Compliance February 15, 2019

GAO Asked to Examine Retirement System Cybersecurity

In a letter to the Government Accountability Office (GAO), lawmakers said retirement savings are "a tempting target for criminals who could hack into plans and individuals’ accounts to access information, commit identity fraud, and steal retirement savers’ nest eggs."

Reported by

Senator Patty Murray, D-Washington, Ranking Member of the Senate Health, Education, Labor, and Pensions (HELP) Committee, and Congressman Bobby Scott, D-Virginia, Chairman of the House Committee on Education & Labor, sent a letter to Gene Dodaro, Comptroller General of the U.S. Government Accountability Office (GAO), requesting that the GAO examine the cybersecurity of the retirement system.

The letter identifies 10 questions the lawmakers would like the GAO to answer, following its examination.

Never miss a story — sign up for PLANADVISER newsletters to keep up on the latest retirement plan adviser news.

“Retirement savings held in defined contribution plans, like 401(k) plans, have grown steadily in recent years, reaching over $5 trillion in 2017. These savings, the new methods of connecting savers with their retirement plans, and the digital interactions between the plans and their service providers hold great promise for both increasing financial literacy and improving financial security for retirement. At the same time, they are also a tempting target for criminals who could hack into plans and individuals’ accounts to access information, commit identity fraud, and steal retirement savers’ nest eggs. It is important that workers and retirees know their savings are in fact safe, and that a cyberattack will not throw the retirement they have spent years working and planning for into jeopardy,” they wrote.

According to Summer Conley, partner in the Los Angeles office of Drinker Biddle & Reath LLP, and Michael Rosenbaum, a partner in the firm’s Chicago office, the Employee Retirement Income Security Act (ERISA) regulation governing electronic disclosure of plan communications requires that plan fiduciaries take “appropriate and necessary” steps designed to make sure the electronic system for providing plan information protects the confidentiality of personal information and includes measures designed to prevent unauthorized access to it. Thus, a retirement plan committee has an obligation to protect participant information provided through an electronic system.

The ERISA Advisory Council asked the Department of Labor (DOL) to provide guidance on how plan sponsors should evaluate the cybersecurity risks they face and to require them to be familiar with the various security frameworks used to protect data as well as to build a cybersecurity process.

A new Aon plc report highlights that as companies continue to use technology to speed up the transfer of information, not only are game-changing business opportunities created, but so is increased cyber risk.  The Segal Group has recommended steps defined contribution (DC) plan sponsors can take to hedge against cybersecurity risk.

At least one DC plan provider, John Hancock Retirement Plan Services (JHRPS), offers a Cybersecurity Guarantee to reimburse eligible participants for unauthorized transfers from their 401(k) retirement accounts.
Compliance February 15, 2019

Comment Deadline Arrives for NAIC Annuity Sales Best-Interest Rule

The standard-setting and regulatory support organization governed by the chief insurance regulators of all 50 states set today as a deadline for industry comments on the latest draft of a model best-interest suitability standard applying to annuity sales.

Reported by

February 25th was the deadline set by the National Association of Insurance Commissioners (NAIC) for industry comments on its proposed revisions to the current “suitability” standard governing the sale of annuity products—revisions that NAIC officials say would effectively establish a national “best interest” suitability regime.

NAIC is the U.S. standard-setting and regulatory support organization created and governed by the chief insurance regulators from the 50 states, the District of Columbia and five U.S. territories. Through the NAIC, state insurance regulators establish standards and best practices, conduct peer reviews, and coordinate their regulatory oversight.

Want the latest retirement plan adviser news and insights? Sign up for PLANADVISER newsletters.

According to attorneys with Stradley Ronon, the outcome of the NAIC’s model rulemaking process is one of the top regulatory issues for the insurance, advisory and brokerage industries in 2019. For its part, NAIC has made it a goal to finish its work on a model best-interest standard this year. On the NAIC website, it is further noted that the Annuity Suitability Working Group will also consider other ways to “promote greater uniformity across NAIC-member jurisdictions.”

In commentary shared with PLANADVISER, Stradley Ronon attorneys note that the working group tasked with revising the NAIC’s model suitability rule for the sale of annuity products was hard at work throughout 2018 and early 2019, seeking to replace its current “suitability” standard for the sale of annuity products with a rule that would apply a “best interest” standard.

“The committee faced great debate among NAIC members regarding among the future of the model rule,” the attorneys explain. “With states like New York and California leading the charge, the NAIC was pressured to adopt a rule that, like New York’s regulation, would impose a best interest standard for the sale of both annuity and life insurance products. Other states have pushed back, arguing that such an approach goes too far and would be unlikely to pass in many state legislatures. Because the NAIC is working to harmonize its advice standards with those of the Securities and Exchange Commission, it is unlikely that NAIC will have its final model rule promulgated until after the SEC finalizes its rule. The future of the NAIC’s model regulation will continue to be a hot topic of debate in 2019.”

The minutes published after the last national meeting of NAIC officials—held in November 2018—illustrate the process the regulatory organization has put in place to attempt to craft its model suitability rule in an open and transparent way. Interestingly, the meeting minutes present in significant detail the various points of debate and discussion that led to the current proposed draft, especially on the point of whether life insurance sales activity should be included. The minutes also highlight the actual language revisions made to the latest draft of the model suitability rule. As noted by the Stradley Ronon attorneys, insurance commissioners from New York and California played a leading role in crafting some of the key sections of the model suitability rule, though other states pushed back on their more progressive counterparts in some key areas. 

As of Friday, NAIC had not published a full index of the latest round of industry comment letters, but previous rounds of commentary are available on the working group’s landing page on the NAIC website, under the “related documents” tab.

«