DOL Cybersecurity Services for ERISA Plans
Plan sponsors, fiduciaries and covered service providers have immense responsibility to protect the retirement plan assets of U.S. employees. In addition to managing day-to-day plan operations and keeping compliant with laws and regulations, mitigating risks to plan participants and plan assets posed by cyber threats is another layer of protection that now falls within that realm. With new and sophisticated cyber threats occurring each day, it can be cumbersome to keep up with the latest exploits and resulting cybersecurity guidelines.
Employee benefit plans have heightened cybersecurity risks due to:
- Significant outsourcing to third-party administrators, which leads to a lack of ownership or accountability.
- Sensitive personal data being shared electronically among providers.
- The ability to access large amounts of plan assets.
The Department of Labor (“DOL”) Employee Benefits Security Administration has issued guidance that outlines the protections each party working with an ERISA-qualified plan must consider. These measures encompass everything from selecting qualified service providers to implementing security procedures and educating plan participants.
The EisnerAmper Digital team works closely with our Pension Services Group to analyze the DOL documentation and guide our clients accordingly. Our deep-seated understanding of employee benefit plans, coupled with our commitment to building proactive cybersecurity strategies, makes EisnerAmper uniquely qualified to measure your cybersecurity posture and help apply proper protocols to better protect plan assets and facilitate plan compliance.
Services we offer include:
Covered Service Providers
What Should Plan Fiduciaries and Sponsors Do?
- Review the guidance and asses how your current cybersecurity practices (and those of your recordkeepers and service providers) compare to the DOL recommendations.
- Review current service provider contracts and plan document amendments.
- Schedule fiduciary training.
- Document compliance efforts (e.g., cybersecurity compliance training, procedures, participant disclosure approaches).