2 plan sponsor responsibilities that new DOL guidance addresses: 2021

Fiduciary duties for plan sponsors are sometimes confusing, often tedious, but always crucial to pay attention to. A slip-up can result in consequences such as audits, or worse, lawsuits.

Staying on top of this includes monitoring Department of Labor guidance. So far, DOL concerns in 2021 have ranged across a variety of areas, with varying degrees of guidance. Two important areas involve plan sponsor responsibility to do the following:

• locate missing plan participants
• help to ensure the cybersecurity of retirement plan data

During the 2021 Fiduciary Summit virtual event, sponsored by Qualified Plan Advisors, Matthew Eickman and Fred Reish, among several industry experts featured, provided a detailed picture of what plan sponsors should be aware of.

1. Locating missing plan participants. There are two situations where a plan sponsor might be faced with a practical need to find a missing participant, said Eickman, National Retirement Practice Leader with Qualified Plan Advisor:

• Uncashed check situations, where you send out a distribution and they don’t cash the check.
• Dealing with requirement minimum distributions, where a participant reaches the required data to begin RMDs but they haven’t worked for the company in years.

Sponsors will need to anticipate this occurence and have proactive procedures in place to find participants, he said.

DOL Guidance: Missing Participants – Best Practices for Pension Plans

2. Helping to ensure cybersecurity of retirement plan data. If your eyes glazed over at the mention of security, ERISA attorney Fred Reish, a partner with Faegre Drinker, shows why it should be a concern beyond just toeing the line with the DOL: litigation.

Two cases he presented offer easy reasons for why cybersecurity should be everyone’s concern.

• In Barnett v. Abbott Laboratories, a cyber thief was able to impersonate a participant and request and obtain a sum from that person’s account. The participant had signed up for phone and email notifications of such requests, but the recordkeeper instead sent a notification via postal mail. By the time the participant received it, the money had been transferred to overseas banks where it couldn’t be retrieved. The participant sued the plan sponsor and the recordkeeper.
• In Leventhal v. MandMarblestone, a cyberthief obtained a copy of the participant’s application for a previous withdrawal, modified it, and sent it to the plan provider as if it had come from the plan sponsor. The money was transferred to a bank, then transferred overseas before it could be stopped. The plan sponsor sued the provider, but in an interesting – and significant — twist, the plan provider countersued the plan sponsor, arguing that the plan sponsor’s “carelessness” with respect to its employees and computer policies enabled less stringent security policies, which made the theft possible.

Part of a plan sponsor’s responsibliity is looking at cyber security procedures of your providers, Reish said. Although the DOL would likely start enforcement actions with the largest companies, he said, you should still incorporate the recent DOL cyber guidance for fiduciaries, providers, and participants now, including doing the following:

• Take the participant guidance and distribute it to your participants. Then redistribute it annually.
• Make sure all retirement plan committee members have copies of the guidance and go over it, making sure the meeting minutes include the fact that you went over the guidance.
• Consider possibly using the guidance to modify your recordkeeper RFPs.

DOL Guidance: Cybersecurity (Employee Benefits Security Administration)