ERISA experts urge plan sponsors to better monitor the cybersecurity practices of service providers. Although responsibilities may be delegated, your fiduciary obligation to provide the highest duty of care remains. Here’s what you need to know—and do.
What Are The Cybersecurity Protocols and Protections?
That’s what you should routinely ask all of your plan service providers. Don’t forget to document your monitoring efforts. Why is it so important to monitor? JD Supra offers this straightforward explanation and advice from ERISA experts at Rosenbaum Law:
While you may think that any loss of participant assets belongs to a TPA, I assure you that may not be the case. While you may not be liable, it won’t stop you from being sued. As a 401(k) plan sponsor, you have a fiduciary duty to secure and keep confidential the personally identifiable information of plan participants, as well as their retirement assets. Although you delegate cybersecurity responsibility to your TPA, you have a fiduciary duty to make sure that your TPA has some sort of cybersecurity program/protocol. You also need to make sure that your TPA has any insurance policies that would cover losses caused by cybersecurity and identify theft breaches (including breaches caused by internal threats, such as misconduct by the TPA’s own employees or contractors, and breaches caused by external threats, such as a third-party hijacking a plan participant’s account). You may be liable if a participant shows that you failed to maintain a prudent process to safeguard plan assets and plan data.
Remember, that any individual involved in the management of a retirement plan of any size can face personal exposure for breach of fiduciary responsibilities. As attorneys point out, even if you are not liable, you can be sued—and defending yourself will be costly. Protect yourself: at Colonial Surety, plan sponsors affordably obtain fiduciary liability insurance and cyber liability coverage along with the required ERISA bond. Fiduciary liability coverage gives you peace of mind that your personal assets are protected from a breach of responsibility in the administration or handling of an employee benefit plan, such as a retirement plan. Colonial’s annual premium is less that what you would pay for one hour with an expert ERISA lawyer: Secure Fiduciary Liability Insurance Now.
Avoid Being Caught Off Guard
As you are probably aware, the government’s new guidance puts increased importance on protecting retirement plan data and funds in the cyber era. The DOL’s Employee Benefits Security Administration (EBSA) has emphasized that plan sponsors and fiduciaries must mitigate cybercrime risks. Guidance in three parts has been provided: Tips for Hiring a Service Provider; Cybersecurity Program Best Practices; and, Online Security Tips.
What you may not yet know is that the Department of Labor is already working to enforce the cybersecurity guidance, with the new protocols already incorporated into audits. Are you ready? For example, the DOL Tips underscore the importance of plan sponsor vigilance when contracting with service providers. Specifically, it is important that contracts explicitly detail how the provider will continuously comply with cybersecurity standards and best practices on behalf of your retirement plan and participants.
While you work to monitor the cybersecurity practices of your service providers, it is also a good idea to step up your own risk management plans. Not having a response plan has resulted in disaster for small businesses in particular: within six months of a cyber breach, 60% of small businesses end up closing. Why not select a comprehensive and affordable package from Colonial Surety? You will save money—and secure protection for your business, your plan, and yourself. Colonial’s comprehensive package includes:
- The required ERISA bond which protects the assets of the retirement plan from theft;
- Fiduciary Liability coverage to protect you and your assets from personal liability; and,
- Cyber Liability coverage to safeguard your company and plan from covered losses and expenses in the event of a cyber breach.
Colonial Surety Company is rated “A Excellent” by A.M. Best Company, U.S. Treasury listed and in business all across the country. Serving customers since 1930, Colonial Surety is the trusted source for the pension industry to secure legally required ERISA bonds, fiduciary liability insurance and cyber-liability insurance. We help safeguard plan sponsors– and keep their businesses compliant – with pain-free, efficient, and friendly service every time.