According to WealthManagement.com, the Securities and Exchange Commission (SEC) announced its 2021 examination priorities list, which included cybersecurity, and the Department of Labor (DOL) released cybersecurity guidance for retirement plans. Benefits and executive compensation partner Sarah Bassler Millar discussed what this means for plan fiduciaries.
The DOL’s guidance describes best practices for plan-service providers, but the agency doesn’t have the authority to regulate these providers, explained Bassler Millar. Consequently, the guidance for service providers is a way for the DOL to regulate fiduciary advisers without formally regulating them.
Given the focus of the SEC and DOL on cybersecurity, Bassler Millar further noted that there is a role for advisers to ensure that clients are aware of the new guidance and the implications. Advisers can also coordinate a review of a plan’s cybersecurity practices, but she cautioned, “The challenge is that to be effective in that role, advisers will want to educate themselves to some degree about cybersecurity terminology and standards.”
“It may be appropriate to partner with experts or those who can do the heavy lifting on things, such as reviewing SOC 2 reports to assess the extent to which a recordkeeper or a trustee has appropriate cybersecurity practices in place,” Bassler Millar added.