Vanderbilt 403(b) settlement raises new red flag for sponsors, recordkeepers
Does ERISA count participant data as a plan asset?
A settlement proposal awaiting approval from a federal court includes language that would prohibit the recordkeeper of Vanderbilt University’s 403(b) retirement plan from using participants’ personal data to cross-sell investments.
In August of 2016, employees of Vanderbilt filed suit against fiduciaries to the University’s $3.4 billion plan under the Employee Retirement Income Security Act, alleging it paid high administrative costs to multiple recordkeepers, and packed its investment menu with duplicative, expensive options and proprietary mutual funds and annuities.
Those claims were virtually identical to the rash of other suits against university 403(b) plans filed in the same year.
But in June of 2018, the Vanderbilt plaintiffs amended their complaint to include allegations that TIAA, which was one of four recordkeepers during the class period, was allowed to use confidential participant data to cross-sell products and wealth management services.
In allowing the use of data to market other products and services, the plan fiduciaries named in the suit failed to act in participants’ best interests and breached ERISA’s prohibited transactions, the amended complaint alleged. TIAA and the other recordkeepers were not named defendants in the lawsuit.
“Defendants failed to protect vital and confidential participant information from being used by the Plan’s record keeper TIAA to aggressively market a variety of TIAA’s financial products to Plan participants,” the Vanderbilt complaint said.
No more cross-selling allowed in Vanderbilt plan
According to terms of the proposed settlement in Cassell v. Vanderbilt University, the more than 41,000 participants in the plan will recover $14.5 million. The proposal is awaiting approval from the U.S. District Court for the Middle District of Tennessee, where a trial was scheduled later this year.
Among the non-monetary provisions of the settlement, Vanderbilt is to inform Fidelity (its remaining recordkeeper) that it cannot use participant data acquired in the course of providing recordkeeping services to “market or sell products or services unrelated to the Plan unless a request for such products is initiated by a Plan participants,” the settlement proposal says. Fidelity, which was one of the four recordkeepers during the lawsuit’s class period, is now the sole recordkeeper.
The data privacy issues raised in the Vanderbilt case come as regulators around the globe are wrestling with online privacy issues and as retirement plan service providers are facing revenue headwinds from squeezed profit margins, in part from a decade’s worth of litigation against defined contribution plans.
“Data privacy is one of the hottest topics in the benefits space,” said Kevin Walsh, an attorney with The Groom Law Group. “We’ve been getting a ton of inquiries on data privacy and cyber security recently, and now the Vanderbilt settlement has led to a barrage of interest.”
ERISA prohibits “any transfer to, or use by or for the benefit of a party in interest, of any assets of a plan,” the statute says.
According to Walsh, the question of whether participant data is considered a plan asset under ERISA is far from settled.
In another 403(b) case, Divane et al. v. Northwestern University, plaintiffs also amended their complaint to include allegations that TIAA’s use of participants’ confidential information to cross-sell was a breach of ERISA. Attorneys for Schlichter, Bogard & Denton represented the plaintiffs in both the Vanderbilt and Northwestern claims.
But the Northwestern lawsuit was dismissed in May of 2018 in the U.S. District Court for the Northern District of Illinois.
In addressing the data privacy claim, the court said it could not conclude that participant data is a plan asset “under ordinary notions of property rights.”
And plaintiffs’ attorneys failed to cite a single case in which a court found the use of confidential participant information constituted a fiduciary breach under ERISA, or that participant data is a plan asset, according to the decision in the Northwestern case.
“This Court will not be the first, particularly in light of Congress’s hope that litigation would not discourage employers from offering plans,” wrote Judge Jorge Alonso, an Obama appointee, in his decision dismissing the Northwestern case. The ruling is being appealed in the Seventh Circuit Court of Appeals.
Intercession of privacy movement with financial wellness movement
Recordkeeping defined contribution plans has evolved in to a data-intensive enterprise.
And the industry-wide financial wellness movement is in part driven by more sophisticated data mining on individuals in the effort to craft personalized education, savings, and investing strategies.
While the legal question of whether participant data qualifies as plan assets that are protected by ERISA’s prohibited transactions is far from settled, The Groom Law Group’s Walsh said sponsors and service providers should be aware of the emerging privacy questions around plan data.
“It think it’s worth beginning to take steps to understand how your plan data is being used, how it is generated, and how it’s being shared,” said Walsh. “The risk is that somewhere down the line you could be behind what others are doing if you are not proactive today.”
Potentially complicating matters is the growing imperative on financial wellness, and other investing options like managed accounts that rely on data to create personalized investment strategies.
“The push for financial wellness makes great sense,” said Walsh. “But there’s a potentially murky area at the edge of the wellness movement. If you are offering wellness solutions, some services may look like cross selling, even if that’s not how the programs are designed.”
READ MORE:
Duke University settles 403(b) suit