September/October 2021

Cybersecurity Considerations: How to Select and Monitor Recordkeepers


In a coauthored article for PLANADVISER, benefits and executive compensation partner Fred Reish and counsel Joan Neri answered a question from a registered investment adviser (RIA) regarding the Department of Labor’s (DOL) guidance on fiduciaries’ responsibilities regarding service provider cybersecurity practices.

The RIA, who assists 401(k) plan committees in selecting and monitoring recordkeepers and in searching for new recordkeepers, asked Reish and Neri, “What do I need to know to assist the committees?”

The authors provided an overview of the DOL cybersecurity guidance and outlined three categories of cybersecurity factors that a committee should consider to prudently select and monitor the recordkeeper for its plan.

  1. Information about the recordkeeper’s standards, practices and policies
  2. Information about the recordkeeper’s track record, including the way it handled any past security incidents and breaches
  3. Suggested provisions to include in the service agreement

Reish and Neri also explained other provisions that the DOL suggests an agreement with a recordkeeper should contain, such as those relating to confidentiality, response to cybersecurity breaches and compliance with privacy and security laws.

The full article is available for PLANADVISER subscribers.

The Faegre Baker Daniels website uses cookies to make your browsing experience as useful as possible. In order to have the full site experience, keep cookies enabled on your web browser. By browsing our site with cookies enabled, you are agreeing to their use. Review Faegre Baker Daniels' cookies information for more details.