I was recently at an industry conference of retirement plan consultants and participated in a session discussing how recordkeepers could provide better service to their retirement plan clients and their participants. At the outset of my career in retirement plans, I worked in a recordkeeping firm, and it was brutal but necessary work. I was eager to see innovations in how recordkeepers (the primary lens through which American workers view their retirement preparedness) developed services and communication to make workers better at saving and investing.
I was unprepared for where the session went. Representatives from some of the largest brokerage, advisory, and consulting firms were pressing recordkeepers for progress on technology that would allow third-party providers to look through to the account of any participant in a plan they serviced. The recordkeepers discussed their spending on APIs (Application Programming Interfaces) that would share account balances, compensation amounts, savings behaviors, and investment strategies with advisors.
The advisors in this session were ecstatic. Directly from their desktop, they could sort participants and identify people within the client company nearing retirement and begin to cultivate relationships with them in hopes of transitioning them from low-margin institutional clients to high-margin private clients over time.
As the consulting / advisory market has consolidated, larger advisory firms fueled by outside capital from private equity and the public markets are pressing recordkeeping organizations to provide more to the advisors or risk losing market share and being excluded from client RFPs.
It’s easy to see the risks this creates for all involved, but plan sponsors must act to avoid them.
As retirement plan sponsors and fiduciary committees, your primary responsibility is to act in the best interests of your plan participants. However, the pressure for data sharing by conflicted advisors is raising significant concerns about conflicts of interest and participant data security.
Conflicts of Interest and Fiduciary Violations
The most pressing concerns for fiduciaries are the clear conflicts of interest solicitous advisors create. Advisors who have access to participant data are using this information to recommend IRA rollovers, which can be more lucrative for them but not necessarily in the participant's best interest. The Department of Labor (DOL) has recently issued rules clarifying the fiduciary status of those assisting participants with rollovers out of qualified plans and into IRA accounts. Under these rules, advisors must act in the best interest of the participants, and any recommendation that benefits the advisor more than the participant could be a violation of fiduciary duty. Whether the new fiduciary rule survives court challenges is anyone’s guess, but regardless, allowing retirement plans to be the literal barrel used to house the fish investment professionals are shooting into is a bad look.
Increased Risk of PII Breaches
Providing participant data to additional parties also increases the risk of PII being breached, which is a focus of DOL audit activity for more than a year. The more broadly this sensitive information is shared, the higher the likelihood of it being compromised. The DOL’s Cybersecurity Guidance emphasizes the importance of safeguarding PII to protect participants from identity theft and other forms of fraud. Plan sponsors must ensure that participant data sharing complies with these guidelines to mitigate the risk of breaches.
Recommendations
To address these risks, plan sponsors should consider the following actions:
- Restrict Service Agreements: Ensure that service agreements with recordkeepers and advisors explicitly prohibit sharing participant data with third parties, including fiduciary advisors.
- Conduct Regular Audits: Regularly audit the data-sharing practices of your recordkeepers and advisors to ensure compliance with DOL guidelines.
- Educate Participants: Inform participants about the risks associated with IRA rollovers and the importance of safeguarding their PII.
Taking these steps can better protect your participants and fulfill your fiduciary duties.
Regulatory References
- DOL Cybersecurity Guidance: This guidance outlines best practices for protecting PII and ensuring the cybersecurity of retirement plans.
- DOL Fiduciary Rule on IRA Rollovers: This rule clarifies the fiduciary responsibilities of advisors assisting with rollovers, emphasizing the need to act in the best interest of participants.
Multnomah Group is a registered investment adviser, registered with the Securities and Exchange Commission. Any information contained herein or on Multnomah Group’s website is provided for educational purposes only and does not intend to make an offer or solicitation for the sale or purchase of any specific securities, investments, or investment strategies. Investments involve risk and, unless otherwise stated, are not guaranteed. Multnomah Group does not provide legal or tax advice.