DOL Cybersecurity Tips
In this age of relying heavily on technology, it is vital to take the necessary cyber security precautions. You want to make sure that all sensitive information is highly protected. This document showcases some tips and trick for plan sponsors.
Topics include: Security Standards, Establishing a Formal Cybersecurity Program, Using Multi-Factor Authentication, Cybersecurity Insurance, and much more.
Per the DOL, plan sponsors should ask the service provider about the following:
- Security Standards
- Security Practices
- Security Policies
- Audit Results
- Security Validation Process
- Security Levels Implemented
- Past Security Breaches
- Cybersecurity Insurance
- Cybersecurity Guarantee
Per the DOL, plan sponsors should consider the following actions:
- Establish a formal Cyber Security Program
- Conduct annual risk assessments
- Hire third party to audit security controls
- Define and assign information security roles
- Establish strong access control procedures
- If data stored in cloud or with third party conduct
- Conduct cyber security awareness training
- Implement secure system development life cycle
- Create effective business resiliency program
- Encrypt sensitive data
- Respond to cyber security events
Per the DOL, plan participants should consider the following actions:
- Register your account
- Regularly monitor your account
- Use strong and unique passwords
- Use multi-factor authentication
- Keep personal contact information current
- Close or delete unused accounts
- Do not use free Wi-Fi
- Beware of Phishing attacks
- Do not store login information in your email account
- Use up to date anti-virus software
- Report identify theft to your employer and the
Regret aversion is a construct in behavioral finance theory that suggests investing decisions are, at least in part, driven by fear of later regretting a “wrong” choice. And this isn’t just some psychological mumbo jumbo. Functional MRI neuroimaging studies of the brain have demonstrated a biological correlate to this phenomenon in the form of increased activity within the medial orbitofrontal cortex and amygdala. The fear is real — and it can have serious consequences for participants.
How Does Regret Aversion Impact Investors?
There’s no singular effect of regret aversion on investor decision making because the fear of regret may relate to either taking action or not taking action. And that fear may translate into greater risk-taking — or excessive attempts to minimize risk.
Carried on a wave of exuberance and fear of missing out (FOMO), investors may jump on a “hot stock,” even when the purchase is not rationally justified by its underlying fundamentals. Or they may avoid engaging in the market altogether after going through a painful downturn, missing out on typical recovery cycles. Regret aversion can also lead investors to hang on to a poorly performing investment too long, not wanting to lock in losses, even when that’s exactly the decision that’s called for to achieve a better long-term result.
While regret aversion can motivate us to take positive action, such as starting up a fitness routine to avoid regretting the health consequences of not taking care of ourselves years from now, it’s not a sensible approach to making most investment and retirement planning decisions.
So, What Can Be Done?
- Teach participants about regret aversion. Educate employees about the principles of behavioral finance. Learning to identify and combat faulty thinking can help people make better personal finance and investment decisions. Use real-world examples to provide historical data about bubbles, market recoveries and long-term returns when participants stay invested through down markets.
- Encourage a rules-based investment decision process. Fiduciaries are not mandated to produce positive outcomes for participants, only establish and maintain prudent processes regarding their retirement plans. Similarly, employees should focus on establishing and adhering to a sound investment decision-making approach rather than trying to see around every corner along the way.
- Foster an attitude of acceptance. Explain to participants why an investment strategy wholly oriented around the goal of avoiding regret might not yield the results they desire. They should understand that taking on some degree of risk is inherent in pursuing higher returns. Encourage trust in the process and acceptance that logging some losses along the way is an expected part of it.
- Leverage regret aversion to encourage beneficial investor behavior. Even with education, you simply can’t completely “deprogram” regret aversion from every participant’s brain. And if it’s going to exert some influence, make sure you use it to foster positive behavior. How will employees feel at retirement if they come up short after delaying plan enrollment, failing to escalate contributions or steering clear of all but the most conservative investments?
We’ve all had situations in life when we did the “right” thing but didn’t get the result we wanted. Just because an investment decision didn’t pan out doesn’t necessarily mean that it was a “bad” one. No one has a crystal ball. And we shouldn’t abandon sound principles just because they can’t promise success 100% of the time.
Regret is natural. And it can even be helpful when it motivates us to make better future decisions. Regret in itself isn’t the problem — the excessive fear of regret is.
It may be useful to reframe the concept of a “mistake” for participants as succumbing to fear as opposed to trusting the sound strategy you’ve established together to achieve their retirement goals. In the end, the best way to help participants may be to teach them to regret fear — as opposed to fear regret — when it comes to making investment decisions.
Participants may be attracted to self-directed brokerage accounts (SDBAs) because of the seemingly infinite choice of investment options. While it’s tempting to please these often-vocal employees, much consideration should be given when contemplating an SDBA option for your qualified retirement plan. There are several fiduciary issues your committee should discuss, decide, and document.
The impetus for the interest may be that participants want to take advantage of the advice from an outside advisor with the intention of giving them access to the account to make trades. If so, the advisor may be said to perform as a discretionary investment manager. ERISA Section 3(38) requires the plan sponsor to enter into an agreement with the advisor, as well as monitor the advisor’s actions.
The plan sponsor could be exposing themselves to an ERISA lawsuit from beneficiaries unhappy their selected advisor was allowed to buy investments “unsuitable” for retirement plans such as illiquid investment options, life insurance, etc. Plan sponsors can attempt to mitigate this risk by limiting what can be purchased via the SDBA account to stocks, bonds, mutual funds, or ETFs.
Responsibility to Monitor Fees
The plan sponsor needs to understand the fees associated with the SDBA and determine their reasonableness. Just because the participant elects to utilize an SDBA account does not mean the plan sponsor has abdicated responsibility for ensuring costs are reasonable.
Plan Sponsor Relief
Remember, plan sponsors have safeharbor protection under ERISA Section 404(c) which states that the participant has assumed control over their account by electing to invest via the SDBA. However, 404(c) relief is lost if the investment options pose an imprudent risk of loss. In addition, there are over 50 subsections to 404(c) that must be met to achieve the safeharbor protection. Noncompliant fiduciaries are accepting liability for whatever investments decisions the participant makes within an SDBA account. And ERISA Section 404a-5 still applies to SDBA accounts. The plan sponsor must ensure the participant is receiving an annual disclosure of fees that is accurate. All too often this does not take place with SDBA accounts.
Participants Matter Most
An SDBA account can offer plan participants new opportunities to invest for retirement. It’s important though to understand and address the risks associated to avoid mistakes that could harm your employees’ long-term financial future.
Securities offered through Kestra Investment Services, LLC (Kestra IS), member FINRA/SIPC. Investment advisory services offered through Kestra Advisory Services, LLC (Kestra AS) an affiliate of Kestra IS. Kestra IS and Kestra AS are not affiliated with Higginbotham.
The “Retirement Times” is published monthly by Retirement Plan Advisory Group’s marketing team. This material is intended for informational purposes only and should not be construed as legal advice and is not intended to replace the advice of a qualified attorney, tax adviser, investment professional or insurance agent. (c) 2018. Retirement Plan Advisory Group.