Cybersecurity Considerations: How to Select and Monitor Recordkeepers

PLANADVISER

Download

Authors: Fred Reish , Joan M. Neri

In a coauthored article for PLANADVISER, benefits and executive compensation partner Fred Reish and counsel Joan Neri answered a question from a registered investment adviser (RIA) regarding the Department of Labor’s (DOL) guidance on fiduciaries’ responsibilities regarding service provider cybersecurity practices.

The RIA, who assists 401(k) plan committees in selecting and monitoring recordkeepers and in searching for new recordkeepers, asked Reish and Neri, “What do I need to know to assist the committees?”

The authors provided an overview of the DOL cybersecurity guidance and outlined three categories of cybersecurity factors that a committee should consider to prudently select and monitor the recordkeeper for its plan.

Information about the recordkeeper’s standards, practices and policies
Information about the recordkeeper’s track record, including the way it handled any past security incidents and breaches
Suggested provisions to include in the service agreement

Reish and Neri also explained other provisions that the DOL suggests an agreement with a recordkeeper should contain, such as those relating to confidentiality, response to cybersecurity breaches and compliance with privacy and security laws.

The full article is available for PLANADVISER subscribers.

Meet the Authors

Fred Reish

Partner

+1 310 203 4047

Los Angeles

fred.reish@faegredrinker.com

Joan M. Neri

Counsel

+1 973 549 7393

Florham Park

joan.neri@faegredrinker.com

Related Legal Services

Benefits & Executive Compensation Investment Management Investment Management Compliance Investment Advisers Financial Services ERISA

Related Industries

Financial Services Investment Funds & Management