Search the News Archive

Healthcare and Welfare Plans Reach a Tipping Point

"We’ve arrived at the point when a string of regulatory maneuvers largely unnoticed by employers have grown significant enough to bring about a bigger, more significant change. What can plan fiduciaries, therefore, do to lessen the rising risks?"

DOL Cybersecurity Audits Embrace Health Plans

"The DOL has integrated cybersecurity queries and questions into health and welfare plan examinations.... The DOL's position may make H&W plans particularly susceptible to a cybersecurity investigation, especially those impacted by data breach incidents among their providers. H&W plan sponsors should remember that following the DOL's cybersecurity recommendations and adhering to [HIPAA] is prudent."

The Excellent Fiduciary: Traits of Effective Committee Members (PDF)

"The architecture of employee benefit plan committees, also known as plan fiduciary or plan oversight committees, is as diverse as the organizations that sponsor them. There is, however, essential consistency in the skills and experiences of the individuals employers appoint to serve as committee members."

Cybersecurity Triggers a New Paradigm in Vendor Monitoring

"Traditional questionnaire-based evaluations and SOC 2 reports are insufficient for giving current information about a vendor's security posture. Plan fiduciaries must adopt a more intelligent and scientific approach ... to protect sensitive data, stay ahead of new threats, and ensure their providers are committed to upholding a solid security posture. Plan fiduciaries can improve their cybersecurity defenses and reduce the risks related to vendor relationships by employing continuous monitoring, quantifiable metrics, and rigorous testing."

Cybersecurity's Role in Plan Governance

"The responsibility for ensuring the safety of [employee benefit plan] participants’ data and monetary assets has shifted from the computer department to the human resources suite. HR managers face a two-part challenge. The first is the need to have a working knowledge of the risks facing their EBPs from internal sources and service providers. Second is the capability to detect any data security intrusions that strike plan vendors as they occur."

AI Is Radically Transforming Benefit Plan Management (PDF)

"Many plan committees are still digesting the cybersecurity guidelines issued by [EBSA] in 2021, only to be confronted by an explosion of concerns over the proliferation of AI apps in the hands of plan participants and AI-enabled systems coming into service with recordkeepers, payroll providers, health systems, and other vendors. Few fiduciary committees have fully realized AI's impact.... This article discusses initiatives that can help fiduciaries and suggests a course of action to benefit from them."

Retirement Plan Fees Worsen Enterprise Risk: A Management Briefing (PDF)

11 pages. " The focal point of [a] growing number of ... lawsuits is the compensation that employers arrange for payment to the vendors of services to the ERISA plans the employers sponsor. A crisis among retirement plan sponsoring enterprises is unfolding. The challenge facing their leaders is to ensure that operations managers are equipped with the training, guidelines, controls, and tools that elevate fiduciary risk management to its proper priority. Underestimating the economic and reputational risks related to deficiencies in the prudent management of ERISA plans threatens an entire enterprise."

A Model for Managing Fiduciary Risk (PDF)

"Inextricably linked with governance and compliance, risk management depends on critical decision-making criteria that are proven to produce safer and better-performing EBPs.... In order to develop and maintain an EBP risk management framework, it is essential to know the parameters the enterprise's board or governing authority established in each of the three vital decision- making criteria of risk tolerance, risk appetite, and risk capacity."

AI: Beyond the Hype

"AI can transform EBP procedures that improve participant outcomes, elevate efficiency, and improve data reconciliation. However, worries about data privacy and security risks underscore the substantial obstacles to obtaining the advantages.... AI systems are dynamic and necessitate providers' total commitment to enhancing their adaptability and robustness. Continued monitoring of AI-enabled services begins with knowing where that technology exists in vendors' offerings and whether it's accommodated in their data security policies and practices."

Third-Party Risk Management Is a Vital Fiduciary Discipline

"[M]any third-party vendors now delegate primary functions to other contractors. These 4th (and nth) party 'subservice' vendors often escape the monitoring required of operations managers and plan committees by federal retirement and health plan laws.... The delegation tactics used by employee benefit plan service providers place a premium on third-party risk management (TPRM) as a strategy."