Skip to main content

You are here


Missing Participants, Cybersecurity Among Top Challenges

Conferences & Events

Amid the rapidly changing regulatory and investigative initiatives at the Department of Labor and IRS, plan advisors can serve their clients well by helping them stay ahead of the curve, a panel of industry insiders said Sept. 12.

At an opening-day workshop session at the 2021 NAPA 401(k) Summit in Las Vegas, moderator Devyn Duex, Vice President at CAPTRUST and attorneys Alison Cohen of the Ferenczy Benefits Law Center, Erin Turley from McDermott Will & Emery LLP and Fred Reish with Faegre Drinker Biddle & Reath LLP addressed a wide range of hot-button topics that included DOL audit activity on missing participants and cybersecurity, forthcoming guidance on fiduciary rulemaking, ESG investing and lifetime income disclosures. 

Missing Participants

Asked by Duex about DOL activity on missing participants, Reish explained that it’s now one of the hot topics of DOL investigations. “You should be taking this as a serious issue because the Department of Labor has started investigations—the issue of missing participants has been one of the things on their checklist,” he noted, adding that the DOL has also provided soft guidance in the form of best practices that can help protect the sponsor if they engage in a prudent process in trying to identify and find missing participants.

Reish strongly urged advisors to become familiar with the guidance and sit down with plan sponsors to explain the seriousness of the issue and make sure they understand the requirements. “If they have missing participants, there is an expectation. The failure to satisfy that expectation, in the eyes of the Department of Labor, will be a fiduciary breach,” he explained. 

Ferenczy’s Cohen observed that plan sponsors often don’t even realize they have missing participants. “What happens mechanically in a lot of these situations is the money leaves the participant account—out of sight, out of mind—it goes to the holding account pending for their check to clear at the institution, but it essentially has been wiped off the books at the plan, so it goes into this ‘phantom zone,’” she explained. 

Cohen noted that a service provider was targeted recently by the DOL because they had a large number of missing participants, but had made no efforts to notify their plan sponsors or try to track them down. “As advisors, it’s important to talk to the recordkeepers, talk to the vendors that have the money, and figure out how you can get reporting done, because it is not automatically being generated by most vendors,” Cohen advised.  

McDermott Will & Emery’s Turley noted that one of the things that she continues to see is that the documents don’t match up. “The plan document says X, the recordkeeping agreement says Y, and maybe the SPD says something different—if it’s even addressed in the SPD. So make sure all those documents sync and your process actually matches your documents as equally,” she advised. 

DOL Cybersecurity Guidance

Asked by Duex about the DOL’s recent cybersecurity best practices guidance,  Turley urged advisors to review what the DOL issued and make sure their clients are aware of what the guidance says and have proper procedures in place.  

“Part of that process is making sure that your employers are complying with these requirements. But effectively, their only way of making sure that they’re actually put into operation correctly is through the recordkeeper,” Turley advised. “So make sure that RFP includes information about the insurance that the recordkeeper has and specifically negotiates these items, and has someone who has familiarity with cybersecurity requirements and what that should look like.” 

Cohen also emphasized the importance of making sure advisors and their clients have secure portals in place, noting that you cannot send data through regular email anymore. “It’s really important that you not only drive the conversation, but also lead by example. And that means that when your clients start sending you information, make sure they do this safely,” she explained.  

Turley further urged advisors that when meeting with clients, make sure they have cybersecurity as a discussion item and document that discussion, so that when the DOL conducts an audit, you have that data. 

“Sit down with the plan sponsor and go over [the best practices guidance], and have something in the minutes or the record that shows that they paid attention to this, because nothing is your worst enemy at this point,” Reish added. “Having nothing that shows any effort to comply with an area that the DOL has indicated is one of its most high-priority areas is a bad thing.”

PTE 2020-02

As for Prohibited Transaction Exemption 2020-02, Reish explained that there is a non-enforcement policy in place until Dec. 20, 2021, but he suggested that advisors better get busy if they are planning to take advantage and comply with the requirements of the PTE. 

If you’re a fiduciary and you make a recommendation on a rollover that causes yourself to make money, you have abused your fiduciary status, but because of PTE 2020-02, if you do a whole series of things beginning December 21, particularly because of the non-enforcement policy, you’ll have an exemption from the prohibited transaction rules, he explained. Those requirements include:

  • satisfying the impartial conduct standards; 
  • providing before a transaction has been implemented a written acknowledgement of the fiduciary status of yourself and your firm; 
  • providing disclosures about conflicts of interest; 
  • having policies and procedures for adhering to the impartial conduct standards and for mitigating conflicts of interest; and 
  • providing a statement of why the rollover recommendation is in the best interest of the investor. 

“That is a heavy, heavy lift, and if you’re not working on this already, if you’re a small firm and this could fall within your area of responsibility, you better get going because December 20th is coming soon,” Reish warned. On top of that, he noted that based on the latest regulatory agenda, the DOL could issue a new regulatory proposal—and possibly a new exemption—by the end of the year. 

Lifetime Income Disclosure

With respect to forthcoming final regulations on lifetime income disclosure, Turley explained that the requirements for quarterly participant statements will start in June 2022, and for annual statements in October 2022. She believes that most systems, in her experience, have been retooled to provide these notice disclosures. However, she indicated that the way the interim rules were drawn up were somewhat of a “miss” in that the rules assume a static benefit, which may be confusing to participants. 

Cohen suggested that educating plan participants will be key, because many will have no idea of what they’re reading. “It reminds me of back in 2012 when we had the fee disclosures that came out and participants were getting these fee disclosures and not understanding a word that they were looking at and getting very upset about some of these fees,” Cohen observed. “The onus is going to be put on the advisory group to help plan sponsors educate participants.”

Reish agreed, and suggested that recordkeepers should consider providing examples, noting that the DOL’s recently issued FAQs said that you can provide projections, addressing criticisms that the disclosures may be useless. “Advisors need to be the catalyst for that, because for plan sponsors, it’s a train coming through the tunnel at them, but they don’t see it coming; recordkeepers are working on the solution, so they’re preoccupied with that,” Reish observed. “So that leaves the advisor as the quarterback for compliance for the plan sponsor.”