We often receive questions from clients about their 401(k) plans and recently had a client ask two thought provoking questions: “What steps should I take to monitor service providers I hire to help me administer our 401(k) plan?” and “What are my fiduciary responsibilities regarding the service providers I hire?”
Many organizations need to hire service providers to assist in administering 401(k) plans. Service providers fill various roles including custodians, third-party administrators (TPAs), investment advisors, and auditors, among others. Here are four areas to consider when hiring a service provider.
1. Review Your Plan.
Any service provider should ask for a complete copy of your existing plan. If they do not, that may be a good indication of either lack of experience or assumptions about your plan that may or may not be accurate. Have a complete copy of your plan with you when you meet with any service provider.
2. Clarify Expectations and Roles.
While it sounds like common sense, be sure to clarify the services you want and your expectations regarding the delivery of those services. If the services and your expectations do not align, ask for clarification. It is critical to clearly understand any scope limitations regarding the services they are providing. Ask detailed questions regarding roles, areas of responsibility, timing, and reporting. If interviewing more than one service provider, use the same list of questions so that you can make a meaningful comparison.
3. Compare Contracts to Expectations.
Review service provider contracts detailing the services and compensation. Compare the contract to the services requested and their responses to the questions. Look for any discrepancies regarding services and fees. Examine the fee structure to assess the reasonableness of the compensation, gain an understanding of direct and indirect fees, and to determine any conflicts of interest that may impact the service provider’s performance. Transparency is the key.
4. Understand Cybersecurity Protocols.
Security breaches continue to make headline news. If your service provider is responsible for keeping confidential participant data and maintaining plan records, they should have strong cybersecurity practices in place. Ask about the service provider’s cybersecurity protocols and their process for handling a breach. The lack of a written cybersecurity protocol should be a red flag.
5. Ask for a SOC Report.
A service provider’s SOC report can give plan sponsors a more complete understanding of the controls in place and the operating effectiveness of those controls for a specific period.
For more information regarding fiduciary responsibilities for third-party service providers and evaluating SOC reports, here are some helpful links:
https://www.dol.gov/sites/dolgov/files/ebsa/about-ebsa/our-activities/resource-center/publications/meeting-your-fiduciary-responsibilities.pdf
https://www.bdo.com/insights/assurance/why-plan-sponsors-should-read-their-service-providers%e2%80%99-soc-reports
Latest News
On June 9, the IRS released Announcement 2022-13, which modifies Notice 2022-3, by revising the optional standard mileage ...
At the tail end of 2021, the Internal Revenue Service (IRS) released new Schedules K-2 and K-3 effective ...
This information is current as of Sunday, November 21, 2021. On Friday, November 19, 2021, after the Congressional ...
HM&M Updates
Last month, Senior Manager, Pearl Balsara was invited to speak at the 2023 FPA DFW Annual Conference in ...
We are pleased to announce the winners of the 2022 HM&M Excellence Awards. Ronna Beemer, Keith Phillips, and ...
Huselton, Morgan and Maultsby is composed of a spectacular team of individuals. During our annual What’s Happening Meeting, ...