Cybersecurity Requests Appear in DOL Audits

Plan sponsors, fiduciaries, and service providers are being asked by DOL investigators how their ERISA governed plans address cybersecurity concerns with increasing frequency. These requests may take the form of production requests or be included as questions in an interview. Investigators typically seek information or documentation related to prudent diligence relating to service provide information security protocols and indemnifications with the aim of keeping the participant’s account balance intact. We have seen a sharp uptick in such inquiries ever since the DOL offered a set of best practices and tips earlier in 2021 (our summary of the best practices is available here). To date, DOL investigations have generally focused not only on the policies and procedures that plans and providers have in place to thwart cyber-criminals, but on the steps taken by plans and recordkeepers in response to cyber-incidents.

Concerns about account takeovers by cyber-criminals have also risen sharply as the pandemic has pushed many into remote work, delayed traditional postal service based identity verification, and stretched personal finances. This combination can lead to an increase in distribution requests, not all of which may be from the true participant. Efforts to educate fiduciaries and participants about these dangers have unfortunately also included enforcement inquiries, sometimes leaving the sponsors and fiduciaries at a loss as to how to respond.

It is important for benefit plan sponsors and service providers to take a proactive approach to cybersecurity and be prepared for a possible DOL investigation. Although the immediate attention has been on retirement plan, health and welfare plan sponsors and fiduciaries should also be prepared to field questions about cybersecurity from DOL auditors.


About Groom Law Group, Chartered

Founded in the wake of a landmark regulatory development—the passage of ERISA in 1974, Groom has been at the forefront of employee benefits law for over 45 years. Groom’s multi-disciplinary team of nearly 90 benefits, health and retirement attorneys routinely defend benefit plan-related Department of Labor, Internal Revenue Service, Pension Benefit Guaranty Corporation, Health and Human Services, Centers for Medicare & Medicaid Services, and other federal and state agency investigations on behalf of its clients. Owing to our strong substantive knowledge of our clients’ businesses and thorough knowledge of agency procedures, Groom leads the nation in the volume of cases being handled by any law firm.