Faegre Drinker fiduciary expert Fred Reish once again gave Qualified Plan Fiduciary Summit attendees critical insight and bold predictions about a roster of recent retirement plan regulation and litigation that affect their clients and business.
Beginning with a follow-up to the SECURE Act, Reish mentioned several important provisions contained in what is currently referred to as SECURE Act 2.0 from Congressmen Neal and Brady (and Senators Portman and Cardin), including:
- New 401(k), 403(b) and SIMPLE plans must automatically enroll and increase deferrals.
- Long-term, part-time employees must be included after two years of employment.
- 401(k), 403(b), and SIMPLE IRAs could make matching contributions for student loan repayments.
When remarking on items remaining from the Trump Administration, he mentioned two areas to watch: Pecuniary factor regulation and lifetime income illustration regulation.
Pecuniary factors include proposed ESG regulation and private sector “push back,” as well as a final rule effective January 12 under which fiduciaries must select investments based on pecuniary factors.
Additionally, lifetime income illustrations must be provided to participants annually beginning after September 2021.
Litigation
Commenting on Tussey v. ABB, Reish noted the court found “ABB Defendants violated their fiduciary duties when they:
- Failed to monitor recordkeeping costs,
- Failed to negotiate rebates for the Plan from either Fidelity or the other investment companies …,
- Selected more expensive share classes…when less expensive share classes were available, …”
Remarking on Vanderbilt University’s 403(b) case, he mentioned the $14.5 million monetary settlement, as well as the non-monetary term, including:
- Conducting RFPs for recordkeeping services, or a duty to monitor.
- Evaluating the cost of different share classes.
- Use of investment consultant.
- Prohibiting the recordkeeper from using the participant information for non-plan sales.
Cybertheft
Cybercrime is, of course, a major issue, and Reish mentioned the Leventhal v. MandMarblestone case, in which a cyber-thief stole more than $400,000 from a participant’s account.
The cyber-thief obtained a copy of the participant’s application for a previous withdrawal, modified it, and sent it to the service provider so that it appeared to be from the plan sponsor.
The money was transferred by the service provider to a bank never authorized by the participant. The plan sponsor sued the service providers for the losses. The service providers then countersued the plan sponsor alleging:
“Plaintiffs’ own carelessness with respect to their employees and their computer/IT systems and policies including their decision to permit [an employee] to work remotely from Texas and use her personal email for official employment duties, permitted the cyber fraud …to occur.”
The high-profile Bartnett v. Abbott Laboratories case was also mentioned, in which a cyber-thief stole $245,000 from a participant’s 401k account.
The thief impersonated the participant via the “forgot my password” prompt on the plan’s website. The recordkeeper sent a security code to the participant’s email address, to which the impersonator had already gained access.
The thief then changed the password to the account and added a new bank.
Instead of contacting the participant by phone or email, the recordkeeper sent her a letter notifying her of the new bank account. By the time the participant had received the notice, the money in the account had been transferred.
The participant sued the plan sponsor and the recordkeeper.
DOL investigations
Reish concluded by noting that in recent years, the DOL has been investigating plan fiduciaries about their practices for “missing participants” and, in some cases, asserting fiduciary breaches.
In response to plan sponsor complaints about a lack of guidance in this area, the DOL issued guidance: “Missing Participants: Best Practices for Pension Plans.” The guidance outlines the steps that plan sponsors can take to minimize their risks.