Cybersecurity Requests Appear in DOL Audits

Groom Law Group, Chartered
Contact

Groom Law Group, Chartered

Plan sponsors, fiduciaries, and service providers are being asked by DOL investigators how their ERISA governed plans address cybersecurity concerns with increasing frequency. These requests may take the form of production requests or be included as questions in an interview. Investigators typically seek information or documentation related to prudent diligence relating to service provide information security protocols and indemnifications with the aim of keeping the participant’s account balance intact. We have seen a sharp uptick in such inquiries ever since the DOL offered a set of best practices and tips earlier in 2021 (our summary of the best practices is available here). To date, DOL investigations have generally focused not only on the policies and procedures that plans and providers have in place to thwart cyber-criminals, but on the steps taken by plans and recordkeepers in response to cyber-incidents.

Concerns about account takeovers by cyber-criminals have also risen sharply as the pandemic has pushed many into remote work, delayed traditional postal service based identity verification, and stretched personal finances. This combination can lead to an increase in distribution requests, not all of which may be from the true participant. Efforts to educate fiduciaries and participants about these dangers have unfortunately also included enforcement inquiries, sometimes leaving the sponsors and fiduciaries at a loss as to how to respond.

It is important for benefit plan sponsors and service providers to take a proactive approach to cybersecurity and be prepared for a possible DOL investigation. Although the immediate attention has been on retirement plan, health and welfare plan sponsors and fiduciaries should also be prepared to field questions about cybersecurity from DOL auditors.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Groom Law Group, Chartered | Attorney Advertising

Written by:

Groom Law Group, Chartered
Contact
more
less

Groom Law Group, Chartered on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.