Don't Miss

Retirement Plan Cybersecurity Becomes a Priority for the SEC & DOL

Retirement Plan Cyber-Crime

Retirement plan cybersecurity is now a top priority focus for the Securities & Exchange Commission (SEC) and the Department of Labor (DOL).  Both agencies have given Retirement Plan Cybersecurity special attention during 2021.  This trend is expected to continue into the coming year as cybersecurity measures and protocols are under greater scrutiny.

The SEC is reviewing whether registrants have implemented appropriate measures to protect customer accounts.  The intent is multifold and includes the following actions: prevent break-ins of participant accounts; oversee vendors and service providers; vet malicious email activities; respond to breaches; and manage operational risks for remote employees.

The DOL also issued guidance on cybersecurity in retirement plans.  That includes three documents of particular relevance to fiduciaries:

  • Tips for Hiring a Service Provider;
  • Online Security Tips; and
  • Cybersecurity Program Best Practices.

The DOL guides provide best practices for plan service providers, even-though the DOL itself doesn’t regulate these vendors.  This is a way for the DOL to informally regulate fiduciary advisors while still being hands-off.

The DOL and SEC best practices do overlap in the following areas:

  • Maintaining strong access control procedures;
  • Ensuring that any assets or data stored in a cloud – or managed by a third-party servicer provider – are subject to appropriate security reviews and independent security assessments; and
  • Responding appropriately to any cybersecurity incidents.

Although their guidance is general, the agencies are serious about enforcing it, as stated within this article.  They are also making good on the consequences.  In August 2021, for example, the SEC sanctioned eight firms in three actions for failures in their cybersecurity policies.

Beware, cybersecurity is now a fiduciary responsibility.  So it’s no wonder plan sponsors are also encountering increased scrutiny from regulators.  For instance, the DOL is requesting information about retirement plans’ cybersecurity measures.  It may be challenging for plan sponsors to know the perfect questions to ask when it comes to cybersecurity in their retirement plans.  The same can be said for selecting or monitoring vendors for best practices.  In that case, it behooves plan sponsors to lean on fiduciary advisors.  Plan sponsors should help vet plan service providers and make sure they’re adhering to the latest cybersecurity best practices.  It may also be beneficial to consult with outside security experts to ensure your retirement plan cybersecurity processes and participant accounts are adequately protected against cybercriminals.

Steff Chalk

Steff Chalk

Managing Editor at 401kTV
Steff C. Chalk is Executive Director of The Retirement Advisor University, a collaboration with UCLA Anderson School of Management Executive Education. Steff also serves as Executive Director of The Plan Sponsor University and is current faculty of The Retirement Adviser University.
Steff Chalk

Check Also

Retirement Benefits

Benefits Redesign Through a Lens of Payroll and Retirement Plans

A Benefits Redesign might be what your company needs!  Financial stress is a big concern for employers.  Inflation is on the rise, and many Americans are dealing with financial anxiety and stress.  Employers who want to recruit and retain top ...