Cybersecurity requests appear in DOL audits – Technology

United States: Cybersecurity requests appear in DOL audits

To print this article, simply register or connect to

DOL investigators are asking plan sponsors, trustees and service providers how their ERISA-governed plans are increasingly responding to cybersecurity concerns. These requests can take the form of production requests or be included as questions in an interview. Investigators typically search for information or documents related to due diligence relating to the service, provide information security protocols and indemnifications with the aim of keeping the participant’s account balance intact. We’ve seen a sharp increase in these requests since the DOL came up with a set of best practices and guidance earlier in 2021 (our summary of best practices can be found here). To date, DOL’s investigations have generally focused not only on the policies and procedures put in place by plans and vendors to thwart cybercriminals, but also on actions taken by plans and records officials in response to them. cyber incidents.

Concerns about the takeover of accounts by cybercriminals have also risen sharply, as the pandemic has forced many people to work remotely, delayed traditional postal-based identity verification, and strained finances. personal. This combination can lead to an increase in distribution requests, not all of which may come from the actual participant. Efforts to educate trustees and participants about these dangers have unfortunately also included enforcement investigations, sometimes leaving promoters and trustees in awe of how to respond.

It is important that benefit plan sponsors and service providers take a proactive approach to cybersecurity and be prepared for a possible DOL investigation. While the immediate focus has been on the pension plan, health and wellness plan sponsors and trustees should also be prepared to answer questions about cybersecurity from DOL auditors.

The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.


About Marion Browning

Check Also

Shufti Pro Continues Global Expansion With Another Office In Cyprus

London, UK, November 20, 2021 – ( – World-renowned IDV and KYC service provider, Shufti …

Leave a Reply

Your email address will not be published. Required fields are marked *