It is increasingly evident that artificial intelligence (AI) is reshaping all facets of business, and its impact on employee benefit plans is no exception. From automating plan administration to personalizing participant communications, AI introduces both new opportunities and new responsibilities for those overseeing Employee Retirement Income Security Act of 1974 (ERISA)-covered retirement and health plans
DOL Expands Fiduciary Obligations for Cybersecurity to Health and Welfare Plans
A little more than three years ago, the U.S. Department of Labor (DOL) posted cybersecurity guidance on its website for ERISA plan fiduciaries. That guidance extended only to ERISA-covered retirement plans, despite health and welfare plans facing similar risks to participant data.
Last Friday, the DOL’s Employee Benefits Security Administration (EBSA) issued Compliance Assistance Release
Why Retirement Plan Sponsors and Fiduciaries Need to Know about the SEC Cybersecurity Amendments
In 2021, the Department of Labor (DOL) issued cybersecurity guidance for ERISA-covered retirement plans. The guidance expands the duties retirement plan fiduciaries have when selecting service providers. Specifically, the DOL makes clear that when selecting retirement plan service providers, plan fiduciaries must prudently assess the cybersecurity of those providers.
On May 15, 2024, the
Do Employers Need a CISO for ERISA Compliance?
According to a recent survey, about 45% of companies do not have a Chief Information Security Officer (CISO). As West Monroe’s “The Importance of a CISO” observes, it would be terrific for all organizations to have a CISO, but that simply may not be practical for some, particularly smaller organizations. Recent internal
DOL Plan Audits Updated to Include Several Questions About Compliance with Its Cybersecurity Guidelines
In April, we posted about the U.S. Department of Labor’s (DOL) Employee Benefits Security Administration (EBSA) issuing cybersecurity guidance for employee retirement plans. That is, April 14, 2021. Shortly thereafter, the DOL updated its audit inquiries to include probing questions for plan fiduciaries about their compliance with “hot off the press” agency guidelines.
So, what
Musings of Retirement Plan Fiduciaries on Cybersecurity: Episode One
By now, plan fiduciaries and their service providers likely have heard about the DOL’s cybersecurity guidance. The Department of Labor’s stepping into cybersecurity in this way – a posting of best practices on the agency’s website – has left plan fiduciaries with some questions. Here are a few:
- “When is this effective?”
- “Does this
DOL Issues Cybersecurity Best Practices for ERISA Covered Retirement Plans
Today, the U.S. Department of Labor’s Employee Benefits Security Administration (EBSA) issued much anticipated cybersecurity guidance for employee retirement plans. This comes more than four and a half years after the ERISA Advisory Council, a 15-member body appointed by the Secretary of Labor to provide guidance on employee benefit plans, shared with the federal
Is Personal Information of Retirement Plan Participants an ERISA Plan Asset?
A little more than one year ago, we reported on a settlement (Cassell et al. v. Vanderbilt University, et al.) involving the alleged wrongful use of personal information belonging to retirement plan participants, claimed to be “plan assets.” This year, similar claims have been made against Shell Oil Company in connection with its 401(k) plan.
Pension Plan Suffers Cybersecurity Attack, ERISA Advisory Council Offers Cybersecurity Recommendations to DOL
It has been reported that infamous bank robber, Slick Willie Sutton, once said, “I rob banks because that’s where the money is.” Data thieves, understandably, have a similar strategy – go where the data is. The retail industry knows this as it has been a popular target for payment card data. The healthcare and certain