Video
CYBERSECURITY
Cybersecurity is an essential fiduciary obligation and requires collaboration among plan committees, human resources, and information technology.
Employers that provide retirement plans rely heavily on third parties to handle transactions, securely store participant data, generate statements, and adhere to IRS and Department of Labor rules.
The vendors that serve employee benefit plans present enormous complexities caused by subservice vendors, cybersecurity, and artificial intelligence. An efficient and effective third-party risk management approach is essential, from onboarding to ongoing tracking of mission-critical service providers.
Maintaining third-party risk management while
fostering trust
Using technology to meet Department of Labor demands and monitor third parties in real-time. Learn more about Cyber-ProtectRC.
In order to ensure that you may engage in safe and responsible interactions with third parties, we have configured our third-party risk management technology to assist you in managing the complete lifecycle from beginning to end.
Our Approach
Our team uses cutting-edge methods and tools to assist our clients in efficiently managing their risk exposure so they can correctly recognize, manage, and monitor the third-party risks that significantly affect their fiduciary duty.
Our tech-enabled third-party risk management programs are designed, developed, and carried out in partnership with our clients. We can assist you in using technology to recognize and rank high-risk vendors and transactions so that your team can concentrate on making strategic decisions and having the greatest impact on retirement plan operations.
Our third-party risk assessments demonstrate an employee benefit plan’s fiduciary committee’s intent to adhere to the sub-regulatory cybersecurity guidance issued by the U.S. Department of Labor.
The power of AI enables quicker analytics and more insightful testing.
- Assessment frameworks include the Employee Benefits Security Administration (“EBSA”) and the National Institute of Standards and Technology (“NIST”).
- Includes subcontractors to third parties.
- Automated vendor questionnaires and data gathering.
- Evaluates service providers’ cyber policies and practices.
- Reporting styled for plan fiduciaries and auditors.
- Updated quarterly.
Know instantly who to believe, what online threats you face, and where to get assistance.
- Monitors vendor’s cybersecurity status with automated event responses.
- Using AI we instantly determine your vendors’ risk scores.
- Benchmarks vendors against computer industry technical standards.
- Sets rule-based alerts.
- Builds a compliance trail for DOL audits.
- Quantifies vendor evaluation and retention decisions.
Practical Tip
Know Your ERISA Plan’s Cybersecurity Duty
The U.S. Department of Labor (“DOL”) is developing cybersecurity objectives for plan fiduciaries that form the basis for its plan audits. It’s likely that the DOL’s guidelines will…
MORE
Practical Tip
Data Security Policy Considerations
The federal government requires employee benefit plan sponsors to appreciate Personally Identifiable Information (“PII”) and to handle it securely. This is a fiduciary matter. The U.S. Department of Labor (“DOL”) maintains a regulation that requires employers to take appropriate measures that protect the confidentiality of personal information relating to the individual’s accounts and benefits. (ERISA Regulation Section 2520.104b-1(c)(1)(i)).
MORE
Practical Tip
The Remedy for Data Security Threats
The U.S. Department of Labor’s
Advisory Council on Employee Welfare and Pension Benefit Plans identified seven categories of practices that should be present in a prudent data security framework. Each category is discussed briefly in this…
MORE
