The Employee Retirement Income Security Act (ERISA) requires coverage to protect the plan from losses due to fraud and dishonesty.
There are three main types of bond coverage for retirement plans: fidelity bonds, fiduciary liability insurance, and cyber liability insurance. Not all three coverages are required, but understanding what is available and what they cover will help you determine the best protection for your plan.
ERISA Fidelity Bond
An ERISA fidelity bond protects the plan against losses caused by acts of fraud or dishonesty—such as theft, embezzlement, and forgery—by those who handle plan funds or other property. These funds or property are used by the plan to pay benefits to participants. This includes plan investments such as land, buildings, and mortgages. It also includes contributions received by the plan and cash or checks held to make distributions to participants. A person is considered to “handle” plan funds if their duties could cause a loss due to fraud or dishonesty, either by acting alone or in collaboration with others. Per the U.S. Department of Labor (DOL), handling refers to the following:
- Physical contact with cash, checks or similar property;
- Power to transfer funds from the plan to oneself or to a third party;
- Power to negotiate plan property (mortgages, title to land and buildings or securities);
- Disbursement authority or authority to direct disbursement;
- Authority to sign checks or other negotiable instruments; or
- Supervisory or decision-making responsibility over activities that require bonding.
Bond coverage is required for most ERISA employee benefit plans and the amount of coverage is reported on your plan’s Form 5500. The minimum coverage is 10% of prior year plan assets but not less than $1,000. The maximum bond amount is $500,000, or $1,000,000 for plans that hold employer securities. Bonding requirements do not apply to plans that are not subject to Title 1 of ERISA, such as church or governmental plans. Some regulated financial institutions (certain banks and insurance companies, for example) are exempt if they meet certain criteria.
The fidelity bond can be part of your company’s umbrella policy or can stand alone. In either case, the plan must be named and there can’t be a deductible. If your fidelity bond is less than $500,000, including an inflation guard will automatically increase the value of the fidelity bond to cover the growing plan assets so you will always have adequate coverage. It should be noted that the fidelity bond is different than the employee dishonesty bond that may be in effect for your company. While both provide coverage in the case of fraud, the fidelity bond provides protection for the plan, whereas the employee dishonesty bond protects the employer.
Fiduciary Liability Insurance:
Fiduciary liability insurance covers fiduciaries against losses due to a breach of fiduciary responsibility. A fiduciary is defined by the DOL as any of the following:
- Persons or entities who exercise discretionary control or authority over plan management or plan assets.
- Anyone with discretionary authority or responsibility for the administration of a plan.
- Anyone who provides investment advice to a plan for compensation or has any authority or responsibility.
Examples of fiduciaries include plan trustees, plan administrators, and members of the plan’s investment committee. A fiduciary is in a position of trust with respect to the participants and beneficiaries in the plan and is responsible to act solely in their interest, provide benefits, defray reasonable expenses, follow the plan document, and diversify plan investments. The fiduciary must act with care, skill, prudence, and diligence. This bond is not required but can provide protection to the fiduciaries.
Cyber Liability Insurance:
Cyber liability insurance for the plan provides protection from covered losses and expenses in the event of a cyber breach. Your service provider’s insurance may not cover your plan for all losses, so the plan may want to consider its own policy. In May 2023 at the Plan Sponsor Council of America National Conference, DOL Assistant Secretary Lisa Gomez mentioned the importance of cybersecurity. She stressed that many employers may have cyber liability insurance for the company and assume that it covers the plan, but the fine print in the policy clarifies that it does not cover the company in its capacity as a plan sponsor.
In 2021, the DOL issued cybersecurity guidance for plan sponsors, plan fiduciaries, record-keepers, and plan participants. The guidance, which is still very relevant, included the following:
- Tips for hiring a service provider: Includes questions to ask when choosing a service provider to ensure they follow strong cybersecurity practices.
- Cybersecurity Program best practices: Suggestions of practices and procedures that plan fiduciaries and record-keepers should have in place for risk assessments, secure data storage, cybersecurity training, and incident response.
- Online Security Tips: Ways that plan participants can reduce the risk of fraud.
You can access the full news release here: https://www.dol.gov/newsroom/releases/ebsa/ebsa20210414
Things can happen outside of the control of the plan sponsor. Check with your service providers to determine the type of coverage your plan needs to be protected.