Subscribe to our mailing list

As an advisor, it's important to stay on top of industry changes that affect you and your clients. Subscribe to our monthly newsletter for noteworthy articles, simplified guides, and practical tips on how to grow your business.

Cyber (In)Security: Why Retirement Plans Are at Risk and How to Protect Them

With 401(k) plans holding trillions of dollars in assets — along with personal information such as social security numbers, bank account information, and more — it’s no wonder they’ve been subject to recent cyberattacks. As fiduciaries, advisors and plan sponsors are wondering what exactly they are liable for and how to protect their plans. Vestwell’s December 18 panel, featuring cybersecurity expert Joe Pampel and retirement law expert Jason C. Roberts, explored this very topic.

What are fiduciaries liable for?

As of now, ERISA and relevant case law are silent about the extent to which fiduciaries are liable for data security violations, though there are numerous state and federal law theories that may hold them liable for a variety of monetary damages. As the law in this area evolves, the following legal principles are becoming well-settled:

  1. Protect plan data. Plan fiduciaries are required to protect all plan assets. Although it is unclear whether participant data is considered a “plan asset,” fiduciaries should be cautious and take reasonable steps to keep sensitive plan data out of criminals’ hands.
  2. Vet service providers. Fiduciaries must prudently select service providers, such as their payroll vendor and recordkeeper. Part of selecting these vendors is asking about how they protect participants’ personal information and understanding their overall security procedures.
  3. Ensure other fiduciaries don’t breach their duties and take steps to remedy any known breach. This is a mouthful, but it simply means that advisors and plan sponsors should make sure other fiduciaries fulfill their duties and, if there is a security breach, take the necessary remediation actions, which may include replacing the service provider.
Selecting the right providers

We’ve already addressed how plan fiduciaries are responsible for vetting their service providers, and since cybersecurity is a critical part of the selection process, it’s important to ask the right questions.

  1. How do they manage data? This can be as simple as asking providers how information flows into and out of the recordkeeping system and who has access to personal information. Ask if the data is stored in the United States or abroad and how they back data up, such as whether it’s stored on backup tapes or in the cloud. Ask about the vendor’s background screening of its employees and how often those checks are updated.
  2. Do they offer contractual protections? Plan fiduciaries should include contractual protections to hold third parties liable for security breaches. This can include things such as requiring the provider to notify you within a few days of discovering a data incident as well as verifying sufficient cybersecurity insurance coverage.
  3. Have they had any historical breaches? In addition to asking providers what steps they are currently taking to prevent attacks, ask them about any breaches they have had in the past, how they were resolved, and how often they undergo security audits. Also ask these questions of any subcontractors they use, as those are often overlooked in the vetting process.
Protecting your own business

In addition to selecting secure vendors, plan sponsors should also make sure they are taking necessary steps to protect their own plans by:

  1. Getting insurance. Just like third party vendors, sponsors can and should obtain cybersecurity insurance to help protect assets in case of a breach of its own security systems.
  2. Monitoring plan statements. Sponsors should review plan activities such as unusual and/or large withdrawals, and educate participants to do the same.
  3. Ensuring data security. Just as one would ask a service provider about its processes, it’s important to understand how sensitive data is shared internally. Sponsors should restrict access to only those employees who need it.
  4. Reviewing providers (at least) annually. Sponsors should use the steps above to analyze providers’ security practices at least once per year, if not more often.
  5. Educating employees. Employees should receive training at least annually on ways to mitigate the risk of a cyberattack. This includes things such as picking complicated passwords, implementing multi-factor authentication, monitoring account activity, and only accessing their plan on secure devices.

Although ERISA does not include any specific rules when it comes to cybersecurity, fiduciaries are responsible for protecting their retirement plans. From restricting access to plan data to properly vetting service providers, there are practical steps advisors, plan sponsors, and even participants can take to mitigate the risk of a cyberattack.

Signed, Sealed, Delivered: What the Passing of the SECURE Act Means For Advisors

The “will they, won’t they” surrounding the SECURE Act has finally come to an end and the most impactful retirement plan security legislation in decades has been signed into law. This will not only make retirement plans more accessible and affordable for the 500,000+ small to mid-sized businesses currently sitting on the sidelines, but it should also result in more Americans saving for retirement, thus starting to bridge the huge savings gap. For advisors, this opens up a significant opportunity, especially for those who have already recognized the potential in the emerging corporate market.

If, as an advisor, you’re wondering which of the 124 pages of legislation to pay most attention to, here are some of our thoughts:

Allowing for open Multiple Employer Plans (“MEPs”)

MEPs have perhaps been the most heavily talked about part of the SECURE Act. While closed MEPs  – in which companies with clear commonalities can offer pooled plans – already exist, allowing unrelated businesses to pool resources has a lot of advisors, PEOs, payroll providers, and others excited. This should conceivably help smaller plan clients gain access to provisions and investments that were traditionally available mostly to larger plan clients. That being said, it’s important to be aware of certain restrictions of MEPs including the standardization of investment options, fiduciary oversight of service providers, plan features like matches and contributions that some sponsors might not be prepared to handle, and other operational hurdles. Employers can be liable for significant damages for jumping in too quickly. It’s worth comparing whether a MEP-like experience, in which one creates their own pooled offering without the confines of a MEP, could be an even better option. Either way, the passage of the SECURE Act opens up the door for you to be having these important conversations.

Access to annuities in retirement plans

More relaxed rules around lifetime income products means better access to more offerings for participants. This is a good thing considering there is no one-size-fits-all when it comes to a participant’s investment strategies and annuities could be a great option for the right investor. However, there is still a lot here to figure out. Because of the complexity of annuities, it can be challenging to incorporate them into a retirement plan without full plan portability or properly disclosing costs and other features. Expect a lot of big annuity players to try to simplify this complex challenge sooner rather than later.

Tax incentives for small business owners to offer a 401(k)

Since much of this provision is centered around making retirement plans more accessible for small business owners, a tax credit of up to $5,000 should serve as a great catalyst. Not to mention that it can help offset any upfront costs that often serve as a deterrent in setting up a plan. Be sure to lay out the numbers for prospective clients, as most of them aren’t following the SECURE Act nearly as closely as we are.

Looser restrictions on eligibility

For example, there will no longer be a heavy penalization on those taking parental leave or working part-time. According to the bill, employees who work 500 or more hours during any consecutive three-year period can participate in their plan and there are other protections in the Act for part-time employees. This is meant to protect participants who may take a leave of absence for parental leave or otherwise, and to generally support more balanced life decisions. This is a shift from the current eligibility rules so it’s important to alert clients to ensure compliance.

New age requirements for Required Minimum Distributions (RMDs)

People are living longer (and often working longer!), so the Act has raised the age from 70 ½ to 72 for employees to begin cashing out their retirement plans. For wealth advisors in particular, this is an important number to (re)factor into long-term planning.

With all of these employer and employee benefits, how is this Act being paid for? Well, there are a few provisions where the revenue stream can help offset the cost.

Eliminating the Stretch IRA

By removing the so-called “Stretch IRA,” certain beneficiaries of a 401(k) plan can no longer hold off paying the tax penalties on withdrawals in perpetuity. This means taxes may now need to be paid within ten years, depending on who the beneficiary is at the time. Again, advisors should make clients aware of this change as needed.

Increasing fees for late or missing Form 5500s

While there have always been hefty penalties for mishandling of 5500s, the fee has increased significantly from a maximum of $50,000 to $150,000. This is an important note for sponsors, but also for the named Plan Administrator who may be ultimately responsible for timely filing the Form 5500.  

With the exception of the long-term, part-time employee provisions which are effective in 2021, most of these other changes are effective for plan years beginning on or after December 31, 2019.  Yes – – just two weeks from now. Of course there is much more to the SECURE Act including changes to 529 college savings plans, penalty-free withdrawals for the birth or adoption of a child, and others, but by better understanding the imminent changes affecting retirement plans, the impact of the law becomes more clear. While it’s important to lay out a thoughtful strategy for incorporating the Act into your business plan, it’s equally important to think about the downstream implications – good and bad – to your clients. Regardless of how you shift your strategy, the passing of the SECURE Act will undoubtedly change the conversation you’re able to have with clients and that, in and of itself, is impactful.

ABOUT VESTWELL

Vestwell is a digital platform that makes it easier to offer and administer retirement plans. Vestwell removes traditional friction points through flexible investment strategies, fiduciary oversight, and streamlined administration, all at competitive pricing. By acting as a single point of contact, Vestwell has modernized the retirement offering while keeping the advisor’s, employer’s, and plan participant’s best interests in mind. Learn more at Vestwell.com and on Twitter @Vestwell.

Putting Retirement Plans in the Spotlight: What the SECURE Act Can Mean for Plan Sponsors

While there’s been no shortage of things to read about in the news these days, the bipartisan-supported Setting Every Community Up for Retirement Enhancement (SECURE) Act has been signed into law and it’s arguably the most impactful retirement plan security legislation in decades. For those wondering which of the hundreds of pages of legislation are most relevant to plan sponsors, here are some thoughts.

2019 Plan Retirement Survey

How Better Understanding Employee Perceptions of 401(k)s Can Lead Sponsors to More Effective Plan Delivery & Design

Did you know:

  • 76% of employees said they understand their plan at least somewhat well, while only 46% of sponsors believe the majority of their employees understand how a retirement plan works.

  • What participants do know is that they need to be saving more. Of those who are putting money away, only 36% are saving over 6%, while 64% think they should be.

  • 86% of employers feel obligated to help educate employees on saving for retirement, but less than 10% of employees view their employer as their “go-to” person for financial advice.

Read more in Vestwell’s newest report which gauges how employees are thinking about their retirement plans and what plan sponsors can do to increase engagement.

Download Report

#WinnersOfWealthTech Ep 28: Aaron Schumm, Founder and CEO of Vestwell

This month’s Winners of Wealthtech interview is with Aaron Schumm, the Founder and CEO of Vestwell, an entirely new kind of digital retirement platform transforming the way plans are offered and administered — for the benefit of advisors, employers, and employees alike.

Prior to founding Vestwell, Aaron was a co-founder of FolioDynamix, a wealth management and advisory services company that powered $800 billion in assets for over 100,000 advisors. At FolioDynamix, which was sold to Envestnet in 2017, Aaron oversaw the strategy, revenue, marketing, customers and product. Aaron holds a B.S. degree in finance from the University of Illinois and an M.B.A. degree from Duke University, The Fuqua School of Business. He was named as one of 40-under-40 by InvestmentNews and WealthManagement.com’s “10 to Watch”.

Listen to the podcast here!

 

How Can I Offer My Employees a 401(k) Plan?

By:Denise Power

If you could create your own fantasy Board of Directors who would be on it? CO— connects you with thought leaders from across the business spectrum and asks them to help solve your biggest business challenges. In this edition, a CO— reader asks whether it is feasible for a small business to sponsor a 401(k) plan for employees.

Ben Thomason, executive vice president of revenue at Vestwell, answers…

Companies know it’s vitally important to have the right people on board to build the business, and a solid benefits package attracts the top talent they need. However, many small businesses assume they do not have the option to offer a 401(k) retirement savings plan.

Learn More 

Ryan Anderson Recently Joined Vestwell

Ryan Anderson recently joined Vestwell as the Senior Vice President of Product & Design. In 2010, Anderson founded New York City based Alchemy50, an award winning product design studio which was later acquired in 2017. During his time there, his clients included DataMinr, Artivest, FolioDynamix (now part of Envestnet ($ENV), United Healthcare, Thomson Reuters and 1 Second Everyday. Anderson also spent time as the Chief Product Officer for Advizr before it was acquired by Orion Advisor Services.

 Ryan, you joined the company this August to lead product. What drew you to Vestwell?

Let me back up a few years to give you the whole story. I led a product design studio in NYC called Alchemy50 for many years, and along the way we worked with a whole host of financial firms – hedge funds, portfolio managers, fintech startups – all different types of people and products. And what started to become important to me, rather than focusing on the institutional stuff, was thinking about how I could better apply my experience to help everyday people. One of the things that came up in the course of my research was how poorly Americans do with their retirement savings and financial planning in general. So when a former client, Advizr, approached me about becoming their full-time product officer, I jumped at the chance. Through their financial planning and ultimately their wellness platform, I could take my expertise and apply it to people in need.

When Advizr got acquired, I thought, ‘Okay, what do I want to do next?’ That’s when Aaron and Jonathan approached me about joining Vestwell. I knew Aaron and Jonathan from FolioDynamix, another former client of Alchemy’s, and Vestwell’s mission was closely aligned with why I went to Advizr in the first place – helping people make better financial decisions. On top of that, I now had access to recordkeeping and payroll information, which is powerful data to have when creating tech that supports financial services.

 What opportunities and challenges do you see for Vestwell as they build a recordkeeping platform for the modern day?

 I think the big challenge is that retirement plans can have a lot of variables. You have different investment vehicles, enrollment requirements, plan designs, and compliance rules to keep track of. That means there are a lot of levers that need to be set up and maintained to give sponsors and advisors the flexibility they need. Furthermore, a big benefit of our offering is that it’s highly automated and digital. Traditional recordkeepers have outdated, manual processes that don’t make things easy for sponsors and participants. Simple is hard, but we’re 100% focused on making retirement easy.

When working with larger enterprises, it’s important that our service can be white-labeled so that everything coming out of the system appears to be coming directly from them. This is also a challenge, as the devil’s in the details. The more you expose, the more complex it gets and the longer it takes to bring that kind of stuff to market.

So I think the biggest challenge is improving on what today’s recordkeeping systems do in a way that is much more flexible and automated – particularly for smaller plans, which is our focus. If we get this right – and we will – then this becomes an extraordinary opportunity.

 Tell us about your product roadmap. You’ve only had a few months to dive in, but what do you see as your immediate and long-term goals for Vestwell’s platform?

The first thing that stood out to me was how much more we could do with the user experience. This encompasses a lot of things, like the amount of reporting we give to advisors, improving platform navigation, and increasing platform communications. As part of that, a primary focus of mine will be how we better onboard sponsors and participants onto the platform. We’ve done a solid job here thus far, but I do think we can further improve this area via automation, getting smarter about using data, and working with our operations team to better understand their challenges and how best to address them.

Longer term, it’s all about integrations. So if you think about what makes Vestwell unique, it’s that we’re creating a system with a modern technology stack which allows us to be more flexible and better positioned to integrate with many different providers and services.

How do you plan to approach building a product that supports advisors while also ensuring a great product for the end-user?

If you think about what a product does, it solves a problem for a user. And what we’re trying to solve touches all of our users: sponsors, participants, and advisors. Their problems are all a little bit different while sharing a common thread. As an advisor, there’s a trust element; advisors want to know our platform is reliable and accurate and that it can provide what they need to run their business effectively. And in much of the same way, there’s a trust that we have to build with sponsors, too. If you think about how sponsors and advisors interact, it’s not super frequently and when they do interact it is often to solve a problem. So the better we can create a system for the sponsor that does what they need it to do – like taking care of enrollment, engaging their employees, and submitting contributions – the better it is for the advisor. That stuff has to be rock solid.

With participants, the problem for them is simply saving for retirement. Whether it’s registering for an account, making a contribution change, or taking out a loan against their savings, it needs to be incredibly straightforward – and accessible (mobile). Outside of that, they don’t care about much else.

So while I really look at it as three separate problems, and we treat the experience separately for each, there are common elements. The portals for each should be easy to navigate and do what it’s intended for which means information has to flow across all three seamlessly.

What do you believe gives Vestwell a leg up over others in the space?

The big problem is – and it’s the reason why I think Vestwell has such a great business model – there’s a lot of old technology in the industry. The incumbents started in the early 80’s and they haven’t evolved much since. You’re now seeing some kernels of new tech, but the pace at which it’s being built just isn’t fast enough, and the cost to do it is prohibitive in many cases. When trying to meld old technology with new systems, it can be expensive and time consuming. So, I think the approach we’re taking where we’ve started from scratch means we get to look at the problems in the industry today and solve those with a better solution through a modern tech stack. If you look across our team, we are all seasoned, enterprise fintech professionals.  This is what we do, and all we do. In that, we are allowing retirement plan providers to get back to their core, focusing on their clients, instead of trying to be a technology recordkeeper provider.

You’re still the new kid on the block, but let’s fast forward 5, even 10 years from now. What’s your biggest contribution to Vestwell going to be?

I want to help create the modern framework that this 40-year old industry rebuilds its foundation from. Ultimately, I hope that translates into a greater sense of empathy to the problems our users face. I want to help create a system that solves those problems for them.

 

Study: Advisors’ Fear of Outsourcing Underscores Struggle with Scale

Identifying new opportunities and managing scale were cited by retirement plan advisors as the biggest issues they struggle with in growing their practice, but a new study suggests they are not taking steps to create additional efficiencies.

In “Evaluating Operational Challenges to Drive Scale and Efficiency,” 39% of advisors stated that identifying new opportunities is their biggest hurdle to growing their practice, followed by 33% who see managing scale as their biggest hurdle. Yet, an even smaller percentage are outsourcing their most basic functions, according to the study by digital platform firm Vestwell.

 

Read More

 

Amid compression in recordkeeper industry, one start-up is banking on its technology to buck the trend

Consolidation of recordkeeper service providers to the defined contribution market may not yet be as torrid as some early predictions, but it’s happening.

The trend is expected to continue among the largest national recordkeepers—a list numbering about 40—and among the scores more of regional providers.

“From a pure recordkeeping standpoint, there is excess capacity,” Alexander D’Amico, a partner in McKinsey’s financial services practice, told BenefitsPRO earlier this year.

 

Read More