In a previous blog post, we provided an overview concerning whether plan service provider agreements may be required to be disclosed to participants under Section 104(b)(4) of ERISA.  A recent district court decision in California puts a renewed spotlight on this issue for employers and plan administrators who may receive these types of document requests.  In Zavislak v. Netflix, Inc., 2024 U.S. Dist. LEXIS 17427, (N.D. Cal. Jan. 31, 2024), the court held that the plan administrator of a health plan was not required to provide a participant with copies of various service provider agreements. 

While the Zavislak decision provides a detailed analysis of the topic, the issue of whether service provider agreements must be disclosed remains unsettled across other jurisdictions.  Accordingly, plan administrators who receive such requests should consider the extent to which such agreements must be provided based on case law in the applicable jurisdiction.

Statutory Framework

Section 104(b)(4) of ERISA requires a plan administrator to furnish copies of specific plan documents within 30 days after receiving a written request from a participant or beneficiary.  The specified documents that must be provided upon request include the latest updated summary plan description, the latest annual report, any terminal report, the bargaining agreement, trust agreement, and documents that fall within a “catch-all” of “other instruments under which the plan is established or operated.” 

Courts are authorized, in their discretion, to impose penalties of up to $110 for each day that the requested documents are not provided within 30 days. 

A Varied Approach by Courts

 The scope of the statute’s “catch-all” provision remains unsettled.  In particular, courts have taken a varied approach as to whether service provider agreements are “instruments under which the plan is established or operated” and must be disclosed.  Some courts do not require disclosure of service provider agreements and other plan-related documents that do not govern the relationship between the plan participant and the employer.[1]  Other courts have taken a more expansive approach to disclosure on the basis that there can be times where a service provider agreement does impact a plan’s operation.  For instance, the District of Utah required disclosure of a claims administration agreement because the agreement “detail[ed] the division of responsibilities between the Plan Administrator and the Claims Administrator.”[2]

Zavislak Decision

In Zavislak, the district court addressed whether a plan administrator should be assessed statutory penalties for failing to provide various documents requested by a plan beneficiary, including service provider agreements.  In the case, the plaintiff made her initial request in January 2021, but the company’s benefits manager did not receive it, as employees were working from home during the COVID pandemic.  A month later, the plaintiff sent a second request for documents.  The employer responded but withheld several categories of documents.    

The Court analyzed four categories of documents and found that they were not required to be produced:

  • Administrative services agreements.  The court concluded that the employer’s services agreements between the plan and its third-party administrators (“TPAs”) were not required to be disclosed to plan participants because such agreements “governed only the relationship between the plan provider and claims administrator, and not the relationship between the plan participants and the provider.”  Zavislak, 2024 U.S. Dist. LEXIS 17427, at *68-69.  In addition, the court noted that while one of the services agreements provided information about claims and appeals deadlines, that information was separately provided to participants in other benefit disclosures. 
  • The TPA’s internal documents (e.g., plan matrices and similar documents).  The plaintiff argued that he should have been provided a “plan matrix” maintained by the TPA that kept track of clients’ various benefits.  The court concluded that the TPA’s matrix was an internal document that did not govern the plan.  
  • Documents incorporated into SPD.  The court addressed whether two documents that were incorporated by reference in the plan’s SPD—a preventive care guide and a prior authorization list—were required to be disclosed. The court concluded that because the plaintiff had received copies of both documents free of charge once he contacted the TPA to request them (a procedure that was outlined in the SPD), these documents were not improperly withheld.
  • The TPA’s Medical Management Form and other internal documents.  The court determined that a medical management form, utilization review process document, and other related documents used by the TPA for its internal purposes did not need to be disclosed because the documents did not govern the plan.

Finally, the Court held that draft versions of SPDs for the Plan did not need to be produced because the administrator is only required to provide the “currently operative, governing plan documents” at the time of the request.

The Court ultimately imposed a reduced penalty of $6,465 on the employer ($15 per day for 431 days between the date of the request and the date of production of certain documents that the employer was required to provide).  The $15 rate was reduced from $110 due to the “exceptional circumstances” accompanying the COVID-19 pandemic as well as lack of bad faith on the employer’s part. 


The Zavislak decision is one of the most detailed analyses by a court on the scope of ERISA Section 104(b)(4).  As such, it is likely that Zavislak will be cited by both litigants and courts in similar disputes involving participant requests for documents, including service provider agreements.  Nevertheless, the legal issue of whether service provider agreements must be disclosed remains unsettled.  Plan administrators who receive such requests should consider the extent to which agreements must be provided based on case law in the applicable jurisdiction.  As part of this analysis, plan administrators will likely need to review the terms of the agreement. 

Also, the litigation over the propriety of the employer’s response to a document request lasted nearly three years and almost went to trial.  The district court issued a 63-page written opinion.  The sheer effort that went into litigating and adjudicating this dispute is remarkable.  It highlights the need for employers to take ERISA document requests seriously.  Failure to do so can be costly.

[1] See, e.g., Hively v. BBA Aviation Benefit Plan, 2007 U.S. Dist. LEXIS 119348 (June 27, 2007), aff’d, 331 F. App’x 510, 511 (9th Cir. 2009) (holding that service agreement “does not fall within the scope of § 1024(b)(4) because it does not establish any rights of Plan participants and beneficiaries, and relates ‘only to the manner in which the plan is operated.’”); Morley v. Avaya Inc. Long Term Disability Plan For Salaried Employees, 2006 U.S. Dist. LEXIS 53720, at *18-19 (Aug. 3, 2006) (holding that a services agreement “between the Plan and the Claims Administrator as to each party’s respective duties and obligations . . . is not a plan document or a document ‘under which the plan is established or operated” under ERISA § 104(b)(4)).

[2] M. S. v. Premera Blue Cross, 553 F. Supp. 3d 1000, 1036-40 (D. Utah 2021).  See also Mondry v. Am. Family Mut. Ins. Co., 557 F.3d 781, 796 (7th Cir. 2009) (similar).

Potentially signaling a new wave of litigation, AT&T Inc. and AT&T Services, Inc. (AT&T) were hit with a class-action lawsuit on March 11, 2024 filed in the United States District Court for the District of Massachusetts relating to the 2023 transfer of $8 billion of their pension liabilities – covering approximately 96,000 participants in AT&T’s pension plan – to Athene Holding Ltd. (Athene). State Street Global Advisors Trust Company (State Street), which served as the independent fiduciary for the transaction, was also named as a defendant in the lawsuit.

Two days later, on March 13, 2024, former employees of Lockheed Martin Corporation (Lockheed Martin) filed a similar lawsuit in the United States District Court for the District of Maryland relating to two separate transfers of pension plan liabilities to Athene: a transfer in 2021 of $4.9 billion of Lockheed Martin’s pension liabilities, covering 18,000 pension plan retirees and beneficiaries, and a transfer in 2022 of $4.3 billion of pension liabilities, covering 13,600 pension plan retirees and beneficiaries. The transfers included liabilities from both Lockheed Martin’s hourly and salaried pension plans.

The lawsuits come at a time when plan sponsors, due to a range of factors including the relatively favorable interest rate environment, have an increased interest in de-risking activities, including transferring some or all of a pension plan’s liabilities to an insurer through the purchase of one or more group annuity contracts, known as a pension risk transfer or “PRT.” Additionally, the industry awaits an overdue report from the Department of Labor (DOL) to Congress on existing guidance on fiduciary duties under the Employee Retirement Income Security Act of 1974 (ERISA) when selecting an annuity provider that may preview changes to that guidance. Together, the outcome of these cases and the report to Congress could have far-reaching implications for sponsors and plan fiduciaries engaging in PRTs. Additionally, the lawsuits could potentially set the stage for the First Circuit and the Fourth Circuit (of which the District of Massachusetts and the District of Maryland are part, respectively) to weigh in on the pleading standard for prohibited transactions claims under ERISA, which would add to the current circuit split on this issue.


Defined benefit pension plans typically provide a guaranteed dollar amount of benefits to plan participants in the form of monthly annuity payments upon retirement (although plans may allow participants to elect an optional lump sum payment). Companies that sponsor a defined benefit plan (pension plan) are responsible for making all contributions required to ensure the plan has enough money to pay promised benefits and, unlike with respect to 401(k) and other defined contribution plans, assume the risk that assets will not be sufficient.

The law permits pension plan sponsors to transfer some or all of the pension plan liabilities to an insurance company through the purchase of group annuity contracts that satisfy certain legal requirements. Sponsors may decide to do a PRT (which may include terminating the plan altogether) for a number of reasons, including to eliminate the future risk that the plan assets will underperform, requiring significant company contributions, and to reduce volatility in company retirement contributions (by shifting future employer contributions to a defined contribution plan). Sponsors may also engage in a PRT to decrease the administrative cost of an ongoing pension plan, including premiums due to the Pension Benefit Guaranty Corporation (PBGC).

IB 95-1

The decision to do a PRT, whether or not the plan is terminated, is made by the plan sponsor and is a “settlor” decision. By contrast, the implementation of the sponsor’s PRT decision, including selection of an annuity provider, is fiduciary and accordingly done by a plan fiduciary. Fiduciary, but not settlor, actions are subject to the fiduciary standards under ERISA, including the requirement to act prudently and solely in the interest of the plan participants and beneficiaries.

In 1995, the DOL issued Interpretive Bulletin 95-1 (IB 95-1), which provides guidance to fiduciaries in discharging the fiduciary’s duties under ERISA when selecting an annuity provider for a pension plan. IB 95-1 was issued as part of the response to the failure of Executive Life Insurance Company in 1991, after the insurer’s portfolio of junk bonds took a hit. Generally, IB 95-1 advises fiduciaries to select a “safest annuity available” unless under the circumstances it would be in the interest of participants and beneficiaries to select a different insurer.

IB 95-1 lists a number of factors that DOL states a fiduciary should consider when selecting an annuity provider, including the insurer’s investment portfolio; the size of the insurer compared to the proposed contract; the level of the insurer’s capital and surplus; the insurer’s exposure to liability; the structure of the contract; and the availability of additional protection through state guaranty associations. Many plan fiduciaries consider additional factors not listed in IB 95-1, including enterprise risk management; asset-liability management; profitability and financial strength; and administrative capabilities. DOL included a reminder in IB 95-1 that the fiduciary nature of the selection of any annuity provider requires the selecting fiduciaries to act solely in the interest of participants and beneficiaries and for the exclusive purpose of providing benefits to the participants and beneficiaries as well as defraying reasonable expenses of administering the plan, meaning of course a fiduciary should not select the lowest priced annuity provider solely to maximize financial benefits for the plan sponsor. Although IB 95-1 does recognize cost and other considerations may lead to situations where it may be in the interest of participants and beneficiaries to vary from a safest annuity available, it notes that cost and such other considerations should not be used to justify putting benefits at risk by selecting an insurer that is not safe.

Review of IB 95-1

SECURE 2.0 directs DOL to review IB 95-1, in consultation with the ERISA Advisory Council, to determine whether amendments to the bulletin are “warranted” and report to Congress on the findings of the review and an assessment of risk to plan participants. It generally is understood that Congress’s direction came, in part, because of concerns some parties have raised regarding private equity-owned annuity providers.

The DOL’s review and report was to be completed by December 29, 2023. While at the time of this writing the DOL has not yet issued its report to Congress, the ERISA Advisory Council issued a statement in August 2023 with the Council’s positions and recommendations relating to IB 95-1.

Among the Council’s recommendations was that the DOL update IB 95-1 to provide that fiduciaries should consider the following: (1) an insurer’s ability to fund annuities in the long-term; (2) whether an insurer invests in riskier and/or less liquid assets; (3) whether a higher level of reserves is appropriate for insurers with riskier and/or less liquid investments; and (4) the risk of potential self-dealing or conflicts of interest when an insurer is owned, or the insurer’s portfolio is managed in part, by a private equity firm. The Council further recommended that the DOL’s guidance should clarify that fiduciaries are not prohibited from considering insurers that are invested in risky assets.


In the lawsuit against AT&T, the plaintiffs, who are former AT&T employees, take issue with the 2023 PRT to Athene, which transferred $8 billion of pension plan liabilities for the benefits of 96,000 participants and beneficiaries. Plaintiffs allege that the annuity purchase resulted in profit to AT&T of approximately $350 million, and a loss to participants of ERISA and PBGC protection. Plaintiffs further allege that Athene, which is owned by a private equity firm, has highly risky investments, including offshore reinsurance with Athene affiliates, which make it unsafe, and that AT&T chose Athene only because Athene was cheaper than other annuity providers.

Plaintiffs bring two types of claims against AT&T and State Street relating to the PRT. The first set of claims is for breach of fiduciary duty, alleging that AT&T and State Street (as a co-fiduciary) breached their duties to plan participants by selecting Athene, an allegedly unsafe insurer. As a result of this breach, plaintiffs allege, participants are at increased and substantial risk of not receiving their benefits, have lost ERISA protections, and have a decreased value of their pension benefit. There is no allegation that any participants have actually experienced any losses.

The second set of claims alleges AT&T and State Street engaged in prohibited transactions involving (1) State Street, when AT&T caused the plan to engage State Street, (2) Athene, when AT&T and/or State Street caused the plan to purchase the annuity contract from Athene, and (3) AT&T, when State Street caused the plan to purchase the annuity, which benefited AT&T. The complaint simply alleges that these parties were “parties in interest” at the time of the applicable transactions – implicating ERISA’s prohibited transactions rules – and does not address whether the transactions involved unreasonable compensation or were otherwise not covered by a statutory exemption.

The plaintiffs ask the court to order (1) AT&T and State Street to guarantee the annuities purchased from Athene, (2) AT&T to be secondarily liable for plaintiffs’ pension benefits, (3) reinstatement of the putative class as plan participants, and (4) disgorgement of profits earned from the annuity purchase, among other things.


The factual allegations against Lockheed Martin are substantially similar to those made against AT&T. Plaintiffs bring claims for breach of fiduciary duty against Lockheed Martin, alleging that Lockheed Martin’s decision to do the PRTs to Athene was a breach of fiduciary duty, and also that Lockheed Martin failed to monitor unnamed fiduciaries who made the decision to place the annuities. As a result, plaintiffs allege there is an increased and significant risk that they will not receive their benefits and, therefore, a decrease in the value of their benefits.

Plaintiffs also claim that Lockheed Martin engaged in a prohibited transaction when it engaged in the PRTs to Athene. Unlike the plaintiffs in the AT&T lawsuit, the Lockheed Martin plaintiffs further allege that the transactions do not qualify for any statutory prohibited transaction exemption because Athene received more than reasonable compensation for the services provided to the pension plans.

Plaintiffs seek disgorgement of profits, and the posting of security by Lockheed Martin to ensure plaintiffs receive their benefits. Unlike plaintiffs in the AT&T case, these plaintiffs are demanding a jury trial.


We expect that the defendants in these cases will seek dismissal of the claims. Not only must the plaintiffs sufficiently allege facts to support a fiduciary breach claim, but plaintiffs must also sufficiently allege that they suffered an injury in connection with the transfer of their benefits to Athene. Plaintiffs’ arguably speculative and conclusory allegations regarding the risk to their benefits transferred to Athene may not meet this pleading standard. Any advances beyond a motion to dismiss could have significant implications for plan fiduciaries selecting annuity providers.

The lawsuits may also have implications for ERISA plan fiduciaries more broadly. Neither the First Circuit nor the Fourth Circuit have weighed in on the pleading standard for prohibited transaction claims, but several other circuits, including the Second, Third, Seventh, and Tenth Circuits, require plaintiffs to allege transactions involved unreasonable compensation, conflict of interest, self-dealing, or the absence of a statutory prohibited transaction exemption. A few other appellate courts have interpreted the prohibited transaction provisions more expansively, which has led to a circuit split on this issue. This case could potentially present an opportunity for additional circuits to weigh in on the pleading standard for prohibited transaction claims.

For now, fiduciaries should continue to follow the guidance in IB 95-1 and be mindful of their fiduciary duties under ERISA. Fiduciaries also should be on the lookout for any amendments to IB 95-1 or related guidance from the DOL, which may address similar allegations made by the plaintiffs in this case.

On October 31, the U.S. Department of Labor (DOL) issued the proposed Retirement Security Rule (Proposed Rule), which would amend the existing rule that defines when a person is an investment advice fiduciary under the Employee Retirement Income Security Act of 1974, as amended (ERISA), and the Internal Revenue Code of 1986, as amended (Code). The DOL simultaneously issued proposed amendments to various class prohibited transaction exemptions (Exemptions), which are intended to narrow and harmonize the exemptions available to address conflicts of interest with respect to investment advice.

As discussed in this bulletin, the Proposed Rule and amendments to Exemptions – if finalized as drafted – would significantly expand which parties may be considered investment advice fiduciaries under ERISA and the Code and impose new and expanded requirements on investment firms and professionals that rely on Exemptions in their work with retirement investors. The following is a high-level summary of the more than 500-page Proposed Rule and amendments; we expect to provide additional insight in the future.


ERISA imposes significant fiduciary obligations on individuals responsible for the operation and management of workplace employee benefit plans, including retirement plans (e.g., 401(k) and defined benefit plans). Among other obligations, ERISA fiduciaries must act for the exclusive benefit of plan participants and beneficiaries, act in accordance with a prudent expert standard, follow the governing plan documents unless contrary to ERISA, and diversify plan assets to minimize the risk of large losses unless it is clearly prudent not to do so. The consequences of breaching those fiduciary duties can be significant, including disgorgement of profits and restoration of plan losses.

ERISA broadly defines the term “fiduciary” and applies a functional test: a person is a fiduciary to the extent he or she engages in certain conduct (or has the authority to do so), including a person who provides investment advice for a fee, direct or indirect, with respect to a plan’s monies or property. In 1975, the DOL adopted a rule defining when a person is a fiduciary as a result of providing investment advice to a plan (Five-Part Test). Under the Five-Part Test, a person is considered to provide investment advice if that person:

  • Renders advice to the plan as to the value of securities or other property, or makes recommendations as to the advisability of investing in, purchasing, or selling securities or other property;
  • On a regular basis;
  • Pursuant to a mutual agreement, arrangement, or understanding with the plan or plan fiduciary;
  • For which the advice will serve as a primary basis for investment decisions with respect to the plan; and
  • For which the advice will be individualized based on the particular needs of the plan.

If adopted, the Proposed Rule would replace the Five-Part Test. In the preamble to the Proposed Rule (Preamble), the DOL describes the need for a new test to reflect the current retirement landscape – namely, the move away from defined benefit plans to defined contribution plans such as IRA and 401(k) plans. The DOL first sought to replace the Five-Part Test based on a similar rationale in 2010, specifically that in its view, the Five-Part Test no longer adequately protects retirement investors. The DOL further notes in the Preamble that similar rule changes have been adopted by the SEC (for broker-dealers and their registered representatives) and many states in accordance with an NAIC model regulation (for insurance agents). The Proposed Rule and proposed amendments to the Exemptions are the latest chapter in what to date has been a 13-year process.

The Proposed Rule

The Proposed Rule replaces the Five-Part Test with a two-part test designed to impose fiduciary status in circumstances in which investors “can and should reasonably place trust and confidence in the financial services provider.”

Under the Proposed Rule, a person is an investment advice fiduciary if, for a fee or other compensation:

  • The person makes a recommendation of any securities transaction or other investment transaction or any investment strategy involving securities or other investment property to a retirement investor; and
  • The person provides the advice or recommendation in one of the following contexts:
  • The person has discretionary authority or control, whether or not pursuant to an agreement, arrangement, or understanding, with respect to purchasing or selling securities or other investment property for the retirement investor;
  • The person makes investment recommendations to investors on a regular basis as part of their business, and the recommendation is provided under circumstances indicating that the recommendation is based on the retirement investor’s particular needs or individual circumstances and may be relied upon by the retirement investor as a basis for investment decisions that are in the retirement investor’s best interest; or
  • The person making the recommendation represents or acknowledges that they are acting as a fiduciary when making investment recommendations.

Key Definitions

Retirement investor. Defined in the Proposed Rule to include the plan, plan fiduciary, plan participant or beneficiary, IRA (including, among others, HSAs), IRA owners or beneficiary, or IRA fiduciary.

Recommendation. While not explicitly defined in the Proposed Rule, the DOL views a recommendation as “a communication that, based on its content, context, and presentation, would reasonably be viewed as a suggestion that the retirement investor engage or refrain from taking a particular course of action.” Whether a communication is a recommendation depends on the facts and circumstances of a particular situation.

For a fee or other compensation, direct or indirect. If the person (or any affiliate) receives any explicit fee or compensation, from any source, for the advice or the person (or any affiliate) receives any other fee or compensation, from any source, in connection with or as a result of the recommended purchase, sale, or holding of a security or other investment property or the provision of investment advice, including, but not limited to, commissions, loads, finder’s fees, revenue sharing payments, shareholder servicing fees, marketing or distribution fees, mark-ups or mark-downs, underwriting compensation, payments to brokerage firms in return for shelf space, recruitment compensation paid in connection with transfers of accounts to a registered representative’s new B-D firm, expense reimbursements, gifts and gratuities, or other non-cash compensation.

What’s Changed?

In expanding the types of recommendations covered, the Proposed Rule significantly alters certain requirements of the Five-Part Test that, in the DOL’s view, have resulted in investment professionals avoiding fiduciary status in situations in which retirement investors would reasonably expect them to act in their best interests.

Divergence From the Five-Part Test

The regular basis prong. Under the Five-Part Test, recommendations must be made on a regular basis to be considered investment advice. As such, many providers take the position that one-time advice to an investor – regardless of the nature of the advice – does not constitute investment advice. It’s worth noting that the DOL itself previously interpreted the Five-Part Test consistent with that position in an opinion letter issued in 2005, which was subsequently withdrawn during 2020 with an explanation that its interpretation of the test had changed.

The Proposed Rule eliminates the regular basis requirement as currently formulated and instead focuses on whether the person provides recommendations to investors on a regular basis as part of his or her business. Rather than evaluating the specific nature of the relationship between the person and an individual retirement investor, the Proposed Rule would evaluate more broadly whether the person is in the business of providing investment recommendations to investors generally. As a result, one-time advice to a specific investor would not escape coverage under the Proposed Rule simply because it was provided once or for the first time to an individual investor.

The mutual agreement and primary basis prongs. Under the Five-Part Test, advice must be rendered pursuant to a mutual agreement that the advice will serve as a primary basis for the investor’s investment decisions. These requirements permit investment professionals to potentially defeat fiduciary status by disclaiming fiduciary status in their written agreements with investors or to argue that if an investor consulted with various professionals, the professional’s advice was not a “primary basis” for the investor’s decisions.

The Proposed Rule eliminates these formal requirements and instead focuses on the reasonable understanding of the nature of the relationship. Important to this analysis is how investment providers market themselves and describe their services. In the Preamble, the DOL notes that the use of certain titles (e.g., financial consultant, financial planner, or wealth manager) “routinely involves [service providers] holding themselves out as making investment recommendations that will be based on the particular needs or individual circumstances of the retirement investor and may be relied upon as a basis for investment decisions that are in the retirement investor’s best interest.”

The Proposed Rule also specifically rejects the utility of disclaimers under certain circumstances, noting that disclaimers “will not control to the extent they are inconsistent with the person’s oral communications, marketing materials, applicable State or Federal law, or other interactions with the retirement investor.” In other words, an investment professional cannot engage in conduct that the DOL believes would lead an investor to believe that the professional is acting in a fiduciary capacity and at the same time disclaim such status.

Familiar Expansion to Rollover Advice

One major consequence of the departure from the Five-Part Test is the expansion of the rule to cover rollover recommendations. Specifically, the Proposed Rule applies both to recommendations regarding the decision to rollover and to recommendations on how securities or other investment property should be invested immediately after rollover, transfer, or distribution. This expansion is unsurprising, as the DOL has attempted to regulate rollover recommendations in the past. According to the DOL, this expansion is warranted because rollover decisions are among the most important decisions a retirement investor may make in his or her lifetime. Additionally, advice concerning the initial investment of assets post-rollover implicitly requires an investment adviser to consider the alternative of leaving the retirement investor’s assets in the current plan or account.

The Proposed Rule also covers recommendations of others to provide investment advice or management services and advice regarding account arrangements such as whether to hold assets in a brokerage or advisory account.

Lessons Learned From Vacatur of 2016 Rule

In an attempt to address concerns raised by the Fifth Circuit in its 2018 decision vacating a similar DOL rule issued in 2016, the DOL clarified that, while broad, the definition of investment advice is not intended to capture all interactions with retirement investors. For example, a person would not become a fiduciary solely by engaging in their own general marketing activities to a retirement investor unless the marketing efforts include specific investment recommendations that, standing alone, would constitute investment advice under the Proposed Rule. The Preamble also discusses certain other circumstances, such as wholesaling activities and the application of the Proposed Rule to platform providers and pooled employer plans. While these activities and the typical functions of these service providers often do not involve communications that would rise to the level of investment advice, the determination would depend on the specific facts and circumstances involved. The DOL also notes in the Preamble that valuation services are not covered by the Proposed Rule.

Proposed Amendments to Class Prohibited Transaction Exemptions

Along with the Proposed Rule, the DOL issued proposed amendments to various Exemptions. At a high level, these amendments are intended to harmonize, when appropriate, the requirements for prohibited transaction relief for investment advice fiduciaries, regardless of the investment product or service involved. Based on the amendments, investment advice fiduciaries must now rely on one of two exemptions to address conflicted advice: PTE 2020-02 and PTE 84-24.

PTE 2020-02

PTE 2020-02 permits investment advice professionals to receive compensation for advice that would otherwise run afoul of ERISA’s and the Code’s prohibited transaction provisions if certain requirements are satisfied. In general, financial institutions and their financial professionals relying on the exemption must:

  • Acknowledge fiduciary status in writing;
  • Disclose their services and material conflicts;
  • Meet the Impartial Conduct Standards (prudence and loyalty requirements, receipt of no more than reasonable compensation, and avoid making misleading statements about transactions or related matters);
  • Adopt policies and procedures prudently designed to ensure compliance with the Impartial Conduct Standards and mitigate conflicts of interest that could otherwise cause violations of those standards;
  • Document and disclose the specific reasons that any rollover recommendations are in the retirement investor’s best interest; and
  • Conduct an annual retrospective review.

The proposed amendment expands the availability of the Exemption to certain providers (including pooled plan providers and robo-advisers) and clarifies and expands on a variety of current requirements, including the obligation to provide additional disclosures (automatic and upon request), the disqualifying provisions, and the winding down requirements.

PTE 84-24

PTE 84-24 currently permits certain purchases of insurance or annuity contracts or investment company securities and permits insurance agents or brokers, pension consultants, and principal underwriters to receive compensation as a result of those purchases.

The proposed amendment eliminates reliance on the Exemption for investment advice transactions (which would be subject to PTE 2020-02 for relief), except for those involving the receipt of commissions or fees in connection with recommendations by independent producers involving annuities or other insurance products not regulated by the SEC. PTE 84-24 provides relief in those narrow circumstances, subject to requirements similar to those of PTE 2020-02.

PTEs 75-1, 77-4, 80-83, 83-1, and 86-128

The proposed amendment to PTEs 75-1, 77-4, 80-83, 83-1, and 86-128 would eliminate reliance on those Exemptions for conflicts arising from the provision of investment advice:

Exception. No relief from the restrictions of ERISA section 406(b) and the taxes imposed by Code section 4975(a) and (b) by reason of Code sections 4975(c)(1)(E) and (F) is available for fiduciaries providing investment advice within the meaning of ERISA section 3(21)(A)(ii) or Code section 4975(e)(3)(B) and regulations thereunder.

Discussion and Effective Date

The Proposed Rule and proposed Exemption amendments would, as proposed, significantly expand ERISA fiduciary status in a variety of circumstances and limit the relief available to resolve conflicted advice. Plan fiduciaries and potentially impacted investment professionals should carefully review the proposals and monitor further developments. We anticipate that there will be a large number of comments submitted to the DOL regarding the Proposed Rule and that, if adopted, the resulting final rule will face legal challenges.

The Proposed Rule and Exemption amendments provide that they will be effective 60 days after publication of a final rule or final amendments in the Federal Register, though the DOL has requested comments on the proposed timeline and whether additional time may be needed before the rule and amendments become effective.

On September 29, 2023, the Department of Labor (DOL) issues Advisory Opinion 2023-01A (Opinion) approving Citibank’s Diverse Asset Manager Program (Program) as it relates to plans subject to the Employee Retirement Income Security Act of 1974 (ERISA). The Opinion provides a road map primarily for pension and 401(k) plan sponsors who wish to increase the portion of plan assets that are invested with diverse investment managers without running afoul of ERISA’s rules.

Under the Program, which is part of Citibank’s larger Action for Racial Equity designed to address the “racial wealth gap” affecting the business environment in which Citibank operates, Citibank commits to pay all or part of the fees of diverse asset managers for the ERISA plans it sponsors. In this groundbreaking Opinion, the DOL concluded that (1) Citibank’s establishment of the Program and payment of investment management fees under the Program are settlor, not fiduciary, actions; (2) plan fiduciaries do not violate their fiduciary duties by taking into account Citibank’s commitment to payment of fees under the Program; and (3) for Citibank’s defined contribution plans, the Program does not constitute improper influence by a plan fiduciary or sponsor for the purpose of preventing participant control under ERISA section 404(c). The Opinion prescribes certain safeguards with respect to the Program to assure that Citibank’s actions are considered settlor actions and that an Investment Committee’s fiduciary decisions are not subject to a conflict of interest.

While the legal complexities around corporate supplier diversity, equity and inclusion (DEI) initiatives have recently grown, so too has the business rationale and need for such programs for many companies. For those companies, creative approaches to achieving DEI objectives while mitigating legal risks are valuable. Plan sponsors may therefore want to work with ERISA counsel to determine how to use the Opinion as a guide in considering similar programs.

The Program

The details of the Program are described more fully in the Opinion, but at a high level, the Program is structured as follows:

Fee Subsidy. Citibank allocates a pre-determined amount of diverse manager fee subsidies to each ERISA plan it sponsors, subject to certain caps on total fees paid under the Program as well as to an individual manager and agrees to pay for or subsidize a diverse manager’s fees for a minimum of three years.

  • An investment manager will qualify as a diverse manager for purposes of the Program if it has a total minority or female ownership of at least a specific percentage set forth in the Program, such as 50%, as determined by a Nasdaq-affiliated database, or another database unaffiliated with Citibank.
  • No investment manager who is a party in interest or in which Citibank has an interest would be eligible under the Program.

Manager Selection Process. In selecting investment managers, Citibank expects that the plan fiduciary (the Investment Committee for a plan) will perform an initial search of managers based on pre-determined criteria (such as the manager’s credentials, AUM, experience) and then narrow down the candidates based on additional factors, such as proposed fees. During the narrowing process, Citibank’s commitment under the Program to pay all or a portion of a diverse manager’s fees could be considered.

  • The fiduciary’s selection of managers is in its full and complete discretion. The Program will not provide Citibank with any rights regarding investment manager selections or allocations and will not mandate that a plan fiduciary engage in any particular search or selection processes.

Fee Disclosure. In disclosing the fees of an investment manager that manages a private fund offered to participants of one of Citibank’s defined contribution plans, Citibank expects that the plan fiduciary will disclose the fund’s expense ratio without regard to Citibank’s payment of fees under the Program. However, Citibank’s payment of fees under the Program also will be disclosed to participants.

The Program will be publicized as part of Citibank’s reporting of its Action for Racial Equity initiatives but is not designed to produce a monetary or other tangible financial benefit to Citibank.

The DOL’s Opinion

In the Opinion, the DOL reached three conclusions in respect of the Program:

  1. Citibank’s Actions Are Settlor. In establishing the Program and paying any diverse manager fees under the Program, Citibank is acting as a settlor, not a fiduciary, under ERISA.
  2. A Fiduciary May Consider Subsidized Fees. Citibank’s payment of fees under the Program is a financial factor that may be considered, as one of many factors, by a prudent fiduciary in selecting an investment manager.
  3. ERISA Section 404(c) Is Still Available. ERISA section 404(c) limits liability of a plan fiduciary for investment losses where a participant or beneficiary exercises control over the assets in their individual account. However, DOL regulations provide that a participant or beneficiary is not considered to exercise control over their account where they are subject to “improper influence” by a plan fiduciary or sponsor. The DOL concluded that disclosure of the Program or payment of fees under the Program would not constitute improper influence for the purpose of ERISA section 404(c).

Implications of Opinion

The Opinion provides an alternate pathway to reflect diversity factors in the context of selecting investment managers under ERISA plans generally. Prior to the Opinion, the principal pathway was consideration of those factors by the applicable plan fiduciary in its discretion as relevant to the risk and return analysis subject to ERISA’s fiduciary duty rules. With this Opinion, an alternative pathway is now available for a plan sponsor to design its plan in a manner intended to further its corporate DEI initiatives without subjecting that design choice to ERISA’s fiduciary duty rules.

Thompson Hine represented Citibank in obtaining this innovative Advisory Opinion, however this advisory bulletin is solely issued by Thompson Hine LLP.

On July 25 the U.S. Departments of Treasury, Labor and Health and Human Services (“tri-agencies”) released guidance related to the Mental Health Parity and Addiction Equity Act (MHPAEA). Among other documents, the guidance includes a proposed update to the MHPAEA regulations and a report to Congress summarizing the tri-agencies’ enforcement efforts related to group health plans’ obligations to perform and document non-quantitative treatment limitation (NQTL) analyses.

Although new requirements described in the proposed regulations will not take effect unless and until regulations are finalized, the MHPAEA guidance as a whole provides a wealth of information that employers can and should be addressing now.


  • The DOL expects plans to have already performed and documented NQTL analyses. Even if the plan otherwise complies with MHPAEA in design and operation, failure to have sufficiently documented NQTL analyses could violate MHPAEA.
  • Sponsors of self-insured health plans have been attempting to comply with this requirement by obtaining standard NQTL analyses prepared by their medical and prescription drug third-party administrators and care coordinators (TPAs). It is clear from this guidance that most (if not all) of these standard documents do not satisfy the DOL’s expectations for an NQTL analysis. Employers should ask their TPAs whether they will be updating their analysis documents in response to this guidance and consider whether to hire a vendor to independently conduct and document the required analyses.
  • The DOL expects group health plan sponsors to obtain information from their TPAs. If the regulations are finalized as proposed, plans will be required to obtain and evaluate a significant amount of operational information. Employers should confirm now whether their TPA contracts require the TPA to provide the data the employer may need to comply with or verify compliance with MHPAEA. If not, employers should negotiate with the TPA to include this requirement in an amendment or as part of a renewal.
  • Plan fiduciaries have a duty to ensure that the plan complies with MHPAEA. If the regulations are finalized as proposed, named fiduciaries will have a new express obligation to review completed NQTL analyses and certify that they are compliant. Employers should review their plan governance now to ensure that appropriate delegations are in place and that the health plan’s fiduciaries understand and have appropriate processes to carry out their fiduciary duties.
  • Plan exclusions may violate multiple provisions of MHPAEA. The DOL is particularly focusing on exclusions relating to ABA therapy, eating disorders, and opioid treatments (and in fact has confirmed that benefits for treatment of autism or eating disorders should be considered mental health benefits rather than medical/surgical benefits). Employers should review their SPDs for any exclusions that apply to mental health or substance use disorder treatments and ask the TPA for enough information to determine whether such exclusions are permissible.
  • Network adequacy is important. Although plan sponsors usually do not have control over the composition of the plan’s network, employers should work with their TPAs to ensure that the plan’s network allows for sufficient access to mental health and substance use disorder providers.

State Auto-IRA Landscape

States and even municipalities across the country are taking an increasingly active role in addressing the nation’s retirement preparedness crisis. From California’s CalSavers Retirement Savings Program originating as early as 2012 to the Maine Retirement Savings Program enacted only a few weeks ago, many states – and even municipalities like New York City and Seattle, Washington – have implemented or at least proposed “auto-IRA” programs aimed to provide a retirement savings vehicle for employees without access to a retirement savings vehicle through an employer.

Generally, these programs are designed to overcome a small employer’s objections to offering a retirement plan that would otherwise be subject to the Employee Retirement Income Securities Act (ERISA).  These programs provide an automatic enrollment payroll deduction into an individual savings account, typically a traditional pre-tax and/or Roth IRA. There are no employer contributions, and there are no ERISA reporting and regulatory compliance requirements.  These programs operate using professional private management of investments that are not readily available to individuals with a private IRA.  While default employee contribution amounts vary, employers subject to such programs are usually required to either demonstrate that they are exempt by providing proof of an employer sponsored plan, or to enroll eligible employees, facilitate applicable deferrals through payroll and transmit amounts to the program sponsor. Noncompliance may result in penalties for the employer.

CalSavers: An ERISA Preemption Case Study

Traditionally, employer sponsored benefit plans are subject to ERISA, a federal law historically held to preempt conflicting state law. Thus, the question naturally arose whether state sponsored auto-IRA programs were preempted under ERISA. As of May 6, 2021, it appears we have an initial answer from the US Court of Appeals for the Ninth Circuit, which upheld a lower court decision finding that California’s CalSavers Retirement Savings Program was not preempted by ERISA.

In so finding, the court concluded that the CalSavers Program was not an ERISA plan for several reasons. First, CalSavers is not an employer sponsored plan. It is a program established and maintained by the state of California, not in any capacity as an employer of CalSavers participants. Second, the court found that CalSavers does not require employers to maintain an ERISA plan. Rather, it requires nonexempt employers to maintain administrative functions in order to facilitate deferrals made into the CalSavers Program through employer payroll. Third, CalSavers is not impermissibly connected to ERISA, nor does it interfere with ERISA’s purpose. In fact, CalSavers exempts employers maintaining ERISA retirement plans from participation in CalSavers, and nonexempt employers that are subject to CalSavers are responsible only for ministerial requirements that do not rise to the purview of ERISA.

Employer Fallout

The CalSavers decision clearly does not provide for a blanket exemption to other state programs and thus, ERISA preemption will likely continue to be considered on a program by program basis. However, in light of the CalSavers decision, it is likely that more states and municipalities will implement similar programs if Delaware’s legislative proposal in May 2021, Maine’s adoption of an auto-IRA program in June 2021, and New York state legislature’s expansion of its voluntary auto-IRA program to a mandatory program in June 2021 are any indication. This patchwork of programs that vary from jurisdiction to jurisdiction will present compliance challenges that are not insignificant for multistate employers, particularly those with nontraditional workforces who historically have not been eligible to participate in an employer sponsored retirement savings plan.

Of note, multistate employers are likely to be required – or at least encouraged – to register with each state’s program regardless of whether they are required to participate in the auto-IRA program. For example, CalSavers regulations require eligible employers to register, but specifically provide that exempt employers may, but are not required to, inform the program’s administrator of their exemption. However, unless an exempt employer provides notice to the program’s administrator, one can fairly assume that CalSavers will continue to send notices requesting registration of the employer and threatening potential penalties for noncompliance. This leaves the employer’s compliance and risks associated with potential penalties in limbo until notice of exemption is provided and accepted by the program’s administrator.

A related question that persists and which will likely have to be addressed program by program is the requirements for employers to demonstrate exempt status. While most known state auto-IRA programs or proposals exempt employers simply if they maintain or have recently maintained a qualified employer sponsored retirement savings plan, at least one state legislative proposal would only provide exemption if the employer provides “each” eligible employee the opportunity to participate in a plan and another state requires the eligible employees who are eligible to participant in the plan to be located within that state. Obviously, if states begin to require all employer plan sponsors to enroll employees who are ineligible to participate in the employer’s plan, the administrative burden to multistate employers would be increased dramatically. For example, employers with a large part-time or variable employee population may not provide eligibility to those employees working less than 1,000 hours a year in part due to the transient nature of that portion of their workforce. Under a state auto-IRA program requiring coverage for all employees in order to be exempt, employers may find themselves with a significant administrative burden in addition to their administrative scheme required for their own retirement savings plan. Given the Ninth Circuit’s reliance in part on the fact that the CalSavers program exempts employers maintaining ERISA retirement plans from participation in CalSavers, however, it is unclear whether a court would find such a program to be preempted by ERISA or not.

Further, it is unclear how controlled group rules applicable to ERISA would apply in regard to state auto-IRA compliance. Depending on each jurisdictions interpretation of regulations, employers who are active in mergers and acquisitions or who may utilize a controlled group structure in which employees may periodically move between entities, may find themselves having to account for a controlled group member who they are not required to provide eligibility for a retirement savings plan. For example, ERISA provides for a transition rule in the merger and acquisition context under which an acquiring company may temporarily test a recently acquired entity separately from its pre-acquisition controlled group. This rule effectively relieves the acquiror temporarily from being required to immediately add a recently acquired entity to its plan without failing applicable nondiscrimination requirements, giving the acquiror time to transition the new entity into the controlled group. However, under a state auto-IRA program, such acquiror would need to account for the entity immediately upon acquisition since no similar transition period applies under state law. A similar example may occur for businesses relying on a franchise model. In that context, it is not unusual for one company to step in and take over an entity for a short period of time in order to preserve the entity’s business operations while it is transitioned to a new company. Again, due to the temporary nature of such an employee relationship, the acquiring company would typically not extend retirement savings plan eligibility to employees of the entity during the period of time in which the entity is transitioned to a new company due to the short period of time involved. Under most state-auto IRA program regulations, this would result in the disruption of access to a state auto-IRA for employees of the entity during the period of time in which the company with a retirement plan employs those employees.

The Aftermath

The fallout of the CalSavers decision has some groups lobbying for Congress to provide tax credits for businesses who participate in these state and city auto-IRA programs, much like the tax credits that are available to businesses starting an ERISA plan.  While there is no fee on its face for an employer to participate in these state and city auto-IRA programs, employers do incur out-of-pocket costs in coordinating the data and payroll deductions with the state or city program as well as distributing information about the program to its employees.  One way for an employer to recoup these out-of-pocket costs is for Congress to provide federal tax credits associated with these programs.

Regardless of whether federal assistance becomes a reality, the unanswered questions and administrative burdens resulting from the emerging patchwork of state and city auto-IRA programs, specifically to multistate employers, seemingly cloud the impact of an otherwise clear Ninth Circuit decision. As a result, it is fair to assume that the increase of state auto-IRA programs will result in a corresponding increase in related employee claims. While an employer may only be responsible for the administrative payroll scheme in the eyes of the Ninth Circuit, it is conceivable that participants will include employers in related litigation. Assuming such state auto-IRA program is not subject to ERISA, participants are not subject to ERISA claims and appeals requirements or limited to federal court to litigate such claims, meaning employers could potentially face a myriad of claims in state or even municipal courts across the country from mild Maine to sunny California.

The 2021 Advisory Council on Employee Welfare and Pension Benefit Plans has announced that it will examine brokerage windows in participant-directed individual account retirement plans that are covered by ERISA.  The work of the Council is designed to assist the Department of Labor’s effort to determine whether more guidance would be appropriate and necessary to ensure that plan participants who have access to brokerage windows are adequately informed and protected.   ERISA does not define what is a “brokerage window” or “self-directed brokerage window,” but a common definition is an investment option in a participant-directed 401(k) plan that gives participants and beneficiaries the capabilities to buy and sell investment securities through a brokerage platform, above and beyond the core lineup of investment options offered by the plan.

Past DOL Guidance

In 2012, the DOL issued a revised Field Assistance Bulletin clarifying the disclosure requirements relating to brokerage windows offered in ERISA plans.  Apart from disclosure requirements, the FAB did not address how ERISA’s fiduciary standards might apply to brokerage windows.

In 2014, the DOL issued a Request for Information to increase its understanding of the prevalence and role of brokerage windows in self-directed individual account plans, including why and how often brokerage windows are offered and used in ERISA-covered plans.

Industry Support for Brokerage Windows

In connection with the Advisory Council’s June 2021 meetings, various industry participants provided input on brokerage windows in participant-directed individual account retirement plans.

The U.S. Chamber of Commerce provided written comments under a heading that says it all, “Don’t break brokerage windows.”  The Chamber believes that “[b]rokerage windows allow plan sponsors to meet the unique investing needs of certain participants” and that the DOL “should make it easier, not more difficult, for plan sponsors to offer this option if a plan sponsor feels it appropriate.”  The Chamber asked the DOL to issue formal guidance along the following lines:

  • a plan fiduciary is not liable for monitoring each underlying investment
  • tips on if and how to offer a brokerage window
  • sample language that describes what is involved with investing through a brokerage window (proposed model language was attached to the Chamber’s submission).

The ERISA Industry Committee (ERIC), a national trade association that advocates exclusively for large employers on health, retirement and compensation public policies, also spoke in support of brokerage windows.  ERIC’s view is that the current guidance on brokerage windows is sufficient for plan sponsors, and the DOL should not impose additional fiduciary requirements on plans with brokerage windows.

Specific Issues Addressed by Industry

  Prevalence of Offerings and Rate of Uptake

The Chamber cites a 2015 AON study showing that about 40% of plans offered a brokerage window and a 2019 Vanguard report showing that about 19% of its 401(k) plans offered a brokerage window.  The AON study says that about 3-4% of participants participate in the brokerage window option, while the Vanguard report says only 1% of participants use them.

ERIC conducted a survey of its own members (who are plan sponsors).  About half responded, and of that cohort, about 60% reported that they provide a brokerage window as part of their investment lineup.  As for the percentage of participants who actually use the brokerage window, ERIC states that a little more than half of the plans report a usage rate of 0-5%.  Another 24% of the plans report a usage rate between 6-15%, with 10% of the plans reporting a usage rate of 16% or higher.

In sum, only a fraction of plans offer brokerage windows, and an even smaller fraction of participants actually invest in them.


The Chamber says that although participant uptake is “low,” brokerage windows are still an important tool for those participants who want more varied investment options beyond the plan’s core lineup.  For example, some participants may wish to engage in Shariah investing or overall ESG investing, and while it may not make sense for a particular plan to offer these specialized kinds of investments as part of the core menu of investment options, the brokerage window can provide an avenue for these particular participants to meet their investing goals.

A common theme running through the industry comments is that the plans that offer brokerage windows do so because participants request them.

  Types of Participants Who Use Brokerage Windows

One of the express goals of the Advisory Committee’s study is to determine “who” is currently using brokerage windows.  The industry submissions provide some glimpses at the answer.

According to the Chamber, those who use brokerage windows tend to have higher account balances and are generally more sophisticated investors and more highly educated individuals who often work in finance, investing, law or engineering.

ERIC states that highly compensated employees were not the majority of participants in the brokerage windows their members offered.

According to ERIC, of those participants who invest in a brokerage window, it “seems to be rare,” that a participant invests 100% of their retirement account balance through the brokerage window.

  Concerns Over Potential Litigation

The Chamber asked the DOL to issue guidance that would help prevent the current wave of ERISA excessive fee litigation from spilling over to brokerage windows.  Specifically, the Chamber asked that the DOL “clarify that if a fiduciary otherwise meets the requirements under ERISA Section 404(c) and the applicable regulation, including the required disclosures under 29 CFR § 2550.404a-5, the fiduciary is not liable for any losses that a participant or beneficiary may incur from investing in a brokerage account.”

ERIC expressed an oft-repeated concern of plan sponsors about uncertainty over the issue of whether the plan fiduciaries have a duty to vet and monitor each and every underlying investment option being made available to participants through a brokerage window.  As stated by ERIC, “Any guidance from the DOL that would seek to impose fiduciary responsibilities over specific brokerage window investments would be unwieldy, if not impossible, to satisfy; potentially putting plan fiduciaries in the position of having to evaluate the thousands of investments and their appropriateness with respect to the investing plan participant and the plan.”

ERIC stated that if the DOL seeks to impose fiduciary liability over the underlying individual investments in a brokerage window, it would have a chilling effect on plan sponsors, potentially causing them to drop brokerage windows.  Or it could cause participants who rely on brokerage windows to “abandon” the employer retirement system in favor of IRAs or non-retirement accounts in which an open investment structure would remain available.


It remains to be seen what the Advisory Council will recommend to the DOL on the subject of brokerage windows and whether the DOL will take any action.  Will the DOL take steps to give plan sponsors more comfort, or less comfort, around offering brokerage windows?  Or will it continue to take a relatively hands-off approach on the subject, preserving the status quo in which a portion of retirement plans decide to offer brokerage windows among their investment options and an even bigger portion decide not to? will continue to track these questions and will report back after the Advisory Council announces its findings.



Retirement plans may have thousands of participants and billions of dollars in plan assets. Unfortunately, these large sums of money are attractive to bad actors who look to prey on unknowing victims by fraudulently accessing funds. Plan administrators, as fiduciaries of retirement plans, are wise to understand their legal obligations and best practices related to the security measures they must implement and maintain to protect these funds from cybercrimes.

Recent Cyber Attacks Against Retirement Plans

Earlier this year, in Bartnett v. Abbott Laboratories, et al. a retirement plan participant (Heide Bartnett) filed a lawsuit against her employer, Abbott Laboratories, the plan administrator, and the plan’s recordkeeper, Alight Solutions, LLC. According to the complaint, an individual impersonating the plaintiff attempted to access her retirement account by selecting the “forgot my password” prompt on the plan’s online recordkeeping platform. After requesting that a one-time security code be sent to the participant’s email account, which the impersonator had already improperly accessed, the impersonator gained access to the participant’s online retirement account and changed its password. Soon after, a new bank account was added to the participant’s retirement plan profile to which funds could be directly deposited from the participant’s retirement plan account. Two days later, the impersonator called Abbott’s service center to inquire about the transaction that he or she was (illegally) facilitating and was told that a distribution could not be made to the new bank account for seven days. Meanwhile, instead of attempting to contact the participant via phone or email (which was the plaintiff’s preferred method of communication), Abbott sent her a “snail mail” notice of the newly added bank account. By the time the participant received the notice, the impersonator had already looted her retirement account. Only a small fraction of the funds taken were recovered and the plaintiff filed a lawsuit seeking to recover $245,000, plus interest and other fees for the alleged breaches of fiduciary duty.

What Can Be Done To Stop Cybercrimes?

Although Abbott Laboratories is still a pending case, the plaintiff’s allegations are a stark reminder of the danger and risk that cybercriminals pose to retirement plans. Accordingly, plan administrators should ensure that the technical, physical, and administrative safeguards they have implemented to protect the confidentiality and integrity of plan assets satisfy basic legal requirements and meet industry security standards. Here are five areas that can serve as a starting point for a cybersecurity review in the retirement plan context:

First, plan fiduciaries should question the cybersecurity policies and procedures of their retirement plan recordkeepers and be aware of the liabilities they face for the shortcomings of their recordkeepers. Inquire about the recordkeeper’s cybersecurity capabilities and the safeguards in place to deter losses due to bad actors. In particular, inquire as to the access controls the recordkeeper has implemented to limit and verify access to an individual’s account. How are the controls created? How often are they tested? Have they ever been compromised, and if so how? What is the recordkeeper’s password policy for account access? Does the recordkeeper require multifactor authentication?

Second, identify whether the plan fiduciaries and the recordkeeper have an adequate level of cybersecurity insurance. It is also worth determining whether any existing insurance or fidelity bond coverage will provide financial relief in the case of a cybersecurity breach. If basic insurance coverage does not apply to forgery, consider a rider for additional coverage.

Third, request a copy of the recordkeeper’s data breach response plan and identify how often the recordkeeper undertakes table-top exercises or similar activities to test its response capabilities. It is important to identify where the plan sponsor aligns within the recordkeeper’s plan and even consider joint data breach-type exercises. If permitted, seek to identify any outside service providers and counsel that the recordkeeper has retained for such emergencies and ensure that they are qualified and capable to respond to data breaches upon a moment’s notice.

Fourth, require the recordkeeper to undergo third-party security and vulnerability testing so they can identify and remediate any aspect of their security program that presents a risk. It is especially important to ensure that high or critical risk vulnerabilities are resolved within hours or days (and not weeks or months). Accordingly, ensure that the recordkeeper has identified (in writing) an official who is fully responsible for the security of the plan’s assets. Accountability is a key aspect of any security program.

Fifth, educate plan participants. Let them know they can take an active role in protecting their own plan assets. As basic as it may seem, remind participants not to share their login or personal information with anyone. The allegations against Abbott Laboratories explain that an email account was compromised which allowed the bad actor to request authentication to the compromised email. Once the false authentication was made, the recordkeeper processed the request to have an additional bank account added. Savvy participants can help play an active role in the protection of their own account assets.

A Tough Road Ahead

Careful considerations by plan administrators have become especially important in light of the COVID-19 pandemic because there has been a steady increase in certain cyber-related crimes during this time. The recently enacted CARES Act provides many retirement plan participants with the opportunity to take large in-service distributions and loans, and such distributions and loans are ripe for the nefarious acts which were the basis for the Abbott Laboratories case. As a result, plan administrators need to stay vigilant and ahead of the curve when it comes to cybersecurity protections.

The Seventh Circuit has issued its decision in the much-anticipated case of Divane v. Northwestern.  The district court below had refused to allow plaintiffs to proceed with breach of fiduciary duty and prohibited transaction claims based on the recordkeeper’s use of participant data for purposes of “cross-marketing” non-plan services to plan participants.  The issue arose in a unique procedural posture, a motion for leave to amend the complaint near the close of discovery. The district court found that the proposed new counts, including the cross-marketing claim, were untimely (for being raised six days before the close of discovery) and futile (for failing to state a claim).

In affirming the district court decision, the Seventh Circuit agreed that the allegations based on cross-marketing were untimely and “failed to state claims for relief.” This is the first time the issue of cross-marketing participant data has been decided at the circuit court level. Going forward, this precedent will pose a significant obstacle for plaintiffs who wish to pursue cross-marketing claims.

Plaintiffs’ Counsel Has Been Focusing on Cross-Marketing Claims

For a few years now plaintiffs have been challenging fiduciaries who allow service providers, usually recordkeepers, to utilize participant data to offer non-plan financial services to participants. For example, in their second amended complaint in Cassell v. Vanderbilt University, plaintiffs alleged that plan fiduciaries breached their fiduciary duties by allowing the plan’s recordkeeper “to use its position as the plan’s recordkeeper to obtain access to participants, gaining valuable, private and sensitive information including participants’ contact information, their choices of investments, the asset size of their accounts, their employment status, age, and proximity to retirement, among other things.” Further, plaintiffs alleged, the plan fiduciaries allowed the recordkeeper to use this valuable and confidential information to sell the recordkeepers’ products and wealth management services to the plan’s participants and “failed to even attempt to determine the value of this marketing benefit.”

Similar cross-marketing claims were brought against Johns Hopkins, MIT and Northwestern.

The District Court Rejects a Claim Based on Cross-Marketing Participant Data

In many ways Divane v. Northwestern was a typical ERISA fee case, with plaintiffs challenging the (allegedly) excessive fees and underperformance of various investment options in the university’s defined contribution plan. Near the close of discovery, however, the plaintiffs tried to add a claim that the plan fiduciaries should be liable for allowing the plan’s recordkeeper to market products to plan participants using participants’ contact information, their choices of investments, the asset size of their accounts, their employment status, age, and proximity to retirement.

The district court refused to allow plaintiffs to pursue this cross-marketing claim, finding that it should have and could have been raised earlier in the case. In addition to the issue of timeliness, the district court addressed the futility of allowing an amended pleading based on allegations of cross-marketing:

  • It is not imprudent to allow the recordkeeper to have access to this kind of participant information.
  • Disclosure of such information to the recordkeeper does not implicate ERISA fiduciary functions.
  • Not a single court has held that releasing confidential information or allowing someone to use confidential information is a breach of fiduciary duty, and “[t]his Court will not be the first, particularly in light of Congress’s hope that litigation would not discourage employers from offering plans.”

The district court also found that the recordkeeper’s use of participant data for cross-marketing was not a prohibited transaction because the court was “not convinced” such information is a plan asset. Thus, plaintiffs’ proposed claim based on using participant data for cross-marketing failed to state a claim.

Plaintiffs’ counsel appealed.

Some Defendants Settle and Agree to Prohibit Cross-Marketing

While the Divane v. Northwestern appeal was pending, and with a lack of controlling precedents specifically addressing cross-marketing issues in this context, defendants in some other ERISA cases hedged their bets by settling the cross-marketing claims asserted against them. For example, Vanderbilt University settled its case by paying $14.5 million and agreeing, among other things, to prevent any future cross-marketing by the plan’s recordkeeper. Specifically, Vanderbilt agreed that going forward the plan fiduciaries shall contractually prohibit the recordkeeper from using information about plan participants acquired in the course of providing recordkeeping services to market or sell products or services unrelated to the plan to plan participants unless initiated by a plan participant.

Subsequently, Johns Hopkins and MIT settled their ERISA fee cases by agreeing, among other things, to forbid cross-selling by their plans’ service providers.

The Seventh Circuit Affirms, Adopting the District Court’s Reasoning

After these settlements, the Seventh Circuit issued its opinion in the Divane v. Northwestern case. The Court of Appeals affirmed the district court decision to not allow plaintiffs’ leave to amend their complaint to add the “participant data” claims on the eve of trial.  The appellate court laid out the district court’s rationale (too late, and no precedent for treating participant data as a plan asset) and concluded, “We agree.”  Importantly, the Seventh Circuit wrote that the proposed data claim “fails to state a claim for relief.”  Such a conclusion is independent of the timeliness of the proposed claim and provides a significant hurdle for future plaintiffs to overcome if they seek to bring cross-marketing claims against plan fiduciaries.


Plaintiffs’ counsel are unlikely to give up their quest to pursue claims against fiduciaries who do not prevent service providers from cross-marketing participant data just because one circuit court has rejected such claims. This is especially true if defendants continue to show a willingness to settle such claims for a mixture of monetary and non-monetary concessions. Nevertheless, the Seventh Circuit’s opinion in Divane v. Northwestern will be a significant impediment to cross-marketing claims unless plaintiffs get it reversed on rehearing or in the Supreme Court. (On April 22, 2020, plaintiffs filed a petition for rehearing or rehearing en banc, which did not specifically address their proposed cross-marketing claim, but instead focused on the pleading standard in ERISA fee/investment cases.)



In a prior post, we commented on the growing trend of fiduciaries making non-monetary concessions to settle ERISA fee litigation cases. We observed that certain “onerus” non-monetary settlement features – such as obligating fiduciaries to provide plaintiffs’ counsel with customized reports on plan operations and performance during a years-long “monitoring” period — are significant and intrusive and that they are sowing the seeds of potential future disputes.

Well, the trend continues. In recent months ERISA class action settlements were announced involving MIT and Duke University.  Most of the headlines focused on the fact that, MIT and Duke agreed to pay $18.1 million and $10.65 million, respectively, to settle those cases.  That’s definitely noteworthy.

But that’s just the tip of the iceberg. As with Johns Hopkins and others, MIT and Duke also agreed to “substantial non-monetary terms,” which the parties claimed materially added to the total value of their settlements.

MIT’s Non-Monetary Concessions

In addition to paying $18.1 million (up to one-third of which may go to plaintiffs’ counsel), MIT agreed to the following terms:

  • Training. MIT shall provide training to Plan fiduciaries on how to discharge their duties under ERISA. (Thus converting a best practice into a contractual obligation.)
  • RFP’s. MIT agreed to submit RFP’s to at least three qualified recordkeepers, requesting that the proposed fees be expressed on a per-participant basis, not on a percentage of plan assets basis. After reviewing the RFP’s, MIT may keep its current recordkeeper or select a new one. The final bid amounts shall be provided to class counsel on a confidential, no-names basis as to those not selected. (Nothing in ERISA specifically requires RFP’s on a regular basis, but now MIT has obligated itself to conduct them.)
  • Revenue Sharing. Here is how the revenue sharing provision is described in the court filings: “Any revenue sharing related to Plan investments will be deposited in the Plan trust and, to the extent not seasonably used to defray lawful Plan expenses, be returned to Plan participants according to a method of allocation approved by Plan Fiduciaries and permitted by ERISA not less frequently than on an annual basis.”
  • Allocation of Expenses. The plan fiduciaries will determine a method of allocating recordkeeping and administrative expenses that it determines is fair, equitable, and appropriate for plan participants “separate from the flat fee negotiated with the recordkeeper and based on the number of plan participants.”
  • No Cross-Selling. MIT and the plan fiduciaries agreed to allow the plan’s recordkeeper to communicate with participants only at the direction or with the authorization of plan officials, and agreed to prohibit “any communications to Plan participants (in their capacities as such) concerning non-Plan products and services.” In other words, no cross-marketing of non-Plan services by the recordkeeper. (No court has found cross-selling to be an ERISA violation, but MIT has agreed to prohibit it.)
  • Independent Investment Consultant. MIT agreed to continue its practice of using an independent investment consultant. (So what the fiduciary once voluntarily chose to do, it is now obligated to continue doing.)
  • Costs. MIT and plaintiffs agreed that the costs relating to the use of an independent consultant and the costs of conducting an RFP are expenses properly paid by the plan under applicable law.

Duke’s Non-Monetary Concessions

In addition to paying $10.65 million, Duke agreed to the following “non-monetary terms”:

  • Disclosures to Class Counsel. For two years Duke will provide to Class Counsel a list of the Plan’s investment options and fees, and a copy of the Plan’s Investment Policy Statement.
  • Disclosures to Participants. Duke will communicate in writing to current participants and inform them of the investment options available in a new lineup, and provide a link to a web page containing fees and performance information for the new investment options, as well as contact information to facilitate funds transfers out of a frozen annuity account.
  • Possible RFP. During the third year of the settlement, the fiduciaries shall retain an independent consultant to provide a recommendation on whether they should conduct a request for proposal for recordkeeping and administrative services.
  • Factors to Consider in Investments. In considering Plan investment options during the Settlement Period, the fiduciaries agreed to “consider” various enumerated factors, such as costs and availability of rebates.
  • No Use of Plan Assets. During the Settlement Period, Duke shall not cause Plan assets to be used to pay salaries, benefits and expenses incurred by Duke for services performed by Duke employees.

Differing Terms; Same Recipe for Future Disputes?

Johns Hopkins, MIT and Duke each agreed to substantial non-monetary settlement terms, but those terms differed for each university (as did the amount of their cash payments).  This indicates that the parties are separately negotiating the non-monetary terms of their respective settlements, and are not treating them as boilerplate.  Nevertheless, there is some overlap in the non-monetary terms agreed to by all three universities.  For example, all three agreed to conduct or consider RFP’s on an agreed timetable, to report certain information to plaintiff’s counsel on an agreed timetable, and to utilize independent investment consultants.  Two of the three, Johns Hopkins and MIT, agreed to forbid cross-selling by their service providers, but Duke’s settlement does not include such a prohibition.

These obligations carrying into the future are mostly, if not completely, one-sided — running from the fiduciaries to the participants and/or class counsel.  For example, Johns Hopkins agreed to provide customized “reporting” to plaintiffs’ counsel and to subject itself to “monitoring” by plaintiffs’ counsel for a three-year period.  MIT did not agree to those, but it did agree to provide fiduciary training (which is a best practice in any event) and to have its revenue sharing deposited in the plan and shared with plan participants to the extent not used to defray lawful plan expenses. MIT also agreed to determine a method of allocating recordkeeping and administrative expenses among participants separate from a per participant flat fee.  Duke agreed to “consider” certain enumerated factors when making investment decisions.

In agreeing to a particular course of conduct going forward, these fiduciaries are, essentially, taking general standards under ERISA, like prudence or reasonableness, and agreeing to convert them into more specific rules. For example, nothing in ERISA requires a fiduciary to conduct RFP’s on a regular basis, but by agreeing to do so going forward, a new market standard is perhaps being shaped through litigation.

This seems like fertile ground for future disputes.  What happens if the fiduciaries don’t comply with their ongoing non-monetary obligations?  Or fail to document their compliance?  Plaintiffs’ counsel have already sued these fiduciaries once.  Are these future entanglements with plaintiffs’ counsel worth the risk?

Strategic Change: Good or Bad?

The trend of plaintiffs’ counsel extracting concessions from fiduciaries regarding operational changes in the administration of defined contribution plans continues. Whether this is good for participants, fiduciaries, and plans as a whole remains to be seen.   But it is doubtful that regulation through litigation is the most efficient way to set standards of conduct in a multi-billion dollar industry.