Surviving a DOL Cybersecurity Audit - Cybersecurity Preparedness Checklist for Plan Fiduciaries
McDonald Hopkins' Elliot Raff, along with Harold Ashner from Keightley & Ashner LLP, recently shared insight on surviving a Department of Labor, Employee Benefit Security Administration audit with Bloomberg Tax's Tax Management Compensation Planning Journal. Below is a condensed excerpt, as well as a link to the full article with the opportunity to download a helpful cybersecurity preparedness checklist.
Last year, the DOL added cybersecurity to the list of topics it examines in routine retirement plan investigations and began asking employee benefit plan service providers for a lengthy and detailed set of documents, including documents relating to any cybersecurity programs that apply to the data included in the retirement plan. This encompasses not only programs of plan service providers, such as recordkeepers, but also programs of the employer and of other entities involved in plan operations, such as payroll service providers. Also included was another extensive list of documents relating to ongoing fiduciary review of service provider cybersecurity practices.
The DOL's enforcement initiative should prompt retirement plan fiduciaries to get ready for scrutiny of their own cybersecurity preparedness and oversight of the preparedness of their defined contribution retirement plan (DC Plan) service providers, for example, 401(k) plan recordkeeper and institutional trustee.