DOL Begins Its Cybersecurity Audit Initiative – And It’s a Doozy

Morgan Lewis - ML Benefits

Morgan Lewis - ML Benefits

We repeatedly warned over the past few months (here, here, and here), that officials at the highest levels of the DOL were signaling that the DOL would begin an audit initiative focusing on retirement plan cybersecurity practices. Despite plan fiduciaries having had just a handful of weeks to digest the DOL’s only actionable guidance on cybersecurity and privacy matters, the wait is over. We can confirm that the DOL has begun issuing information and document requests under this new initiative, and the requests are probing and indicate serious inquiry by the DOL.

News of the DOL beginning this audit program should not come as a surprise. However, it is fair to say that both the pace with which the DOL has begun its audits and the depth and breadth of the initial round of requests is surprising. Broadly speaking, the DOL audit requests that we have reviewed ask the plan fiduciary to produce all cybersecurity and information security program policies, procedures, and guidelines that relate to the plan, whether applied by the plan sponsor or by a vendor, as well as detailed documentation evidencing specific actions taken by the plan’s fiduciaries and vendors (including many that the DOL addressed in the three-part subregulatory guidance discussed in our LawFlash).

The fact that the DOL has already begun its cybersecurity audit initiative reiterates the urgency with which plan fiduciaries and service providers should consider acting on the DOL’s recent three-part subregulatory guidance addressing retirement plan cybersecurity practices. Plan fiduciaries that fail to act promptly on this guidance risk being surprised by the comprehensive nature of the cybersecurity audit requests being issued by the DOL.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Morgan Lewis - ML Benefits | Attorney Advertising

Written by:

Morgan Lewis - ML Benefits

Morgan Lewis - ML Benefits on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.