Has your U.S. retirement program had a risk checkup lately?
If you are a non-U.S. corporate or a PE sponsor with U.S. entities, U.S. pension risks are something you should address.
The U.S. Department Of Labor, which supervises ERISA plans, is becoming more and more active. Read more about the three key risks below.
Plan fiduciaries are required to protect plan assets. This includes the requirement that they protect plan assets from cyber attacks. The U.S. Department of Labor (DOL) has repeatedly emphasized that it expects plan fiduciaries to be on top of whether their plan’s third-party providers and their systems are fulfilling these requirements.
In April, the DOL announced that it is focused on the cybersecurity vulnerabilities of U.S. employee benefit plans, and plan sponsors and plan fiduciaries should make sure they are current on the standards of care that are expected of them. The DOL also announced new guidance for ERISA plan sponsors, fiduciaries, record keepers, and participants on best practices for maintaining cybersecurity. It highlighted the need for plan sponsors to prudently select service providers with strong cybersecurity practices and to actively monitor the providers for compliance. The DOL has already begun auditing plan sponsors’ cybersecurity policies since the April announcement.
The increasing rate of cyberattacks coupled with the increased use of electronic communications by plan participants makes ERISA assets more vulnerable than ever. ERISA sponsors and service providers should be especially vigilant to fulfill their fiduciary duty to protect those assets. Therefore, the question for every ERISA plan sponsor and service provider should be “how can we strengthen our cybersecurity” and “what diligence should we do around cybersecurity".
Large lawsuits, including class actions, have targeted employers and plan fiduciaries who have allowed their plan participants’ accounts to become saddled with unreasonably high investment and administrative fees. Plan fiduciaries should be following a process that shows that they are monitoring plan fees and acting when those fees are inappropriate for the plan and its investment lineup.
Now more than ever, fiduciaries who are responsible for investing and managing U.S. employee benefits plans should be ready to demonstrate that the fiduciaries follow and document a prudent process when they act for the plans for which they are responsible. Especially now, when there are substantial questions on whether ERISA plans may take ESG considerations into account, it is essential that plan fiduciaries can back up the process behind their decisions.
Clifford Chance can offer a customized solution to help your team fulfill its duties:
1. Policy analysis
The Clifford Chance Risk Team can quickly and affordably review your plans and their processes and advise you on the risk exposure that you are carrying right now. What’s more, we can often do so in a protected environment where our advice and findings can have the protection of privilege.
2. Mock audits
Clifford Chance can conduct a mock audit equivalent to a DOL investigation into ERISA practices. As part of that process, Clifford Chance will request that the firm provide or make available information and records for our review. The request would focus primarily on ERISA cyber security practices and would seek to replicate a DOL inquiry as much as possible at the initial stage.
Stage 2 of the mock audit involves our remote or on-site examination of the company and its service provider to understand where there are potential weaknesses in the service provider’s cybersecurity readiness and to advise on steps that a plan sponsor should take to address these risks. Our team will request and review additional records and other information not provided prior to the visit. We will also conduct remote or on-site interviews with key employees responsible for each aspect of ERISA plan management.
In conducting the mock DOL audit, we attempt to create realistic simulation of the atmosphere around an actual examination. However, we also try to make the remote or on-site session collaborative and efficient by providing you with feedback on a real-time basis and a final exit report.