Plan Sponsor Cybersecurity Takeaways
Q: We always meant to automate our plan audit files, but somehow we didn’t get around to it. When the pandemic hit, we had to send the information via email, and it looks like we will have to do so again. What do we need to know to protect the information we send?
A: First, you are not alone. Before COVID-19, lots of companies were maintaining all of their plan audit records on paper, and thus faced a challenge when they had to send them off for review. And you’re right, data security is threatened when that transmission is not done properly. It’s a serious matter, because one of the duties of an Employee Retirement Income Security Act (ERISA) fiduciary is managing the plan appropriately and that includes keeping security in mind. As you prepare to send any plan records to a third party, there are two primary things to keep in mind: which information, and how to send it. Understand that “personal protected information” may comprise more data than you think, so do your best to learn exactly what’s included. In general, email is not a secure means of sending sensitive information, even if your company has strict controls. So the first thing to do is set and communicate guidance about what can and cannot be emailed. Then, contact anyone who may need sensitive information and find out if they have a secure portal you can use to transmit it. That way, the recipient will need to log in to view the information, reducing opportunities for data theft. If your provider does not have a secure portal for this purpose, you may want to find one that does. Read more about protecting your plan audit (and other) data in this article: https://tinyurl.com/Cassell-protected.
Q: One item that has moved to the top of our wish list is providing some kind of emergency savings program for our employees. Is there a way to add one into our 401(k) plan, or will it have to be a separate program?
A: The pandemic certainly pointed out a need for people to accumulate emergency savings, and many employers and service providers are asking the same question. In fact, in a recent report on the subject of emergency savings, it was found that 37% of Americans can’t come up with $400 from savings in an emergency. Among those whose household incomes are less than $60,000, the figure was 58%, and it’s even higher for women and Black households making less than $60,000. The report is based on interviews with nine of the largest U.S. recordkeepers and seven employers, inquiring about ways to facilitate emergency savings products. Eight of the recordkeepers said they either offer or plan to offer such a program, either in plan or out. There was no clear preference by plan sponsors for either in-plan or out-of-plan solutions, and recordkeepers said they would base their offerings on participant and plan sponsor demand. Plan sponsors may not wait around for the complexities to be worked out; four of the seven interviewed for this report said they plan to offer emergency savings soon, either through a recordkeeper or a credit union. There are, of course, pros and cons to consider when comparing in-plan and out-of-plan emergency savings, and the report discusses some of them. Read more here: https://tinyurl.com/Commonwealth-savings.
Q: Last fall, we heard that we should consider only financial factors in selecting investments for the 401(k) plan’s investment menu, which could make it difficult to include environmental, social and governance (ESG) choices. As the new administration took over in the White House, has anything changed?
A: It has. On November 13, 2020, the U.S. Department of Labor (DOL) released its final regulations (following the June 30, 2020, proposed regulations) that many felt discouraged ESG investments in qualified plans, because such investments consider nonfinancial factors. Soon after taking office, the Biden administration directed federal agencies to pump the brakes on regulations adopted during the Trump administration, including the ESG DOL guidance. So, on March 10, 2021, the DOL announced that they will not pursue enforcement action against any plan based on failure to comply with the November 2020 final regulations’ impact on ESG selections. Of course, this is not a general policy of nonenforcement; all other applicable rules for selecting and monitoring investments that are based on ERISA and subsequent regulations continue to apply. But it may mean that choosing ESG options for the investment menu of a qualified plan could get easier.
For plan sponsor use only, not for use with participants or the general public. This information is not intended as authoritative guidance or tax or legal advice. You should consult with your attorney or tax advisor for guidance on your specific situation.
©2021 Kmotion, Inc.