As a plan sponsor, you know you need to ask your service providers about how they are preventing security breaches. Doing so is critical to the protection of the retirement assets of your plan participants. Still, it can be hard to know exactly what you need to be asking. Experts suggest that a System and Organization Control (SOC) report gives you a good starting point.
What’s In Place? Where Are The Risks?
By asking your service providers for a SOC report, you can deepen your understanding of the security controls in use and the potential risks that might still be in need of attention. After reviewing the report, discuss it with your service providers and agree on further actions. As Forbes explains:
System and organization control (SOC) reports are prepared by an external accountant to document and test security controls usually at a service provider. The report details what the controls are and how they were tested. It also describes any problems that were identified during testing. Ultimately, a SOC report will allow you to get a clearer picture of the security measures currently in place at the company holding your plan participants’ assets.
Areas of risk may indicate additional controls are needed within your organization. Additional monitoring may be necessary to ensure you can detect if a breach has occurred. If significant control issues are identified with no corrective actions taken, it may be time to consider making a change in providers. The best option is to review the provider control environment before you initiate a relationship with a provider, and discuss the policies they have in place in the event a breach does occur.
Experts also urge plan sponsors to review controls in their own companies. For example, regular and thorough review of the retirement plan statements helps to deter fraudulent distributions. When analyzing your statements, pay attention to money being taken out. You might notice that a current employee requested a large withdrawal from retirement savings. By following up, you can find out whether or not the employee actually made the request before the disbursement is processed.
Protect Yourself Too
Any individual involved in the management of a retirement plan of any size can face personal exposure for breach of fiduciary responsibilities—including those associated with cybersecurity. As attorneys point out, even if you are not liable, you can be sued—and defending yourself can cost your life savings. That’s why it is best practice to protect yourself, as well as the plan and your company. Colonial Surety makes it easy and affordable: with the purchase of fiduciary liability insurance, plan sponsors receive Cyber Liability Insurance too. Fiduciary liability coverage gives you peace of mind that your personal assets are protected from a breach of responsibility in the administration or handling of an employee benefit plan, such as a retirement plan.
The DOL’s Cybersecurity Guidelines
Don’t let 2021 end without reviewing the guidance the U.S. Department of Labor (DOL) provided to plan sponsors earlier this year. Industry experts have suggested some specific action steps to help plan sponsors respond to the DOL’s guidance. For example, the use of multiple authentication before participants access their retirement accounts is an effective safeguard against fraudulent distributions. Some service providers have even begun using video for authentication.
Another key action you can take before the year ends: put your three-point protection plan in place. Colonial’s multi-year packages provide the greatest value and convenience, and include:
- The required ERISA bondwhich protects the assets of the retirement plan from theft;
- Fiduciary LiabilityInsurance to protect you and your assets from personal liability; a
- Cyber Liability Insuranceto safeguard your company and plan from covered losses and expenses in the event of a cyber breach.
Colonial Surety Company is rated “A Excellent” by A.M. Best Company, U.S. Treasury listed and in business all across the country. Serving customers since 1930, Colonial Surety is the trusted source for the pension industry to secure legally required ERISA bonds, fiduciary liability insurance and cyber-liability insurance. We help safeguard plan sponsors– and keep their businesses compliant — with pain-free, efficient, and friendly service every time.