Department of Labor expands committee duties to improve cybersecurity safety
Average reading time: 9 minutes
If you are like most 401k plan sponsors, you worry about whether your retirement plan committee is discussing the right things at your committee meetings. Is the retirement plan committee using its time wisely talking about what is important? Or do you spend way too much time reviewing investment performance?
As a 401k investment adviser who is also an Accredited Investment Fiduciary (AIF), I have worked with committees for decades. I believe that your retirement plan committee should focus on the following at its meetings:
What Your 401k Retirement Plan Committee Should Be Doing
1. Understanding its new cybersecurity responsibilities
On April 14, 2021, the Department of Labor (DoL) issued guidance regarding what employers and providers should do to mitigate cybersecurity risk. That guidance included:
Best practices for retirement plan providers
Best practices for selection and review of retirement plan providers
Security tips for plan participants
Although not requiring employers to do anything immediately, with this guidance, the DoL has expanded the fiduciary responsibilities of employers to include mitigation of cybersecurity risks. Note that mitigation does not mean elimination of cybersecurity risk or insurance of participant balances.
It is important to note that following these tips and guidelines will help employers lay the groundwork to defend against possible future litigation claims from a data breach resulting in a cybersecurity theft.
Why did the DoL issue this guidance? Some experts feel that retirement plans are cyberthieves’ No. 1 target as collectively they hold more than $9 trillion in assets.
Suggestions on how to comply
Construct a review request document that contains the tips and guidelines shared by the DoL and submit it to your recordkeeper. Add the responses to your plan’s file as evidence of your due diligence.
Review the contracts you have with retirement plan providers following the DoL’s contractual guidelines.
Distribute the DoL’s Online Security Tips for participants to all employees.
In consultation with your information systems department, either construct a cybersecurity policy for your 401k plan or ask it to incorporate a plan into their existing cybersecurity policy.
2. Ensuring fiduciary compliance
Having worked with committees for more than 30 years, I can confidently state that no one who joins a retirement plan committee has an understanding of what their fiduciary responsibilities are.
As defined under ERISA and outlined by the DoL, a retirement plan fiduciary’s primary responsibilities are:
Loyalty: To act SOLELY in the best interests of plan participants (and their beneficiaries).
Prudence: To carry out their duties prudently.
Diversity: To offer a diversified menu of investment offerings in the plan.
Plan provisions: To follow the terms of the plan documents.
In addition, fiduciaries are expected to pay only reasonable plan expenses, monitor for prohibited transactions, respond to inquiries about the plan and obtain a fidelity bond for the plan.
Make sure you spend a portion of at least one meeting each year on fiduciary responsibility education. Your investment adviser should be able to lead that discussion. Most, like me, are AIFs who spend a lot of time staying up to date on fiduciary responsibility.
3. Following a prudent decision-making process
Probably the most important fiduciary responsibility that retirement plan committee members have is making decisions that follow a prudent decision-making process.
What is a prudent process?
It is a decision-making process a fiduciary (that is you) follows that employs care, skill and diligence to arrive at a decision that SOLELY benefits plan participants.
To better understand how a prudent decision-making process works, it may help to review a few examples. First, an example of what not to do.
Example of a decision-making process that is NOT prudent
Your investment advisor works for a bank and is recommending an investment fund that is managed by the bank. The advisor offers no comparison to similar funds in terms of cost and performance. The retirement plan committee likes the advisor and doesn’t want to embarrass him by asking for this information or ignoring his recommendation.
The committee votes to accept the investment advisor’s recommendation without any questions or discussion.
Not only did the committee not engage in an evaluation process with regard to the fund, it did not explore whether the advisor had any conflicts of interest in recommending it. In many situations like this, advisors may receive additional compensation from their employers for selling a proprietary fund. As a result, the advice shared by the advisor about the fund may be conflicted.
Example of a decision-making process that IS prudent
Your investment advisor works for a bank and is recommending an investment fund that is managed by the bank. The advisor presents a number of reports that illustrate the fund’s performance, cost, risk and other factors in comparison with its peer group.
The committee tries to understand why the advisor feels the recommended fund is better than the alternatives and asks a number of questions about the fund. The committee also asks the advisor whether his compensation will be affected in any way if it votes to offer the fund in the plan.
The advisor acknowledges he is required to present investment options the bank manages any time he talks about changing the investment lineup. He discloses that his compensation will increase if the committee decides to add the fund to the lineup.
The committee has uncovered a conflict of interest and decides not to add the fund that is recommended. Instead, it asks the advisor to come to the next meeting with more information about one of the alternatives.
The committee has engaged in a prudent decision-making process and needs to only do one more thing: record the decision-making process in the meeting minutes.
4. Taking good meeting minutes
There is no way to prove that your retirement plan committee engaged in a prudent decision-making process unless you document that process adequately in the meeting minutes.
It is tough for a lot of employers to take good minutes. Most either err on the side of taking too detailed minutes, resulting in minutes that are many pages long, or just recording the committee votes. Here are my suggestions for taking good minutes.
Try to stick to one page
Unless your retirement plan committee meetings stretch on for days, one page should be sufficient. More (pages) is not better, in this case.
If you are ending up with multiple pages of meeting minutes, you are likely taking minutes that are too detailed and might raise more questions than they answer when someone looks back at them.
Reference attachments to the minutes
All reports shared in a meeting should be attached to the minutes. Rather than describing the contents of the reports or what they represent, it is fair to say something like, “The attached reports detail the options evaluated. After a thorough discussion, the Committee voted 7-0 in favor of Option A due to superior historical performance and low cost.”
Don’t use a lot of words to describe discussions that don’t result in decisions
This is the biggest mistake that I see minutes takers making. Your investment adviser will likely spend quite a bit of time talking about recent investment performance and expected future market activity. All that needs to be said about these discussions is that they happened. For example, the following could be stated in the minutes: “As shown in the attached reports, our adviser reviewed recent market and fund performance.”
Your retirement plan committee agenda should be part of your minutes package. That agenda outlines the items the committee discussed. One of those items is probably a review of recent investment performance. Attach the report your adviser shares on that subject to the minutes along with the agenda. That’s good enough. It’s not necessary to record whether your adviser feels the Fed will be raising interest rates soon.
If it isn’t documented, it may not have occurred
Minutes should be taken at every retirement plan committee meeting and reviewed and approved at the following meeting. Although you are not required to document discussions, and I don’t recommend documenting discussions the majority of the time, when you arrive at a decision that may not make sense without some added background, it is smart to share the reasoning.
It is also important to document some discussions that may not result in decisions. For example, those discussions that relate to costs.
Quick, what did you discuss two meetings ago? Even if you reference the meeting minutes to help with your memory, it is likely most of what was discussed won’t prove to be memorable. Hence the importance of documenting decisions and rationale since they can be so easily forgotten.
Most plan sponsors try very hard to do the right thing. But without documentation indicating that they did, it can appear they were negligent.
5. Reviewing investment option costs (and performance)
This is one item that every retirement plan committee generally gets backwards. It isn’t that committees don’t spend time on cost, it’s that most spend way too much time on performance, the markets, investment strategies and outlooks.
Keep in mind that a retirement plan committee has no control over past investment performance, future performance or the markets. But it does have control over the cost of the investment options offered.
The DoL has made it clear, and significant litigation has reinforced, that plan sponsors need to closely monitor the cost of the investment options in their menu.
Keeping an expensive fund option in a 401k lineup, when cheaper options are available with similar performance, exposes an employer to considerable litigation risk. Yes, your retirement plan committee should review investment performance, but it should focus intently on investment option costs.
6. Reviewing provider costs (and performance)
A primary purpose of a retirement plan committee is to monitor the cost of the entire 401k plan, not just investments. Although substantial litigation has focused on using the lowest cost share class of each investment fund, retirement plan committees also need to closely monitor the cost of all providers. These include the trustee, custodian, recordkeeper, investment adviser, auditor and any other consultant.
Keep in mind that your plan does not need to use the lowest cost provider for any function or the lowest cost investment fund in every asset class.
You can decide to pay more for a provider offering more services, or an investment fund that you believe offers better performance. You just need to demonstrate that your decision to hire a more costly provider or use a higher cost investment fund was arrived at using a prudent decision-making process.
The DoL recommends bidding out your provider services (trustee, custody, recordkeeping and investment advisory) every three years. However, it is not necessary to run an RFP process every three years. This requirement can be satisfied by conducting a benchmarking review that focuses on where your plan stands relative to the marketplace on costs and services.
Make sure that any benchmarking reports and/or RFP responses find their way into your plan file, even if you don’t make a change. It is important to be able to document your due diligence in monitoring plan costs and provider performance.
Other key practices for your retirement plan committee
Most committee members are senior executives within their companies. As a result, members often carry their corporate mindsets into committee meetings. It is hard not to view everything through a CFO lens when those responsibilities are in the front of your mind 24/7.
Committee members should try to do the following when attending meetings about the plan:
Take their corporate employee hats off when walking through the door and put their participant hats on.
If it helps, visualize a non-management employee they know and like and think about what would be important to him or her. Remember, you can never discriminate in favor of highly compensated employees, but you can always discriminate in favor of lower compensated employees.
If you are doing your job as a committee member, you will have occasions when you will need to support initiatives that your boss may not agree with. This is difficult for “C”-level committee members, since they typically report to the CEO. You need to do it anyway.
One last suggestion: Be courageous in your retirement plan committee meetings and do what you know is right for all plan participants.
Robert C. Lawton, AIF, CRPS is the founder and President of Lawton Retirement Plan Consultants, LLC. Mr. Lawton is an award-winning 401(k) investment adviser with over 30 years of experience. He has consulted with many Fortune 500 companies, including: Aon Hewitt, Apple, AT&T, First Interstate Bank, Florida Power & Light, General Dynamics, Houghton Mifflin Harcourt, IBM, John Deere, Mazda Motor Corporation, Northwestern Mutual, Northern Trust Company, Trek Bikes, Tribune Company, Underwriters Labs and many others. Mr. Lawton may be contacted at (414) 828-4015 or firstname.lastname@example.org.
Lawton Retirement Plan Consultants, LLC (LRPC) is a Milwaukee, Wisconsin-based independent, objective Registered Investment Adviser (RIA) providing investment advisory, fiduciary compliance, employee education, provider management and plan design services to employer retirement plan sponsors. The firm specializes in sustainable investment strategies for retirement plans and is a pioneer in the field. LRPC currently has contracts in place to provide consulting services on more than a half billion dollars in plan assets. For more information, please contact Robert C. Lawton at (414) 828-4015 or email@example.com or visit the firm’s website at https://www.lawtonrpc.com. Lawton Retirement Plan Consultants, LLC is a Wisconsin Registered Investment Adviser.
This information was developed as a general guide to educate plan sponsors and is not intended as authoritative guidance, tax, legal or investment advice. Each plan has unique requirements and you should consult your attorney or tax adviser for guidance on your specific situation. In no way does Lawton Retirement Plan Consultants, LLC assure that, by using the information provided, a plan sponsor will be in compliance with ERISA regulations. Investors should carefully consider investment objectives, risks, charges and expenses. The statements in this publication are the opinions and beliefs of the commentator expressed when the commentary was made and are not intended to represent that person’s opinions and beliefs at any other time. The commentary does not necessarily reflect the opinion of Lawton Retirement Plan Consultants, LLC and should not be construed as recommendations or investment advice. Lawton Retirement Plan Consultants, LLC offers no tax, legal or accounting advice, and any advice contained herein is not specific to any individual, entity or retirement plan, but rather general in nature and, therefore, should not be relied upon for specific investment situations. Lawton Retirement Plan Consultants, LLC is a Wisconsin Registered Investment Adviser and accepts clients outside of Wisconsin based upon applicable state registration regulations and the “de minimus” exception.