By Anne Tyler Hall and Tim Kennedy (April 17, 2025)
For employers offering benefit plans, fiduciary responsibility is not just a legal designation. Under the Employee Retirement Income Security Act of 1974, as amended, the fiduciary duty is the highest standard of care recognized under the law.
Fiduciaries must ensure that every decision regarding a benefit plan is made with the care, skill and diligence that a prudent person would exercise. These fiduciary obligations apply not only to retirement plans, but also, in a more complex way, to employer-sponsored health and welfare plans.
In the current landscape, where healthcare costs are escalating and regulatory scrutiny of plan management is intensifying, third-party administrators and pharmacy benefit managers have emerged as critical service providers to group health plans.
TPAs handle claims administration, provider network management and reporting. PBMs, on the other hand, manage prescription drug benefits, negotiate rebates with pharmaceutical manufacturers and determine formulary design. Both significantly affect plan costs and participant outcomes.
However, the complexity and opacity of TPA and PBM arrangements present unique legal and financial risks to plan sponsors. If contracts are not carefully scrutinized, and if service provider performance is not actively monitored, plan fiduciaries may breach their ERISA duties.
A growing wave of fiduciary litigation underscores this risk, including Stern v. JPMorgan Chase & Co.,[1] which was filed on March 13 in the U.S. District Court for the Southern District of New York. The plaintiffs allege that JPMorgan, as a plan sponsor, systemically mismanaged the plan’s PBM arrangement with CVS Caremark, resulting in exorbitant prescription drug costs.
This article highlights key legal standards, common contractual pitfalls and practical steps that plan sponsors can take to proactively and strategically mitigate fiduciary breach risk, while maximizing value for participants with respect to TPA and PBM agreements.
Fiduciary Responsibilities Under ERISA for Health and Welfare Plans
ERISA’s definition of a “fiduciary” includes individuals or entities that exercise discretionary authority or control over a plan’s management or assets. In the context of health and welfare plans, this includes those responsible for selecting, monitoring and negotiating contracts with TPAs and PBMs.
The fiduciary duties of prudence and loyalty require acting with the care, skill and diligence that a prudent person familiar with such matters would exercise, always prioritizing the interests of plan participants and beneficiaries.
The U.S. Department of Labor emphasizes that fiduciaries must ensure that service providers are selected based on objective criteria, including the reasonableness of their fees and the quality of their services. The selection process should be well documented, and should involve a thorough evaluation of potential providers, their services and respective fees.
Fiduciaries are also obligated to continually monitor the performance and compensation of service providers, taking corrective action if costs become excessive or if performance falls short of expectations.
The DOL’s scrutiny of TPA and PBM fee structures has increased, particularly with respect to TPA out-of-network cost-sharing fee programs, and PBM rebates and spread compensation.
Plaintiffs attorneys are leveraging some of the same fiduciary breach theories against group health plan fiduciaries that have been successful against retirement plans and fiduciaries.[2]
Courts now apply fiduciary standards to health plans similar to those historically applied to retirement plans. Failure to apply diligent oversight can result in significant legal and financial repercussions for fiduciaries.
It is crucial to recognize that fiduciary responsibility is an ongoing obligation. Plan sponsors must continually assess whether their service providers are fulfilling their contractual and fiduciary expectations. Courts have emphasized that passivity or overreliance on vendors can constitute imprudence. The duty to act in participants’ best interests is constant and must continually evolve.
Fiduciaries must also consider the evolving legal landscape. The Consolidated Appropriations Act of 2021, including provisions from the No Surprises Act, imposes new obligations for transparency and reporting, particularly around direct and indirect compensation received by brokers and other service providers. These rules heighten fiduciary responsibilities for managing TPA and PBM arrangements.
How TPA and PBM Practices Can Trigger Fiduciary Breaches
Despite their essential roles, TPAs and PBMs often operate under contract terms that favor their financial interests over those of the plan.
TPAs may impose hidden administrative fees, delegate services to affiliates with little transparency or limit the plan sponsor’s access to claims data.
PBMs may engage in spread pricing — by charging the plan more than they reimburse pharmacies — or retain manufacturer rebates without fully disclosing or passing on those savings to the plan or its participants.
These practices can dramatically inflate costs. In Stern, the plaintiffs allege that the PBM, CVS Caremark, charged JPMorgan’s health plan $6,229 for a 30-unit prescription of teriflunomide, a generic drug that could be obtained for as little as $11.05 through publicly available pharmacies like Cost Plus Drugs.
The complaint compares these plan charges to retail prices at Wegmans, Rite Aid and ShopRite, which ranged from $29 to $35 — making the plan’s cost more than 560 times higher than the lowest alternative. It further claims that fiduciaries failed to take appropriate steps to review and evaluate these costs, thereby breaching their ERISA obligations.
The lawsuit goes on to allege that this is not an isolated case, citing 366 generic drugs on the plan’s formulary with an average markup of more than 211% above the pharmacy acquisition cost. The plaintiffs claim that no prudent fiduciary would allow such inflated costs.
Spread pricing arrangements, opaque rebate contracts and nondisclosure clauses can all conceal the true cost burden on plan participants. TPAs can also contribute to risk by bundling services, using undisclosed affiliates and limiting sponsor access to key claims data that could reveal inefficiencies and overpayments by the plan.
Lewandowski v. Johnson & Johnson, which was filed in the U.S. District Court for the District of New Jersey in February 2024, was already a landmark case that named the company’s pension and benefits committee members and senior executives as defendants.
The Lewandowski and Stern cases both reinforce the legal exposure that plan fiduciaries face and add to a growing trend of rigorously applying ERISA’s fiduciary duties to healthcare plan decisions.
Red Flags and Common Pitfalls in TPA and PBM Agreements
Certain provisions in TPA and PBM contracts should raise immediate concerns for any ERISA plan fiduciary.
Lack of Pricing Transparency
Vague or undisclosed fee structures make it difficult to assess the true cost of services. Plan sponsors should require itemized pricing and full pass-through of rebates and discounts.
Gag Clauses
These provisions restrict pharmacies from informing patients of lower-cost alternatives. These clauses may also conflict with state-level transparency laws.
Spread Pricing
Some contracts permit PBMs to charge more than the amount paid to pharmacies. A fiduciary should be aware of this practice and seek to understand how much the PBM receives under a spread pricing arrangement.
Audit Restrictions
Contracts that limit the plan sponsor’s ability to audit or access claims data impair oversight and prevent fiduciaries from fulfilling ERISA’s monitoring duties.
Rebate Opacity
Clauses that allow PBMs to retain rebates or aggregate financial reporting limit accountability. Without detailed reporting, it is impossible to assess whether rebates are shared equitably.
Indemnification Provisions Favoring Vendors
These may improperly shift liability back onto the plan sponsor and should be reviewed carefully.
Other problematic provisions may include take-or-pay arrangements, inflated administrative fees bundled into claims processing charges, and carveouts that exempt key pricing elements from audit. Contracts that limit third-party review may violate fiduciary duties.
Provisions that hinder transparency, restrict audit access or fail to provide clear performance metrics should be renegotiated. Failing to address these terms may be construed as imprudent, especially when they enable wasteful spending or excessive compensation.
Legal Standards for Ensuring Reasonable Plan Costs
ERISA requires fiduciaries to ensure that plan expenses are reasonable relative to the services provided. ERISA does not precisely define “reasonable,” but courts emphasize the fiduciary process.
What matters most is that fiduciaries undertake a thorough, informed and well-documented process in selecting and monitoring plan vendors with the goal of reducing fees to a reasonable level.
Courts routinely find that failure to benchmark costs, evaluate alternative providers or analyze rebate retention terms may constitute a fiduciary breach.
In 2019, in Sweda v. University of Pennsylvania,[3] the U.S. Court of Appeals for the Third Circuit held that ERISA plan fiduciaries may breach their duty of prudence by continuing to retain high-cost service providers without adequately monitoring them or considering more cost-effective alternatives.
The same logic applies in group health plan contexts, particularly where inflated drug pricing or intentionally opaque administrative fees are involved.
Reasonableness also includes evaluating whether fees are excessive compared to industry standards or national averages. Tools like pharmacy claims audits, market-based cost comparisons and access to National Average Drug Acquisition Cost data provide objective standards for comparison. Fiduciaries must reassess costs as markets evolve.
Fiduciaries should benchmark PBM and TPA arrangements against transparent pass-through models and evaluate pricing terms using independent data sources. Cost-sharing structures, rebates and discounts must be examined to ensure that value flows to the plan — not solely to the service provider.
Due Diligence in Selecting and Monitoring TPAs and PBMs
Effective fiduciary oversight begins with a diligent selection process. Issuing requests for proposals, comparing bids from multiple vendors, engaging external consultants and documenting evaluation criteria are essential first steps.
During selection, fiduciaries should prioritize transparency, audit rights, financial disclosure and alignment of incentives.
After selection, monitoring must be continuous. This includes:
• Reviewing quarterly and annual performance data;
• Comparing actual fees and rebates against contract projections;
• Holding regular review meetings with vendors;
• Requesting documentation for spread pricing, maximum allowable cost lists and rebate administration; and
• Engaging auditors to ensure contract compliance.
The due diligence process should include a review of any conflicts of interest, particularly if vendors use affiliates or subcontractors. For example, many TPAs have an affiliated PBM where services are bundled, allowing additional opportunities for vendors to generate additional fees.
Sponsors should assess contract renewal terms, indemnification provisions, escalation clauses and performance guarantees to ensure continued alignment with plan goals.
Documentation is also critical. Committees should maintain meeting minutes and file summaries of their decision-making process.
How Independent Audits Uncover Risk and Drive Accountability
Independent audits serve as a crucial check on service provider performance. For PBMs, audits may uncover withheld rebates, hidden fees or pricing disparities. For TPAs, audits can identify excessive administrative charges, improper claims processing and suboptimal network pricing.
Fiduciaries should negotiate audit rights during contract formation and exercise them periodically. Audits help verify that:
• Contractual pricing is being honored;
• Claims are not above contracted rates;
• Rebate and discount pass-through is accurate; and
• Billing errors or conflicts of interest are identified.
In some cases, audits can result in financial recoveries or help justify contract renegotiation. Audits, as well as contract negotiations, demonstrate that fiduciaries are fulfilling oversight duties — a key protection against fiduciary breach litigation.
Audits can also uncover unanticipated compliance risks, such as a violation of the Mental Health Parity and Addiction Equity Act or misalignment with Affordable Care Act requirements.
Fiduciaries should budget for audits as a recurring part of their compliance and oversight program, rather than reacting only after concerns emerge. A proactive audit program is a hallmark of a prudent fiduciary process.
Legal Remedies and Fiduciary Liability for Mismanaged TPA and PBM Contracts
Fiduciaries that mismanage or neglect careful negotiation and monitoring of TPA and PBM relationships can be subject to significant legal consequences.
In Stern, for example, the participants assert that JPMorgan’s health plan fiduciaries failed to negotiate reasonable pricing, permitted nondisclosure and inflated PBM fees, and failed to monitor vendor arrangements — culminating in millions of dollars in alleged losses to the plan and its participants.
The lawsuit names not only JPMorgan and its bank subsidiary as defendants, but also its U.S. benefits executive, its compensation and management development committee, and its individual directors. The plaintiffs argue that these individuals failed their fiduciary duties by permitting CVS Caremark’s pricing structure to persist despite obvious cost discrepancies and market benchmarks.
Remedies in these suits may include restitution, corrective action, removal of fiduciaries and judicial oversight. Regulatory agencies, including the DOL, may also take enforcement action. Moreover, litigation can also harm a company’s reputation.
Fiduciaries must also consider the potential downstream effects of litigation, including the need to restate financials or fund restitution accounts.
Directors and officers insurance coverage should be reviewed periodically to ensure it appropriately covers fiduciary breach claims tied to health and welfare plans.
The Stern case is just the most recent lawsuit that highlights a clear message: Fiduciaries cannot remain passive. They must demand cost transparency from PBMs and TPAs, retain audit rights, benchmark pricing, and be prepared to renegotiate or terminate contracts that do not align with their legal obligations to plan participants.
Conclusion
The growing body of ERISA fiduciary breach litigation illustrates the heightened legal and operational risk associated with PBM and TPA contracts. These cases make clear that ERISA fiduciaries must proactively manage their healthcare plan vendors with the same rigor applied to retirement plan governance.
Plan sponsors should take immediate steps to evaluate, negotiate, and monitor TPA and PBM agreements, and to ensure they have audit rights, clear pricing structures, rebate transparency and benchmarking protocols. In today’s environment, vigilance is not optional — it is the defining characteristic of fiduciary prudence. Sponsors that act decisively will protect not only their participants, but also their organizations from costly litigation and reputational harm.
Anne Tyler Hall is a founder and managing partner at Hall Benefits Law.
Tim Kennedy is a partner at the firm.
The opinions expressed are those of the author(s) and do not necessarily reflect the views of their employer, its clients, or Portfolio Media Inc., or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice.
[1] Stern et al. v. JPMorgan Chase & Co. et al., Docket No.: 1: 25-cv-02097 (S.D.N.Y.).
[2] The Top 10 ERISA settlements in 2023, with the majority of these cases involving allegations of a fiduciary breach, totaled more than $500 million.
[3] Sweda v. University of Pennsylvania, No. 17-3244 (3rd Cir. 2019).
Hall Benefits Law, LLC
