[firm] blog logo

Guidance on Benefit Plan Cybersecurity Best Practices

Plan participants now enroll, change elections, review benefits, apply for plan loans and hardship distributions, and access account information through websites and cellphone apps. As electronic access to plan information has increased, so has the interest of hackers in obtaining the wealth of information stored electronically. Recently, the DOL’s Employee Benefits Security Administration (the “EBSA”) issued the following cybersecurity guidance documents to help plan sponsors comply with their duties to protect plan information: Tips for Hiring a Service Provider with Strong Cybersecurity Practices: These tips are intended to help plan sponsors and plan fiduciaries meet their duties under ERISA to prudently select and monitor service providers. They include a list of questions to ask and considerations to make when evaluating potential service providers. Cybersecurity Program Best Practices: This guidance provides a list of 12 best practices intended to help plan fiduciaries mitigate cybersecurity risks and make prudent decisions when selecting… Continue Reading

New Year’s Resolutions to Ensure Proper ERISA Fiduciary and HIPAA Privacy Training

With the start of the new year, a good New Year’s resolution for employers that sponsor ERISA retirement and/or health and welfare benefit plans is to ensure that all current ERISA plan fiduciaries—including any new members of plan administrative and investment committees—have received up-to-date ERISA fiduciary training. ERISA litigation brought against individual plan fiduciaries has significantly increased in recent years. Plan fiduciaries assume responsibilities and make decisions that could potentially subject them to substantial personal liability. To mitigate this risk exposure, each committee member (or other ERISA plan fiduciary) should receive fiduciary training initially upon becoming a plan fiduciary and at least annually thereafter. Plan fiduciaries need to understand (i) when they are acting on behalf of the plan’s participants in a fiduciary capacity, (ii) the different fiduciary roles under a plan and how fiduciary liability can attach in different ways, (iii) the difference between fiduciary decisions and non-fiduciary (“settlor”)… Continue Reading

Is it Time for an Investment Committee Tune-up?

Companies sponsoring a 401(k) plan to help their employees save for retirement often form an investment committee to help select plan investments without realizing the duties that the committee assumes.  To help prevent investment committee members from unintentionally breaching their fiduciary duties, companies periodically review their investment committee compliance and should keep complete records of appointments, policies, and procedures.  The following investment committee checklist can be a starting point for this review: Review the underlying plan document to determine who it lists as the “named fiduciary”.  Most plan documents provided by third party administrators list the “plan sponsor” as the named fiduciary, which means the board of directors is the governing body responsible for acting as a fiduciary, absent a delegation of such fiduciary responsibility by the board of directors to a committee.  If your plan lists the “plan sponsor” as the named fiduciary and you have a committee selecting… Continue Reading

June 2021
S M T W T F S
« May    
 12345
6789101112
13141516171819
20212223242526
27282930  

Archives