Best practices for ERISA retirement plan fiduciaries

ERISA fiduciary responsibilities

If you’re a plan fiduciary, ERISA requires you to fulfill certain duties, such as:

• Operating the plan solely in the interest of participants and beneficiaries and for the exclusive purpose of providing benefits and paying plan expenses
• Acting with the care, skill, prudence, and diligence under the circumstances then prevailing that a prudent person acting in like capacity and familiar with such matters would use under the circumstances. 

ERISA rules are enforced by the U.S. Department of Labor (DOL). The failure to fulfill your fiduciary duties may expose you to both personal liability and litigation.

Because many of the actions needed to manage and administer a retirement plan involve fiduciary decisions, it’s important to have a strong understanding of your duties, as well as appropriate guiding principles to follow to help you fulfill your fiduciary duties and responsibilities. The following is a list of industry best practices to consider in your role as a plan fiduciary.

Best practices for plan governance

• Form a retirement plan committee
  • Fiduciary responsibilities are shared among the committee members, so one person isn’t unduly burdened.
  • Collectively, the committee may have the requisite experience and expertise needed to meet the prudent expert standard under ERISA.
• Draft a retirement plan committee charter
  • The charter should define the roles and responsibilities of the plan fiduciaries.
  • It establishes policies and procedures to help ensure effective management and administration of the plan.
• Provide fiduciary training for all committee members
  • Proper training can help plan fiduciaries operate and manage their plans more effectively.
  • It also helps plan fiduciaries understand the fiduciary landscape.  
• Hold regular committee meetings
  • Set a regular meeting frequency, such as semiannual or quarterly.
  • Discuss both plan investments and administrative items.
• Take meeting minutes and document all decision-making
  • Minutes provide a written record showing that a prudent process is being followed.
  • Most fiduciary breach claims center on the failure to demonstrate procedural prudence.
• Hire third-party service providers to augment the experience and knowledge of the committee  
  • Plan fiduciaries can help mitigate fiduciary risk by engaging third parties to provide investment advisory, trustee, and/or plan administration services.
  • A third-party provider should supplement the committee’s collective experience and expertise, helping to meet the prudent expert standard under ERISA.

Best practices for plan investments

• Establish an investment policy statement (IPS)
  • Plan fiduciaries should create and follow an IPS for selecting, monitoring, and removing investment options.
  • The IPS should be periodically reviewed and revised, if necessary.
• Designate a qualified default investment alternative (QDIA)
  • A QDIA provides safe harbor relief from fiduciary liability for participants or their beneficiaries who fail to make investment elections.
  • The plan must designate one of three types of investment funds as a default investment option:
    1. A target-date fund
    2. A balanced fund
    3. A managed portfolio
• Comply with 404(c) of ERISA and other applicable DOL guidance
  • Compliance with 404(c) provides safe harbor relief from fiduciary liability for participant-directed investment outcomes.
  • The plan must provide at least three investment options, each diversified and with materially different risk and return characteristics.
• Prudently select and monitor each investment fund in the plan
  • Plan fiduciaries must make investment decisions prudently and in the sole interest of participants and their beneficiaries.
  • Plan investments must be diversified to minimize the risk of large losses.
• Provide investment materials to participants using multiple media and in simple language
  • To reach a wide range of employees, plan fiduciaries should consider communicating across different media formats, such as print and mobile applications.
  • Communications should be accurate, complete, objective, and drafted carefully so that the risk and reward associated with each investment option are understandable by the average plan participant.

Best practices for plan operations

• Deposit 401(k) contributions in a timely manner
  • 401(k) contributions must be deposited in the plan as soon as they can be reasonably segregated from the general assets of the company.
  • The DOL timing standard for small plans (<100 participants) is no later than seven business days. There’s no DOL timing standard for large plans, but a plan sponsor should submit 401(k) contributions in a consistent manner (e.g., within three business days each payroll period).
• Keep plan documents up to date
  • The plan document is required to be compliant with current and prior law.
  • The plan should have a favorable determination letter with the IRS, or the plan should have reliance on an opinion letter provided by the IRS to the plan’s preapproved document sponsor.
• Comply with all compliance testing and reporting requirements
  • A plan must pass certain nondiscrimination tests on an annual basis to ensure that the plan doesn’t unduly favor highly compensated employees.
  • A Form 5500 and associated schedules must be filed for each plan year in which the plan has assets.
• Use the DOL/IRS correction programs, should a plan error occur
  • The DOL offers the Voluntary Fiduciary Correction Program (VFCP) for plan fiduciaries to identify and fully correct certain transactions, such as delinquent participant contributions or improper plan expenses.
  • The IRS offers the Employee Plans Compliance Resolution System (EPCRS) to identify and fully correct plan errors, such as having a noncompliant plan document or failing to allow eligible employees to participate in the plan.
• Ensure that plan-related personally identifiable information (PII) is protected
  • PII is inherent to the ongoing administration and operation of a retirement plan, and plan fiduciaries have an obligation to address cybersecurity and protect PII.
  • The DOL provided cybersecurity guidance for plan sponsors, plan fiduciaries, recordkeepers, and plan participants in April 2021.
• Provide required disclosures to participants in a timely manner and according to delivery requirements
  • ERISA mandates certain communications with plan participants, including a summary plan description (SPD) and a summary annual report (SAR).
  • The Internal Revenue Code also requires certain disclosures to plan participants, such as a safe harbor notice when the plan satisfies the safe harbor requirements to avoid nondiscrimination testing, or a notice when the plan automatically enrolls newly eligible participants to make employee contributions to the plan.

Other best practices for retirement plan fiduciaries

• Obtain a fidelity bond and fiduciary liability insurance
  • A fidelity bond is required under ERISA and protects the plan.
  • Fiduciary liability insurance is optional and protects plan fiduciaries.
• Determine the appropriate plan design to help your participants achieve financial retirement readiness
  • Plan fiduciaries should periodically review and discuss certain plan data, such as the participation rate and contribution rate, to gauge participant activity.
  • Plan fiduciaries should periodically review and discuss implementing certain plan features, such as automatic enrollment, to help improve retirement readiness scores.
• Perform periodic fee and service reviews
  • To help determine whether the fees being paid by the plan are reasonable, plan fiduciaries may want to conduct a fee review—possibly using an RFI or RFP—including a comprehensive comparison of fees and services to a benchmark group of similar plans.
  • The DOL recommends performing a fee and service review regularly, such as every three to five years.
• Promptly respond to participant complaints or requests for information
  • If a participant’s complaint is ignored by the plan sponsor (or any delegate), the participant may contact the DOL by phone or online through Ask EBSA.
  • Plan fiduciaries could face lawsuits from both the participant and the DOL.

You don’t have to walk the fiduciary road alone  

Serving as a fiduciary for your company’s retirement plan may appear to be a daunting task. The duties associated with being a fiduciary, however, aren’t insurmountable and may be mitigated by choosing the right service providers to supplement your retirement knowledge and experience, and by following industry best practices for the management of your plan. The list of best practices, although not intended to be a complete or the most appropriate list for all plan sponsors, should help you better understand your duties and provide guiding principles to consider. As always, you should seek legal counsel for specific guidance with your plan.

FAQs

What are the main fiduciary responsibilities under ERISA?

Under ERISA, fiduciary responsibilities begin with the duties of loyalty and prudence. Fiduciaries must operate the plan solely in the interest of participants and beneficiaries and for the exclusive purpose of providing benefits and paying reasonable expenses. They are required to act with the care, skill, prudence, and diligence of a prudent expert, diversify plan investments to minimize the risk of large losses, and follow plan documents, so long as those documents comply with ERISA. These core duties are outlined in ERISA Section 404(a)(1).

Who can be an ERISA fiduciary for a retirement plan?

ERISA uses a functional standard. Anyone who exercises discretionary authority or control over plan management or assets or who provides investment advice for a fee is a fiduciary. Typical fiduciaries include plan sponsors, retirement plan committee members, investment advisors (ERISA 3(21) co-fiduciaries or 3(38) discretionary managers), and trustees. Titles don’t determine fiduciary status—actions do. If a person or entity makes discretionary decisions affecting the plan’s administration or investments, they likely have fiduciary responsibility and potential personal liability under ERISA’s prudence and loyalty requirements.

What’s the difference between a 3(21) and a 3(38) investment fiduciary?

A 3(21) investment fiduciary typically serves as a co-fiduciary, providing investment advice and recommendations to the plan committee or sponsor, who retains final decision-making authority. A 3(38) investment manager accepts discretionary authority to select, monitor, and replace plan investments on the plan’s behalf, assuming responsibility for those decisions. Engaging either type can help augment the committee’s expertise and support prudent processes under ERISA. The choice depends on whether the plan wants to retain control (3(21)) or delegate discretion to a qualified manager (3(38)).

How often should retirement plan fiduciaries review plan investments?

Fiduciaries should follow an investment policy statement (IPS) that sets a disciplined process for selecting, monitoring, and removing investment options. They should periodically review and revise the IPS if needed. Practically, committees should meet regularly, such as semiannual or quarterly, and include investment reviews in each meeting. Ongoing monitoring should confirm diversification, prudent decision-making, compliance with ERISA (including 404(c) and QDIA requirements), and that participant materials remain accurate, complete, and understandable.

What penalties can ERISA fiduciaries face for breaching their duties?

The U.S. Department of Labor enforces ERISA duties, and breaches can lead to organizational and personal liability, litigation, and corrective actions. Fiduciaries may need to use DOL and IRS correction programs—the Voluntary Fiduciary Correction Program (VFCP) for transactions such as delinquent contributions or improper expenses, and the Employee Plans Compliance Resolution System (EPCRS) for plan document and operational errors. Ignoring participant complaints can trigger DOL involvement and lawsuits from participants or the DOL. Maintaining procedural prudence and documentation helps mitigate risk.