Retirement plan advisors have to constantly be looking over their shoulders for the latest hacker.
In order to protect their clients, Karen Roberts, vice president of plan operations and compliance at CBIZ Retirement Plan Services, said plan advisors need to realize the potential problems that could arise.
“It is important for plan advisors to have a feel for the potential risks,” Roberts said in an interview yesterday. In that way, they can help the clients safeguard themselves. “Actions the advisor takes can cement the relationship between the advisor and the plan sponsor.”
Advisors should protect themselves by documenting everything they do on the client’s behalf to guard against potential lawsuits if a plan does get hacked.
“Not documenting your actions can mean you do not get credit for the work you have done on behalf of the client,” added the vice president of CBIZ, a provider of financial, insurance and accounting services based in Cleveland. “The fiduciary who wins a lawsuit about a retirement plan that has been hacked is the one who has documented his or her efforts to protect the provider.”
One of the actions that can be taken is to require an annual audit. Even if the retirement plan does not require an annual plan audit, plan fiduciaries should still conduct their internal reviews and cybersecurity due diligence activities, as the Department of Labor may choose to randomly audit the plan and will likely look for documentation, she said.
Roberts recently developed a checklist of best practices for plan fiduciaries to make sure they are doing what they can to safeguard their clients’ plan information. The checklist also can act as a roadmap to best practices in protecting retirement benefits and personal information.
She reminded plan providers that the Department of Labor recently began audits of retirement plans to determine how plan sponsors and administrators are addressing cybersecurity risks. It is important that plan sponsors and fiduciaries ensure sufficient policies are in place to protect the data, she added.
“Most retirement plan providers are becoming proactive in their cybersecurity efforts,” Roberts said. “Clients appreciate their advisors being proactive. They are going to want to know what you have done for them.”
Participants also have responsibilities to make sure they change passwords frequently, make sure they signoff when a task is completed and watch for any requests for changes in phone numbers or other information, she said.