Cyber for Plan Sponsors

Cybersecurity: DOL Audit Initiative



Legal experts share a head’s up for plan sponsors: the Department of Labor (DOL) has begun an audit initiative based on the new cybersecurity guidance issued for retirement plans this spring. Here’s what you need to know—and do.

DOL Audit Initative: A Doozy!

The DOL’s Employee Benefits Security Administration (EBSA) has emphasized that plan sponsors and fiduciaries must mitigate cybercrime risks. Guidance  in three parts has been provided: Tips for Hiring a Service Provider; Cybersecurity Program Best Practices; and, Online Security Tips. Now, attorneys at Morgan Lewis report:


The DOL has begun issuing information and document requests under this new initiative, and the requests are probing and indicate serious inquiry by the DOL. News of the DOL beginning this audit program should not come as a surprise. However, it is fair to say that both the pace with which the DOL has begun its audits and the depth and breadth of the initial round of requests is surprising. Broadly speaking, the DOL audit requests that we have reviewed ask the plan fiduciary to produce all cybersecurity and information security program policies, procedures, and guidelines that relate to the plan, whether applied by the plan sponsor or by a vendor, as well as detailed documentation evidencing specific actions taken by the plan’s fiduciaries and vendors (including many that the DOL addressed in the three-part sub regulatory guidance…. 


Doing the work of assessing service providers, learning about and implementing best practices and communicating online security tips to participants presents big, time consuming challenges—especially in small businesses. The added possibility of more compliance audits puts even more on the to-do-lists of plan sponsors. What if you miss something and find yourself facing fiduciary breach allegations? You don’t have to go it alone though: protect yourself with Colonial Surety Company’s affordable coverage package. The annual premiums are less than what you will pay for even one hour with an expert ERISA lawyer if an unexpected allegation or new compliance issue lands on your desk.


Protect your business—and yourself— today—it’s easy. Colonial’s comprehensive package includes:


  • The required ERISA bond which protects the assets of the retirement plan from theft;


  • Fiduciary Liability coverage to protect you and your assets from personal liability; and,


  • Cyber Liability coverage to safeguard your company and plan from covered losses and expenses in the event of a cyber breach.


Obtain Complete Protection Package Now

Keep Current

With more audits in the works, retirement plan experts caution plan sponsors to keep current with basic DOL requirements, in addition to acting on the new guidance. For example, remember that an ERISA Fidelity Bond is required by the Department of Labor to protect the assets of the retirement plan from theft—and it must be kept up to date. Uniquely, Colonial Surety includes retroactive ERISA fidelity bond coverage for years when the plan was not covered. Additionally, you can opt for cost-saving multi-year coverage and ensure your ERISA bond remains DOL compliant for the life of its term: Obtain ERISA Fidelity Bond Here Now.


Attorneys advise plan sponsors who have not yet begun to implement the new cybersecurity guidelines to get going right away—and to be sure to document specific actions taken. For example, new DOL Tips underscore the importance of plan sponsor vigilance when contracting with service providers. Specifically, it is important that contracts explicitly detail how the provider will continuously comply with cybersecurity standards and best practices on behalf of your retirement plan and participants. The DOL also expects plans to directly educate participants about the basics of online security.


No matter how diligently plan sponsors strive to fulfill their long list of fiduciary responsibilities, there’s no guarantee that you won’t face personal exposure for a breach of fiduciary duty. Why take chances? At Colonial Surety, you can affordably obtain fiduciary liability insurance and get peace of mind that your personal assets are protected from a breach of responsibility in the administration or handling of the employee retirement plan. With an annual premium that is less than what you would pay for just one hour with an expert ERISA lawyer if disaster strikes, Colonial can quickly help you obtain fiduciary liability insurance now: Fiduciary Liability for Plan Sponsors Here.


Colonial Surety Company is rated “A Excellent” by A.M. Best Company, U.S. Treasury listed and in business all across the country. Serving customers since 1930, we are the trusted source for the pension industry to secure legally required ERISA bonds, fiduciary liability insurance and cyber-liability insurance. We help safeguard plan sponsors, pension professionals and financial advisors – and keep their businesses compliant – with pain-free, efficient, and friendly service every time.