The Department of Labor is working on a guidance package addressing cybersecurity issues as they relate to plan sponsors and third-party providers.
Tim Hauser, Deputy Assistant Secretary for DOL’s Employee Benefit Security Administration (EBSA) has indicated that we should expect more focus in the department’s investigations of the adequacy of various cybersecurity programs to confirm that service providers plan sponsors hire are practicing effective cybersecurity practices.
Mr. Hauser also indicated that the forthcoming guidance would be informal, and not a formal notice and comment.
Plan Sponsor Considerations
The DOL expects there to be questions asked when hiring a TPA or record-keeper.
- What practices and policies do the service provider have to ensure their systems are secure?
- Does the service provider have regular third-party audits by an independent entity?
- How does the third party validate their systems cybersecurity?
- Is there any history of cybersecurity incidents? If so, what is their track record?
- What did they learn from any prior incidents, and how have they improved their defensive processes?
- Do they indemnify their clients in event of security systems breaches that result in losses?
- Do they have insurance policies to make you whole and cover breaches, or do they have all sorts of waivers and exculpatory clauses in their contracts?
In the event a security breach is identified and an offender has achieved access to confidential information, the plan sponsor should produce a documented response, including notifying law enforcement, the FBI, the plan and their participants.
Once an official final guidance package is made available, we will share that information with you.
Securities offered through IFP Securities, LLC, dba Independent Financial Partners (IFP), member FINRA/SIPC. Investment Advice offered through IFP Advisors, LLC, dba Independent Financial Partners (IFP), a Registered Investment Adviser. IFP and Ridgeline Advisors are not affiliated.
The information given herein is taken from sources that IFP Advisors, LLC, dba Independent Financial Partners (IFP), IFP Securities LLC, dba Independent Financial Partners (IFP), and it advisors believe to be reliable, but it is not guaranteed by us as to accuracy or completeness. This is for informational purposes only and in no event should be construed as an offer to sell or solicitation of an offer to buy any securities or products. Please consult your tax and/or legal advisor before implementing any tax and/or legal related strategies mentioned in this publication as IFP does not provide tax and/or legal advice. Opinions expressed are subject to change without notice and do not take into account the particular investment objectives, financial situation, or needs of individual investors. Prepared by 3rd party.