We repeatedly warned over the past few months (here, here, and here), that officials at the highest levels of the DOL were signaling that the DOL would begin an audit initiative focusing on retirement plan cybersecurity practices. Despite plan fiduciaries having had just a handful of weeks to digest the DOL’s only actionable guidance on cybersecurity and privacy matters, the wait is over. We can confirm that the DOL has begun issuing information and document requests under this new initiative, and the requests are probing and indicate serious inquiry by the DOL.

Join Morgan Lewis this month for these programs on employee benefits and executive compensation.

Please read our summary and analysis of the Internal Revenue Service’s recent Notice 2021-31, which provides much-anticipated guidance for plan sponsors, multiemployer plans, and COBRA administrators related to the COBRA subsidy provisions under the American Rescue Plan Act.

Addressing what they call the four major “crises” facing the nation—COVID-19, the economy, climate, and inequity—US President Joseph Biden and Vice President Kamala Harris have consistently framed many of their most important executive actions and policy proposals as attempts to prioritize one or more of these four policy concerns. Read our LawFlash for a recap of some of the more wide-reaching and impactful (or in some cases, potentially impactful) executive orders, legislative actions, policy proposals, and other developments during the first 100 days of the Biden-Harris administration.

The US Department of Labor (DOL) issued three long-awaited pieces of subregulatory guidance on April 14, addressing the cybersecurity practices of retirement plan sponsors, service providers, and plan participants, respectively. The guidance provides an important window into the DOL’s expectations of what ERISA’s prudence standards require with respect to cybersecurity matters.

Join Morgan Lewis this month for these programs on employee benefits and executive compensation.

As we described in our March 15, 2021 LawFlash, the American Rescue Plan Act of 2021 (ARPA) includes a 100% COBRA premium subsidy for any employee or dependent who is a COBRA qualified beneficiary (or will become one) resulting from an involuntary termination of employment or a reduction of hours (referred to as an Eligible Individual).

Join Morgan Lewis this month for these programs on employee benefits and executive compensation.

There has been an increasing focus in recent years on the intersection of ERISA’s fiduciary duties and the issues of cybersecurity and data (including participant data) protection. Beyond the potential for pecuniary and reputational harm due to a breach, this interest has been driven by an increasing number of lawsuits in which plaintiffs allege that a plan fiduciary and/or service provider breached ERISA by failing to protect against a cybersecurity attack or data breach. 

Reversing a lower court’s decision, the US Court of Appeals for the Second Circuit issued an opinion in Cooper v. DST Systems, Inc., et al., finding that an arbitration agreement signed by an employee as part of his employment did not require that he arbitrate any fiduciary breach claims challenging the investment options and fees in his employer’s 401(k) plan. Read our recent LawFlash to learn more about the decision and the potential implications.