When it comes to 401(k) plans, the employer, the service providers and the participants each have important roles to play in protecting the plan against cybercrime.
A Cautionary Tale: Retirement Plan Funds Do Get Stolen
Lawsuits, even before settled, can contain important insights for plan sponsors. Recently, the second lawsuit in the past few months filed against a trust company serving as a 401(k) plan trustee, points to expectations for plan sponsors related to protecting participant data in our digital era. The lawsuit alleges that the trustee “permitted” a thief to use phone, email and bank accounts—not associated with the plan participant’s records—to steal nearly $125,000, which has not yet been restored by the trust company. Further, the trustee did not notify the business owner until after a second fraudulent distribution had been attempted.
Shouldering Fiduciary Responsibilities
This case, legal experts say, reminds us of the critical fiduciary duties plan sponsors have related to efforts to secure their systems—and select providers who are paying diligent attention to cybersecurity threats and best practices.
As a plan sponsor, it is very important for you to understand: the ERISA bond required for the retirement plan protects the participants of the plan, but does not cover you—the plan sponsor— as a fiduciary.
Let Colonial Surety Company help you with an affordable ERISA bond package that provides plan sponsors up to $1,000,000 of fiduciary liability insurance. Our 2 or 3-year ERISA bond packages provide the greatest overall savings and protection. With a package, you can add both fiduciary liability and cyber liability insurance. Colonial even includes extended coverage to ensure your ERISA bond remains US Department of Labor compliant.
Toward Cybersecurity: Employer+Service Providers+Participants
Legal experts at Faegre Drinker Biddle & Reath LLP use the image of a three-legged stool to emphasize that cybersecurity requires the employer, service providers and participants to each exercise appropriate protections. Each of these players have responsibilities —and it is especially important for plan sponsors to understand the full picture:
Protection of plan and participant data involves three parties…: the employer, the service providers and the participants. The plan sponsor must take steps to protect its own systems and records. A breach there could open up a plan account to theft. To the extent they maintain plan and participant data and administer or direct certain aspects of plan operation, service provider records, systems and procedures are of paramount importance…. Participants need to exercise care in how they interact with the plan, especially if they do so through an email system or by telephone.
For both the first and the second of the three legs, the plan sponsor has a fiduciary obligation to ensure its own systems are secure and to engage and retain service providers who take cybersecurity seriously, who have systems in place to protect data (for example, dual authentication processes) and who periodically test those systems to check for vulnerabilities and ways to improve. As to the participants, the plan sponsor’s role is less fiduciary and more a product of risk management. That is, it makes sense for plan sponsors to provide employees with training on how to recognize and avoid phishing or other attempts to gain access to their personal information.
Three Legged Coverage: ERISA+Fiduciary+Cyber
Colonial Surety Company offers unique, full-circle coverage to help plan sponsors across the country in this challenging digital era. Just select an affordable coverage package and receive a comprehensive service solution that includes:
- The ERISA bond required to protect the assets of the retirement plan from theft;
- Cyber Liability coverage to safeguard your company and plan from covered losses and expenses in the event of a cyber breach; and,
- Fiduciary Liability coverage to protect you and your assets from personal liability.
Colonial Surety Company provides user-friendly, digital and direct service. You can easily and quickly purchase your bonds and related insurance coverage online—and instantly print or e-file them from your desktop—or anywhere.
Colonial Surety Company is in business all across the USA. We are rated “A Excellent” by A.M. Best Company and U.S. Treasury listed.