Legislative and Judicial Actions

Art by Gizem Vural

States Updating Annuity Standards

Virginia is the latest state to consider adopting a version of the model annuity transaction suitability framework finalized early last year by the National Association of Insurance Commissioners (NAIC). These rules establish the standards that an insurance agent or insurer must follow when recommending or selling an annuity to state consumers; the proposed amendments generally align with the enhanced suitability in annuity transactions model regulation the NAIC approved.

The NAIC is the country’s main standard-setting and regulatory support organization created and governed by the chief insurance regulators from the 50 states, Washington, D.C., and five U.S. territories. Through the NAIC, state insurance regulators establish standards and best practices, conduct peer reviews and otherwise coordinate their regulatory oversight.

Supporters of the updated NAIC best interest framework include the Insured Retirement Institute (IRI), which says the revised suitability model is appropriately consistent with the Securities and Exchange Commission (SEC)’s Regulation Best Interest (Reg BI). The NAIC model includes language that directly provides a regulatory safe harbor for all insurance producers that are subject to, and actually comply with, equivalent or greater conduct standards, including Reg BI or the Investment Advisers Act of 1940. Supporters say this approach helps to avoid duplicative compliance requirements for those producers who already comply with rigorous standards.

In embracing the NAIC framework, Virginia joins a growing list of states that have done the same. These include Arizona, Arkansas, Idaho, Iowa and Ohio. In Idaho, the recent adoption was mandated by a law passed in the state house of representatives and signed by the governor.

Notably, other states, including New York, have taken steps to create frameworks that are more restrictive than the NAIC model.

One matter that could potentially complicate the progress of the suitability framework is the fact that the Biden administration could choose to modify, update or even rescind Reg BI, though sources say this is far from a given. While this would not entirely derail what the states have done, as the safe harbors often also cite the Investment Advisers Act or the Department of Labor (DOL) fiduciary standards, to eliminate Reg BI could cause ambiguity in the different state-based conflict of interest rules.

Senate Confirms a Labor Secretary

The U.S. Senate approved the nomination of Marty Walsh to the role of Labor secretary on March 22. The affirmative vote comes at a critical time for the Department of Labor (DOL), which is expected to play a big role in the Biden administration’s effort to help the U.S. economy bounce back from the ongoing coronavirus crisis.

Beyond issues related to the surge in unemployment and the outsized impact the pandemic has had on small businesses and communities of color, the DOL is also engaged in other key regulatory projects. Notable among these is the restatement of fiduciary duty under the Employee Retirement Income Security Act (ERISA) and the implementation of provisions of the Setting Every Community Up for Retirement Enhancement (SECURE) Act.

Retirement industry stakeholders were disappointed at how relatively little of the hearing’s airtime, either on the part of Walsh or the questioning senators, was dedicated to retirement security issues. Given Walsh’s deep ties to organized labor, the nominee and senators paid some attention to the multiemployer union pension funding crisis, but much more time went to the federal minimum wage, systemic economic inequality and the broader recovery from the pandemic. Walsh’s subsequent answers to senators’ questions repeatedly highlighted his belief in the importance of implementing innovative policies to help underserved workers, especially minorities, veterans and LGBTQ individuals.

GAO Presses the DOL to Clarify Cybersecurity Guidance

The Government Accountability Office (GAO) has released a report examining cybersecurity in private-sector defined contribution (DC) retirement plans and exploring how federal guidance can mitigate cybersecurity risks; in the report, the GAO asks the Department of Labor (DOL) to review, and improve, its guidance on cybersecurity administration. The report starts by noting that DC plans, their sponsors and service providers—including recordkeepers, third-party administrators (TPAs), custodians and payroll providers—share between each other personally identifiable information (PII) and plan asset data; this increases the risk of cyberhacks. The PII contains highly confidential plan information, including participants’ names, Social Security numbers, birth dates, addresses and usernames/passwords, while plan asset data contains numbers for retirement and bank accounts.

The shift to remote work in the past year in response to COVID-19 has raised concerns about cyberattacks and questions about whose responsibility it is to protect participant and plan data. Those in the financial advisory industry have upped their cybersecurity measures, especially as more firms have faced lawsuits and are warning plan sponsor clients about heightened retirement plan litigation related to cyberhacks.

Even before COVID-19 hit the workforce, the 2019 “Official Annual Cybercrime Report” measured an increase in the threat of cyberattacks, noting that these are the fastest growing crime in the U.S. and estimated the cost at more than $6 trillion globally by 2021.

While existing federal requirements attempt to minimize risks in DC plans, more guidance is needed on cybersecurity on a federal level, the GAO notes. It explains that not all entities involved in DC plans are considered to have direct engagements with confidential information, and because some of the guidance is voluntary, some parties may choose to disregard it.

The GAO says the DOL has failed to clarify fiduciary responsibility for mitigating cybersecurity risks and to establish minimum expectations for protecting PII and plan assets, even as more participants enroll in employer-sponsored retirement plans. According to the DOL, plans saw an 180% surge in participation from 1990 to 2018. The amount of assets held in plans increased seven-fold during this period.

The report highlights four high-risk challenges that the federal government and companies face: establishing a comprehensive cybersecurity strategy and performing effective oversight; securing federal systems and information; protecting critical infrastructure; and protecting privacy and sensitive data.

To meet these challenges, the GAO identified 10 action steps the DOL and other agencies should take, such as enhancing the federal response to cyber incidents, mitigating global supply chain risks, and addressing cybersecurity workforce management challenges.

The GAO also recommended that the secretary of Labor should formally state whether cybersecurity is a plan fiduciary responsibility for private-sector employer-sponsored DC retirement plans under the Employee Retirement Income Security Act (ERISA). Additionally, the GAO suggested that the Labor secretary develop and issue guidance that identifies the minimum expectations for decreasing cybersecurity risks. This should outline any specific requirements that all entities involved in administering private-sector DC retirement plans should fulfill.

In written comments, the DOL responded that increasing cybersecurity awareness would be helpful, but it did not indicate whether it agreed or disagreed with the GAO’s recommendation on plan fiduciary responsibility. The DOL did note, however, that plan fiduciaries are responsible to act prudently and solely in the interest of plan participants and beneficiaries, as stated in ERISA Section 404.

The DOL further noted that, in its view, these duties require plan fiduciaries to take appropriate precautions to minimize the chance of attacks on their plans. It says it is currently drafting compliance assistance materials to help raise awareness of cybersecurity.

Long-Running BlackRock ERISA Suit Reaches Settlement

The parties in a complex Employee Retirement Income Security Act (ERISA) lawsuit involving BlackRock’s own 401(k) plan have reached a settlement agreement after nearly four years of litigation. The filing of the agreement comes about two months after the judge, in the U.S. District Court for the Northern District of California, issued a ruling rejecting various motions that the different parties had filed.

Underlying the lawsuit were allegations that BlackRock engaged in self-dealing within its own retirement plan by using an excessive amount of its own investment products. The complaint suggests plan fiduciaries selected and retained high-cost and poor-performing investment options with “excessive layers of hidden fees that are not included in the fund expense ratios.”

The January ruling came in response to several motions before the court, including the defendants’ motion for summary judgment, the plaintiffs’ cross-motion for partial summary judgment and a motion to strike. The parties also filed numerous administrative motions to file documents under seal in connection with their briefs. In sum, the January ruling denied both motions for summary judgment and the motion to strike, while granting the parties’ administrative motions to file under seal.

Spelled out in the settlement agreement is a 29% cap on the gross settlement amount available to pay plaintiffs’ attorneys fees. This is somewhat lower than the commonly used 33%.

SEC Unveils Its Green Webpage

The Securities and Exchange Commission (SEC) has launched a new page on its website to bring together agency actions and the latest information about climate and environmental, social and governance (ESG) investing. The unveiling of the webpage follows the announcement that the SEC has created a Climate and ESG Task Force in the Division of Enforcement.

Consistent with increasing investor focus and reliance on climate and ESG-related disclosure and investment, the Climate and ESG Task Force will develop initiatives to proactively identify ESG-related misconduct. It will also coordinate the use of division resources—including through the use of sophisticated data analysis—to mine and assess information across registrants to identify potential violations.

Its initial focus will be to identify any material gaps or misstatements in issuers’ disclosure of climate risks under existing rules. When the agency’s Division of Examinations announced its 2021 examination priorities, it said they would include a greater focus on climate-related risks.

In addition, a request by SEC Acting Chair Allison Herren Lee for public comment on climate-related disclosures says the agency has decided to evaluate its disclosure rules on climate change. It is asking for investors, registrants and other market participants to supply their input by June 13. The SEC says the consolidation of agency actions and information on one webpage is in response to investor demand for climate and ESG investing information.

Multiemployer Plan Help

The American Rescue Plan Act (ARPA)—i.e., the new stimulus bill— allows failing multiemployer plans to receive a lump sum of money to make benefit payments through 2051.

Michael Clark, managing director and consulting actuary with River and Mercantile, says plans must file an application for special financial assistance. The Pension Benefit Guaranty Corporation (PBGC) has 120 days from the law’s passage to issue regulations or guidance about the process and to specify effective dates. The legislation says plans may use the money to make benefit payments and pay plan expenses, Clark notes. Multiemployer plans must track the money they have received and earnings on that money separately from other funds. The PBGC will issue rules about permissible investments for the special assistance funds.

Unlike with the previously introduced Butch Lewis Act, the payment under the stimulus bill is not a loan. “It’s a bailout with no obligation to repay,” Clark says. He explains there are two views of the bill. “There is an argument that this will provide benefit security for workers who had nothing to do with the underfunding of these plans. But, on the other side, this is a blank check to cover unfunded liabilities without incentivizing changes in behavior. It doesn’t prevent a plan from getting into this situation in the future.”

Plans that receive money do face conditions, though. They may not prospectively reduce benefits, and they must continue to pay PBGC premiums, Clark says. In addition, an eligible multiemployer plan that receives assistance may not apply for benefit cutbacks under the Multiemployer Pension Reform Act of 2014 (MPRA).

DOL Puts a Hold on Enforcing ESG and Proxy Voting Final Rules

The Department of Labor (DOL)’s Employee Benefits Security Administration (EBSA) will not enforce rules on either the use of environmental, social and governance (ESG) investments within tax-qualified retirement plans or proxy voting and shareholder rights until it publishes further guidance. Neither will it enforce those final rules or pursue enforcement actions against any plan fiduciary for failing to comply with them. The DOL said it will update the EBSA website as more information becomes available.

The DOL published its final rule on retirement plan investing, “Financial Factors in Selecting Plan Investments,” this past November 13. The final rule said plan fiduciaries should select investments and investment courses of action based solely on consideration of “pecuniary,” or financial, factors. The rule, which no longer explicitly referred to ESG, included some significant changes compared with the DOL’s initial proposal, which would have placed stricter limits on ESG investment within retirement plans.

The DOL published its final rule on “Fiduciary Duties Regarding Proxy Voting and Shareholder Rights” this past December 16. It addressed obligations of plan fiduciaries under the Employee Retirement Income Security Act (ERISA) to, before voting proxies, consider participants’ interests first.

A wide range of stakeholders, including asset managers, plan sponsors and consumer groups, questioned whether the two rules properly reflected the scope of fiduciaries’ duties under ERISA to act prudently and solely in the interest of plan participants and beneficiaries. The stakeholders also questioned whether the DOL rushed the rules through under the previous administration and failed to adequately consider public comments on the value of ESG in improving long-term investment returns for retirement investors.

The stakeholders told the DOL that the ESG rule was deterring sponsors from using ESG in their investment decisions.

In a mid-March statement, the Insured Retirement Institute (IRI) said it supports the DOL’s decision not to enforce the two regulations. “We strongly support today’s decision by the DOL to temporarily forgo enforcement of the ESG and proxy voting rules,” Jason Berkowitz, IRI chief legal and regulatory affairs officer wrote. “This will provide an opportunity for the department to re-evaluate and possibly review or withdraw them.”