Insurance for Your Company Retirement Plan: ERISA, Fiduciary, Cyber

Employee benefit plan sponsors often don’t know which insurance is required for their company’s retirement plans — or how much they need.

Generally, there are three insurance types plan sponsors or committees should consider for their retirement plans:

• ERISA bonds,
• Fiduciary liability insurance, and
• Cyber liability insurance.

Although ERISA only requires ERISA bonds, there are many other risks associated with offering and operating a retirement plan. Plan sponsors or committees may want to obtain information and quotes for fiduciary liability insurance and cyber liability insurance to further protect themselves against unintentional liability exposure as plan fiduciaries.

Learn about the three insurance options for company retirement plans, what they cover, and their estimated costs.

Types of insurance available to company retirement plan sponsors

ERISA bonds

ERISA bonds are required for all plans with over $100,000 in plan assets. The U.S. Department of Labor requires plan sponsors to purchase ERISA bond coverage equal to 10% of the plan assets or $500,000, whichever is less. If the plan is an employee stock ownership plan, $1 million of coverage is required.

ERISA bonds protect the retirement plan from theft or embezzlement and covers dishonest or fraudulent acts by people handling plan assets, such as plan administrators, trustees, or others with fund access.

ERISA bond policies are relatively inexpensive and can be purchased for multiple years in a single transaction. ERISA bonds should specifically mention the plan’s legal name, and the coverage amount is disclosed on the plan’s annual Form 5500.

Fiduciary liability insurance

Fiduciary liability insurance covers the members of the plan committee, company executives, and plan trustees should any liability result from the fiduciary acts of operating and monitoring the plan. Plan fiduciaries are held to the “prudent man rule” and must act in the best interest of plan participants.

Although fiduciaries may act in good faith performing their duties overseeing the plan, there may be instances where fiduciaries’ decisions negatively affect the plan and they may become personally liable. Providing plan committee members or trustees with such protection will likely result in more individuals willing to serve on the committee.

Common examples of events that could result in fiduciary liability include:

• Failure to properly monitor service providers,
• Failure to verify the plan is operating according to provisions outlined in the plan document and adoption agreement,
• Investment underperformance that might have been mitigated by proper monitoring and prudent replacement of underperforming investments, and
• Failure to use plan forfeitures on a regular basis according to plan document provisions.

Fiduciary liability insurance costs and requirements

Fiduciary liability policies are more expensive than ERISA bonds and are generally renewed annually. The fiduciary liability policy should mention the plan’s legal name, any formally designated committees, and fiduciaries covered under the policy.

Fiduciary liability policies are not disclosed on Form 5500. Fiduciary liability insurance premiums range from $1,000 to $10,000 annually for small- and medium-sized plans. Large companies or companies with more complex plans will likely pay higher premiums.

Insurance premiums are based on several factors, including:

• Plan size (assets under management and number of participants)
• The level of fiduciary responsibility (e.g., whether the plan is managed in-house or has outsourced administration)
• Claims history (past lawsuits or issues with the retirement plan)
• Company size and industry
• Risk profile of the fiduciaries involved in plan oversight

Cyber liability insurance

More recently, cybersecurity has become a heightened concern for retirement plans, prompting the labor department to issue guidance. As more plan and employee data is maintained and transmitted digitally between plan sponsors and service providers, the chances of a cyberattack increase.

Cyber liability insurance helps protect retirement plans from risks associated with data breaches or cyberattacks. Common cyber threats include:

• Intercepting employee data sent over email or less secure transmission methods,
• Cyberattacks of plan sponsor enterprise resource systems containing employee data that could be used to access retirement plan accounts, and
• Cyberattacks of service provider systems containing employee demographic data and retirement plan balance information.

Cyber liability insurance costs and requirements

Cyber liability policies are more expensive than ERISA bonds and fiduciary liability policies and are renewed annually. The policy should mention the plan’s legal name.

Cyber liability policies are not disclosed on Form 5500. Cyber liability insurance premiums range from $1,000 to $10,000 annually and insurance premiums are based on several factors, including:

• Company size and industry
• Amount of personal data handled (sensitive retirement plan data, including financial info)
• Security measures in place (whether you have strong cybersecurity protocols or recent breaches)
• Plan’s online functionality (whether participants can manage their accounts online)

Cyber liability insurance considerations regarding service providers

Due to the interplay between the plan sponsor’s data and systems and the data housed by service providers, plan sponsors should consider their risks and mitigating controls along with their service providers’ risks and controls. Find out if your service providers have cyber liability coverage and what their policies cover.

How CLA can help with insurance considerations for company retirement plans

CLA has decades of experience helping companies with their employee benefit plans and is a national leader in performing benefit plan audits. Our deep capabilities can help you improve your plan oversight by advising on requirements, service providers, and insurance.

While insurance can help protect your plan and its fiduciaries, ongoing fiduciary education and risk monitoring are both vitally important. Reach out to get help strengthening your plan.

Contact us

Consider insurance to protect your company’s retirement plan. Complete the form below to connect with CLA.