When it comes to Department of Labor (DOL) retirement plan investigations, the best defense for plan fiduciaries is often a good offense—conducting a compliance self-review before DOL officials come knocking.
That’s the contention made by attorneys Elizabeth S. Goldberg and William J. Marx in their article “DOL Retirement Plan Investigations: Nine Key Areas” in the July/August issue of Benefits Magazine. Goldberg is a partner with Morgan, Lewis & Bockius LLP where Marx is an associate.
The DOL has an active program for investigating (sometimes also referred to as auditing) retirement plans and their fiduciaries to ensure that they are fulfilling their fiduciary duties as required under the Employee Retirement Income Security Act of 1974 (ERISA), the authors explain. These investigations can result in fines or other penalties.
To help prepare for the possibility of investigation, Goldberg and Marx suggest that plan fiduciaries conduct a self-review in the following nine areas.
1. Missing Participants
This is one of the most common areas of focus in DOL investigations of defined benefit (DB) pension plans. The DOL wants to know what the plan’s policies and procedures are for identifying and finding participants with whom the plan has lost contact.
Plans should review their compliance with recent subregulatory guidance and consider taking additional steps to keep participant information up to date, such as periodically requesting address files from contributing employers (for multiemployer plans), encouraging participants to keep their contact information and beneficiary designations up to date, sending letters to participants when certain plan milestones are reached and engaging service providers to track public records of participants.
2. Data Privacy and Cybersecurity
As the frequency of data breaches continues to grow, this area is garnering increased attention from the DOL.
Like with missing participants, the DOL issued subregulatory guidance that should be reviewed. Ensuring compliance may require plan fiduciaries to engage cybersecurity experts. Steps could include evaluating administrative cybersecurity practices, implementing a cybersecurity policy and addressing cybersecurity in contracting with new and existing service providers.
3. Timeliness of Participant Contributions
The DOL wants to make sure that employee contributions to defined contribution (DC) plans actually go into the plan and make it there in a timely fashion. What’s considered timely? It could be as short as three days, Goldberg and Marx write. “Attention to ensuring timely contributions could be considered as an administrative priority for plan fiduciaries and service providers,” they add.
4. Fiduciary Duties and Prohibited Transactions
In the context of plan administration, this area could include examining whether plan assets are being used to pay unreasonable expenses unrelated to the operation of the plan, including administrative staff compensation. A specific concern for multiemployer plans might be the payment of unreasonable trustee expenses.
“Because of the focus in this area, care should be taken with plan expenditures, and extra due diligence (such as hiring an independent auditor to conduct a review of expenditures) may be helpful,” the authors explain.
5. Required Plan Documents and Disclosures
An investigation often seeks to confirm that the plan is properly maintaining required documents and properly disseminating required disclosures. This includes the maintenance and/or disclosure of documents such as the summary plan description, the annual funding notice (for DB plans), participant-level disclosures for multiemployer DC plans (i.e., the 404a-5 disclosures), the receipt of plan service-provider disclosures (i.e., the 408(b)(2) disclosures) and other disclosures covered by ERISA.
With a few exceptions, ERISA Section 412 requires that every fiduciary and any person who handles plan assets be bonded for at least 10% of the dollar amount of funds the person handles, up to a maximum of $500,000 per plan ($1 million for plans that hold employer securities). The bond must protect the plan from the theft of plan assets.
7. Plan Policies and Procedures
The DOL may examine whether a plan operates under policies and procedures intended to satisfy fiduciary obligations. These policies may include an investment policy statement, an expense reimbursement policy, missing participant policies and procedures, and electronic device usage and cybersecurity policies. Plan fiduciaries should review their policies and procedures and identify gaps, needed updates and whether any noncompliance should be addressed.
8. Participant Claims-and-Appeals Procedures
The DOL will often review a plan’s process for handling plan participant claims and appeals to confirm that they are being processed in accordance with the DOL. For example, plans under investigation are typically asked to produce recent claims-and-appeals response letters, which are reviewed against the regulatory requirements.
9. Environmental, Social and Governance Investing
The regulatory landscape for environment, social and governance (ESG) investing is still unsettled, and it remains to be seen whether the DOL will return to conducting investigations related to ESG investing.
On October 14, 2021, the DOL issued a “Notice of Proposed Rulemaking on Prudence and Loyalty in Selecting Plan Investments and Exercising Shareholder Rights” in the Federal Register. The proposed regulation is still in limbo but, if it is finalized in the current form, there is some thought that the proposed regulation will provide more ease for ESG investing.
Kathy Bergstrom, CEBS
Senior Editor, Publications at the International Foundation of Employee Benefit Plans
The Latest From Word on Benefits:
- SECURE Act 2.0—How Will It Impact Your Plan?
- Magazine Extra: Adapting Benefits to Today’s Multigenerational, Postpandemic Workforce
- SECURE 2.0 Act: A Breakdown of Ten Big Implications for Employers
- Abortion Medication: State and Federal Regulations Plan Sponsors Need to Know
- 2023 Outlook on Respiratory Illnesses and the Workforce