The Crucial Role of Advisors in Cybersecurity Compliance

/ By / 401k News, Cyber Security, cybersecurity, DC plans, DOL Guidance, Fiduciary, Fiduciary, Financial Advisors, Financial Wellness

Fred Barstein, CEO & Founder, TPSU/TRAU/401kTV with Adjunct Lecturer, Kim Cochrane – HUB International

In today’s dynamic landscape of retirement planning, the emergence of cybersecurity regulations has significantly increased the complexity and importance of safeguarding retirement assets and sensitive participant information.  With cyber threats on the rise and regulatory bodies such as the Department of Labor issuing guidelines, plan sponsors face heightened scrutiny and responsibility in ensuring compliance.

In this context, knowledgeable advisors serve as invaluable allies, providing essential guidance and expertise to navigate the intricacies of evolving cybersecurity regulations.  They offer strategic insights, conduct thorough risk assessments, and recommend proactive risk management strategies to effectively mitigate cybersecurity risks.  Furthermore, advisors play a crucial role in bridging the gap between plan sponsors and recordkeepers, facilitating communication, and ensuring alignment with cybersecurity best practices.

In a recent discussion held at the conclusion of a recent TPSU program on the campus of The University of Maryland, Fred Barstein, the founder, and CEO of TPSU and 401kTV, engaged in a dialogue with Kim Cochrane, an adjunct lecturer representing HUB International. Cochrane, hailing from the Mid-Atlantic region, shared insights garnered from her extensive experience in retirement planning, particularly focusing on the regulatory landscape and cybersecurity concerns affecting plan sponsors.

Cochrane shed light on the heightened significance of cybersecurity in the realm of retirement plans, stemming from the Department of Labor’s issuance of best practices guidelines in May 2022.  She emphasized the evolving regulatory landscape, wherein regulators are now requesting written documentation from plan sponsors regarding their cybersecurity policies specific to retirement plans.  This development poses significant challenges for plan sponsors, especially when dealing with large recordkeepers, as they are tasked with verifying the adequacy of cybersecurity protocols and obtaining essential documentation such as SOC 1s and SOC 2s.

Furthermore, Cochrane underscored the pivotal role of advisors in guiding plan sponsors through these intricate compliance requirements.  Advisors serve as essential liaisons, bridging the gap between plan sponsors and recordkeepers, facilitating the acquisition and review of necessary documentation, and ensuring alignment with cybersecurity best practices.

Read the Full Transcript Here:

Fred Barstein:    Greetings. This is Fred Barstein, founder and CEO of TPSU and 401kTV. I’m here at the University of Maryland at the TPSU program. We just completed with our adjunct lecturer, Kim Cochrane. Welcome Kim.

Kim Cochrane:   Thanks, Fred.

Fred Barstein:    Okay. If we ask you a few questions.

Kim Cochrane:   Of course.

Fred Barstein:    Before we do, tell our audience a little bit about yourself and your practice.

Kim Cochrane:   Sure. I’m Kim Cochrane from HUB International out of the Mid-Atlantic region, with the focus obviously on retirement plans, nonprofit especially, as well as for profits, of course, with the background of compliance, IRS regs, all the fun stuff.

Fred Barstein:    So today, and a lot of our programs, the issues of cyber security is becoming more with recordkeepers, when we’ve seen a lot of hacks recently. What’s your plan sponsors be doing?

Kim Cochrane:   When the Department of Labor came out with the best practices last May, they gave us four pages of things to be aware of, and clients saw it. We, as advisors, talked about it, but we had no idea what was going to happen with these regulators. And now, actually, what we’re seeing is, the regulators are coming out to clients of all sizes, and they’re asking them for the written documentation on their cybersecurity policies as it relates to the retirement plan. This is the additional wrinkle. So imagine you’re with a very large recordkeeper and you’re a small employer. You need to check that their cybersecurity protocols are in place, that they’re proper, they haven’t had any breaches. You need to be getting the SOC 1s, the SOC 2s, all of their policies, and then sharing that with your IT department and then documenting what your duties are, who will be responsible for following up with this, and how often you will do this. It’s quite a big undertaking of what’s being asked of clients right now.

Fred Barstein:    So that was May of 2023.

Kim Cochrane:   ’22. It actually came out, the audits just started this year. Department of Labor is sending out letters to employers asking for their formal document on cybersecurity for the retirement plan.

Fred Barstein:    So most plan sponsors don’t know what to ask or look for, what do they do?

Kim Cochrane:   They should be reaching out to their advisor for this. This is what we can do. We kind of speak the same language. We can reach out to these recordkeepers and get all of those documentation provided to the client so that they can have it reviewed by themselves and by their cybersecurity personnel internally their IT, and make sure it clears the mustard.

Fred Barstein:    Right. Thank you. So anyway, well, thank you for your time today. Final question, why should a plan sponsor attend a TPSU program? You’ve now done about three of them, right?

Kim Cochrane:   Yeah. The best thing that comes out of TPSU, I will have to say, probably has less to do with the program, but it has to do with the fact that HR executives are in a room talking to each other, and they’re getting wonderful networking, but commiserating with what challenges that they have and wonderful kudos when they’re doing a good job. So that interaction with other people that speak your language is really important. In addition, of course, to fiduciary training that matters and CE credits.

Fred Barstein:    Well, we’ll take credit for bringing them together.

Kim Cochrane:   Absolutely.

Fred Barstein:    But yes, they do get most from their peer to peer on that.

Kim Cochrane:   Absolutely.

Fred Barstein:    Well, thank you, Kim. Thanks for participating and supporting TPSU. And thank you for watching 401kTV. Please stay tuned.

FOLLOW US:

401kTV

About Us

Management Team

Affiliates

Privacy Policy

Terms Of Service

Contact 401kTV

Thank you for visiting our site!

TRAU, Inc. and its affiliates TPSU and 401kTV do not provide investment, legal, tax or accounting advice. 401kTV readers and viewers should consult their legal and tax advisors for guidance. All materials, including but not limited to articles, directories, photos, videos, graphics etc., on this website are the sole property of TRAU, Inc. and are intended for educational purposes only. We do encourage your sharing 401kTV content with Plan Sponsors; however, unauthorized use of any and all materials is prohibited/restricted.

Permission to use any of the materials, etc. on any of this site or affiliate websites may be requested in writing at [email protected] and may be granted in writing on a case by case basis. Use of all editorial content without permission is strictly prohibited.

Scroll to Top