In 2021, the U.S. Department of Labor (DOL) issued 3 documents outlining guidance on cybersecurity practices for benefits plans, which we discussed in a blog post at the time. The DOL recently issued revised versions of the original three documents in its Compliance Assistance Release No. 2024-01. The revised versions of these documents clarify
BEST PRACTICES
Sixth Circuit Concludes Lack of Proper Delegation Means Benefits Department Did Not Have Discretionary Authority to Decide Claims
A recent Sixth Circuit decision emphasizes the importance of maintaining correct benefit plan delegations to avoid tussles over the correct standard of review for benefit claims. In this case, the Sixth Circuit concluded that no deference was owed to a claim decision made by a company’s benefits department because the plan document neither named the benefits department as the entity with discretionary authority to decide claims nor permitted the benefits committee to delegate its discretionary authority to the benefits department. The case is Laake v. Benefits Committee, Western & Southern Financial Group Co. Flexible Benefits Plan et al., 68 F.4th 984 (6th Cir. 2023).
U.S. Department of Labor Steps into the Cybersecurity Discussion
Formally wading into the cybersecurity discussion for the first time, on April 14, 2021, the U.S. Department of Labor (DOL) posted on its website a suite of new guidance, including Tips for Hiring a Service Provider with Strong Cybersecurity Practices, Cybersecurity Program Best Practices, and Online Security Tips for Participants and Beneficiaries.…
DOL Releases Guidance on Addressing the Missing Participant Problem
The problem of “missing” participants and beneficiaries (individuals for whom the plan administrator does not have adequate contact information) is an ongoing issue for retirement plan administrators. It is also an area to which the DOL has dedicated significant attention in recent years, particularly in its enforcement actions, which has been a challenge for administrators.…