Using Operational Controls to Mitigate Fiduciary Risk

By Josh Shapiro and Kristin Lee

In recent years, there has been substantial litigation involving claims of plan sponsors breaching their fiduciary duty, underscoring the need for employers and plan committees and boards to have sound policies and procedures in place. One of the best ways to mitigate fiduciary risk is to ensure that there are strong operational controls. Proper controls help ensure your plan stays in compliance and guards against potential lawsuits or accusations of fraud. Whether the operational controls involve internal procedures or hiring external service providers, a strong emphasis on documentation of processes, procedures, and decisions is essential.

There are several ways a plan sponsor can reduce risk and liability through internal controls, beginning with developing a process to review plan documents at least annually. Most operational problems occur when a plan sponsor does not maintain the plan’s governing documents and service agreements or fails to follow their provisions. A member of the human resources or payroll department should be involved in reviewing plan documents to help ensure payroll procedures reflect the policy and processes required.

Some of the more common problems occur in compensation and eligibility definitions, deferral deposit instructions, and improper loans or distributions from the plan. For compensation and eligibility, plan sponsors need to make sure they understand the definition of each and have a plan in place to review all new hires’ compensation and eligibility at a maximum of 45 days after their start date. This is especially true for rehires, as their eligibility may vary based on plan document definitions. Plan sponsors should also periodically review deferral deposits by sampling employees’ elections to make sure they have been followed accurately. Implementing specific procedures and other controls can also aid in maintaining accuracy and consistency.  For distributions and loans, there should be a documented procedure for approval and designated approvers must be up to date on current regulations. By reviewing these documents at least annually and having proper procedures in place, the plan sponsor is ensuring that the plan does not go on “auto-pilot.”

Many plan sponsors have outsourced certain administrative and compliance functions to third-party service providers. These may include the recordkeeper, investment adviser, custodian, or payroll provider. The plan sponsor has ultimate responsibility for the operation of the plan even for functions that are outsourced. An effective selection and monitoring program of service organizations that perform recordkeeping and reporting services is essential and can reduce the risk that errors will go undetected. Third-party service providers are typically not fiduciaries to the plan, so errors that may occur within the actions or inaction of a third party will ultimately fall under the plan sponsor’s responsibility to monitor.

Even if no fraud is occurring, there needs to be controls that monitor “red flags” and put steps in place to prevent fraudulent activity. One way plan sponsors can and should do this is by reviewing and reconciling reports provided by third-parties, such as recordkeepers, with participant accounts. Plan sponsors should also review fee arrangements and thoroughly understand expenses paid by the plan as outlined within the service arrangement. Finally, plan sponsors should monitor who has access to data relating to the plan or participant accounts. Plan sponsors should continually be asking “does this seem reasonable?” when reviewing third-party service providers.

If a plan sponsor is unsure of whether their plan is in compliance, performing a regular plan audit will assist in discovery and any operational issues. The plan’s operational controls should be taken seriously, and plan sponsors should invest the time and resources necessary to understand their fiduciary responsibilities. Regulations governing retirement plans are constantly changing, which can make it hard for plan sponsors to know when they are out of compliance. Plan sponsors that document processes, procedures, and decisions will improve their controls and ultimately mitigate risk of non-compliance, fraud, and potential litigation.