Under ERISA, the federal law that regulates retirement and 401(k) plans, plan fiduciaries are required to prudently administer the plan, select and monitor plan investments and sufficiently diversify plan assets to minimize the risk of large losses.  When third parties are retained to assist with these duties, they may become co-fiduciaries, but the employer retains fiduciary oversight responsibility to monitor the selection and performance of plan service providers and investment advisors. 

COVID-19 has presented many challenges, including market volatility and business disruptions, which have placed added pressures on plan fiduciaries to comply with their ongoing obligations to prudently administer plans and plan investments.  COVID-19 does not suspend or reduce fiduciary obligations; rather, given the uncertainties and concerns faced by employers and employees regarding the effects of the economic downturn and the security of their retirement plan savings, plan fiduciary responsibilities arguably are increased.  Since ERISA fiduciaries face potential personal liability for breaches of their responsibility, it is essential that they be able to demonstrate their compliance with fiduciary standards and best practices to successfully withstand any fiduciary duty challenges by participants, the Department of Labor or the IRS.

The following steps are provided to help employers and ERISA fiduciaries demonstrate prudence in plan operation and management and to mitigate their legal risk in response to the COVID-19 environment.

  1. Review plan investment menu and policy. Given the likelihood of continued market volatility, review the investment options to consider whether they remain prudent in the current financial environment.  Also, review the plan’s investment policy statement to make sure the plan’s investment guidelines remain appropriate and provide sufficient flexibility to revise them.  Consider if any of the investment funds are at a greater risk due to the financial market situation.  Document all pertinent discussions and decisions.
  2. Vigorously monitor plan performance. In an environment of continuing market volatility, it may be prudent to increase the frequency of plan investment reviews and request more frequent input from plan investment advisors to confirm the continued prudence of investment selections, benchmarks and request prompt notification of any concerns regarding the investment line-up.  The format of investment reviews may need to be changed to accommodate telephone, virtual meetings or other more flexible arrangements.
  3. Document fiduciary action and decisions. Continue to document all fiduciary decisions to continue or change the investment line-up and rationale for the decisions made.  Minutes of investment committee meetings should include key discussion points and actions taken. In fiduciary challenges, it is more important that the fiduciary engaged in a regular deliberative, reasoned and documented process rather than whether the ultimate decision was right or wrong.
  4. Communicate regularly with plan participants. In a time of market uncertainty and concerns about retirement asset security, it is important to have ongoing communication with plan participants.  Employers should send regular communications reminding participants to review their investment choices, noting the importance of diversification and the risk and reward characteristics of the plan’s investment options.  Engage the plan’s recordkeeper/investment advisor to provide participant targeted communications on these points.
  5. Address cybersecurity and data breach protections. With remote working and increased reliance on personal devices for work functions, coupled with increased plan-related participant activity (for example, increased requests for Cares Act distributions and 401(k) loans by participants) potentially exposing retirement plan accounts and personal information (Social Security numbers, etc.), the risk of data breach and fraud activity is substantially increased.  Although there currently is no specific guidance from the Department of Labor or IRS on plan cybersecurity, employers should consult with their plan recordkeepers to confirm that best practices are being applied to retirement account security, similar to protections in the financial services and Health Law industries.  Also encourage participants to regularly monitor their plan accounts for questionable transactions and frequently change their passwords.  This is an area to watch for future guidance.

Please contact Vandeventer Black LLP if you have any questions or would like additional information on these issues.