Employers take risks every day in the normal course of their businesses. But the employer who sponsors an employee benefit plan, such as a 401(k) or medical plan, assumes additional risks. Worse, those individual officers, employees and others who make discretionary decisions about the investments or administration of the plan, known as “fiduciaries,” face personal liability under ERISA for their actions or inactions.
The good news is that ERISA is a process statute, not a results statute. It requires that fiduciaries act as a prudent expert would act, but does not require that specific results be achieved. This means that a sound governance process not only protects participants – it effectively shields the employer, board of directors and other fiduciaries from liability. If the process is not followed, however, protection evaporates and the action or decision may be found not to have been made at all or may be judged by the Monday-morning quarterback standard.
Step 1: Know what your plan documents say
Your plan and related documents should already include provisions about who has the authority and responsibility for different aspects of the plan, such as who has the right to:
amend the plan;
appoint the trustee;
make decisions about the investment of plan assets;
make decisions on claims and appeals;
establish procedures, for example, for qualified domestic relations orders;
administer the plan; or
The parties named in the plan as responsible for discretionary decision making are considered “named fiduciaries” under ERISA. The plan may also provide a procedure for identifying others as named fiduciaries. Only named fiduciaries and investment managers appointed by them can control plan assets.
One discretionary power that is not a fiduciary function is the power to amend the plan or trust. The amendment power is considered a “settlor” function, which is not subject to the fiduciary standards. Nevertheless, the plan procedures for amendment are part of the governance process, which must be followed for amendments to be enforceable.
Note that whenever the employer has a duty or authority, it means that responsibility lies with the employer’s board of directors unless the board has specifically assigned or delegated the duty to another party. Likewise, if a Committee has a set of duties, those duties remain with the Committee until assigned or delegated to another. If assignments or delegations have already been made, you should identify what they are and keep the related documentation with the plan’s governance records.
Step 2: Identify who should be doing what
Most likely, you will not want the employer (board of directors) and the named fiduciaries to be doing everything assigned to them in the documents. In fact, they are probably not doing those things now. Once you understand what the plan documents and other existing documents say, consider whether someone else should be responsible for the task in question. For example, the company’s finance committee may have more time and expertise than the board of directors to make decisions about a 401(k) plan’s fund lineup, or it may make more sense to have an HR employee determine initial claims and have the plan committee only determine disputed appeals.
If no one in your company has the expertise or capability to carry out a particular plan function, you should hire an expert either to advise the responsible party or to be directly responsible for that function.
Step 3: Document assignments and delegations
If the individuals you have identified in Step 2 are not the same as are currently reflected in the documents in Step 1, you need to document the changes. One possibility is to amend the plan documents to reflect your new and improved line of plan authority. Many of the responsibilities, however, are broken down in ways that are not appropriate for documentation in the formal plan documents. So the party who is responsible under the plan documents must make the assignment or delegation outside the plan.
The easiest way to do this is to prepare an “Authority Matrix,” which sets out the responsibilities for everyone responsible for any aspect of the plan. Then each responsible party identified in the plan documents adopts the Authority Matrix, and the authority flows through automatically to the right people or positions. The assignments can be generic, such as “CFO” or “HR team.”
Note that you should check your plan documents for existing procedures on delegations or assignments of authority. Whatever method you use to delegate authority must comply with those procedures. Some appointees, such as investment managers, will have to consent to their appointment and acknowledge their fiduciary status in writing. Anyone assigned merely ministerial duties, such as calculating a pension benefit or processing a noncontroversial hardship request, will not be considered a fiduciary and will not be required to provide a written consent.
Step 4: Establish sound processes
Once an appropriate division of responsibilities has been identified and documented, sound procedures should be adopted to govern the appropriate functions. Documentation of processes is important for several reasons in addition to protecting the fiduciaries:
It provides guidelines for operation of the plan.
The plan can function even when the responsible parties change positions or terminate their employment. The operation of the plan is not dependent on particular individuals.
Established procedures are a prerequisite for taking advantage of the IRS self-correction program.
Compliance can be more easily monitored (see Step 7).
Step 5: Train the responsible individuals
A good example of process documentation is the Investment Policy Statement (IPS) for a participant-directed 401(k) plan. Although an IPS is not legally required, having a policy is considered “best practices” and gives the fiduciaries a framework for selecting and monitoring the investment options offered under the plan.
All those on the Authority Matrix or other documented line of authority should be trained on their responsibilities, the standard of conduct that applies, applicable processes and perhaps most important of all, the limits of their authority. For example, the Benefits Manager needs to know that she cannot sign insurance contracts for the medical plan that establish new benefit levels if the right to amend the plan has been reserved to the board of directors. Failure to follow the amendment procedure could cause the new provisions to be unenforceable by the employer against participants. In the case of insurance, that could leave the employer self-insured on an old benefit the Benefits Manager believed had been amended out of the plan.
The training must reinforce the importance of following and referring to the plan documents, the Authority Matrix and any applicable procedures. Whenever anyone is in doubt, the written documentation should be reviewed and applied. For example, once an IPS is adopted, the responsible parties will need to follow the IPS. It would be worse to adopt an IPS and not follow it than not to have one at all.
Step 6: Establish sound committee governance procedures
If a committee is designated to be responsible for any aspect of the plan, the committee should make sure that the following are put into effect.
A charter or similar documentation of the committee’s processes. The charter should set out when and how meetings are held, what constitutes a quorum, whether meetings can be held by video or teleconference, what is required for a decision either in or out of regular meetings and whether e-mail or similar electronic votes are effective, etc. These rules may already be described in the plan documents.
Regular meetings. The committee should follow the meeting schedule set forth in the charter. The meetings usually should be held quarterly.
Comprehensive minutes. A written record of the meetings should be maintained in the form of minutes. If under the applicable documents, procedures or laws the committee is responsible for making certain determinations when making a decision, such as the reasonableness of fees when hiring a service-provider, then the minutes should reflect that determination and not just the final decision made. As another example, if the IPS says that the committee should apply certain standards in determining whether an investment option should be on a watch list, or should be removed, the minutes should reflect a consideration of those standards. The minutes need to be more detailed than is commonly the practice in other settings.
Step 7: Monitor
The named fiduciaries are not done once Steps 1-6 are implemented. The fiduciaries must monitor the delegates assigned to carry out the fiduciaries’ responsibilities, including third-party service providers. Monitoring does not require that every action be reviewed. Rather, each fiduciary should establish and follow a formal review process at regular intervals and document that review. The review should be done in a manner that may reasonably be expected to insure that the delegates comply with the terms of the plan and applicable statutory standards, as well as internal processes. The items that should be included in the review vary depending on the function in question. For example, a sponsor’s Board of Directors should review an appointed Committee’s minutes and reflect that review in its own minutes. Likewise, a Committee should review a third-party service provider’s level of services and fees charged and reflect that review in its minutes.
Any complaints should be promptly investigated. If the fiduciary discovers or has reason to know that the delegate is not fulfilling his or her duties, the fiduciary should immediately remove that person.
Step 8: Maintain complete governance records
Following all of the above will not protect you if you do not maintain records of the steps you followed. You should maintain these records for at least seven years after they are no longer in effect. For example, the records related to the consideration of hiring a service provider should be maintained until seven years after the relationship with that service provider has terminated.
Good governance requires that you engage the right people in the right positions and train them, document and follow good processes, monitor delegates on a regular basis and maintain thorough records. These steps should go a long way toward protecting those who take on the burdens and risks associated with maintaining an employee benefit plan. If you have any questions or require assistance, please contact a member of the Warner Employee Benefits group.