When it comes to providing a retirement plan for your employees, staying compliant with Department of Labor (DOL) guidance is one of the most important responsibilities you take on.
In fact, in a recent survey, Morgan Stanley at Work discovered that 93% of plan sponsors choose to work with a financial advisor specifically for assistance with plan compliance and regulatory oversight.1
One prime area of focus remains, compliance with evolving cybersecurity rules. In 2021, when the DOL publicized guidance around qualified retirement plan cybersecurity practices, it noted that qualified retirement plans are prime targets for cyber attackers: it’s estimated that there are approximately 140 million participants in ERISA-governed retirement plans, holding assets of about $9.3 trillion.2 Additionally, retirement plans maintain significant amounts of highly sensitive personal and financial data (think: Social security numbers, employment information and home addresses).
As a result, without sufficient protections and protocols in place, participants and assets may be at risk from cybersecurity threats. The DOL’s 2021 guidance set out best practices to help plan sponsors, plan fiduciaries, service providers and plan participants maintain a prudent cybersecurity program within the retirement plan framework. Since then, the DOL has heightened its focus on cybersecurity issues in its ERISA investigations.3 This makes it increasingly important for plan fiduciaries to strongly consider implementing the guidance to further enhance their cybersecurity infrastructure.
When it comes to cybersecurity, if you haven’t already, now is the time to start implementing information security protection, protocols and prepare for potential DOL enforcement.
In this article, we decode the guidance and help plan sponsors understand what’s most important to implement to keep your company and employees safe from cyber criminals.