Compliance April 14, 2021

DOL Issues Cybersecurity Guidance

The guidance, which is the first of its kind, includes best practices and tips for protecting retirement benefits.

Reported by


The U.S. Department of Labor (DOL) has released new guidance for plan sponsors, plan fiduciaries, recordkeepers and plan participants on best practices for maintaining cybersecurity, including tips on how to protect the retirement benefits of America’s workers. This is the first time the DOL’s Employee Benefits Security Administration (EBSA) has issued cybersecurity guidance.

As of 2018, the EBSA estimates that there are 34 million defined benefit (DB) plan participants in private pension plans and 106 million defined contribution (DC) plan participants with combined assets of $9.3 trillion. The agency notes that without sufficient protection, these participants and assets may be at risk from internal and external cybersecurity threats.

For more stories like this, sign up for the PLANADVISERdash daily newsletter.

The DOL also noted that the Employee Retirement Income Security Act (ERISA) requires plan fiduciaries to take appropriate precautions to mitigate these risks.

The guidance comes in three forms.

The first piece of guidance is tips for hiring a service provider with strong cybersecurity practices and monitoring their activities. The EBSA recommends asking about a service provider’s security standards, practices and policies, as well as evaluating its track record in the industry.

The second piece of guidance lays out cybersecurity program best practices to help plan fiduciaries and recordkeepers stay on top of their responsibilities to manage cybersecurity risks. The best practices include having a formal, well-documented cybersecurity program; conducting annual risk assessments; clearly defining roles and responsibilities; and conducting periodic cybersecurity awareness training.

Lastly, the DOL issued online security tips aimed at plan participants and beneficiaries who check their retirement accounts online; they are basic rules to reduce the risk of fraud and loss, such as being wary of public WiFi and using strong, unique passwords.

“The cybersecurity guidance we issued today is an important step towards helping plan sponsors, fiduciaries and participants to safeguard retirement benefits and personal information,” said Acting Assistant Secretary for Employee Benefits Security Ali Khawar. “This much-needed guidance emphasizes the importance that plan sponsors and fiduciaries must place on combatting cybercrime and gives important tips to participants and beneficiaries on remaining vigilant against emerging cyberthreats.”

In March, the Government Accountability Office (GAO) called on the DOL to issue cybersecurity guidance, saying it failed to clarify fiduciary responsibility for mitigating cybersecurity risks and establish minimum expectations for protecting personally identifiable information and plan assets.

Even before the release, the shift to remote work in the past year in response to the coronavirus pandemic has raised concerns for plan advisers and plan sponsors about cyberattacks, as well as questions about whose responsibility it is to protect participant and plan data. In response, those in the financial advisory industry have increased their cybersecurity measures, especially as more firms have faced lawsuits. Plan sponsors are also being warned of a rise in retirement plan litigation related to cyberhacks.

Compliance April 14, 2021

Gary Gensler Confirmed by Full Senate Vote as SEC Chair

He takes the helm at the Securities and Exchange Commission during a key time of transition and reflection for the market regulator, which is engaged in multiple important projects affecting advisers’ and brokers’ practices.

Reported by

The full U.S. Senate voted 53 to 45 Wednesday to approve President Joe Biden’s nomination of Gary Gensler as chairman of the U.S. Securities and Exchange Commission (SEC).

Never miss a story — sign up for PLANADVISER newsletters to keep up on the latest retirement plan adviser news.

This development was expected by Washington watchers, but its timing had remained more or less unclear until shortly before the vote happened—underscoring the time crunch that has become synonymous with the operation of the U.S. Senate. Case in point, Gensler’s vote was squeezed between debates about legislation to address the rise in anti-Asian hate crimes across the U.S., the withdrawal of U.S. troops from Afghanistan, the Biden administration’s infrastructure plan and various other matters demanding the Senate’s attention, including discussions about state-level voting restrictions and the potential for the U.S. to rejoin the Iran nuclear deal.

While the roll call Senate vote might have lacked in spectacle, it was nonetheless an important development for the financial advisory and brokerage industries.

Gensler takes the helm during a period of transition for the SEC, as evidenced by the recent publication of the regulator’s 2021 list of examination priorities. One of the top priorities on the list is making sure firms are complying with the relatively new Regulation Best Interest (Reg BI) and the related Department of Labor (DOL) fiduciary rule. Also notable is the division’s enhanced focus on climate change and its impact on equity market participants. The SEC also said it will prioritize cybersecurity, operational resiliency and the ongoing proliferation and development of financial technology innovations, including digital assets. Notably, the 2021 priorities list links the publication of disaster-related and climate change-related data to this examination priority.

All of these matters came up during Gensler’s early March confirmation hearing before the Senate Committee on Banking, Housing and Urban Affairs. That hearing can only be described as contentious, due in part to the fact that it was held as a rare joint hearing also featuring the Biden administration’s nominee to head the Consumer Financial Protection Bureau (CFPB), Rohit Chopra. Democrats used the hearing to speak about issues of racial and wealth inequality exacerbated by the pandemic, while Republicans focused squarely on the potential of government overreach, as well as Chopra and Gensler’s records of working on consumer advocacy issues.

Responding to questions asked by the committee’s Republican members, Gensler said he will be very focused on the concept of “materiality” in any work he does to create new disclosure requirements for environmental, social and governance (ESG) investing. He also said he would focus on the importance of promoting disclosures about the racial and gender diversity of the leadership of publicly traded companies, again keeping the concept of materiality front and center.

Responding to related questions from Democrats and Republicans, Gensler committed to reviewing the SEC’s recent regulatory actions regarding the proxy voting marketplace, suggesting that proxy voting advisory firms have an important role to play in supporting institutional investors and pension funds.

Gensler was further questioned about the possibility of requiring public companies to disclose political donations made in the normal course of business. Several of the committees’ Democrats suggested that corporate executives often use company funds to make donations in the name of their company which also happen to benefit themselves as private citizens.

“Accurate and relevant disclosures are critical to investors and markets in the promotion of capital formation,” Gensler said. “I cannot prejudge specific issues, but, as I’ve said, I will be firmly grounded in the concept of materiality when considering what type of disclosures may be required. I will say that investors rightly want to know what the companies they own are doing in the political arena. There is very strong investor interest in this information.”

«