Cyber (In)Security: Why Retirement Plans Are at Risk and How to Protect Them

With 401(k) plans holding trillions of dollars in assets — along with personal information such as social security numbers, bank account information, and more — it’s no wonder they’ve been subject to recent cyberattacks. As fiduciaries, advisors and plan sponsors are wondering what exactly they are liable for and how to protect their plans. Vestwell’s December 18 panel, featuring cybersecurity expert Joe Pampel and retirement law expert Jason C. Roberts, explored this very topic.

What are fiduciaries liable for?

As of now, ERISA and relevant case law are silent about the extent to which fiduciaries are liable for data security violations, though there are numerous state and federal law theories that may hold them liable for a variety of monetary damages. As the law in this area evolves, the following legal principles are becoming well-settled:

  1. Protect plan data. Plan fiduciaries are required to protect all plan assets. Although it is unclear whether participant data is considered a “plan asset,” fiduciaries should be cautious and take reasonable steps to keep sensitive plan data out of criminals’ hands.
  2. Vet service providers. Fiduciaries must prudently select service providers, such as their payroll vendor and recordkeeper. Part of selecting these vendors is asking about how they protect participants’ personal information and understanding their overall security procedures.
  3. Ensure other fiduciaries don’t breach their duties and take steps to remedy any known breach. This is a mouthful, but it simply means that advisors and plan sponsors should make sure other fiduciaries fulfill their duties and, if there is a security breach, take the necessary remediation actions, which may include replacing the service provider.
Selecting the right providers

We’ve already addressed how plan fiduciaries are responsible for vetting their service providers, and since cybersecurity is a critical part of the selection process, it’s important to ask the right questions.

  1. How do they manage data? This can be as simple as asking providers how information flows into and out of the recordkeeping system and who has access to personal information. Ask if the data is stored in the United States or abroad and how they back data up, such as whether it’s stored on backup tapes or in the cloud. Ask about the vendor’s background screening of its employees and how often those checks are updated.
  2. Do they offer contractual protections? Plan fiduciaries should include contractual protections to hold third parties liable for security breaches. This can include things such as requiring the provider to notify you within a few days of discovering a data incident as well as verifying sufficient cybersecurity insurance coverage.
  3. Have they had any historical breaches? In addition to asking providers what steps they are currently taking to prevent attacks, ask them about any breaches they have had in the past, how they were resolved, and how often they undergo security audits. Also ask these questions of any subcontractors they use, as those are often overlooked in the vetting process.
Protecting your own business

In addition to selecting secure vendors, plan sponsors should also make sure they are taking necessary steps to protect their own plans by:

  1. Getting insurance. Just like third party vendors, sponsors can and should obtain cybersecurity insurance to help protect assets in case of a breach of its own security systems.
  2. Monitoring plan statements. Sponsors should review plan activities such as unusual and/or large withdrawals, and educate participants to do the same.
  3. Ensuring data security. Just as one would ask a service provider about its processes, it’s important to understand how sensitive data is shared internally. Sponsors should restrict access to only those employees who need it.
  4. Reviewing providers (at least) annually. Sponsors should use the steps above to analyze providers’ security practices at least once per year, if not more often.
  5. Educating employees. Employees should receive training at least annually on ways to mitigate the risk of a cyberattack. This includes things such as picking complicated passwords, implementing multi-factor authentication, monitoring account activity, and only accessing their plan on secure devices.

Although ERISA does not include any specific rules when it comes to cybersecurity, fiduciaries are responsible for protecting their retirement plans. From restricting access to plan data to properly vetting service providers, there are practical steps advisors, plan sponsors, and even participants can take to mitigate the risk of a cyberattack.

Signed, Sealed, Delivered: What the Passing of the SECURE Act Means For Advisors

The “will they, won’t they” surrounding the SECURE Act has finally come to an end and the most impactful retirement plan security legislation in decades has been signed into law. This will not only make retirement plans more accessible and affordable for the 500,000+ small to mid-sized businesses currently sitting on the sidelines, but it should also result in more Americans saving for retirement, thus starting to bridge the huge savings gap. For advisors, this opens up a significant opportunity, especially for those who have already recognized the potential in the emerging corporate market.

If, as an advisor, you’re wondering which of the 124 pages of legislation to pay most attention to, here are some of our thoughts:

Allowing for open Multiple Employer Plans (“MEPs”)

MEPs have perhaps been the most heavily talked about part of the SECURE Act. While closed MEPs  – in which companies with clear commonalities can offer pooled plans – already exist, allowing unrelated businesses to pool resources has a lot of advisors, PEOs, payroll providers, and others excited. This should conceivably help smaller plan clients gain access to provisions and investments that were traditionally available mostly to larger plan clients. That being said, it’s important to be aware of certain restrictions of MEPs including the standardization of investment options, fiduciary oversight of service providers, plan features like matches and contributions that some sponsors might not be prepared to handle, and other operational hurdles. Employers can be liable for significant damages for jumping in too quickly. It’s worth comparing whether a MEP-like experience, in which one creates their own pooled offering without the confines of a MEP, could be an even better option. Either way, the passage of the SECURE Act opens up the door for you to be having these important conversations.

Access to annuities in retirement plans

More relaxed rules around lifetime income products means better access to more offerings for participants. This is a good thing considering there is no one-size-fits-all when it comes to a participant’s investment strategies and annuities could be a great option for the right investor. However, there is still a lot here to figure out. Because of the complexity of annuities, it can be challenging to incorporate them into a retirement plan without full plan portability or properly disclosing costs and other features. Expect a lot of big annuity players to try to simplify this complex challenge sooner rather than later.

Tax incentives for small business owners to offer a 401(k)

Since much of this provision is centered around making retirement plans more accessible for small business owners, a tax credit of up to $5,000 should serve as a great catalyst. Not to mention that it can help offset any upfront costs that often serve as a deterrent in setting up a plan. Be sure to lay out the numbers for prospective clients, as most of them aren’t following the SECURE Act nearly as closely as we are.

Looser restrictions on eligibility

For example, there will no longer be a heavy penalization on those taking parental leave or working part-time. According to the bill, employees who work 500 or more hours during any consecutive three-year period can participate in their plan and there are other protections in the Act for part-time employees. This is meant to protect participants who may take a leave of absence for parental leave or otherwise, and to generally support more balanced life decisions. This is a shift from the current eligibility rules so it’s important to alert clients to ensure compliance.

New age requirements for Required Minimum Distributions (RMDs)

People are living longer (and often working longer!), so the Act has raised the age from 70 ½ to 72 for employees to begin cashing out their retirement plans. For wealth advisors in particular, this is an important number to (re)factor into long-term planning.

With all of these employer and employee benefits, how is this Act being paid for? Well, there are a few provisions where the revenue stream can help offset the cost.

Eliminating the Stretch IRA

By removing the so-called “Stretch IRA,” certain beneficiaries of a 401(k) plan can no longer hold off paying the tax penalties on withdrawals in perpetuity. This means taxes may now need to be paid within ten years, depending on who the beneficiary is at the time. Again, advisors should make clients aware of this change as needed.

Increasing fees for late or missing Form 5500s

While there have always been hefty penalties for mishandling of 5500s, the fee has increased significantly from a maximum of $50,000 to $150,000. This is an important note for sponsors, but also for the named Plan Administrator who may be ultimately responsible for timely filing the Form 5500.  

With the exception of the long-term, part-time employee provisions which are effective in 2021, most of these other changes are effective for plan years beginning on or after December 31, 2019.  Yes – – just two weeks from now. Of course there is much more to the SECURE Act including changes to 529 college savings plans, penalty-free withdrawals for the birth or adoption of a child, and others, but by better understanding the imminent changes affecting retirement plans, the impact of the law becomes more clear. While it’s important to lay out a thoughtful strategy for incorporating the Act into your business plan, it’s equally important to think about the downstream implications – good and bad – to your clients. Regardless of how you shift your strategy, the passing of the SECURE Act will undoubtedly change the conversation you’re able to have with clients and that, in and of itself, is impactful.

ABOUT VESTWELL

Vestwell is a digital platform that makes it easier to offer and administer retirement plans. Vestwell removes traditional friction points through flexible investment strategies, fiduciary oversight, and streamlined administration, all at competitive pricing. By acting as a single point of contact, Vestwell has modernized the retirement offering while keeping the advisor’s, employer’s, and plan participant’s best interests in mind. Learn more at Vestwell.com and on Twitter @Vestwell.

Ryan Anderson Recently Joined Vestwell

Ryan Anderson recently joined Vestwell as the Senior Vice President of Product & Design. In 2010, Anderson founded New York City based Alchemy50, an award winning product design studio which was later acquired in 2017. During his time there, his clients included DataMinr, Artivest, FolioDynamix (now part of Envestnet ($ENV), United Healthcare, Thomson Reuters and 1 Second Everyday. Anderson also spent time as the Chief Product Officer for Advizr before it was acquired by Orion Advisor Services.

 Ryan, you joined the company this August to lead product. What drew you to Vestwell?

Let me back up a few years to give you the whole story. I led a product design studio in NYC called Alchemy50 for many years, and along the way we worked with a whole host of financial firms – hedge funds, portfolio managers, fintech startups – all different types of people and products. And what started to become important to me, rather than focusing on the institutional stuff, was thinking about how I could better apply my experience to help everyday people. One of the things that came up in the course of my research was how poorly Americans do with their retirement savings and financial planning in general. So when a former client, Advizr, approached me about becoming their full-time product officer, I jumped at the chance. Through their financial planning and ultimately their wellness platform, I could take my expertise and apply it to people in need.

When Advizr got acquired, I thought, ‘Okay, what do I want to do next?’ That’s when Aaron and Jonathan approached me about joining Vestwell. I knew Aaron and Jonathan from FolioDynamix, another former client of Alchemy’s, and Vestwell’s mission was closely aligned with why I went to Advizr in the first place – helping people make better financial decisions. On top of that, I now had access to recordkeeping and payroll information, which is powerful data to have when creating tech that supports financial services.

 What opportunities and challenges do you see for Vestwell as they build a recordkeeping platform for the modern day?

 I think the big challenge is that retirement plans can have a lot of variables. You have different investment vehicles, enrollment requirements, plan designs, and compliance rules to keep track of. That means there are a lot of levers that need to be set up and maintained to give sponsors and advisors the flexibility they need. Furthermore, a big benefit of our offering is that it’s highly automated and digital. Traditional recordkeepers have outdated, manual processes that don’t make things easy for sponsors and participants. Simple is hard, but we’re 100% focused on making retirement easy.

When working with larger enterprises, it’s important that our service can be white-labeled so that everything coming out of the system appears to be coming directly from them. This is also a challenge, as the devil’s in the details. The more you expose, the more complex it gets and the longer it takes to bring that kind of stuff to market.

So I think the biggest challenge is improving on what today’s recordkeeping systems do in a way that is much more flexible and automated – particularly for smaller plans, which is our focus. If we get this right – and we will – then this becomes an extraordinary opportunity.

 Tell us about your product roadmap. You’ve only had a few months to dive in, but what do you see as your immediate and long-term goals for Vestwell’s platform?

The first thing that stood out to me was how much more we could do with the user experience. This encompasses a lot of things, like the amount of reporting we give to advisors, improving platform navigation, and increasing platform communications. As part of that, a primary focus of mine will be how we better onboard sponsors and participants onto the platform. We’ve done a solid job here thus far, but I do think we can further improve this area via automation, getting smarter about using data, and working with our operations team to better understand their challenges and how best to address them.

Longer term, it’s all about integrations. So if you think about what makes Vestwell unique, it’s that we’re creating a system with a modern technology stack which allows us to be more flexible and better positioned to integrate with many different providers and services.

How do you plan to approach building a product that supports advisors while also ensuring a great product for the end-user?

If you think about what a product does, it solves a problem for a user. And what we’re trying to solve touches all of our users: sponsors, participants, and advisors. Their problems are all a little bit different while sharing a common thread. As an advisor, there’s a trust element; advisors want to know our platform is reliable and accurate and that it can provide what they need to run their business effectively. And in much of the same way, there’s a trust that we have to build with sponsors, too. If you think about how sponsors and advisors interact, it’s not super frequently and when they do interact it is often to solve a problem. So the better we can create a system for the sponsor that does what they need it to do – like taking care of enrollment, engaging their employees, and submitting contributions – the better it is for the advisor. That stuff has to be rock solid.

With participants, the problem for them is simply saving for retirement. Whether it’s registering for an account, making a contribution change, or taking out a loan against their savings, it needs to be incredibly straightforward – and accessible (mobile). Outside of that, they don’t care about much else.

So while I really look at it as three separate problems, and we treat the experience separately for each, there are common elements. The portals for each should be easy to navigate and do what it’s intended for which means information has to flow across all three seamlessly.

What do you believe gives Vestwell a leg up over others in the space?

The big problem is – and it’s the reason why I think Vestwell has such a great business model – there’s a lot of old technology in the industry. The incumbents started in the early 80’s and they haven’t evolved much since. You’re now seeing some kernels of new tech, but the pace at which it’s being built just isn’t fast enough, and the cost to do it is prohibitive in many cases. When trying to meld old technology with new systems, it can be expensive and time consuming. So, I think the approach we’re taking where we’ve started from scratch means we get to look at the problems in the industry today and solve those with a better solution through a modern tech stack. If you look across our team, we are all seasoned, enterprise fintech professionals.  This is what we do, and all we do. In that, we are allowing retirement plan providers to get back to their core, focusing on their clients, instead of trying to be a technology recordkeeper provider.

You’re still the new kid on the block, but let’s fast forward 5, even 10 years from now. What’s your biggest contribution to Vestwell going to be?

I want to help create the modern framework that this 40-year old industry rebuilds its foundation from. Ultimately, I hope that translates into a greater sense of empathy to the problems our users face. I want to help create a system that solves those problems for them.

 

Putting MEPs on the Map

As we all know, the Department of Labor recently unveiled a new final rule that will make it easier to form and manage Multiple Employer Plans (MEPs). So it’s no wonder that many advisors in the industry are thinking about the best ways to incorporate them into their business strategies.

For retirement plan advisors, in particular, new MEP rules are changing the game—especially in the small plan market. Thanks to recent regulations, employers that have little or no business-related connection to each other are now able to join a closed MEP, creating an opportunity for advisors to service smaller clients as a 3(38) fiduciary in a way that’s both scalable and cost-effective.

Where should an advisor start? Although advisors cannot sponsor closed MEPs, they can leverage relationships to put the right MEPs in place. Most advisors have spent their careers developing centers of influence. A MEP allows them to turn those relationships into partnerships by working together to create really efficient offerings.

While the MEP would be sponsored by a lead employer that takes on the bulk of the fiduciary responsibility and administrative oversight, advisors and partners can make it easier to craft and manage, while also delivering superior brand and value.

Two relationships, in particular, that bring significant opportunities are employer groups and associations, both of which can act as the “lead employer” of a closed MEP.

Since recent regulation now allows for unrelated employers with at least some commonality to create cost-effective group retirement plans, employer groups and associations are a perfect place to start. Both have access to a significant base of employers with common denominators such as a common geographic location, which the Department of Labor said is a sufficient nexus to join a closed MEP.

By sponsoring a MEP, association or employer groups can enhance their benefits, better support their members, increase engagement, and even boost membership.

The value in one payroll provider

Another relationship that’s highly relevant in the MEP universe is payroll providers. Having a number of disparate payroll providers in a MEP can be an administrative nightmare.

Since accurate payroll files are critical to administering the plan, some MEPs engage a separate data aggregator to process those files, which adds time and cost while making the plan more vulnerable to mistakes just by virtue of having another third-party provider involved in plan administration.

Therefore, having one central payroll system in a closed MEP is a huge value-add, and triangulating the payroll relationship with an employer group or association is an even stronger offering. Forward-thinking advisors will try to connect associations and payroll providers in a MEP structure for maximum efficiency with optimal cost designs.

Start the MEP discussion

Overall, advisors should be thinking about MEPs not just as they relate to their clients, but as they relate to their own business models as well. And while the future of MEPs may currently be in limbo, they are still a worthwhile discussion point for advisors in the small plan market.

If nothing else, conversations about MEPs give us all an opportunity to have transparent discussions around the future of retirement for companies of all sizes. And once the passage of open MEPs comes into play, advisors who take steps now to make changes to their business strategy will already be ahead of the game.

By: Benjamin Thomason, Vestwell

Ben Thomason is the Executive Vice President, Revenue at Vestwell, a digital platform that makes it easier to offer and administer retirement plans. Thompson leads the sales and service operations with a focus on expanding the firm’s current advisor relationships, building new strategic institutional partnerships, and overseeing plan sponsor support. 

Maximize Savings with a Safe Harbor Plan…And Soon

safe harbor

Safe harbor 401(k) plans can be a win-win for employers who want to maximize tax savings and retain employees. There is still time to reap the benefits for 2019.

1. Safe harbor basics

A safe harbor is like a traditional 401(k), but the employer must contribute, and contributions become fully vested when made. Contributions can either be limited to employees who make deferrals or offered to all eligible employees.

2. The trade-off may be worth it

Unlike traditional 401(k) plans, safe harbor plans automatically pass a number of required tests in order to keep your plan tax qualified and avoid other penalties and costs. These plans can be a great choice for small businesses that may have trouble passing nondiscrimination testing. For example, a family-owned or small business with more highly compensated employees relative to “rank and file” or non-highly compensated employees may otherwise have difficulty passing compliance tests.

3. More good news

The business owner can contribute the maximum annual deferral amount to his/her own 401(k) plan ($18,500 plus any catch up contributions), receive additional savings from the company’s matching contributions (they’re an “employee” too) and, come tax time, the business can deduct all matching contributions (up to the $55,000 IRS limit).

4. There is still time to maximize the savings for 2019

Safe harbor plans must be in effect three months prior to the plan year-end date, which means eligible employees must be able to make salary deferrals starting no later than the payroll period that ends on or after October 1 of the plan’s first year.  This means plan sponsors must make decision and sign necessary documentation by September 1.

5. If you already have a plan, you can take advantage too!

If you offer a different plan, but would like to take advantage of Safe Harbor benefits, here are dates to know:

  • By or before November 30, 2019: Your provider can amend your plan or start a new plan with a safe harbor provision for the following year
  • December 1, 2019: Your employees receive a 30-day notice of plan revisions
  • January 1, 2020: Safe Harbor provision takes effect and exempts the plan from nondiscrimination testing

Overall, there are benefits to any type of retirement offering, but a safe harbor plan can be a smart decision for many companies, particularly for small business owners. If you have any questions about whether a safe harbor plan is right for you, reach out to info@vestwell.com at any time.

How Small Businesses Benefit from the SECURE Act

 

computer pen papers mac apple office file shift keyboard laptop

By Allison Brecher, General Counsel, Vestwell

Congress is close to passing legislation that will be a big win for small business owners thinking of offering retirement plans to their employees. The Setting Every Community Up for Retirement Enhancement (SECURE) Act has a number of provisions centered around improving the nation’s retirement system, but small businesses in particular stand to benefit in many ways. Most notably, the Act would:

  • Increase the business tax credit for plan startup costs to make setting up retirement plans more affordable for small businesses. The tax credit would increase from the current cap of $500 to up to $5,000 in certain circumstances.
  • Encourage small-business owners to adopt automatic enrollment by providing an additional $500 tax credit for three years for plans that add auto enrollment of new employees.
  • Simplify rules and notice requirements related to qualified nonelective contributions in safe harbor 401(k) plans, a particularly common plan design amongst small businesses because the plan automatically passes certain compliance tests.
  • Offer a consolidated Form 5500 for certain defined contribution plans to reduce costs.

Additionally, the SECURE Act allows unrelated small businesses to get together in an “open” 401(k) multiple employer plan (MEP), which could also reduce costs and administrative responsibilities. Currently, only so-called “closed” MEPs are permissible, which require employers participating in it to have some kind of connection between them, such as membership in the same industry or an established trade association, and each business bears liability in the event any employer in the plan fails to comply with legal or regulatory requirements.  “Open” MEPs eliminate those rules.

The SECURE Act would also increase plan flexibility, which is a big benefit for small plan sponsors. First off, it would permit employers to add a safe harbor feature to their existing 401(k) plans even after the plan year has started as long as they make at least a 4% of pay contribution to employees, instead of the regular 3%. Second, it would extend the period of time for companies to adopt new plans beyond the end of the year to the due date for filing the company tax return.

There are other benefits that focus on helping employees save more for retirement. For example, it’s been proven that automatic enrollment and automatic escalation features encourage long-term savings, and the SECURE Act permits safe harbor 401(k) plans to increase the auto enrollment cap from 10% to 15% of an employee’s paycheck.  And since employees are working and living longer, the bill also benefits older workers by letting them continue to contribute to their plan until age 72, up from the current age of 70 ½. Lastly, it would provide penalty-free withdrawals from retirement plans of up to $5,000 within a year of the birth or adoption of a child to cover associated expenses.

The SECURE Act’s companion bill, the Retirement Enhancement Savings Act (RESA), is now moving forward through the Senate. RESA includes many of these same beneficial provisions and also has bi-partisan support. Many industry experts expect a compromise version of the two bills to become law before the end of 2019, making it the perfect time for small businesses to take action. If an employer wants to offer a safe harbor plan, plan documents need to be signed by late summer. This way, they’ll meet the October deadline for distributing legally required notices, be able to go January, and take advantage of the full tax benefits for the year.

4 Steps All Companies Should Take to Protect Themselves from Retirement Plan Litigation

By Allison Brecher, General Counsel, Vestwell

More than 100 lawsuits were filed in the last two years against plan sponsors and advisors, claiming that fees charged to them by their 401(k) plans were excessive. This litigation has resulted in hundreds of millions of dollars in settlements, significant reputational damage, and countless hours spent on defending litigation instead of servicing clients. Worse yet, when the stock market declines, we can expect more filings like these. In addition to litigation over failures to make reasonable decisions for plans, the Department of Labor restored over $1.6 billion to benefit plans to correct each plan sponsors’ failure to follow its own internal procedures.

Fortunately, many of these types of claims are preventable. With a little time and preparation, advisors, plan sponsors, and other fiduciaries can take steps to minimize their risk and even eliminate it almost completely.

  1.  Create internal policies and follow them.

Every plan sponsor and fiduciary should have a written guide – even if it’s just one page – that lists who the plan service providers are, what each one does, who makes decisions for the plan about investments and other plan features, and how often those get decisions reviewed. Courts have repeatedly dismissed claims where the plan sponsors provided evidence that their plan has internal procedures about plan-related decisions and that they were followed. There are many free online resources to help sponsors conduct fiduciary training, vet their service providers, and assess conflicts of interest that might impair their obligation to serve their participants’ best interests. Don’t wait for litigation to jump into action.

  1. Benchmark the plan’s costs to make sure they are reasonable.

One of the most often litigated claims against plan sponsors and advisors is that they permitted the plan to incur unreasonably high costs. The regulations are clear that the plan does not need to engage the least expensive provider and cost is not the only criteria to determine whether a provider’s or investment’s fees are “reasonable.” The plan sponsor or advisor should take stock of each service provider’s services, evaluate them, and document the review of them.

  1. Identify and disclose all actual or potential conflicts of interest.

Service providers should disclose their conflicts of interest to the plan sponsor so that the sponsor can make an informed decision that aligns with their participants’ best interests. Sadly, not all providers do. If the same company that serves as the plan’s recordkeeper is also providing the investment options available to plan sponsors or receiving other indirect compensation from the investments offered by the plan, there may be a conflict of interest. Conflicts can only be managed if they are disclosed.

  1. Give participants clear and complete information about the plan.

It is astonishing how many claims could have been avoided had plan fiduciaries been more transparent in giving plan participants information. This could be as simple as giving them materials about joining the plan and how to invest through an email blast or mailing. Tell participants in “plain English” what they need to know about the investment options, eligibility requirements, employer match, and other basic plan features.

Complacency about proper retirement plan management is a significant business risk, but there are easy ways to manage it. Advisors and plan fiduciaries can use these lessons of litigation to help plan sponsors ensure they are properly setting up their plans and keep them out of trouble.

 

 

What Does Being a “Fiduciary” Mean, Exactly?

fiduciary insights
Any individual or organization that exercises discretion regarding their plan or any plan assets is a fiduciary, which is one of the highest standards in the law. So what does this mean in practice?

OVERSEEING SERVICE PROVIDERS

While plan sponsors can delegate many responsibilities of managing a retirement plan to service providers such as recordkeepers, investment advisors, and others, a plan sponsor cannot completely wash their hands of all fiduciary duty. A plan sponsor must carefully select and monitor their service providers, and is ultimately liable for ensuring the providers are doing right by their employees.

ACTING IN EMPLOYEES’ BEST INTERESTS

A fiduciary must exercise a duty of loyalty by operating the plan in the best interests of participants. After all, the plan sponsor is caring for their employees’ retirement assets. Proceed with caution when considering hiring plan providers that also do work for the company or individual owners. The plan sponsor should not receive any kind of compensation or anything of value from operating the plan. Consider the “smell test.”

SELECTING APPROPRIATE INVESTMENT OPTIONS

Plan sponsors should make sure that participants are offered a diversified set of investment options at reasonable cost, though that doesn’t mean they need to have the lowest fees. However, selecting  the initial plan lineup is not a “set it and forget it” exercise. Sponsors should continue to monitor the investment options available to participants to ensure they are offered investment options that will balance their risk and help meet their retirement goals.

FOLLOWING THE PLAN DOCUMENT

Plan sponsors must operate the plan in accordance with the terms of the plan document. Disconnects are common and usually arise in connection with administering loans, using the wrong definition of “compensation” for purposes of calculating benefits, and with submitting late remittances. Failure to comply can  become an issue, but fortunately, corrective actions are well spelled out by regulators and easy to fix.

MAINTAINING RECORDS

The best protection of all is for plan sponsors to know their plan documents, know what their service providers are doing to support the plan, and make careful decisions – and document them – about all activities relating to the plan. Have on hand all documents that show the plan sponsor’s decision-making process and actions  taken for the benefit of participants as well as how decisions are implemented consistent with terms of the plan. Keep all of those records permanently.

PROTECTING AGAINST LOSSES

Fiduciaries must have an ERISA bond and should consider obtaining fiduciary insurance to cover any losses to the plan caused by a fiduciary breach.

The rules are complicated and the waters are muddied. But there are many resources available to you for more education about your fiduciary duties. Vestwell and Goodwin Procter offer regular webinars on this topic, and we also recommend free programs offered by the Department of Labor.