Fiduciary Hot Topics Q3 2021

Ongoing Litigation Against Colleges and Universities – Supreme Court agrees to review dismissal of lawsuit against Northwestern University Hughes v. Northwestern University

  • The Supreme Court has granted a Writ of Certiorari and agreed to review the dismissal of the plaintiffs’ suit filed against Northwestern University. The decision will likely focus on the duty of fiduciaries to monitor plan investments on an ongoing basis. 
  • Since 2016, more than 20 lawsuits have been filed against fiduciaries of university retirement plans. The defendants are some of the largest and most prestigious schools in the country. These schools present tempting targets as their retirement plans hold significant assets. Many of these suits were filed by the law firm of Schlichter, Bogard & Denton.  This is the St. Louis law firm that has initiated many of the class action lawsuits brought against plan fiduciaries in recent years.
  • Plaintiffs have not fared all that well in these suits. Some schools have settled out of court, but the amount of these settlements has been small on a per participant basis. A number of schools have successfully made their case in court, including Northwestern. 
  • The allegations in these suits have been similar including a dizzying array of investment choices that is confusing to participants; using different record keepers for the same plan; failing to offer index funds; and paying excessive fees because the fiduciaries failed to leverage their plan’s large size in fee negotiations and in selecting less expensive share classes. While some of these practices are questionable, they are typical of how large university retirement plans are administered.
  • The case against Northwestern never went to trial because the court granted Northwestern’s motion to dismiss. A motion to dismiss is granted only if the judge decides that regardless of what facts are proven at trial, the plaintiffs have failed to state a claim.
  • This decision was affirmed by the Seventh Circuit of the US Court of Appeals. In a strong rebuke of the plaintiffs, the Court of Appeals stated they failed to allege any violations of ERISA, but rather merely stated opinions and preferences regarding how retirement plans should be administered. 
  • A Writ of Certiorari is a request that the Supreme Court review the decision of a lower court. That the Supreme Court granted the writ in the Northwestern case is in and of itself significant. The Court receives thousands of writs each year but, due to time constraints, only agrees to hear between 100 and 150 cases.
  • The US Solicitor General argued that the Supreme Court should hear this case because the plaintiffs have alleged two plausible claims for breach of fiduciary duties under ERISA and more significantly, the Seventh Circuit’s decision is in conflict with decisions in the Third and Eight Circuits in similar cases. Conflicting decisions in the Courts of Appeals is the most common reason for the Supreme Court to grant a Writ of Certiorari.
  • The government’s brief arguing for certiorari makes a number of points. Probably the most significant is that the fiduciaries failed to act prudently in using retail share classes rather than identical institutional classes with lower fees. These were available to the Northwestern because of the large size of its plans. The brief cites the Supreme Court’s decision in Tibble v. Edison International which holds that fiduciaries have an ongoing duty to monitor a plan’s investment options.
  • The Court is in recess until the fall so this case will not be heard before October.

Department of Labor Issues Guidance in the form of “Tips” and “Best Practices” for Cybersecurity / Plan Sponsors Should be prepared to Establish on Audit They Have Done their Due Diligence Regarding Cybersecurity

  • In April, the Department of Labor issued its first guidance on cybersecurity for plan sponsors, service providers and participants. It did so at the behest of the Government Office of Accountability (the “GAO”). That agency has been pushing the Department to identify minimum standards for mitigating cyber security risks in benefit plans.
  • Although cyber threats are a relatively new phenomenon, these threats simply throw a new wrinkle into the longstanding obligation of plan fiduciaries and service providers to safe keep plan assets. Cybersecurity has been a priority in the financial service industry for some time and measures to prevent cyber breaches come on top of many longstanding security protocols in place to protect customer accounts. 
  • The recommended steps in this guidance are obvious and are things the industry, by and large, is already doing. However, this guidance is worthwhile as it clarifies what the Department of Labor expects from fiduciaries with regard to cybersecurity. 
  • While this guidance is framed as “tips” and “best practices,” it should view as setting minimum standards for plan fiduciaries and service providers in mitigating cyber threats. In future litigation concerning cyber breaches, there is no doubt the courts will look to this guidance in deciding if plan fiduciaries acted prudently and to determine the responsibilities of the respective parties. 
  • The practical consequence of this guidance is it makes clear (if there was ever a question about this) that plan fiduciaries must do due diligence around and be informed about the measures service providers are taking to prevent cyber breaches of their systems. While many sponsors have done some due diligence around the cybersecurity, the majority will now need to do a deeper dive to ensure they are complying with this guidance.
  • The guidance consists of three separate documents
    • Tips for Hiring a Service Provider with Strong Cybersecurity Practices. Most of these tips are rather obvious and include understanding and knowing:
      • The service provider’s security measures and knowing these are consistent with industry standards;
      • The service provider’s track record for breaches; 
      • There is an independent audit establishing that effective security measures are in place and are being followed; and
      • Reviewing the service contract to ensure that it explicitly states that the service provider is fully responsible for cyber breaches. 
    • Cybersecurity Program Best Practices. These are 12 points that record-keepers and other service providers should follow which again are obvious and are all steps that established companies in financial services industry are most likely already taking. These include:
      • The cybersecurity program is well documented;
      • An annual audit by an independent third party that establishes effective security measures are in place and are being followed; and
      • Employee training on security measures.
    • Online Security Tips. These tips are directed at participants and again are obvious such as the importance of strong passwords, monitoring accounts regularly and not falling for phishing attacks. The significance is these tips acknowledge that participants, often their own worst enemy when it comes to security, have some responsibility in keeping their account secure and have an obligation to follow security protocols.
  • Plan sponsors must now be prepared in a Department of Labor audit to establish that they have done the necessary due diligence around cybersecurity and record keepers must now be prepared to show there are effective programs in place to prevent cyber breaches. Investigations are already underway where the Department has requested significant documentation regarding cyber security including items such as written policy and procedures, risk assessments and cyber security awareness training.

Recent PSCA Survey Reveals that Most Plan Sponsors Have a Formal Retirement Plan Committee  

  • A recent Survey conducted by the Plan Sponsor Council of America (PSCA) found that the majority of plan sponsors have a formal committee in place that is responsible for plan administration and investments. This survey reveals that there is a fair amount of commonality in approaches with larger plans, not surprisingly, tending to have more formality to their process.
  • There were 255 responses to this survey.  Many were larger plans – almost 50% of respondents have a plan with a 1,000 or more participants. Those who responded to this survey skewed towards sponsors with a formal process in place. Only 14% of respondents indicated they do not have formal documentation regarding their committee.
  • ERISA does not require that plan sponsors establish a formal committee to oversee the operation of their retirement plan.  In fact, there are no formal legal requirements around the process that fiduciaries should follow in making decisions. This means sponsors are free to set up their committee in a way that best satisfies their needs. The challenge is there are no standards to follow beyond what other plan sponsors are doing. 
  • Although establishing a formal committee is not required, this is, without question, a best practice. Many of the court decisions in the class action lawsuits brought against plan fiduciaries in recent years make it clear that judges do not want to second guess the decisions of plan fiduciaries and will defer to them if:
    •  There is a formal process in place for decision making;
    • This process is documented (e.g., IPS & Committee charter or by-laws); and
    • It is documented that the fiduciaries have followed this process in their decision making (e.g., committee records and meeting minutes). 
  • The findings of the survey are not surprising.
    • Formal Document: 78% of respondents have a formal document establishing the committee / this rises to 93.5% for plans with 5,000 or more participants / a little over 5% of respondents indicated that formal documentation is in the works;
    • Number of Committees: Majority of respondents have one committee / some larger plans have two committees or sometimes more;
    • Number of Committee Members: The majority of respondents have five or fewer committee members / for sponsors with 5,000 or more participants 78% have five or more members;
    • Criteria for Selecting Committee Members: The most common criteria for selecting committee members are job position, expertise and willingness to participate with gender and racial diversity a distant fourth / larger sponsors tend to identify committee members by job position;
    • Participation of Legal Counsel: Two thirds of respondents have legal counsel participate in committee meetings / this rises to 92% for plans with more than 5,000 participants; and   
    • Frequency of Meetings: Almost 90% of respondents hold meetings either quarterly or semi-annually.

For any further questions, please do not hesitate to contact your financial professional.

This material was created to provide accurate and reliable information on the subjects covered but should not be regarded as a complete analysis of these subjects. It is not intended to provide specific legal, tax or other professional advice. The services of an appropriate professional should be sought regarding your individual situation.