INSIGHT ARTICLE |
Authored by RSM US LLP
The Department of Labor is working on a guidance package addressing cybersecurity issues as they relate to plan sponsors and third-party providers.
Tim Hauser, deputy assistant secretary for the department’s Employee Benefit Security Administration, has indicated that we should expect enhanced investigations from the department of various cybersecurity programs in order to confirm that plan sponsors are hiring service providers who facilitate effective cybersecurity practices.
Hauser also indicated that the forthcoming guidance would be informal, rather than a formal notice and comment.
Plan sponsor considerations
The department expects certain questions regarding the hiring of a Third Party Administrator (TPA) or record keeper (RK), including:
- What practices and policies do the service providers have to ensure their systems are secure?
- Does the service provider undergo regular third-party audits by an independent entity?
- How does the third party validate its systems cybersecurity?
- Is there any history of cybersecurity incidents? If so, what is the TPA’s and RK’s track record?
- What did the TPA and RK learn from any prior incidents, and how have they improved their defensive processes?
- Do they indemnify their clients in the event of security system breaches that result in losses?
- Do they have insurance policies to make a victimized business whole and cover breaches, or do they have all sorts of waivers and exculpatory clauses in their contracts?
In the event a security breach is identified and an offender has achieved access to confidential information, the plan sponsor should produce a documented response, which includes notifying law enforcement, the FBI, the plan and its participants.
Once an official final guidance package is made available, we will share that information with you.
Do you have questions or want to talk?
Call us at (800) 232-9547 or fill out the form below and we’ll contact you to discuss your specific situation.
This article was written by RSM US LLP and originally appeared on 2021-02-15.
2020 RSM US LLP. All rights reserved.
https://rsmus.com/what-we-do/services/wealth-management/services-we-offer/retirement-plan-advisory/cybersecurity-issues-for-plan-sponsors.html
The information contained herein is general in nature and based on authorities that are subject to change. RSM US LLP guarantees neither the accuracy nor completeness of any information and is not responsible for any errors or omissions, or for results obtained by others as a result of reliance upon such information. RSM US LLP assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect information contained herein. This publication does not, and is not intended to, provide legal, tax or accounting advice, and readers should consult their tax advisors concerning the application of tax laws to their particular situations. This analysis is not tax advice and is not intended or written to be used, and cannot be used, for purposes of avoiding tax penalties that may be imposed on any taxpayer.
RSM US Alliance provides its members with access to resources of RSM US LLP. RSM US Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each are separate and independent from RSM US LLP. RSM US LLP is the U.S. member firm of RSM International, a global network of independent audit, tax, and consulting firms. Members of RSM US Alliance have access to RSM International resources through RSM US LLP but are not member firms of RSM International. Visit rsmus.com/aboutus for more information regarding RSM US LLP and RSM International. The RSM(tm) brandmark is used under license by RSM US LLP. RSM US Alliance products and services are proprietary to RSM US LLP.
Insero & Co. CPAs, LLP is a proud member of RSM US Alliance, a premier affiliation of independent accounting and consulting firms in the United States. RSM US Alliance provides our firm with access to resources of RSM US LLP, the leading provider of audit, tax and consulting services focused on the middle market. RSM US LLP is a licensed CPA firm and the U.S. member of RSM International, a global network of independent audit, tax and consulting firms with more than 43,000 people in over 120 countries.
Our membership in RSM US Alliance has elevated our capabilities in the marketplace, helping to differentiate our firm from the competition while allowing us to maintain our independence and entrepreneurial culture. We have access to a valuable peer network of like-sized firms as well as a broad range of tools, expertise, and technical resources.
For more information on how Insero & Co. CPAs can assist you, please call (800) 232-9547.