March 13, 2023
Employer-sponsored retirement plans are an essential benefit offering and tool for employees to fund retirement savings. The savings crisis has been in full focus over the last few months due to the SECURE Act 2.0. This legislation calls for several changes impacting plan administration, participant benefits, and even tax incentives for new plans. The gradual phase-in of required changes and updates has naturally been top of mind for many. This is especially true because of the time needed to update plan processes and procedures. However, a recently issued report on DOL enforcement actions initiated by the Employee Benefits Security Administration (EBSA) provides important information on where plans should focus compliance attention. Concurrently, news that the DOL is receiving recommendations for updating cybersecurity guidance, means plan sponsors may have a busy 2023. To help clients, prospects, and others, Wilson Lewis has provided a summary of the key details below.
Through the EBSA, the Department of Labor (DOL), enforces various sections of the Employee Retirement Income Security Act (ERISA) of 1974. The agency acts to ensure retirement and other benefit plans comply with relevant regulations and provisions. Recently, the agency published a summary of 2022 enforcement actions, including:
In response to health plans and insurers being major targets for cybersecurity attacks, the EBSA is considering changing published cybersecurity guidance to include updated information for health and welfare plans. A recently published report, Cybersecurity Issues Affecting Health Benefit Plans, includes suggestions from several experts on important changes to consider.
The new recommendations offer a reminder of previous documented guidance created by the DOL – Cybersecurity Program Best Practices, Tips for Hiring a Service Provider With Strong Cybersecurity Practices, and Online Security Tips. The document also reiterates the importance of HIPAA and HITECH, Cyber Incident Reporting Under the Critical Infrastructure Act of 2022 (CIRCIA), and state laws that may apply to health and welfare plans and need to be considered alongside these tips and resources. Other important changes under consideration include:
While there were several recommendations made, it is clear there are issues with how plans address cybersecurity concerns with third-party providers, and a lack of clarity in DOL guidance about how cybersecurity responsibilities apply to health plans, cybersecurity risks are quickly changing so guidance should follow, and the need to comply with both ERISA and HIPAA cybersecurity regulations. The next step is for the DOL to review these recommendations and update current guidance.
Contact Us
The enforcement action update from the EBSA provides important insights into where plan sponsors should focus to ensure compliance and other failures are not present. Concurrently, the potential changes to cybersecurity guidance mean plan sponsors will have a lot to cover in the coming months. If you have questions about the information outlined above or need assistance with plan audit issues, Wilson Lewis can help. For additional information call 770-476-1004 or click here to contact us. We look forward to speaking with you soon.