To embed, copy and paste the code into your website or blog:
On April 14, 2021, the U.S. Department of Labor’s (“DOL’s”) Employee Benefits Security Administration (“EBSA”) issued its first cybersecurity best practices guidance for retirement plans. The EBSA guidance has been highly anticipated as the frequency and cost of data breaches affecting employee benefit plans continues to rise. The EBSA guidance focuses on actions that plan sponsors, plan fiduciaries, record-keepers, and plan participants can take.
The Employee Retirement Income Security Act (“ERISA”) imposes certain fiduciary duties on plan fiduciaries with respect to recordkeeping and the selection and monitoring of service providers. As recently as February, 2021 the Government Accountability Office urged the DOL to state whether it is a fiduciary’s responsibility to mitigate cybersecurity risks. Notably, and for the first time, the EBSA best practices guidance states that
To embed, copy and paste the code into your website or blog:
On April 14, 2021, the U.S. Department of Labor announced new cybersecurity guidance for plan sponsors, plan fiduciaries, record-keepers, and plan participants. The guidance is specifically “directed at plan sponsors and fiduciaries regulated by the Employee Retirement Income Security Act, and plan participants and beneficiaries” and is intended to mitigate cybersecurity risks to pension plans and contribution plans. While organizations with mature cybersecurity and vendor management programs may not find much of note within the standards, the Department of Labor announcement highlights the general importance of employee benefits data and the Department’s heightened attention to such standards. The guidance consists of three supplementary documents including: 1) “Tips for Hiring a Service Provider”, 2) “Cybersecurity Program Best Practices”, and 3) “Online Security Tips”.
LEAD STORY
In a draft executive order, President Joe Biden would direct federal agencies to take sweeping action to combat climate-related financial risks to government and the economy, including moves that could impose new regulations on businesses, including banking and insurance.
FALL ON ME
The draft order singles out and directs the Federal Insurance Office (FIO) to assess climate-related issues in its oversight of insurers. It asks the FIO to work with state regulators to examine the potential for “major disruptions” of private insurance coverage in regions of the country that are particularly vulnerable to climate change. It also directs Treasury Secretary Janet Yellen, as head of the Financial Stability Oversight Council, to assess risks to the financial system and the U.S. itself and deliver a report within 180 days. President Biden is hosting an international climate summit April 22-23.
Seyfarth Synopsis:
Retirement plans hold millions (sometimes, hundreds of millions) of dollars in assets, and participants’ personal information is increasingly maintained and accessible online. With such large amounts of money accessible electronically, retirement plans can be a prime target for cyber-criminals. In response to this growing issue, on April 14, 2021, the Department of Labor (“DOL”) issued a three-part set of informal guidance with best practices and suggestions from different perspectives for addressing cybersecurity in the retirement plan world. Acknowledging that businesses largely rely on third parties, namely, the plan’s recordkeeper, to secure and protect participant data, the guidance describes what cybersecurity protection to look for when selecting service providers. The guidance also provides tips for recordkeepers and other service providers responsible for maintaining plan data, and ideas for plan participants on safeguarding their data an
The Department of Labor (DOL) has issued its first-ever guidance
1 on cybersecurity for ERISA-regulated retirement
benefit plans. This guidance comes shortly after the Government
Accountability Office (GAO) released a report
2 calling
on the DOL to clarify how plan administrators should address
cybersecurity risks for defined benefit plans. The DOL s
guidance, which suggests combating cybercrime should be a priority
for plan sponsors and fiduciaries, also provides tips to
participants and beneficiaries on how to guard against cyber
threats.
The guidance has three parts: one directed at plan sponsors, one
directed at record keepers and service providers, and one directed
at plan participants.