In “Not If, But When” and “You May Be the Last Line of Defense,” the American Society of Pension Professionals & Actuaries (ASPPA) recapped what Los Angeles benefits and executive compensation partner Heather Bader shared in two sessions she presented at the 2022 ASPPA Annual Conference.
In the session titled “EPCRS! You Made a Mistake — What’s Next?,” Bader explained that “plan sponsors are finding ways other than the VCP [Voluntary Correction Program] to correct errors.” She outlined the consequences of a plan not adopting a defined benefit restatement by July 31, 2020, qualifications a plan must satisfy for self-correction to be available, and factors to be considered in self-correction.
Bader warned that it’s not enough to just address an error for which one may need self-correction procedures or the VCP. What is often missed is “this little thing that you’re not supposed to do it again,” she said, also stressing that one really should try to prevent the error from happening in the first place.
In the session titled “Cyber Cyphers: Tips, Tricks and Practice Shifts that Can Keep Your (Plan) Data Safe,” Bader offered strategies to help prevent cyber criminals from stealing data and revenue. When there is a cybersecurity breach, Bader said her firm wants to know what happened, who failed and what was in place to prevent it. If there are policies in place but they are not followed, “that’s a problem,” she added.
Bader noted that the United States Department of Labor is asking questions about cybersecurity, and their interest is not limited only to what plans are doing; it also extends to service providers. “It’s not just the plan sponsor’s responsibility,” she said.