Advisers’ Leading Role in Cybersecurity

It is important to ask what cybersecurity means to retirement plan service providers and fiduciary advisers—and what steps they can take to ensure the safety of participant assets and data.

Art by Carol Rollo


In the last decade, plan sponsors and participants have benefited in many ways from the greater use digital communications technologies. Thanks to the connectivity made possible by the Internet, it is now easier than ever for participants and sponsors to quickly access important plan information or enact changes.

At the same time, experts warn, the rapid introduction of digital communications in the financial services space means cybersecurity has become a top issue, one which is not necessarily receiving a sufficient amount of attention.  

For more stories like this, sign up for the PLANADVISERdash daily newsletter.

This is why, in late in 2018, the ERISA Advisory Council requested guidance from the Department of Labor (DOL) on how employers should evaluate cybersecurity risks. The Council also asked that plan providers build a formal cybersecurity protection process and ensure all staff understand how these defenses work. Joining the Council, in February, federal lawmakers sent a letter to the U.S. Government Accountability Office (GAO), asking the research agency to examine cybersecurity deficiencies in the U.S. retirement industry.

Reflecting on how the cybersecurity topic impacts plan advisers, George Sepakos, principal at Groom Law Group, points out that the work of advisers today goes far beyond just giving investment advice. Instead, today’s plan advisers are commonly providing general financial wellness education and giving advice on money that resides outside the retirement plan. This means advisers and their clients are sharing more and more data through a growing number of potentially at-risk pathways. Advisers must be aware of this fact and take proactive measures to monitor the security of data transfers and sensitive information repositories. 

Apart from ensuring that they are meeting their own responsibilities, Sepakos says, advisers can help sponsors create incident response plans should there ever be a security breach in their online platforms.

Allison Itami, who also works as a principal at Groom Law Group, says the level of cybersecurity care demanded of a service provider to an ERISA-covered retirement plan will depend on the specific services being provided. For example, if a given entity is solely advising on the investment side at the plan level and is not interacting with individual participants in a fiduciary capacity, then monitoring cybersecurity may be a more straightforward matter.

“It would be the fiduciaries who have control over the participant data management and discretion over assets that would have to be most concerned with cybersecurity,” she explains. “When we talk about cybersecurity for fiduciaries, we’re talking about a general duty under ERISA’s prudence standards.”

Advisers anecdotally say that the topic of cybersecurity is becoming very prevalent in the request for proposal process—as plan sponsors seek new advisers, recordkeepers and other service providers. Advisers wanting to learn more about cybersecurity and the RFP process can turn to the SPARK Institute, which recently published a list of best practices that it says providers should use to report cybersecurity capabilities to plan sponsors and plan consultants. Another resource is the American Institute of Certified Public Accounts’ Employee Benefit Plan Audit Quality Center, which recently released guidance on protecting employee benefit plan records.

Advisers can also learn from the large-scale providers that are already taking steps to reinforce cybersecurity and safeguard participant and plan data. In 2018, Milliman introduced an account lock feature on its benefits participant portal, designed to allow participants to halt withdrawals and loan transactions. Earlier that year, John Hancock Retirement Plan Services offered reimbursements for eligible participants on unauthorized transfers made from 401(k) accounts. Some companies also already utilize proactive analytics to protect participants before they are subject to online threats.

At Voya Financial, predictive data is utilized to help look for potentially fraudulent activity, says Charlie Nelson, CEO of retirement and employee benefits.

“We use machine learning algorithms to identify suspicious account activities—transactions, customer interactions or profile changes—to help protect against fraudulent account takeovers and elder financial abuse,” he says. “We live in a world where all forms of financial services companies offer digital access to products and accounts. We believe that plan providers, plan sponsors and plan participants need to share in the responsibility to do everything we can to keep account information safe.  The more eyes we have on protecting accounts, the better we can protect information.”

Litigation Financing Could Drive 10b-5 Lawsuits

Attorneys suggest that litigation financing is not a common practice in ERISA lawsuits, but complaints filed under SEC Rule 10b-5 are a different matter.
Art by Wesley Allsbrook

Art by Wesley Allsbrook


According to Validity Finance, generally the terms “litigation funder” or “litigation financier” describe a privately held or publicly traded entity that has its own pool of capital earmarked to invest in litigation. While all litigation funders will take a cut of winnings or impose some other type of fee as their compensation for the risk of their investment, how a funder accesses the initial capital can vary widely.

Some funders draw upon a dedicated investment fund, Validity’s leadership explains, while others rely on multiple investors to provide financial backing. Still others in the market find and investigate cases first and then attempt to raise the necessary capital from their network of sources through a process called “syndication.” 

Want the latest retirement plan adviser news and insights? Sign up for PLANADVISER newsletters.

While plan sponsor clients are less likely to see an impact from the growing use of litigation financing in corporate-focused tort lawsuits—given that damages in Employee Retirement Income Security Act (ERISA) lawsuits are paid to the plan rather than to individuals who could then turn around and pay a litigation financier a significant portion of the overall winnings—this does not mean financial advisers, broadly speaking, do not have to worry about the practice’s effects.

Jake Zamansky, principal at the securities-fraud-focused litigation firm Zamansky LLC, says it would be more likely for advisers or brokers to face third-party-funded litigation tied to Securities and Exchange Commission (SEC) Rule 10b-5. Rule 10b-5 is broadly structured to prohibit fraud, misrepresentation and deceit in the sale and purchase of securities. Importantly, in addition to the SEC’s enforcement rights, private citizens also have the right to file lawsuits against companies and individuals for violation of Rule 10b-5.

In the experience of David Levine and Kevin Walsh, principals at Groom Law Group, Chartered, litigation financing is uncommon in the ERISA domain. Both Walsh and Levine say they have not seen third parties funding any of the significant ERISA cases they have worked on or studied.

Other attorneys active in the ERISA space concur, but they note that one important caveat to keep in mind is that litigation financing firms commonly deploy nondisclosure agreements. This means it is theoretically possible that litigation funding has occurred in ERISA lawsuits without being disclosed, even if it’s not a popular strategy.

According to Validity Finance, which engages in litigation funding across a variety of industries, the process starts with a potential client sharing basic information about its proposed claims. Generally, the litigation funder will execute a nondisclosure agreement at this early stage and only then conduct an initial screening of the claims and an evaluation of the basic economics of a potential funding agreement.

Assuming the claims seem reasonable, the litigation funding firm will then conduct its full due diligence to confirm the strength of the claims. It is common for the litigation funding firm to ask for documentation from the potential client and any existing counsel.

From here, in Validity Finance’s case, a proposal is submitted to its investment committee for approval. Should the committee approve the proposal, litigation funding is then made available according to the terms of a privately negotiated contract.

While ERISA permits the payment of substantial attorney’s fees to the counsel that represents participant-plaintiffs, it is far from clear that a class representative could somehow compel an ERISA-covered retirement plan to pay some sizable portion of its overall recovered losses to a third-party financier. With this in mind, perhaps the most likely area in which litigation financing could be playing an undisclosed role in the ERISA domain would be a case where a firm such as Validity Finance is providing financial resources to the attorneys representing classes of participant-plaintiffs, rather than providing such support directly to the lead plaintiffs. Indeed, according to Validity’s leadership, law firms across the U.S. have begun to realize the power of “portfolio financing” and are engaging third parties to support their practices financially.

“If your firm has an existing group of cases or wishes to build a portfolio, we can help,” the firm’s website advertises. “Like other funders, we can finance up to half of the fee and cost budgets of a basket of cases. This frees up capital for the firm’s other financial needs.”

In this way, Validity’s model helps litigators spread their risk, and its investments are made in the firm not in the cases, meaning law firm management can choose to use capital for broader strategic purposes—such as hiring lateral lawyers, expanding offices into new markets or covering fixed-fee overruns.

Zamansky notes that his firm does not use litigation financing in retirement plan litigation and has no plans to.

“We prefer to select what we believe are very good cases and finance them ourselves,” he says. “For example, we are involved in the IBM case that was appealed to the Supreme Court. We won a decision recently in the 2nd Circuit and feel strongly that our case will prevail. I do think that litigation financing is playing a growing role for some firms when it comes to 10b-5 securities cases, though. They are potentially much larger-dollar cases.”

Litigation Financing and Discovery

Laina Miller Hammond and Wendie Childress, who serve in counsel roles at Validity Finance, both see litigation financing growing in commercial litigation in the U.S. According to the pair, given the growing use of litigation financing, deep-pocketed parties facing lawsuits use the discovery process as a delay tactic and to seek disclosure of confidential financing arrangements.

Allowing such discovery is irrelevant to the merits of the case and unduly burdens both courts and those litigants who avail themselves of financing, Hammond and Childress say, adding that courts across the country increasingly refuse to permit discovery of litigation financing documents. They say the courts have described the use of litigation financing as “a side issue at best.”

Notably, the U.S. District Court for the Eastern District of New York recently weighed in on this matter in Benitez v. Lopez. In short, the court held that litigation finance agreements are “not relevant to the litigation and should not be discoverable.” Hammond and Childress note that the defendants had argued they needed access to the funding agreement in order to understand “the motives behind it” and claimed that the existence of the agreement went “directly to plaintiff’s credibility and was grounds for impeachment at trial.”

In denying the motion, the court stated, “The financial backing of a litigation funder is as irrelevant to credibility as the plaintiff’s personal financial wealth, credit history or indebtedness. That a person has received litigation funding does not assist the fact finder in determining whether or not the witness is telling the truth.”

«