August 15, 2012
ERISA Bonding Reminder
Businesses sponsoring employee benefit plans - along with officers, directors, employees and others acting as fiduciaries with respect to these employee benefit plans - should take steps to confirm that all of the appropriate fiduciary bonds required by the Employee Retirement Income Security Act of 1974, as amended (ERISA) are in place.
Employers And Plan Fiduciaries Reminded To Confirm Credentials And Bonding For Internal Staff, Plan Fidiciaries And Vendors Dealing With Benefits
Businesses sponsoring employee benefit plans — along with officers, directors, employees and others acting as fiduciaries with respect to these employee benefit plans — should take steps to confirm that all of the appropriate fiduciary bonds required by the Employee Retirement Income Security Act of 1974, as amended (ERISA) are in place. They should also confirm that all employee benefit plans sponsored are appropriately covered, and that all individuals serving in key positions requiring bonding are covered and appropriately qualified to serve in that capacity under ERISA and the terms of the bond.
Adequate attention to these concerns not only is a required component of ERISA's fiduciary compliance, it also may provide invaluable protection if a dishonesty or other fiduciary breach results in a loss or other exposure.
ERISA generally requires that every employee benefit plan fiduciary, as well as every other person who handles funds or other property of a plan (a “plan official”), be bonded if they have some discretionary control over a plan or the assets of a related trust. While some narrow exceptions are available to this bonding requirement, these exceptions are very narrow and apply only if certain narrow criteria are met.
Plan sponsors and other plan fiduciaries should take steps to ensure that all of the bonding requirements applicable to their employee benefit plans are met at least annually. Monitoring these compliance obligations is important not only for the 401(k) and other retirement plans typically associated with these requirements, but also for self-insured medical and other ERISA-covered employee benefit plans.
This process of credentialing persons involved with the plan and auditing bonding generally should begin with adopting a written policy requiring bonding and verification of credentials and that appropriate bonds are in place for all internal personnel and outside service providers.
Steps should be taken to ensure that the required fiduciary bonds are secured in sufficient amounts and scope to meet ERISA’s requirements. In addition to confirming the existence and amount of the fiduciary bonds, plan sponsors and fiduciaries should confirm that each employee plan for which bonding is required is listed in the bond and that the bond covers all individuals or organizations that ERISA requires to be bonded.
For this purpose, the review should verify the sufficiency and adequacy of bonding in effect for both internal personnel as well as outside service providers. In the case of internal personnel, the adequacy of the bonds should be reviewed annually to ensure that bond amounts are appropriate.
Unless a service provider provides a legal opinion that adequately demonstrates that an ERISA bonding exemption applies, plan sponsors and fiduciaries also should require that third party service providers provide proof of appropriate bonding as well as to contract to be bonded in accordance with ERISA and other applicable laws, to provide proof of their bonded status or documentation of their exemption, and to provide notice of events that could impact on their bonded status.
When verifying the bonding requirements, it also is a good idea to conduct a criminal background check and other prudent investigation to reconfirm the credentials and suitability of individuals and organizations serving in fiduciary positions or otherwise acting in a capacity covered by ERISA’s bonding requirements.
ERISA generally prohibits individuals convicted of certain crimes from serving, and prohibits plan sponsors, fiduciaries or others from knowingly hiring, retaining, employing or otherwise allowing these convicted individuals during or for the 13-year period after the later of the conviction or the end of imprisonment, to serve as:
- An administrator, fiduciary, officer, trustee, custodian, counsel, agent, employee, or
representative in any capacity of any employee benefit plan;
- A consultant or adviser to an employee benefit plan, including but not limited to any entity whose activities are in whole or substantial part devoted to providing goods or services to any employee benefit plan; or,
- In any capacity that involves decision-making authority or custody or control of the moneys, funds, assets, or property of any employee benefit plan.
Because ERISA’s bonding and prudent selection of fiduciaries and service provider requirements, breach of its provisions carries all the usual exposures of a fiduciary breach.
Bonding exposures can arise in audit or as part of a broader fiduciary investigation. The likelihood of discovery in an audit or investigation by the Labor Department in the course of an audit is high, as review of bonding is a standard part of audits and investigations. The Employee Benefit Security Administration (EBSA) Enforcement Manual specifies in connection with the conduct of a fiduciary investigation or audit:
… the Investigator/Auditor will ordinarily determine whether a plan is in compliance with the bonding, reporting, and disclosure provisions of ERISA by completing an ERISA Bonding Checklist … These checklists will be filled out in fiduciary cases and retained in the RO workpaper case file unless violations are uncovered, developed, and reported in the ROI.
In the best case scenario, where the bonding noncompliance comes to light in the course of an EBSA audit where no plan loss resulted, the responsible fiduciary generally runs at least a risk that EBSA will assess the 20 percent fiduciary penalty under ERISA Section 502(l).
If the bonding lapse comes to light in connection with a fiduciary breach that resulted in damages to the plan by a fiduciary or other party, the bonding insufficiency may be itself a breach of fiduciary duty resulting in injury to the plan and where this breach left the plan unprotected against an act of dishonesty or fiduciary breach by an individual who should have been bonded, may spread liability for the wrongful acts of the wrongdoer to a plan sponsor, member of management or other party serving in a fiduciary role who otherwise would not be liable but for deficiencies in the bonding or other credentialing responsibilities.
Under ERISA Section 409, a fiduciary generally is personally liable for injuries to the plan arising from his own breach (such as failure to properly bond) or resulting from breaches of another co-fiduciary who he knew or should have known through prudent exercise of his responsibilities.
Of course, in the most serious cases, such as embezzlement or other criminal acts by a fiduciary of ERISA, the consequences can be quite dire. Knowing or intentional violation of ERISA’s fiduciary responsibilities exposes the guilty fiduciary to fines of up to $10,000, imprisonment for not more than five years, or both. Even where the violation is not knowing or willful, however, allowing disqualified persons to serve in fiduciary roles can have serious consequences such as exposure to Department of Labor penalties and personal liability for breach of fiduciary duty for damages resulting to the plan if it is established that the retention of services was an imprudent engagement of such an individual that caused the loss.
When conducting such a background check, care should be taken to comply with the applicable notice and consent requirements for conducting third party conducted background checks under the Fair Credit Reporting Act (FCRA) and otherwise applicable law. As such background investigations generally would be conducted in such a manner as to qualify as a credit check for purposes of the FCRA, conducting background checks in a manner that violates the FCRA credit check requirements itself can be a source of significant liability.