Compliance June 4, 2019

DOL Asked to Make Electronic Delivery of Retirement Plan Disclosures the Default

Eight organizations associated with defined contribution (DC) plans submitted a letter to the Employee Benefits Security Administration of the Department of Labor (DOL) asking it to propose regulations that would permit plan sponsors to make electronic delivery the default method of delivery for retirement plan disclosures and notices.

Reported by

Eight organizations associated with defined contribution (DC) plans, including the Investment Company Institute (ICI) and the SPARK Institute, have submitted a letter to the Employee Benefits Security Administration of the Department of Labor (DOL) asking it to propose regulations that would permit plan sponsors to make electronic delivery the default method of delivery for retirement plan disclosures and notices. If employees did not want electronic delivery, they would have the ability to request paper copies.

The groups note that on August 31, 2018, President Trump signed an Executive Order on Strengthening Retirement Security in America, directing the DOL to review within a year how to make retirement plan disclosures more understandable and usable. One of the options the order noted was electronic delivery, which would also reduce the cost of making these disclosures.

Get more!  Sign up for PLANSPONSOR newsletters.

“We would urge the Department to further prioritize electronic delivery as a part of any rulemaking to reduce costs and burdens, as outlined by the Executive Order,” the letter states. “If finalized, those regulations would immediately make retirement plan disclosures and notices more efficient and useful for retirement savers. Electronic delivery empowers retirement plan participants by providing them constant and real-time access to information about their retirement benefits and other online tools that can assist with retirement planning. It also could make disclosures and notices much less costly.”

The groups note that with electronic delivery, the notices could be linked to other information, such as financial wellness, and positive actions, such as increasing retirement plan contributions.

The co-signees of the letter are the American Bankers Association, American Council of Life Insurers, American Retirement Association, ERISA Industry Committee, Investment Company Institute, Securities Industry and Financial Markets Association, SPARK Institute and U.S. Chamber of Commerce.

The letter can be viewed here.

Products June 4, 2019

Clear Disclosure Partners Offers Cybersecurity Program for Retirement Plans

Among other things, the Cybersecurity Risk Management Program, in consultation with the plan sponsor and fiduciaries, includes the development of a prudent process for cybersecurity management including policies and procedures and a cybersecurity manual.

Reported by

Clear Disclosure Partners introduced a new service for retirement plan sponsors and fiduciaries—the Cybersecurity Risk Management Program for Retirement Plans.

 

Never miss a story — sign up for PLANSPONSOR newsletters to keep up on the latest retirement plan benefits news.

Developing a prudent process for reviewing and improving retirement plan cybersecurity is one of the biggest emerging issues in the retirement industry. While the Employee Retirement Income Security Act (ERISA) does not mandate a written cybersecurity policy, plan sponsors are required to always act prudently and to document that process. Creating a cybersecurity risk management program for the unique requirements of individual plans is increasingly seen as a fiduciary “best practice” for retirement plan sponsors and fiduciaries, according to Clear Disclosure Partners.

 

Recently, cybersecurity concerns about retirement plans have been getting some high-level attention. At the end of 2018, the ERISA Advisory Council asked for guidance from the Department of Labor (DOL) about how plan sponsors should evaluate cybersecurity risks and requested they mandate that employers create a process to manage cybersecurity. This past February, Senator Patty Murray, D-Washington, and Congressman Bobby Scott, D-Virginia, sent a letter to the Government Accountability Office requesting that the GAO examine the cybersecurity of the retirement system.

 

“It’s our view, that by either regulatory mandate or “prescribed best practices,” retirement plan sponsors and fiduciaries will soon be compelled to oversee a cybersecurity program for their retirement plans similar to the cybersecurity program demanded of registered investment advisers,” says Dave Dickinson, president of Clear Disclosure Partners.

 

The Cybersecurity Risk Management Program develops and manages an ongoing cybersecurity program for retirement plans, including:

  • A review of the cybersecurity risks and the unique “cyber circumstances” particular to each employer’s retirement plan.
  • In consultation with the plan sponsor and fiduciaries, development of a prudent process for cybersecurity management including policies and procedures and a cybersecurity manual. The program must be tailored to the plan and not boilerplate.
  • Review of plan provider cybersecurity policies and procedures including a review of contractual provisions relating to cybersecurity.
  • Employee education about cybersecurity risk and best practices.
  • Annual cybersecurity review and compliance meeting.
  • Creation and maintenance of a cloud-based cybersecurity risk management program compliance file.

«