EBSA Speaks: New Guidance for Mitigating Retirement Plan Cybersecurity Risk | Epstein Becker & Green jdsupra.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from jdsupra.com Daily Mail and Mail on Sunday newspapers.
Friday, April 16, 2021
On April 14, 2021, the U.S. Department of Labor’s (“DOL’s”) Employee Benefits Security Administration (“EBSA”) issued its first cybersecurity best practices guidance for retirement plans. The guidance is set forth in three parts and emphasizes that plan sponsors and fiduciaries must take steps to mitigate cybersecurity risks as part of the fiduciary obligations imposed on them by the Employee Retirement Income Security Act of 1974 (“ERISA”). To assist plan sponsors and fiduciaries with their responsibilities to prudently select and monitor service providers, the guidance outlines considerations they can use to determine that service providers follow strong cybersecurity practices. EBSA views this guidance as a complement to its regulations on electronic records and disclosures to plan participants and beneficiaries (i.e., that electronic recordkeeping systems have reasonable controls, that adequate records management practices are in
Formally wading into the cybersecurity discussion for the first time, on April 14, 2021, the U.S. Department of Labor (DOL) posted on its website a suite of new guidance, including Tips.
To embed, copy and paste the code into your website or blog:
On April 14, 2021, the Department of Labor’s (DOL) Employee Benefits Security Administration issued guidance on cybersecurity for the first time to help plan sponsors, fiduciaries, service providers, and participants protect personal information and retirement assets. In the guidance, the DOL identifies evaluating cybersecurity practices as part of the plan sponsor’s or other plan fiduciary’s duty to prudently select and monitor plan service providers and states that ensuring proper mitigation of cybersecurity risks is a fiduciary obligation. The guidance is provided in three documents:
Tips for Hiring a Service Provider, which provides plan sponsors and fiduciaries with questions to ask before selecting a service provider and items to include in contracts with service providers;
To print this article, all you need is to be registered or login on Mondaq.com.
By way of background, cybersecurity has over the last decade
become an area of critical importance to sponsors and
administrators of employee benefit plans as well as plan
participants. Put simply, this is because plans (which the
DOL estimates hold $9.3 trillion in assets) are a prime target of
cyberthieves, given that they typically hold significant amounts of
sensitive participant data, often permit electronic access to funds
(think 401(k) distributions) and rely on outside service providers,
who provide additional access points for breach. This risk