Cyber for Plan Sponsors

Cybercriminals: Sophisticated Techniques



The Federal Bureau of Investigation reports a 69% spike in cybercrime complaints from 2019-2020. Financial losses totaled over $4 billion. As the techniques deployed by cybercriminals are becoming more sophisticated, retirement plan recordkeepers are increasing their cybersecurity efforts too. What about plan sponsors?


No Surprises

The latest Cerulli-Edge-U.S. Retirement Edition found that 31% of retirement plan recordkeepers are upgrading their cybersecurity staff, amidst the increased frequency and sophistication of cybercrime. The massive shift to the remote work environment is believed to have contributed to the cybercrime increase. As Plan Sponsor reports, there are other factors in the mix:


One fraud surveillance expert at a large DC recordkeeper suggested to Cerulli that older participants tend to be the most frequent targets for cyberattacks, partly because they typically have higher account balances than their younger cohorts, but also because criminals may perceive them to be less technologically savvy than younger participants. “Recently we’ve been seeing one scam where an older participant receives a pop up on their computer telling them there is something wrong with their account and offers a phone number to call, and when the participant calls, they aren’t getting their financial institution on the other end of the line, it’s the criminal,” the fraud surveillance expert said.


On the other hand, one Employee Retirement Income Security Act (ERISA) attorney suggested insider threats (i.e., employees of the service provider firm with direct access to participant account information) could be the most dangerous source of retirement account fraud. Cerulli suggests that recordkeepers not only address their own cybersecurity practices but also evaluate the cybersecurity practices of the service providers with whom they exchange or share participant data.


Although it is great to hear that recordkeepers are upping their cybersecurity efforts, Plan Sponsor reminds us that the majority of recordkeepers are acting in a non-fiduciary capacity. Accordingly, it’s vitally important for plan fiduciaries, including plan sponsors, to have a formal process for assessing the fraud prevention practices of service providers, such as recordkeepers. According to Cerulli’s findings, as it stands, less than two-thirds of small-to-mid size retirement plans are conducting this due diligence. Needless to say, this is a big fiduciary liability.


In addition to adequately selecting and monitoring all your plan service providers, it’s advisable to put two protections in place immediately for yourself and your company: fiduciary liability and cyber liability insurance. Let Colonial Surety help you obtain both, efficiently and affordably today. Our fiduciary liability includes cyber liability coverage and gives you peace of mind that your personal assets are protected from a breach of responsibility in the administration or handling of an employee benefit. Watch our quick video here to learn why this is so important, then choose and obtain your affordable package in minutes.


Managing The Risks

Experts remind us that given the likelihood that all of our small businesses will at some point experience a cyber breach, we can never fully eliminate the risks to our businesses, retirement plans-or personal assets. However, we can make sure we adhere to governmental regulations and guidance, implement best practices—and add affordable protection. That’s why small business owners and retirement plan sponsors across the country turn to Colonial Surety Company for affordable, and comprehensive packages. Choose yours and receive:


  • The  ERISA bond required to protect the assets of the retirement plan from theft;


  • Fiduciary Liability coverage to protect you and your assets from personal liability;


  • Cyber Liability coverage to protect your company and plan from covered losses and expenses in the event of a cyber breach.


With Colonial, it is so efficient and affordable to secure this protection that you can do it now: Complete and Affordable Plan Sponsor Protection Package.


Colonial Surety Company is a leading national and direct provider of ERISA  Fidelity Bonds. We are rated “A Excellent” by A.M. Best Company, U.S. Treasury listed and in business all across the country. Founded in 1930, Colonial uses our experience—plus technology—to give small businesses easy, direct and affordable access to the same kinds of protections big corporations have. We excel at packaging products that make it simpler and faster for businesses to quickly access the protections they need. Oh, yeah—and we are here for You!

According to the American Society of Pension Professionals and Actuaries (ASPPA), best practices include: holding regularly scheduled committee meetings; carefully recording the minutes; committing to an investment policy statement; reviewing the plans investment options against it; and, acting accordingly to remove “bad funds” from the plan menu. Observing that being a plan fiduciary—personally liable— is a tough and often under-appreciated role, ASPPA offers these further insights about the recommended practices:


Having a committee for having a committees sake cannot only hinder your decisions— it can result in bad decisions. Make sure your committee members add value to the process. (Hint: Once they discover that ERISA has a personal liability clause, casual participants generally drop out quickly.)


Having a committee and not having committee meetings is potentially worse than not having a committee at all. In the latter case, at least you ostensibly know who is supposed to be making the decisions. But if there is a group charged with overseeing the activities of the plan, and that group doesnt convene, then one might well assume that the plan is not being properly managed, or that the plans activities and providers are not prudently managed and monitored, as the law requires.


…A written record of the activities of your plan committee(s) is an essential ingredient in validating not only the results, but also the thought process behind those deliberations….Minutes can provide committee members—both past and future—with a sense of the environment at the time decisions were made, the alternatives presented, and the rationale offered for each, as well as what those decisions were. They also can be an invaluable tool in reassessing those decisions at the appropriate time and making adjustments as warranted—properly documented, of course.



Even with a high functioning committee in place, plan sponsors retain personal liability, That means that no matter how diligent we are in our duties, we can face claims of actual or alleged breaches of our fiduciary obligations—and be held personally accountable. The cost of defense alone can be ruinous, with expert legal fees topping $600—per hour. Let Colonial Surety help: the annual premium for our fiduciary liability insurance is less then just one hour with a lawyer if disaster strikes. Protect your business and yourself as the plan sponsor—against claims of alleged or actual breaches of duty in connection with the employee retirement plan. Colonial’s  Multi-Year Packages provide the greatest convenience, value and protection, and include: the ERISA bond required by the Department of Labor, Cyber Liability Insurance—and Fiduciary Liability Insurance. Choose Your Plan Sponsor Protection Package Here.


Investment Policy Statement?


ASPPA observes that plan sponsors and their retirement committees often stumble over having investment policy statements—and using them to review and act on the investment menu:


It is worth noting that, though it is not legally required, Labor Department auditors routinely ask for a copy of the plan’s IPS as one of their first requests. And therein lies the rationale behind the counsel of some in the legal profession to forgo having a formal IPS; because if there is one thing worse than not having an investment policy statement, it is having an investment policy statement—in writing—that is not followed.


Whether or not you have an official IPS, you are expected to conduct a review of the plan’s investment options as though you do. Sooner or later, that review will turn up a fund (or two) that no longer meets the criteria established for the plan. That’s when you will find the true “mettle” of your investment policy; do you have the discipline to do the right thing and drop the fund(s), or will you succumb to the very human temptation to leave it on the menu (though perhaps discouraging or even preventing future investment)? Oh, and make no mistake—there will be someone with a balance in that fund. Still, how can leaving an inappropriate fund on your menu—and allowing participants to invest in it—be a good thing?


Under ERISA law, plan fiduciaries have an extraordinarily high duty of care, and can be held personally accountable to the plans’ participants and beneficiaries for a breach. Even when you are not at fault or liable, you can still be sued. Plan sponsors across the country trust Colonial Surety, for affordable and comprehensive protection packages. Uniquely at Colonial, plan sponsors can obtain affordable fiduciary liability insurance and cyber liability coverage. Our comprehensive packages offer plan sponsors up to $1,000,000 of fiduciary liability insurance. Get covered today—Colonial makes it quick and easy: Choose Your Plan Sponsor Protection Package Here.


Colonial Surety Company is rated A Excellent” by A.M. Best Company, U.S. Treasury listed and in business all across the country. Serving customers since 1930, we are the trusted source for the pension industry to secure legally required ERISA bonds, fiduciary liability insurance and cyber-liability insurance. We help safeguard plan sponsors, pension professionals and financial advisors — and keep their businesses compliant — with pain-free, efficient, and friendly service every time.