses or partners change. Profiles evolve. The ISS reflects the facts at a point in time, and when the facts change materially, the study and the program should be evaluated.
An adult child who has moved out and established a separate household has a different exposure profile than a minor child at the family residence. A change in the executive's public profile - a major corporate action, a shift in public attention - can change what family members' exposure actually looks like. These aren't automatic triggers to reduce coverage; they're triggers to assess whether the documented basis for coverage still matches the program in place.
The periodic reassessment requirement under §1.132-5(m)(2)(iii) applies to the program as a whole, including its family coverage components. Companies that keep the family coverage static while the underlying facts change create the same consistency problem as companies that ignore changes to the executive's own threat environment.
The practical question
For companies currently running programs with family components, the question worth asking is whether the family coverage is documented at the same standard as the executive's own program. If the ISS is specific about the executive's bona fide concern and the recommended measures but general about the family extension - "family members are covered as appropriate" without specific analysis - that's a documentation gap that doesn't hold up on examination.
The coverage that follows directly from a specific documented concern is defensible. Coverage added beyond that perimeter is the part worth examining carefully before the IRS examines it first.
This post is for informational purposes and does not constitute tax or legal advice. Readers should consult qualified tax and legal counsel regarding the treatment of specific programs.