United States: Drinker Biddle’s HIPAA Compliance Update for Employee Benefit Plans

Last Updated: April 15 2013
Article by Bruce L. Ashton

With this issue, we are launching the Drinker Biddle Employee Benefits Plan Sponsor Newsletter. Our objective is twofold: to provide information that will be helpful to companies that sponsor retirement plans -- both qualified and non-qualified; and to help the employees who work on the plans in either a fiduciary or administrative capacity. We anticipate covering topics ranging from fiduciary obligations, investment related issues, plan operations and reporting and disclosure issues to dealing with IRS and DOL plan examinations and more. When appropriate, we may also address the implications for plan sponsors and fiduciaries of recent court decisions.

Our focus will generally be to address matters we have handled for clients and to provide practical, relevant solutions to common problems: what we sometimes call the "moral of the story." We will also be identifying the audience for which we have written each article, though we hope it will be of value to other readers as well. For example, in this issue, we have the following articles:

  • Based on their extensive work with plan committees, the first article is "Five Practical Tips for Plan Committees to Avoid Fiduciary Liability," by Dave Wolfe and Josh Waldbeser in our Chicago office. This article is written with plan committees in mind.
  • The second, "Check Your Plan Loan Administration," by Summer Conley, in our Los Angeles office, is written for employees who handle plan administrators, but the message applies across the board. Summer's message to plan sponsors is to make sure you keep an eye on your service providers.
  • Third, Brad Campbell, in our DC office, provides an update on recently released guidance from the DOL in "DOL 'Tips' for Selecting Target Date Funds," which should be reviewed by committee members who select investments for participant directed plans.
  • Heather Abrigo's article on "What Plan Sponsors Need to Know About a 'Limited Scope Review'," focuses on DOL investigations. Heather is in our Los Angeles office.
  • Fred Reish, in our Los Angeles office, has provided an article for sponsors of large plans on "Accountant's Audits of Retirement Plans," pointing out that the accountants who audit retirement plans will be asking questions about the process used by plan committees to review the 408(b)(2) disclosures and the steps they took to evaluate the disclosed information.

Finally, we have included a note about the recent Court of Appeals decision in Tibble v. Edison International that highlights the importance of selecting the right share class of investments offered in a participant-directed plan.

Five Practical Tips for Plan Committees to Avoid Fiduciary Liability

By David L. Wolfe and Joshua J. Waldbeser

In recent years, plan committees have become targets of ERISA litigation. This places a premium on meeting their fiduciary obligations. While this may seem daunting, committee members need to recognize that it is not "results," such as investment performance, that determine whether a fiduciary breach has occurred. Rather, it is following (and documenting) a prudent and deliberative decision-making process that allows fiduciaries to avoid liability. The following are some of the steps committees should follow:

1. Observing Formality. Regular committee meetings should be held (preferably quarterly, if possible), with a heavy focus on formal procedures and keeping of minutes.

  • Circulate an agenda and all related materials (such as vendor and adviser reports) reasonably in advance of each meeting.
  • Use the agenda during the meeting as a roadmap for deliberations. A person familiar with the issues should take detailed notes in order to prepare the meeting minutes. Formal votes should be taken as appropriate.
  • After the meeting, the notes should be used to draft detailed minutes. The format should be consistent from meeting to meeting, and should highlight the deliberative process followed at the meeting, with a focus on capturing the decisions reached and the key reasons for each, rather than conversational details. The minutes should be approved by all members soon after each meeting.

2. Emphasizing Expert Advice. When acting on the input of an independent expert, such as an investment adviser, the minutes should reflect the specific advice given and include copies of reports from the adviser. If the committee elects not to follow the advice, the reasons should be thoroughly documented.

3. Receiving Fiduciary Training. Requirements and industry standards for retirement plans are dynamic and constantly evolving. Committee members should be familiar with their basic obligations under ERISA, and should continue to receive regular fiduciary education regarding legal and regulatory developments, litigation trends and other matters that may impact their role. While this is not mandated by ERISA, it is an important facet of a prudent process. The Department of Labor has begun requesting that fiduciaries turn over evidence of fiduciary training as part of its plan investigations, so receipt of such training should be documented in committee records.

4. Separation of Roles. Corporate officers and employees serving on plan committees should avoid commingling deliberations on fiduciary issues (such as selecting and monitoring investments and other service providers) with non-fiduciary issues (such as plan design considerations). All fiduciary issues should be resolved with an eye solely toward the best interests of plan participants, rather than those of the employer, to avoid conflicts of interest.

5. Permanent Record Retention. Committee minutes and records should be incorporated into the employer's permanent record retention program. In the event of litigation, the events giving rise to the claim may be years removed, and committee members should not be forced to rely on their memories to recollect details.

Following and thoroughly documenting a prudent and deliberative fiduciary process is the single most important thing a plan committee can do to insulate itself from potential liability. There are numerous "best practices" that should be followed, but adhering to these five key steps is a good start.

Check Your Plan Loan Administration

By Summer Conley

We recently handled an issue for a client that highlights the importance of overseeing plan service providers. You may ask why that is true, since service providers are in the business of helping administer retirement plans. A plan sponsor can just assume the plan is being administered correctly, right? The short answer is no -- even reputable companies make mistakes.

In this case, the issue related to the administration of participant loans. Many, if not most, 401(k) plans permit plan participants to take loans from their accounts. While plan loans are permitted by the Internal Revenue Code (the "Code"), there are a number of restrictions that apply. If the loan fails to comply with these restrictions, it can result in a "deemed" taxable distribution to the participant and potentially to a qualification error for the plan.

Generally, plan loans must be issued for a term that is 5 years or shorter. There is an exception, however, if the loan is "used to acquire a dwelling unit which will within a reasonable time be used as a principal residence of the participant." Where the loan is used for that purpose, the term may be for a longer period set by the plan or the loan policy; often, the term can be as long as 30 years. But if a residential loan is made, what evidence or documentation should be obtained to establish that the loan is being used for that purpose, and, equally as important, who should obtain it? Is a representation by a participant sufficient?

In the case involving our client, the agreement with the plan service provider indicated that it would obtain documentation necessary to verify the purpose of the loan. Unfortunately, when the IRS questioned whether the loans were, in fact, proper residential loans, neither the plan sponsor nor the service provider had detailed records, such as a copy of the purchase agreement or other similar documents. (While there is no explicit requirement for such proof in the Code regulations or other IRS guidance, we are aware of several instances in which the IRS raised this issue, indicating that such documentation was necessary to demonstrate that the loan was proper.) It is not surprising that the plan sponsor lacked the records, since it thought it had delegated the job of obtaining proper documentation to the service provider. At the same time, the plan sponsor did not know that the service provider also lacked the information.

There are two morals to this story, one of which is obvious and the other of which is less so. The first is that plan sponsors should check their loan practices and procedures to make sure that appropriate evidence (beyond a participant representation) is being obtained in connection with residential loans. Plan sponsors may address loan procedures in one of two main ways. The plan sponsor may develop policies and procedures that it follows in-house in administering loans. Alternatively, the plan sponsor may rely upon a third party administrator to adopt and implement policies and procedures for administering loans. The second moral is that even if it is relying on the third party administrator, the plan sponsor should monitor the administrator periodically to ensure that the policies and procedures are actually being followed.

DOL "Tips" for Selecting Target Date Funds

By Bradford P. Campbell

Target Date Funds (TDFs) are simple by design - at least from the perspective of the plan participant. The participant decides when he or she will retire, selects a fund that targets this retirement year (or one close to it), and then forgets about it. The fund does the rest, reallocating the investments in the fund to become more conservative as the targeted retirement date approaches. From the perspective of the plan fiduciary, however, prudently selecting and monitoring a particular target date or lifecycle fund to use as a Qualified Default Investment Alternative (QDIA) or as a plan investment option is a more complex process. The plan fiduciary must investigate and assess a number of features of the available TDFs in making its decision as part of a thorough and well-documented process. The Department of Labor (DOL) recently issued guidance designed to help plan fiduciaries identify some of the key relevant factors for TDFs. We suggest that plan fiduciaries incorporate this guidance into their plans' Investment Policy Statements (IPS) and prudent selection processes.

The DOL guidance, "Target Date Retirement Funds - Tips for ERISA Plan Fiduciaries" is the latest of several DOL initiatives to help plans and participants better understand TDFs. As the performance differences among the 2010 class of TDFs during the market gyrations of 2008-2009 highlighted, even target date funds with the same target date may vary significantly in their investment philosophy and strategies. The recent DOL guidance is intended to help fiduciaries ask the right questions to understand the funds they are reviewing, and to select prudent TDFs for their plans.

The DOL "Tips"

The "Tips" explain some of the basic facts about TDFs, including the fund's so-called "glide path." The glide path is the projected investment plan for changing the asset allocation over time. A "to" fund is intended to reach its most "conservative" asset allocation strategy at or near the target date, while a "through" fund is not intended to reach its most conservative asset allocation strategy until some years after the target date. Either of these approaches might have advantages for a particular plan, but the plan fiduciary has to understand the differences and purposefully select one or the other. DOL suggests that fiduciaries consider some related issues in making this choice, such as plan demographics and whether the participants are covered by a defined benefit plan.

Other relevant factors identified by the guidance include:

  • Investment strategy - separate from "to" vs. "through," do you understand the principal strategies and risks of the fund and its underlying assets? Have you considered part performance and other standard investment metrics?
  • Fees and expenses - do you understand the fees associated with the investment? If there are administrative service payments, such as 12b-1 fees, do you understand who is receiving them and for what services?

The guidance also advises fiduciaries to understand the differences between "proprietary" and "non-proprietary" funds, and to inquire about the availability of "custom" TDFs. A proprietary TDF is one in which the underlying investments are funds offered by the same investment provider offering the TDF, whereas non-proprietary TDFs utilize funds from other investment providers. A custom TDF is one in which the underlying investments are the core funds from the plan's own investment menu. All of these product variations are factors fiduciaries should consider, but deciding which is prudent for your plan is an individualized decision taking into account all of the other relevant factors, from fees to glide path.

Finally, the guidance suggests that fiduciaries consider reviewing their plan's participant communications to ensure participants have the information they need to understand the TDFs available to them, and to ensure compliance with the participant disclosure regulations.


When DOL issues guidance on how to prudently select an investment option, it is advisable to review the guidance and incorporate it into your plan's investment policy statement and fiduciary process. Your Drinker attorney will be happy to assist you in this process.


Plan Sponsor Webinar on May 15, 2013

On May 15, 2013, Joe Faucher and Heather Abrigo in our Los Angeles office will be conducting a webinar titled "Lessons from Defendants: How Plan Committees can Avoid Being Sued for Fiduciary Breach under ERISA." This webinar will address some of the latest ERISA fiduciary decisions and what Plan Committees can do to avoid getting sued. If you would like to receive an invitation to this webinar, please click here: http://www.drinkerbiddle.com/Register/Lessons- From-Defendants-Webinar

What Plan Sponsors Need to Know About a "Limited Scope Review"

By Heather Bader Abrigo

In 2012, we saw the Department of Labor ("DOL") increase the number of investigations relative to previous years, a trend we expect to continue in 2013. Although most DOL investigations are "limited scope reviews," such characterization is a misnomer. As some of our clients have experienced, these reviews are anything but limited in scope. Based on our experience in working with clients on these "reviews," here are some tips for how to handle them.

First, review any documents and/or information before providing it to the DOL. Despite the "limited scope" characterizations, the DOL will request voluminous materials. Plan sponsors should review the request carefully and provide the information that has been requested, but only after it has been reviewed to see if it reflects potential errors. If there have been errors, the information cannot be withheld...it must still be provided, but we have found that it is good practice to bring the error to the attention of the reviewing agent along with an explanation about what the plan is doing to correct it. For example, during one investigation, a client, noticed that certain transactions were coded in the record keeper's records as "mistakes of fact." It became concerned and asked us for our advice. After researching these entries, it appeared that salary deferrals for terminated employees were being sent to the custodian. Ultimately, we assisted the plan sponsor not only with the DOL investigation, but also with its internal procedures to avoid a repetition of this problem.

Second, plan sponsors need to be prepared for on-site visits and interviews with the plan fiduciaries. During the interview process, many plan fiduciaries may be surprised by the number of detailed questions that the investigator will ask with respect to plan fees. For example, during another investigation, the DOL investigator asked in-depth questions about the plan's ERISA expense account and evidence as to how the account was being handled. After reviewing the allocation report from the recordkeeper, an issue arose with respect to how the ERISA expense account had been allocated. We worked with the DOL investigator to resolve the issue, and the DOL issued a letter closing the investigation without further action.

Third, in light of the DOL regulations regarding fee disclosures that were issued during 2012, plan fiduciaries should be ready to discuss, in detail, the amount of compensation the various service providers are being paid from the plan and how the fiduciaries have determined that such compensation is reasonable. For example, we have assisted with investigations during which the DOL investigator requested evidence regarding the determination of reasonableness of fees by the plan fiduciaries. In one investigation, our client had obtained a benchmark report and documented the process which led to the determination that the fees were reasonable. This resolved any issues that the DOL investigator had regarding this issue, and the investigation was closed with no further action.

Lastly, we recommend that plan sponsors consider conducting voluntary internal compliance audits. This can include gathering a sampling of information that would normally be requested during an investigation as well as making sure policies and procedures for plan administration are documented and followed. By following these four steps, plan sponsors will help insure that the plan is being operated properly and they are fulfilling their fiduciary responsibilities...and that they will be more equipped to handle a "limited scope review" or a full investigation if one should arise .

Accountant's Audits of Retirement Plans

By Fred Reish

If your plan is large enough to require that its financial statements be audited (which generally means that you have over a 100 eligible employees), in the next month or two your accountants will be asking about your procedures for handling the 408(b)(2) disclosures by your "covered" service providers. That raises an obvious question: what is the "right" answer?

Before answering the question, let me set the context. Your covered service providers are required to give you - as the responsible plan fiduciary, or RPF - written disclosures about their services, status as fiduciaries, and compensation. The "RPF" is the person or persons who have the authority to hire service providers for your plan; typically, that is the plan committee. (For ease of reading, we refer to "plan sponsor".) "Covered" is a defined term in the 408(b)(2) regulation, but for our purpose, the best approach is to assume that all of your plan's service providers are covered, unless you know that they are not. Covered service providers include, for example, your investment advisors, financial advisors, brokers, recordkeepers, bundled providers, investment consultants, and so on. On the other hand, your attorneys, accountants and actuaries are not covered service providers - unless they receive indirect compensation, that is, compensation from anybody other than the plan or the plan sponsor.

Plan sponsors, in their fiduciary capacity, have had two distinct duties related the 408(b)(2) disclosures. The first is to obtain the disclosures and make sure that they are adequate. The second is to review the disclosures and determine that, among other things, the compensation of the service providers is reasonable.

So, what should you say to the accountants? The best answer . . . the disclosures have been compared to the requirements in the 408(b)(2) regulation and, based on that comparison, the committee members have made a reasonable and good faith determination that the disclosures are complete. It would be helpful to provide the accountants with a written copy of the comparison of the disclosures to the requirements of the regulation. To help our clients form that "reasonable and good faith belief ", we have developed a checklist based on the requirements of the regulation and have reviewed the disclosures for a number of clients. In some cases, the disclosures have not been adequate - and we have followed up with the service providers to obtain the needed information. (In most of those cases, the incomplete disclosures were about the indirect compensation that the service providers are receiving - that is, compensation from investments or other providers, as opposed to payments from the plan.) After we made a written request for the missing information in those cases, the service providers immediately sent us additional information - since they are aware of the dire consequences in the regulation for failing to provide adequate disclosures.

Once the information is obtained and the checklist is completed, we recommend that the checklist be presented at a committee meeting and reviewed by the committee members. Those facts should be documented in the committee minutes, together with a determination by the committee members that, based on the checklist and the discussion, they have a reasonable and good faith belief that the required disclosures were made.

The next step is to review the disclosures and determine whether the total direct and indirect compensations being received by the service providers is reasonable - compared to the services they are providing. While a discussion of that process is beyond the scope of this article, one critical factor is that the committee members review market data about compensation paid by similarly situated plans for comparable services. In other words, the marketplace establishes whether compensation for a particular set of services is reasonable or not.

Forewarned is forearmed. Your accountants will be asking about your 408(b)(2) procedures. Be prepared to respond.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Bruce L. Ashton
Similar Articles
Relevancy Powered by MondaqAI
Davis & Gilbert
In association with
Related Topics
Similar Articles
Relevancy Powered by MondaqAI
Davis & Gilbert
Related Articles
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Registration (you must scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions