As technologies advance, so will the need for heightened cybersecurity practices.
Day two of Broadridge’s Fi360 conference discussed new areas for retirement plan advisors to expand their cybersecurity protocols, and reviewed what practices can be done to distinct guidance from the Department of Labor (DOL) and the Securities and Exchange Commission (SEC).
Panelists Bonnie Treichel, chief solutions officer of Endeavor Retirement, Sarah Chase-McRorie, senior legal counsel of Matrix Solutions at Broadridge, and Bonnie Page, founding partner at Clementine Legal, began the session by stating that no plan size is safe from litigation against cybersecurity.
A complaint aimed at Colgate-Palmolive and other parties last year revealed that not all litigation surrounding the Employee Retirement Security Act of 1974 (ERISA) must be a large class-action suit, Treichel said. In this case, a now-retired participant at Colgate-Palmolive found their $750,000 balance had been fraudulently wiped from their plan account. The participant filed a lawsuit in the District Court for the Southern District of New York, alleging their employer, recordkeeper Alight Solutions, and custodian BNY Mellon were responsible for their roles in running the retirement plan.
The DOL would eventually issue a subpoena to Alight Solutions for documents related to the cybersecurity breach, saying that the organization may have violated ERISA.
“If we think about this for our plan sponsor clients, we want them to think about the importance of cybersecurity,” said Treichel. “It doesn’t have to be these big class suits. Cybersecurity can extend to our smaller plan sponsors.”
To avoid litigation, panelists suggested looking to DOL’s guidance at a steady pace. It’s not a ‘one-and-done’ protocol, but one that should eventually become a share of the practice. For example, advisors can enact a self-assessment to see how they comply with the 12 pieces of regulation.
“As guidance came out from the DOL, folks looked at it, took action, got some new policies and procedures and never looked at it again,” added Treichel. “What’s important is to have this culture around cybersecurity.”
Another set of rules to keep an eye out for are those from the SEC, who last year proposed a new package of cybersecurity regulation for broker-dealers and other groups. With ample guidance from two regulatory houses, advisors should ensure they are up to speed and understand the many similarities, and gaps, between both pieces of regulation.
“Map out the requirements under the SEC and DOL, and you’ll see where that overlap and gap is,” suggested Page, founding partner at Clementine Legal. Advisors can start out by reviewing the policies and risks before utilizing third parties or consultants for help, Page added.
Chase-McRorie, senior legal counsel at Broadridge, noted how outside help with a focus on cybersecurity can provide an additional layer of protection in ensuring the appropriate practices are set in place. Yet, it’s vital to understand that this doesn’t exonerate advisors of their legal responsibility.
“Hiring someone who has the institutional scale efficiency and a robust program in place is helpful,” said Chase-McRorie. “Outsourcing to the right individual is a good way to help yourself, but it never absolves your institution of liability.”
SEE ALSO:
- 5 Trends Creating Opportunity for 401(k) Advisors: Broadridge Fi360 Solutions
- Broadridge Fi360: Preparing for a Growing Market
- Broadridge Fi360: ChatGPT, SECURE 2.0, and a Rebrand
Amanda Umpierrez is the Managing Editor of 401(k) Specialist magazine. She is a financial services reporter with over six years of experience and a passion for telling stories and reporting news. Amanda received her degree in journalism and government and politics at St. John’s University. She is originally from Queens, New York, but now resides in Denver, Colorado with her partner. In her free time, Amanda enjoys running, cooking, and watching the latest drama show.
1 comment
Comments are closed.