With the exception of certain small businesses, being an employer generally means offering an array of benefits to remain competitive in the worker marketplace.  As the employer grows, typically so does the list of employee benefit plans being offered.  This naturally translates into more service providers, and for good reason.  Employers typically don’t possess the knowledge and skillset to offer these benefits in-house, and ERISA, which applies to most employee benefit arrangements, requires the plans to be administered in accordance with some of the highest standards of care under law. As a result, employers are frequently hiring and replacing service providers.

Today’s post focuses on some tips for employers in a sometimes-overlooked aspect of the process of hiring a service provider – the contract between the employer and the provider.  In concept, the service provider agreement is relatively simple – it needs to set out each party’s role and responsibility in delivering the employee benefit.  As always though, the devil is in the details.  Below are some tips for employers:

• Request and review a copy of the provider’s standard contract as part of the request for proposal (RFP) process. Employers too often see the contract for the first time after the provider has been selected and during, or shortly before, implementation.  Although it is not often possible or practical, employers should try to negotiate an understanding as to the key provisions during the RFP process when the service provider may be more willing to agree to changes.
• Consider business objectives and business events at the outset. Providers often seek longer term commitments in the contract (often to support the level of service and fees promised in the RFP process) and those terms may be coupled with liquidated damage provisions should the initial contract term not be honored.  Employers need to be mindful of this and ensure that flexibility is provided for certain business events that may occur during the term of the contract.  Employers should also understand what other financial and service consequences may be imposed when the contract ends (e.g., forfeiture of revenue sharing, performance guaranty payments, etc.).
• Indemnification. An indemnification provision typically requires one party to make the other whole for losses arising from the plan.  Much of the risk associated with offering the benefit is contractually allocated through this provision. Providers not offering an insured benefit typically view their role as a directed-party and are reluctant to take on plan liability.  As a result, the provider typically seeks indemnification protection for any loss that is not a direct result of the provider’s gross negligence or willful misconduct (generally, the lowest liability thresholds permitted by ERISA).  This is often a surprise to employers who expect the provider to be an expert (since that may be how the provider portrayed itself during the RFP process).  Depending on leverage, providers may be willing to agree to indemnification standards more favorable to the employer.
• Privacy & cybersecurity. As the world evolves around us with respect to privacy of data and cybersecurity threats, so should the contract.  Provisions that should be considered for the contract include information security reviews (annual third-party security audits), procedures for security breaches, provisions on use and sharing of private information (including representations on standards of care with respect to security), provisions on document retention/destruction, and provisions requiring cyber liability and privacy insurance.  In our experience, providers are generally receptive to addressing these provisions in the contract.
• Disguised transfers of risk under the contract. Employers should identify and assess language that might subtly transfer risk under the contract back to the employer. An example of such a provision is language which requires a third-party (typically a court or arbitrator) to affirmatively find fault with the provider’s actions to trigger the employer’s indemnification right.  With such language, the employer may need to undertake the cost and time associated with getting a third-party decision to enforce the indemnity provision.  This makes it unlikely an employer would go through that effort for low-dollar disputes, and accordingly, effectively transfers the risk with those disputes to the employer (and leverage in negotiating a resolution to the dispute).  Similar provisions include, deemed acceptance of report provisions and provisions where the employer waives its right to participate in a class action.