Fiduciary Perspectives on the Pandemic

Serving in a fiduciary capacity for a retirement plan is a severe enough duty under normal conditions. Workplace dislocations caused by the pandemic have made it tough for managers and executives to maintain a high level of vigilance on their retirement plan operations. Many are concerned that their plans’ compliance with standards of care may be shifting under the weight of the burdens caused by the COVID-19 situation.

There is one issue that will determine an employer’s risk status during the COVID-19 pandemic. It’s how its finance and human resources executives manage the emerging complex fiduciary challenges.

A Pandemic Action Plan for Human Resources

Fiduciary risk management is heavily dependent on a system of internal controls. Such controls help executives and managers that oversee retirement plans understand the risks they are exposed to and establish surveillance steps that counter threats.

An internal controls program, built around fiduciary standards of care, is essential for mapping the journey to fiduciary excellence. In today’s world, an ERISA based GRC system of internal controls is imperative for employers. Indeed, with proper internal controls practices in place, governance and investment-related risks discussed in this article can be simultaneously and proactively addressed.

A plan sponsor may put in place internal controls around the organization’s retirement plan management process by following three primary steps:

1. Conduct an Assessment

An assessment of current fiduciary practices identifies specific risks to the employer and their plan’s participants. It also reveals how to manage each threat category. ERISA lacks defined steps for this assessment. But plan sponsors can begin by downloading a set of best practice steps published through the Investment Fiduciary Leadership Council (a fiduciary standards organization), at iflcouncil.org.

2. Consolidate Key Data Sources

In order to have coherent and dependable internal controls for an ERISA plan, an enterprise must embrace all of the records and the sources needed during an assessment. Learn what documents are required and store them in a centralized space (electronically or physically) for ease of reference and updating. Necessary records include:

• The plan’s rule book (i.e., the “Plan Document”);
• Governance policies;
• Administration procedures;
• Investment decision making parameters;
• Minutes of fiduciary committee meetings;
• Recordkeeping/TPA vendor’s reports;
• Investments provider(s)’ reports; and
• Records archive.

3. Define Control Steps

Install specific tests to ensure that proper operations and management activities are carried out consistently across organizational and vendor boundaries. The criteria used in the testing process should embrace the following significant topics:

• Decision-making authorizations;
• Division of duties;
• Vendor selection and performance reviews;
• Physical access to premises and participant data; and
• Cybersecurity.

The use of a fiduciary risk management specialist to analyze a plan’s system of internal controls is a common approach used by excellent fiduciaries. What’s more, such an analysis is the best tool for meeting legal challenges to fiduciary conduct instigated by the pandemic. Seek help, if needed, if improvements to your plan’s internal controls are required.

Ask Roland|Criss