Immediately Following Recent Guidance, DOL Initiates Cybersecurity Retirement Plan Audit Initiatives

The Employee Retirement Income Security Act of 1974 (ERISA) became law before the computer age, so there are no provisions in the Act dealing with cybersecurity. However, in April 2021, the DOL released its first-ever guidance on cybersecurity for retirement benefit plan sponsors, record keepers, service providers, and participants. That guidance came in three forms:

• Tips for Hiring a Service Provider with Strong Cybersecurity Practices
• Cybersecurity Program Best Practices
• Online Security Tips

The DOL released this guidance two months after the U.S. Government Accountability Office (GAO) issued a report calling on the DOL to review its guidance on cybersecurity administration. The GAO report pointed to an elevated risk for cyber-attacks due to the COVID-related shift to remote work over the past year as well as increased retirement plan litigation related to cyber hacks.

Now, just a few weeks after issuing this guidance, reports are coming in that the DOL has issued information and document requests to plan sponsors that are “probing and indicate serious inquiry by the DOL.” These requests are asking for all cybersecurity and information security program policies, procedures and guidelines that relate to retirement plans, whether applied by the plan sponsor or by a provider, as well as detailed documentation of specific actions taken by the plan’s fiduciaries and providers, including many that the DOL addressed in its guidance.

In addition, because the DOL has provided guidance concerning best practices for hiring service providers, plan sponsors should not neglect to audit their third-party service providers to ensure they meet the DOL’s standards for cybersecurity best practices.

Plan sponsors and fiduciaries should not delay in addressing the DOL’s guidance as it pertains to their own cybersecurity practices as well as those of their service providers in light of the DOL’s reported rigorous audit procedures as well as recent litigation related to data breaches.

HBL has experience in all areas of benefits and employment law, offering a comprehensive solution to all your business benefits and HR/employment needs. We help ensure you follow the complex requirements of ERISA and the IRS code, as well as those laws that impact you and your employees. Together, we reduce your exposure to potential legal or financial penalties. Learn more by calling 678-439-6236.

The following two tabs change content below.

• Bio
• Latest Posts

Hall Benefits Law, LLC

HBL offers employers comprehensive legal guidance on benefits in mergers and acquisitions, Employee Stock Ownership Plans (ESOPs), executive compensation, health and welfare benefits, healthcare reform, and retirement plans. We counsel a wide spectrum of clients including small, mid-sized, and large companies, 401(k) investment advisors, health insurance brokers, accountants, attorneys, and HR consultants, just to name a few. HBL is passionate about advising clients, and we are dedicated to our mission: to provide comprehensive, personalized, and practical ERISA and benefits legal solutions that exceed client expectations.

Latest posts by Hall Benefits Law, LLC (see all)

• The Potential Impact of Insurance Carrier and TPA Legal Battles on Self-Funded Plans - April 25, 2024