Cyber for Plan Sponsors

Fraud Control and Retirement Accounts?


In the face of heightened and ongoing security threats, the Society of Professional Asset Managers and Recordkeepers (SPARK) has developed specific recommendations about what plan sponsors can do to prevent retirement account fraud. The suggestions build on the guidance from the Department of Labor and detail explicit actions for plan sponsors.

Get Going

This year, plan fiduciaries were provided with guidance from the U.S. Department of Labor (DOL) about taking appropriate precautions to mitigate the risks of cyber threats to retirement accounts. Toward “defeating retirement account fraud,” SPARK is now providing plan sponsors with explicit areas for action based on the DOL’s guidance. SPARK’s work also identifies the roles each of the stakeholders involved in the protection of retirement accounts needs to take toward a seamless, coordinated effort.

Plan Adviser reports:

The protection of retirement accounts can only be fully realized with a partnership among plan sponsors, fiduciaries, record keepers, participants—and advisers, when applicable,” says Tim Rouse, executive director of the SPARK Institute. With this is mind, our recommended controls should be implemented among all individuals and organizations involved in a retirement plan.”

 To facilitate implementing the standards, the institute has summarized the Data Security Oversight Boards recommendations, which highlight the minimum set of controls to consider and set expectations for all parties involved.

 Rouse concludes, We know that cyber threats are only going to increase. And we also know that protecting plan assets means that the retirement industry has to make a concerted and coordinated effort to fight fraud over the long term.”

When stepping up protections for the retirement plan, sponsors are advised not to forget protection for themselves as fiduciaries. Why? In the event of a lawsuit over an alleged breach of any fiduciary duty, your personal assets are at risk. Protect your assets with Colonial Surety’s affordable fiduciary liability insurance. Colonial’s comprehensive packages provide convenience and affordability, ensuring continuous compliance and protection. Packages include:affordability


  • The required ERISA bond which protects the assets of the retirement plan from theft; 


  • Fiduciary Liability coverage to protect you and your assets from personal liability; and,


  • Cyber Liability coverage to safeguard your company and plan from covered losses and expenses in the event of a cyber breach.

Obtain Complete Protection Package Now

Best Practices: Fraud Controls

 Spark has identified seven “control objectives” and action steps related to each for plan sponsors, recordkeepers and participants. Here are the controls—and the actions recommended for plan sponsors:

  1. Authentication: Plan sponsors should require that record keepers provide multiple authentication options.


  1. Establishing Account Access: Plan sponsors should provide information to assist record keepers in establishing digital account access.


  1. Re-Establishing Account Access: Plan sponsors should review record keeper controls for re-establishing account access.


  1. Contact Data: Plan sponsors should provide, address, email and phone numbers to enable security-related communications and Two-Factor Authentication.


  1. Communications: Plan sponsors should allow security related communications to be sent to participants or help to distribute them internally.


  1. Fraud Surveillance: Plan sponsors should notify their recordkeeper if participant contact information or login credentials may have been compromised.


  1. Customer Reimbursement Policy: Plan sponsors should ensure a fraud reimbursement policy has been established and available to Participants.

 Cyber Breach Response?

 In addition to proactively putting controls in place to prevent cyber breaches, it is best practice to have a breach response plan ready. Remember, a cyber breach is not always a disaster but mishandling it is. Secure Colonial Surety’s Cyber Liabiity Insurance today and in the event of a cyber breach at your business, experts will identify what’s been comprised and coordinate the response. Liability protection in the event of covered lawsuits or regulatory actions due to a data breach? Of course, that’s included too. Learn More and Obtain Cyber Liability Protection Here.

Colonial Surety Company is rated “A Excellent” by A.M. Best Company, U.S. Treasury listed and in business all across the country. Serving customers since 1930, we are the trusted source for the pension industry to secure legally required ERISA bonds, fiduciary liability insurance and cyber-liability insurance. We help safeguard plan sponsors, pension professionals and financial advisors – and keep their businesses compliant – with pain-free, efficient, and friendly service every time.