Who’s minding the retirement plan? A 3-pronged approach to protecting plan sponsors

In retirement planning, our “new normal” has turned out to be “never normal again,” thanks to a seemingly unending array of troublesome economic, global health, and political events that have dramatically disrupted retirement plans.

The past few years have introduced new concerns for businesses, administrators, and sponsors in protecting both themselves and their employees’ retirement plans. In a year that set all-time records for workplace class action lawsuit settlements, the top 10 ERISA settlements totaled $837 million last year, more than doubling 2020′s total of $380 million. And all indications point to a continued escalation of ERISA litigation. Let’s look at some of the factors informing this cascade of claims against employers and what measures business leaders and plan sponsors can take to protect themselves. The commercial insurance product which defends and protects employee benefit plan decision makers charged with administering plans is fiduciary liability insurance.

ERISA litigation is increasing

Under the Biden Administration, the U.S. Department of Labor (DOL) and other agencies have ramped up enforcement programs, putting businesses on notice to tighten focus on compliance with workplace laws and regulations. Businesses and fiduciaries should also keep a close eye on judicial ERISA-related developments as 2022 turns to 2023. The lower courts are struggling to interpret the Supreme Court’s January 2022 Hughes v. Northwestern University decision, leaving a fluidity as to what constitutes an imprudent action in violation of ERISA and also what constitutes a breach of fiduciary duty.

The Supreme Court’s decision left the door open to more litigation moving forward. Further, there are attorneys who are looking for ways to bring litigation on the basis of plan sponsors charging excessive fees to outsource services relating to the benefit plans. As such, acquiring or keeping the required ERISA fidelity bond up to date to remain in compliance with the DOL, while critical, will not suffice as complete insulation against theft, data breach, employee dishonesty, breaches of duty, imprudence, or errors and omissions. The ERISA fidelity bond covers the assets of a plan for any loss by theft, but it does not cover fiduciaries for lawsuits brought by third parties alleging ERISA violations – this is fiduciary liability insurance.

Plugging gaps in your company’s (and your own) defenses

While the ERISA fidelity bond is the only coverage required by the DOL to protect an employee benefit plan against losses caused by acts of fraud or dishonesty, relying solely on the ERISA fidelity bond for protection is tantamount to buying only the compulsory liability auto insurance, relying on hope that nothing bad happens to your car or yourself in an accident. Unfortunately, plan sponsors bear personal exposure for third-party claims of not meeting fiduciary obligations. Additionally, some plan sponsors think if they outsource administration, oversight, or supervision of employee benefit plans, that they’re also outsourcing the liability. The liability exposure in that instance is the decision that’s made to utilize third party services.

Sponsors should protect themselves with fiduciary liability insurance in the event of claims of failing to make timely contributions, paying excessive fees, or failing to respond to requests for rollovers, distributions, and investment changes. In addition to the explosion of workplace lawsuits and ERISA settlements in the past few years, there has also been an explosion in data breaches and other cyber crimes, further complicating matters for plan sponsors.

Step into the breach to protect against cyber liability

Plan fiduciaries have an obligation — and a personal stake — to ensure proper mitigation of cybersecurity risks, as evidenced by the recent lawsuit against Colgate-Palmolive and its plan fiduciaries over an alleged security breach. Forty-nine plans and 1.3 million individuals were impacted by last year’s Horizon Actuarial data breach, leading the company to be slapped by a massive class action lawsuit. Sponsors can protect themselves against these all-too-common data breaches with cyber liability insurance, which assists plan sponsors at every stage of incident investigation and breach response, and helps them to navigate the legally obligated steps that must be taken in the event of a data breach by providing legal services, access to computer experts, call center services, and customer notifications.

The cyber liability insurance further defends against lawsuits related to data breaches. Some form of risk management is also critical, such as multi-factor authentication and controls on third party IT service providers. Businesses, especially SMBs for which breaches can be existential threats, should have solid cyber risk management policies, technology, and education, as well as cyber liability insurance.

A three-pronged plan for plan sponsors’ peace of mind

Though it doesn’t normally fall under their immediate purview, plan sponsors should communicate with their IT or security leaders to determine whether the organization is prepared to respond to the cyber breach and protected against data breach litigation. If you are a plan administrator of a SMB with under $25 million, there is a greater likelihood you have not covered all exposures.

Just because a company is small and doesn’t have a large workforce doesn’t give you a pass or leniency when it comes to having a plan to respond to a cyber breach. Although addressing all these threats may sound imposing for plan sponsors, they can take a simple three-pronged approach to create a holistic barrier against liability by ensuring they are covered by the ERISA fidelity bond, solid fiduciary liability insurance, and cyber liability insurance, ideally policies specifically designed for retirement plan sponsors.  These plans sponsors can also make their lives easier by finding these coverages packaged with the ERISA bond and by signing a multi-year policy term instead of tackling the paperwork every single year.

Retirement plan sponsors have enough on their plates dealing with the elements under their control, so they should pursue remedies that relieve the exceptional burden of all the things they cannot control. If a plan sponsor has this three-pronged approach in place, then they have fully insured their “car,” themselves, and the other person’s car in the event of an incident.

Richard Clarke is Chief Insurance Officer of Colonial Surety Company.