Compliance May 21, 2021

Bill Would Clear a Surer Path for Plans to Offer ESG Funds

After a year of alternating decisions related to ESG investing, the proposal would amend ERISA to make it clear that workplace retirement plans can choose to consider such factors in their investment decisions.

Reported by

U.S. Senators Tina Smith, D-Minnesota, and Patty Murray, D-Washington, and U.S. Representative Suzan DelBene, D-Washington, have introduced legislation in both chambers of Congress that they say would provide legal certainty to workplace retirement plans that choose to consider environmental, social and governance (ESG) factors in their investment decisions or offer ESG investment options.

The bill, called the Financial Factors in Selecting Retirement Plan Investments Act, would amend the Employee Retirement Income Security Act (ERISA) to make it clear that plans may consider ESG factors in their investment decisions—provided they consider such investments in a prudent manner consistent with their fiduciary obligations. The legislators note that this is the same legal standard that ERISA already applies to non-ESG investment factors.

For more stories like this, sign up for the PLANSPONSOR NEWSDash daily newsletter.

The bill would also amend ERISA to codify the longstanding principle that plans may consider ESG factors as tiebreakers when deciding between comparable options. The legislators note that the Department of Labor (DOL) under former President Donald Trump largely repealed that tiebreaker rule.

Under the Trump administration, the DOL proposed a rule that would have made it more difficult for retirement plans to use ESG investments. That proposal generated intense feedback, and the majority of the public comments called the rulemaking unnecessary and antiquated in its hostile views of ESG investing. The DOL’s final rule removed any mention of ESG and, instead, said plan fiduciaries need to focus solely on pecuniary, or performance, factors when selecting funds for a retirement plan lineup.

But after the President Joe Biden took office, the DOL’s Employee Benefits Security Administration (EBSA) announced it would not enforce the final rule until it publishes further guidance.

The new bill would formally repeal the Trump-era DOL rule, as well as “limit future regulatory actions that impose unfair regulatory burdens in an effort to discourage ESG investing by ERISA plans,” according to the legislators.

The legislators note that while demand for ESG and sustainable investing is on the rise, few workplace retirement plans offer such options. They say one of the primary reasons companies refrain from offering these options is that the laws governing them are constantly changing.

“Sustainable investment options are good for retirees and good for our environment—that’s a win-win,” says Smith, a member of the Senate Banking Committee. “We’re putting forth this legislation because we know there’s a growing demand for sustainable investing and because we believe Congress should act now to provide the legal certainty necessary to make sure workplace retirement plans are able to offer these options to workers across the country.”

DelBene adds, “Americans deserve a secure retirement, and ESG investments are a key component in accomplishing that goal. This bill promises retirees a pathway not only to reach that secure retirement but a pathway to live in a world worth retiring in.”

“Retirement security is all about planning for the future, and you can’t truly do that if you aren’t able to consider the environmental, social and governance factors that will shape the future,” says Murray, chair of the Senate Health, Education, Labor and Pensions Committee. “Allowing this approach isn’t just common sense, it’s a win for workers, retirees, investors, businesses, communities, the environment and more. That’s why Senator Smith, congresswoman DelBene and I are introducing legislation to make sure people are able to invest in a future that’s not only more financially secure for their family, but more just, diverse and sustainable for everyone.”

A number of industry groups support the bill, including the Securities Industry and Financial Markets Association (SIFMA).

“SIFMA believes it is important for financial institutions to be able to consider all factors, including ESG factors, as part of an investment and risk management strategy,” said SIFMA President and CEO Kenneth Bentsen Jr. “ESG factors should continue to be valid considerations for investment decisions—including for qualified default investment alternatives [QDIAs] and their components—so long as they are evaluated in a manner consistent with a prudent process. We strongly believe the focus should be on the prudence of the analysis, as opposed to the particulars of the investments.”

US SIF: The Forum for Sustainable and Responsible Investment also supports the legislation, as do the CFA Institute and the American Retirement Association (ARA). “The bill makes clear that ESG criteria may be considered in ERISA-governed retirement plans and will end the policy pendulum of regulatory interpretations on this issue at the Department of Labor,” says Lisa Woll, CEO of US SIF.

Aron Szapiro, head of policy research at Morningstar, says his organization supports the bill “because it would help mainstream the use of this analysis as part of retirement plan investment selection, benefiting participants.”

And Smart, a retirement technology business, also voiced support. “We believe this is an appropriate framework, as it allows fiduciaries to incorporate ESG factors into their investment decisions, including those that apply to the QDIA, while still prioritizing the obligation of fiduciaries to seek investment returns for beneficiaries,” says Catherine Reilly, director of retirement solutions at Smart.

A summary of the bill can be found here, and the full text of the bill is available here.

Administration May 21, 2021

The DOL’s Cybersecurity Guidance in Practice

Experts share insights about implementing the guidance and warn that plan sponsors can expect investigations from the agency now that there are guidelines.

Reported by

The Department of Labor (DOL) released its first-ever cybersecurity guidance for Employee Retirement Income Security Act (ERISA) plans last month.

The guidance included three parts:

Never miss a story — sign up for PLANSPONSOR newsletters to keep up on the latest retirement plan benefits news.

  • tips for hiring a service provider with strong cybersecurity practices;
  • cybersecurity program best practices; and
  • online security tips for participants.

There’s not much new information in the DOL guidance from what had already been suggested by experts; it has issued common sense best practices that reflect the state of the industry, says Andrew Elbon, a partner with law firm Bradley.

“What’s new is that the DOL has laid out in a thorough manner what it would expect plan fiduciaries to be looking for,” he says. “The DOL is saying, ‘This is a fiduciary issue and here’s a road map.’”

Matthew Hawes, a partner at Morgan, Lewis & Bockius LLP, agrees that the guidance is a clear indication that the DOL thinks cybersecurity is a fiduciary responsibility. Both plan sponsors and providers have a responsibility to be proactive with respect to the privacy and cybersecurity of plan and participant information, he says.

Elizabeth Goldberg, also a partner at Morgan, Lewis & Bockius LLP, says, along with issuing the guidance, DOL officials have made statements about conducting investigations related to cybersecurity. “In addition to the risk of having participant assets stolen and being sued, now there’s a potential for DOL investigations,” she says.

The guidance provides a level of detail not often seen from the DOL when it comes to plan processes, Hawes notes. He says the DOL’s recent guidance on missing participants also provided details about processes. “Perhaps it is a new approach the DOL is taking when it comes to providing guidance,” he says.

Goldberg echoes the fact that the DOL guidance “gets pretty granular about what it considers to be best practices.” She notes that the “best practices” part of the guidance doesn’t just inform providers what they should do, but it also tells plan sponsors what they should be doing.

“Even without this, the threat of litigation would signal that this is something plan sponsor fiduciaries should consider, even if it is unresolved in courts,” Goldberg says.

Implementation of the Guidance

Elbon says he expects plan sponsors seeking providers will issue a request for proposals (RFP) that includes the questions the DOL suggests. He says he imagines the issuance of an RFP would be a one-time thing, but it makes sense to expect current service providers to provide some kind of annual checkup to show how they are continuing to satisfy cybersecurity best practices and to communicate any changes they’ve made. Plan sponsors should also expect a report of incidents.

However, Hawes notes that the cybersecurity guidance is sub-regulatory; it was not afforded the notice and comment period involved in regulations and doesn’t necessarily reflect the views and input of all stakeholders. This may affect plan sponsors. For example, the DOL guidance says plan sponsors should ask providers to make available self-audit results, but providers might not want to do so because it could provide an avenue for bad actors to figure out ways to exploit their cybersecurity systems.

Goldberg says that provider resistance is one practical challenge plan sponsors could face when trying to implement the guidance. The DOL doesn’t address what plan sponsors should do in that case.

Hawes says there’s also a risk that the guidance becomes viewed by potential litigants and the DOL as a minimum standard.

“It’s hard to be certain that sponsors and providers can comply with all of them,” he says. “I’m not saying we want the DOL to say what to do if a provider doesn’t deliver information. It would be nice for the DOL to say these factors are considerations in the selection and retention of providers and no one is greater than any other when making decisions.”

“To the extent a plan sponsor is doing anything in-house that involves the storage or transmission of ERISA plan and participant data, it should have a person or team, if it doesn’t have an IT [information technology] department, dedicated to ensuring cybersecurity,” Elbon says. “This is for all ERISA plans, not just retirement plans, but also health plans.”

Elbon says there is a good chance that some plan sponsors are handling data and are not just relying on service providers for the storage or transmission of data. These sponsors should look at their cybersecurity practices and consider whether they want to keep being responsible for handling data, he suggests. If they continue to take on that responsibility, plan sponsors should consider what they need to change to better protect data and respond to incidents.

“I do a lot of work with HIPAA [the Health Insurance Portability and Accountability Act], and one rule of thumb I’ve tried to convey is if a plan sponsor is in the business of holding on to participant data, it should probably get out of it and rely on service providers that are better equipped to handle cybersecurity,” Elbon says. “Maybe one of the side effects of the [DOL] guidance is giving plan sponsors the impetus to do that. They now have a nice set of guidelines to rely on for evaluating and selecting service providers based on this issue.”

To the extent that plan sponsors have exposure, Elbon says it makes sense that their corporate insurance policies should have cybersecurity provisions.

Plan sponsors should share the DOL’s online security tips with plan participants, he adds. Elbon says plan service providers can communicate the tips as well.

The DOL guidance shows that, in the agency’s view, plan participants bear some responsibility for protecting their accounts, Hawes notes. Communicating the online security tips to participants and documenting that they’ve done so will help plan sponsors defend themselves if a loss is somehow related to a participant’s failure to implement his own security precautions, he adds.

Goldberg notes that the DOL included language in its missing participant guidance that recognized specific factors such as cost must inform the application of best practices, but that wasn’t included in the cybersecurity guidance.

Another thing not spelled out in the guidance is which service providers are relevant, Goldberg says. “We can extrapolate that the key focus is on recordkeepers, but which others?” she asks. She also notes that the DOL did not address whether plan data is considered a plan asset—a question that is playing out in court cases.

“We know fiduciaries need to engage experts,” Hawes says. “This guidance has many technical aspects which might make it necessary to engage with IT to help with the evaluation of service providers.”

“I think this is a very positive development, offering very specific rules of the road to rely on,” Elbon says. “I see this as consistent with a prudent process to select service providers, just as plan sponsors need to have a prudent process to select investments. That is a fiduciary act. It doesn’t mean that if something goes awry, plan sponsors are at fault; it just ensures they do their due diligence.”

«

Thank you so much for your interest in our content. Please register to access this complimentary archived content. By registering, you will receive our newsletter which can be opted out of at any time.

 

 

Already Registered? Click here to confirm.