While third party administrators (TPAs) and other pension professionals play a critical role in successful 401ks, plan sponsors retain the ultimate responsibility for ensuring that the plan continuously operates in the best interests of participants. That’s why it is wise for plan sponsors to avoid autopilot mode, and actively review their own fiduciary practices. Read on for pointers on common mistakes and misunderstandings to avoid.
Oversight!
Contracting the management and operations of an employee sponsored retirement plan to third parties does not free the plan sponsor from oversight—or from being held personally accountable in the event of a fiduciary breach under the exceptionally high standards of the Employee Retirement Income Security Act (ERISA). Plan sponsors
are inherently fiduciaries, and, as pension professionals at RSM remind us:
Retirement plan fiduciaries play a critical role in protecting the interests of retirement plan participants and safeguarding their retirement assets. In a complex and fast-paced world, a retirement plan fiduciary’s role is even more critical in navigating matters impacting retirement plans. Despite common misconceptions, plan fiduciaries are not merely third parties; they include both the employer sponsoring the retirement plan and any trustees charged with oversight of the plan’s operations. While a plan sponsor may hire third parties to assist with plan oversight, the plan sponsor still has the ultimate responsibility of effectively managing its retirement plan and operating it in a manner that is protective of the participants’ interests.
Among the important oversight responsibilities of plan sponsors is the payment of plan expenses. In addition to ensuring that all fees associated with the plan are “reasonable and necessary,” retirement plan sponsors must ensure that the actual payment of plan expenses follows proper protocols, as RSM details:
One aspect of retirement plan management that is certain is the plan sponsor or the plan will incur expenses for third-party administration, investment management, reporting, and the preparation of disclosures, etc. Oftentimes, it is the case that the employers will pay plan operational expenses on behalf of the plan. Other times, the employer pays the expenses as a matter of convenience but seeks reimbursement for the expenses from the plan. As a plan fiduciary, the employer is responsible for ensuring that such reimbursements are reasonable and necessary, and the plan document provides procedures supporting the reimbursement. Failing these two requirements would be a prohibited transaction under ERISA and the Internal Revenue Code (Code). A best practice for plan fiduciaries is to establish a written agreement specifying how and when the plan can reimburse the employer for plan-related operational expenses.
While a written protocol for payments and reimbursements is essential, a plan sponsor’s related oversight duties do not stop at documentation: it is critical for plan sponsors to ensure the plan’s written reimbursement protocols are actually being implemented, especially when it comes to advancing or loaning money to the plan for expense payment: “To avoid a prohibited transaction, the plan fiduciaries must document in writing that the plan intended to enter into a loan transaction with the plan sponsor and that doing so alleviates the plan’s financial need and enables the plan to meet its obligations to pay plan expenses. To meet the prohibited exemption, the loan agreement must not charge interest and must not require the plan to provide security for the loan.”
Monitoring Cybersecurity Practices
Another aspect of retirement plan oversight that sponsors must be actively involved in is mitigating cybersecurity threats to the retirement plan data and funds. In addition to monitoring the cybersecurity protocols used by all third-party service providers, retirement plan sponsors must attend to the Department of Labor’s best practices. Accordingly, RSM underscores, “plan sponsors need to oversee the steps the plan is taking to protect the participants’ assets and personal data,” following the DOL’s cybersecurity protocols:
- Have a formal, well documented cybersecurity program. Conduct prudent annual risk assessments.
- Have a reliable annual third-party audit of security controls.
- Clearly define and assign information security roles and responsibilities.
- Have strong access control procedures.
- Ensure that any assets or data stored in a cloud or managed by a third-party service provider are subject to appropriate security reviews and independent security assessments.
- Conduct periodic cybersecurity awareness training.
- Implement and manage a secure system development life cycle program.
- Have an effective business resiliency program addressing business continuity, disaster recovery, and incident response.
- Encrypt sensitive data, stored and in transit.
- Implement strong technical controls in accordance with best security practices.
- Appropriately respond to any past cybersecurity incidents.
Personal Liability Makes Protection Essential
As ERISA fiduciaries, retirement plan sponsors can be held personally responsible
for shortcomings related to their oversight, and as RSM explains, the consequences are serious.
The Employee Retirement Income Security Act (ERISA) places significant emphasis on fiduciaries to properly oversee and manage a retirement or other employee benefit plan. Litigation against fiduciaries can be initiated by either a plan participant or the Department of Labor (DOL). Fiduciaries can be held personally liable for losses a plan incurs due to a breach of duty and may be required to restore any profits made through improper use of plan assets. Failure to meet their duties could result in the DOL assessing civil penalties or, in severe cases, criminal prosecution resulting in fines and imprisonment.
If you face claims that you have failed in your responsibilities as a retirement plan sponsor, the only type of protection that shields you personally is Fiduciary Liability Insurance—-with it, you’ll be armed with coverage for defense and penalties. Without Fiduciary Liability Insurance, your personal assets are exposed. Colonial Surety Company makes it affordable and efficient to protect yourself, your company and the retirement plan. For a few dollars a day, our Cyber Liability+ Fiduciary Liability Insurance package provides you with defense costs and penalty limits up to $1,000,000, if faced with claims of alleged or actual breaches of duty in connection with the employee retirement plan. Plus, our Cyber Liability+ Fiduciary Liability Insurance addresses numerous DOL recommendations, explicitly covers the retirement plan and the business, and includes:
- Expert-led response services following a data breach.
- Protection from lawsuits and regulatory actions related to the breach
- Legal services.
- Computer forensic services.
- Public relations and crisis management expenses.
- Notification services.
- Call Center services.
- Credit and Identity monitoring
Obtain your protection as a retirement plan sponsor online in minutes now:
Cyber Liability Insurance+ Fiduciary Liability Insurance
Colonial Surety Company:
- In business since 1930
- Rated “A” Excellent by A.M. Best Company
- US Treasury Listed