Last month, the U.S. Department of Labor (DOL) issued a press release aimed at defined benefit plan sponsors, plan fiduciaries, record keepers, and plan participants. For the first time, the DOL’s Employee Benefits Security Administration issued cybersecurity guidance.
The Employee Benefits Security Administration (EBSA) estimated that, as of 2018, there are 34 million defined benefit plan participants in private pension plans. Additionally, per EBSA estimation, there are 106 million defined contribution plan participants covering estimated assets of $9.3 trillion. The EBSA points to the risk of both internal and external cybersecurity threats.
“The cybersecurity guidance we issued today is an important step towards helping plan sponsors, fiduciaries and participants to safeguard retirement benefits and personal information,” said Acting Assistant Secretary for Employee Benefits Security Ali Khawar. “This much-needed guidance emphasizes the importance that plan sponsors and fiduciaries must place on combatting cybercrime and gives important tips to participants and beneficiaries on remaining vigilant against emerging cyber threats.”
Per the DOL announcement, the Employee Retirement Income Security Act (ERISA) “requires plan fiduciaries to take appropriate precautions to mitigate these risks.”
The DOL’s guidance is directed at plan sponsors and fiduciaries regulated by the Employee Retirement Income Security Act, and plan participants and beneficiaries.
3 Resources for Enhancing the Cybersecurity of a Defined Benefit Plan
- Tips for Hiring a Service Provider (a resource for plan sponsors and fiduciaries)
- Cybersecurity Program Best Practices (a resource for fiduciaries and recordkeepers)
- Online Security Tips (a resource for plan participants and beneficiaries)
Next Steps for Plan Sponsors and Plan Participants
We are all learning how to live in a cyber-defined world where our lives are logged and documented in bits and bytes. What is not yet defined are questions regarding whether the DOL expects plan sponsors to communicate online security tips to plan participants and, in the event of a data breech, who is actually responsible, the plan sponsor or the third-party administrator? Some questions are yet to be resolved in the uncharted new territories opening on the frontier of cyberspace.
#dbplan #cybersecurity #plansponsor #definedbenefit
This material has been prepared for informational purposes only, and is not intended to provide, and should not be relied on for, accounting, legal or tax advice. Any tax advice contained herein is of a general nature. You should seek specific advice from your tax professional before pursuing any idea contemplated herein.
Securities offered through Lion Street Financial, LLC (LSF) and Valmark Securities, Inc. (VSI), each a member of FINRA and SIPC. Investment advisory services offered through CapAcuity, LLC; Lion Street Advisors, LLC (LSF) and Valmark Advisers, Inc. (VAI), each an SEC registered investment advisor. Please refer to your investment advisory agreement and the Form ADV disclosures provided to you for more information. VAI/VSI, LSF and CapAcuity, LLC. are non-affiliated entities and separate entities from OneDigital and Fulcrum Partners.
Unless otherwise noted, VAI/VSI, LSF are not affiliated, associated, authorized, endorsed by, or in any way officially connected with any other company, agency or government agency identified or referenced in this document.