Friday, April 16, 2021
On April 14, 2021, the U.S. Department of Labor’s (“DOL’s”) Employee Benefits Security Administration (“EBSA”) issued its first cybersecurity best practices guidance for retirement plans. The guidance is set forth in three parts and emphasizes that plan sponsors and fiduciaries must take steps to mitigate cybersecurity risks as part of the fiduciary obligations imposed on them by the Employee Retirement Income Security Act of 1974 (“ERISA”). To assist plan sponsors and fiduciaries with their responsibilities to prudently select and monitor service providers, the guidance outlines considerations they can use to determine that service providers follow strong cybersecurity practices. EBSA views this guidance as a complement to its regulations on electronic records and disclosures to plan participants and beneficiaries (i.e., that electronic recordkeeping systems have reasonable controls, that adequate records management practices are in