Q2 2022 Newsletter: Current Trends + Projections Edition for 401(k) Plans

Over the last few years, employees’ mindsets have changed, shifting to wanting more than just a raise every year.

Employees want a total rewards package that includes everything from a retirement plan to financial wellness and more work-life balance flexibility.

Read about the changes coming to the total rewards landscape such as guaranteed income, how to calm inflation concerns and the top total rewards opportunities this year.

Download the Newsletter >>

 

Toll Free: (866) 364-6262 | Fax: (703) 878-9051

www.alliant401k.com

 

MANASSAS OFFICE

9161 Liberia Avenue

Suite 100

Manassas, VA 20110

Office: (703) 878-9050

 

RESTON OFFICE

11921 Freedom Drive

Two Fountain Square

Suite 550

Reston, VA 20190

Office: (703) 904-4388

This information was developed as a general guide to educate plan sponsors and is not intended as authoritative guidance or tax/legal advice.

Guarantees are based on the claims paying ability of the issuing insurance company. Each plan has unique requirements, and you should consult your attorney or tax advisor for guidance on your specific situation.

©401(k) Marketing, LLC.  All rights reserved. Proprietary and confidential.  Do not copy or distribute outside original intent.

Cybersecurity Best Practices for Plan Sponsors

Keeping your plan data safe

Cybersecurity is a critical but often overlooked aspect of a plan sponsor’s fiduciary responsibility. In simple terms, cybersecurity means protecting sensitive plan and participant data — and by extension, your participants’ financial well-being and retirement security — against attacks from hackers and cyber criminals.

The Department of Labor has outlined 12 cybersecurity best practices:

  1. Have a formal, well documented cybersecurity program.
  2. Conduct prudent annual risk assessments.
  3. Have a reliable annual third party audit of security controls.
  4. Clearly define and assign information security roles and responsibilities.
  5. Have strong access control procedures.
  6. Ensure that any assets or data stored in a cloud or managed by a third party service provider are subject to appropriate security reviews and independent security assessments.
  7. Conduct periodic cybersecurity awareness training.
  8. Implement and manage a secure system development life cycle (SDLC) program.
  9. Have an effective business resiliency program addressing business continuity, disaster recovery, and incident response.
  10. Encrypt sensitive data, stored and in transit.
  11. Implement strong technical controls in accordance with best security practices.
  12. Appropriately respond to any past cybersecurity incidents.

To help maintain your fiduciary responsibility, here are 11 key questions you should be asking your 401(k) service providers about cybersecurity:[1]

  1. What are your procedures for dealing with cybersecurity threats and protecting participants’ personal information?
  2. Do you conduct periodic risk assessments to identify vulnerabilities to cybersecurity threats and the impact of potential business disruptions?
  3. Do you conduct an annual, independent assessment of your cybersecurity systems and policies?
  4. Can you describe how plan and participant data is encrypted (census upload, enrollment, payroll uploads, transfers and other data exchange policies)?
  5. What are your procedures for notifying us of a system breach?
  6. Does your company carry cybersecurity insurance? If yes, can you provide an overview of the coverage (including all limitations)?
  7. Has your company experienced any security breaches? If yes, explain.
  8. How do you store, retain, and destroy sensitive data?
  9. Does your company outsource any services to a subcontractor? If yes, what controls are in place to protect our company’s sensitive data?
  10. Do you have a privacy and security policy, and does the policy apply to personally identifiable information of retirement plan clients?
  11. Does your business continuity and disaster recovery plan include the recovery of an employer’s data after a breach?

Cybersecurity concerns us all. Whether you are a small business owner or the CEO of a Fortune 100 company, ask your 401(k) service providers these questions and document their responses, because knowing what could cause a data breach is the first step in preventing one.

 

Toll Free: (866) 364-6262 | Fax: (703) 878-9051

 

MANASSAS OFFICE

9161 Liberia Avenue

Suite 100

Manassas, VA 20110

Office: (703) 878-9050

 

RESTON OFFICE

11921 Freedom Drive

Two Fountain Square

Suite 550

Reston, VA 20190

Office: (703) 904-4388

 

This information was developed as a general guide to educate plan sponsors and is not intended as authoritative guidance or tax/legal advice. Each plan has unique requirements, and you should consult your attorney or tax advisor for guidance on your specific situation.

©401(k) Marketing, LLC. All rights reserved. Proprietary and confidential. Do not copy or distribute outside original intent.

[1] 401khelpcenter.com “401k Service Providers and Cybersecurity: Questions to Ask.”

Q4 Newsletter: Strategic Thinking Edition

As we begin to say goodbye to 2021, let’s look forward to the new year by addressing employee financial habits after COVID, how a K-shape economy is impacting your workplace and how your retirement plan committee plays an important role in helping employees pursue retirement plan goals.

Explore these topics and their implications for employers in helping employees save in the Q4 Newsletter – Strategic Thinking for Plan Sponsors.

Plan Sponsor Newsletter: Strategic Thinking

 

 

This information was developed as a general guide to educate plan sponsors and is not intended as authoritative guidance or tax/legal advice. Each plan has unique requirements, and you should consult your attorney or tax advisor for guidance on your specific situation.

©401(k) Marketing, LLC. All rights reserved. Proprietary and confidential. Do not copy or distribute outside original intent.

Are You Among the 38%?

December 7, 2017—A record number of 401(k) and 403(b) plan sponsors – 38% – are actively seeking new plan advisors, according to a recent Fidelity Investments survey. That’s not a surprise given changes in the retirement plan industry. Among other things, the Department of Labor’s new Fiduciary Rule requires employers to confirm their advisors are acting as fiduciaries and in the best interests of their clients. Advisors who are unprepared have caused some employers to interview other advisors.

Continue reading

408(b)2 Disclosures and the Fiduciary Rule

November 4, 2017—408(b)2 Provider Disclosures have created confusion for employers who sponsor 401(k) and 403(b) plans ever since the rules first requiring them took effect in 2012. To make matters worse, with the June 2017 effective date of the Department of Labor’s Fiduciary Rule, employers’ responsibility with respect to the disclosures increased.

Continue reading

401(k) Fees: Participants’ Best Interests May Not Be Served by the “Race to the Bottom”

September 6, 2017—There’s good news for employers! Many have been on edge as they read about the “excessive fee” lawsuits filed against retirement plan fiduciaries, some of which have made their way to the U.S. Supreme Court. Or they’re shaken as they hear about the detailed fee document requests and questions from Department of Labor auditors to 401(k) and 403(b) plan sponsors and the fines and penalties that can result from DOL investigations.

While lawsuits and investigations have served a purpose in lowering plan fees, a side effect is that many plan sponsors, in their concern to meet compliance standards, have made a search for the lowest fees such a priority that they have unwittingly overlooked the best way to serve plan participants! In fact, when I meet with employers, they often first tell me they need to reduce plan fees to create a “hedge of protection” for themselves.

Continue reading