ERISA Compliance Handbook for Asset Managers
III. Important Policies & Procedures

Managers of ERISA accounts have certain disclosure obligations and certain responsibilities to assist the underlying ERISA plans with their annual reporting obligations, largely embodied in Form 5500, which is accessible to the public here. For example, ERISA plans must report annually on the assets held in plan asset funds in which they invest and their value; accordingly, the manager of such a fund should be ready to disclose the fund’s holdings.

ERISA’s most significant disclosure and reporting obligations relate to compensation received by service providers, including asset managers. Pursuant to the DOL regulations implementing Section 408(b)(2), these disclosures are a necessary condition for establishing a “reasonable contract or arrangement” between a plan and its service providers. The details are summarized below.

Compensation Reporting

As part of the Form 5500 filing that most ERISA plans must file, Schedule C shows all compensation received by service providers to the plan, including managers of funds in which the plan’s assets are invested. Service providers to ERISA plans must provide information needed to comply with the plan’s reporting obligations. This requirement applies to all separate accounts and investment funds (other than funds that are treated as operating companies, such as VCOCs and REOCs) in which an ERISA plan holds an interest, whether or not assets of the fund are deemed to be “plan assets”—including mutual funds as well as non-registered funds.

ERISA plans generally must report the following compensation related information on Schedule C to Form 5500:

• the identity of any person receiving $5,000 or more for services;
• any relationship between such person and the plan sponsor or other parties in interest to the plan;
• one or more codes describing the services; and
• the amount of any compensation paid directly.

If a service provider received indirect compensation—that is, amounts paid by someone other than the plan in connection with services provided to the plan—the plan must report the amount of indirect compensation paid, or a formula for calculating it, unless a special exception described below applies. Additional information must be reported for certain service providers that may be exposed to conflicts of interest, including investment managers. For this class of service providers, each source paying $1,000 or more in indirect compensation must be disclosed, except as described below.

Under a special exception for so-called eligible indirect compensation, no amount needs to be reported for a recipient of indirect compensation (such as a fund manager) if: (i) the compensation consists of fees or expense reimbursements reflected in the value of the investment, finder’s fees, soft dollar revenue, float revenue, brokerage commissions or other transaction-based fees for transactions or services involving the plan, and (ii) the plan receives written disclosure of:

• the existence of the indirect compensation;
• the services provided for the compensation;
• the amount or an estimate of the compensation, or a formula used to determine the amount; and
• the identity of the parties paying and receiving the compensation.

Managers who want to avoid extensive and detailed public disclosure of fee related information will generally try to make sure that ERISA plans receive a written disclosure satisfying these requirements. The disclosure can be set forth in existing documents (e.g., an offering memorandum) as long as ERISA investors are told which parts of the documents are intended to satisfy the requirements. If an investment manager receives only eligible indirect compensation in connection with plan investments, all the plan has to report is the identity and EIN or address of the person providing the plan administrator with the written disclosure. The person providing the disclosure need not be the investment manager.

The consequences of noncompliance with the obligation to provide information necessary to complete Schedule C can be severe. A service relationship with an ERISA plan will be considered a per se prohibited transaction under DOL regulations unless the service provider supplies this information in a timely manner. In addition, plans must report the identity of service providers who fail or refuse to supply the required information.

Compensation Disclosure

Certain service providers are obligated to make an upfront disclosure relating to their compensation. The service provider fee disclosure rules apply to a “covered service provider,” which means a service provider that enters into a contract with a plan or a plan asset fund to provide fiduciary, registered investment advisory, recordkeeping or certain other services (e.g., accounting, custodial and consulting services), and reasonably expects to receive at least $1,000 in compensation for the services provided.

All covered service providers must disclose to the contracting plan fiduciary in writing:

• the services to be provided;
• whether the covered service provider will act as a fiduciary or investment adviser registered under the Advisers Act or state law;
• all compensation reasonably expected to be received, including:
  • direct compensation;
  • indirect compensation, with a description of the arrangement between the payor and the covered service provider or its affiliates or subcontractors;
  • compensation paid among the covered service provider and its affiliates or subcontractors, if charged on a transaction basis (e.g., commissions, soft dollars, finder’s fees or other similar incentive compensation paid based on business placed or retained) or charged directly against the investment and reflected in the value of the investment (e.g., Rule 12b-1 fees), together with a description of the services for which such compensation is paid, and the identities of the payer and recipient; and
  • compensation that the covered service provider would receive in connection with the termination of the contract and how prepaid amounts would be calculated and refunded upon termination.

If a fund is used as a designated investment alternative under a participant directed individual account plan, the plan administrator will have an obligation to make annual disclosures to participants relating to fees charged by the fund. For this reason, the following must also be disclosed by the covered service provider, if applicable, on a regular basis:

• total annual operating expenses for an investment where the return is not fixed, and any ongoing expenses (e.g., wrap fees, mortality and expense fees);
• total annual operating expenses expressed as a percentage and calculated in accordance with the participant level fee disclosure rules that apply to plan administrators; and
• any other information about the designated investment alternative that is required for the plan fiduciary to comply with the participant level fee disclosure rules and that is within the control of, or reasonably available to, the covered service provider.

If a covered service provider acts as a fiduciary with respect to the plan or investment entity that holds plan assets, the following disclosures must be made with respect to each investment product that holds plan assets and in which the plan has a direct equity investment:

• compensation charged against the investment (e.g., commissions, sales loads, sales charges, deferred sales charges, redemption fees, surrender charges, exchange fees, account fees and purchase fees) that is not included in the annual operating expenses of the investment; and
• annual operating expenses for an investment where the return is not fixed, and any ongoing expenses (e.g., wrap fees, mortality and expense fees).

Generally, initial disclosures must be provided reasonably in advance of the date the contract or arrangement is entered into, renewed or extended. Information changes must be disclosed as soon as practicable, but not later than 60 days from the date the service provider knows of the change, except that changes to investment related information are to be reported at least annually. Certain plans may also request to receive updated disclosure every year. Compensation information requested by a plan fiduciary for purposes of complying with reporting and disclosure requirements under ERISA must be provided reasonably in advance of the date on which the plan fiduciary or administrator states that it needs the information. There are special timing rules for disclosure with respect to investments that are later determined to hold plan assets or investments that later become designated investment alternatives.

There is no required format for written disclosures, and the disclosures may be made through one or more documents. However, the DOL’s regulations contain a guide that service providers are encouraged to use when making initial disclosures to plan fiduciaries.

Finally, covered service providers are protected if errors or omissions are made in good faith and the service provider acted with reasonable diligence, as long as the error or omission is corrected within 30 days after discovery. Covered service providers must comply with a plan fiduciary’s request to correct an error or omission. Failure to comply will in some cases require the fiduciary to terminate the service contract.

ERISA prohibits a plan fiduciary from receiving consideration for his or her personal account from any party dealing with the plan in connection with a transaction involving assets of the plan. On its face, this prohibits the receipt of gifts, entertainment or other noncompensatory items of value; whether received by the manager from a third party (such as a broker) in connection with plan assets, or provided by the manager to other plan fiduciaries.  However, the Department’s enforcement manual treats the receipt of gifts, gratuities, meals, entertainment or other consideration from any one individual or entity (including any employee, affiliate, or other related party) with an aggregate annual value of less than $250 as “insubstantial” and not as a violation of ERISA’s prohibited transaction rules. The implication is that exceeding the $250 threshold could result in a prohibited transaction that would be subject to enforcement. Some financial firms have ERISA‑specific gifts and entertainment policies based on the DOL’s enforcement approach, and such policies generally are advisable and appropriate where a firm regularly deals with ERISA investors.

The enforcement manual also sets out an exception for reimbursement (e.g., from the manager to the plan) of expenses associated with a plan representative’s attendance at an educational conference, as long as a plan fiduciary has reasonably determined in writing, in advance and without regard to whether the expenses would be reimbursed that:

• the plan’s payment of the expenses was prudent and consistent with a written plan policy or provision designed to prevent abuse;
• the conference had a reasonable relationship to the duties of the attending plan representative; and
• the expenses for attendance were reasonable in light of the benefits afforded and unlikely to compromise the plan representative’s ability to carry out his or her ERISA duties.

Some financial services providers offer reimbursement to ERISA plan representatives for conference expenses using a form intended to ensure that a plan fiduciary has made the required determinations.  Based on the Enforcement Manual, many institutions require fiduciaries to obtain prior clearance before accepting any gifts or entertainment from clients or vendors or giving any gifts to ERISA fiduciaries (i.e., the investment committee of a plan client).  Where prior clearance is not possible, it is advisable to require prompt reporting to the compliance department of gifts and entertainment.

Separate from the DOL’s enforcement program, Form 5500 contains reporting requirements for ERISA plan administrators to report gifts, meals and similar items received exceeding a certain amount in value, and some firms have more restrictive ERISA‑specific gifts and entertainment policies intended to help plans avoid having to report such items.  In particular, all nonmonetary compensation must be reported unless it is of “insubstantial value.” The “insubstantial value” exception in this context applies when: (a) the value of the item is tax deductible for federal income tax purposes for the provider and would not be taxable income to the recipient, (b) each gift item is valued at less than $50 and (c) the aggregate annual value of all items received from a single source is less than $100.

Gifts of less than $10 in value do not count toward the $100 threshold; however, if the $100 threshold is exceeded, the value of all gifts must be reported. Items received by one person from multiple employees of the same entity must be treated as a single source, and their value must be consolidated for purposes of calculating the $100 threshold. By contrast, the value of items received from one person by multiple employees of the same entity should be separately determined for each employee. The requirement that gifts or other items be tax deductible by the provider and not taxable income to the recipient imposes additional restrictions on what is considered to be of insubstantial value. Business meals are deductible if the provider is present and the meal is not “lavish or extravagant under the circumstances.” However, business gifts are only tax deductible up to an aggregate annual limit of $25 per recipient.

Examples

1.   An investment manager provides two gifts and two meals to members of a plan’s investment committee over the course of a year, with values of $6 and $8 (gifts) and $40 and $49 (meals).  The $6 and $8 gifts do not count towards the $100 threshold. Since only the $40 and $49 meals are used in calculating the amount to be disclosed, the $100 limit is not exceeded ($89 is less than $100), and none of the items must be reported.

2.   An investment manager provides three gifts and two meals to members of a plan’s investment committee over the course of a year, with values of $6, $8 and $11 (gifts) and $40 and $49 (meals). The $6 and $8 gifts do not count towards the $100 threshold.  However, the aggregate value of the three items valued at more than $10—the $11, $40 and $49 items—reaches the $100 threshold, so the value of all five items ($114) must be reported.

The exercise (or deliberate non-exercise) of proxy voting and other rights appurtenant to the ownership of securities held on behalf of an ERISA plan is part of the discretionary authority associated with owning the securities, and thus a fiduciary act subject to ERISA’s duties and restrictions. As such, the asset manager would normally be expected to evaluate and determine whether and how to exercise such rights unless the IMA or other governing document reserved such rights for the investor/plan sponsor or otherwise specifically delegated such rights to a third party. An IMA should clearly state who has the duty to exercise proxy voting and other rights and upon what basis (i.e. the plan’s proxy voting policy if one exists, or that of the manager). The IMA may also identify situations such as tender offers and sale approvals, or joining a class action suit, where the plan investor appointing fiduciary will be consulted.

This topic, along with the consideration of environmental, social and governance (“ESG”) factors (see ESG) has garnered significant attention over the last decade going back to the first Trump administration. As of the time of this publication, the DOL’s regulations permit a manager to determine that in certain cases it is not in the best interest of the plan to bear the cost of evaluation and exercise of a particular proxy vote, such as where a plan’s ownership position is so small that it would not have an effect on the outcome. However, as an overarching principle, a fiduciary would be expected to exercise these rights, and it would do so in a manner advancing the best interests of the plan consistent with general ERISA duties, never subordinating the participants’ interests in retirement income to other objectives or unrelated goals. Where determined to be prudent and appropriate to serve the plan’s best interest, current regulations allow for the consideration of such factors as a supplement to those financial (“pecuniary”) factors that normally drive voting determinations.

In the case of a pooled fund, different investors will likely have a variety of proxy voting policies. In those situations where the fund is also subject to ERISA (i.e., there is significant participation by Benefit Plan Investors and the fund does not qualify as a VCOC or REOC), the pooled fund manager must reconcile any conflicts, for example, by either (i) having the plan investors agree to the manager’s policy for the pooled fund or (ii) voting proportionally on matters where the investors’ policies would dictate.

In either case, a manager should maintain records of and the rationales for any particular action taken on behalf of the plan investors.

Through a series of Compliance Assistance Releases issued in 2021 and 2024, the DOL made clear its view that prudent plan administration requires robust cybersecurity policies and practices on the part of all fiduciaries and other service providers. This guidance applies to all types of ERISA plans, not just 401(k) plans, and should be taken into account by asset managers with discretionary authority over plan assets in the context of their particular mandate.

The guidance has three components, which cover: an online security tip sheet for plan participants (“Online Security”), tips for hiring a service provider with strong cybersecurity practices (“Hiring Tips”) and a cybersecurity best practices document for recordkeepers and other service providers (“Best Practices”).

I. Online Security – This part of the guidance is directed at plan participants, providing a series of tips to follow to keep their retirement plan account information secure, including, routine monitoring, use of strong and unique passwords for such accounts, use of multifactor authentication and the importance of keeping contact information up to date.

II. Hiring Tips – Another component is directed at plan-level fiduciaries, i.e., those that appoint and monitor asset managers, recordkeepers and other service providers. The DOL reminds appointing fiduciaries to select service providers “that follow strong cybersecurity practices,” and the agency provides guidance on the types of questions to ask and diligence to undertake when evaluating a service provider, such as an asset manager. As part of this guidance, the Department notes:

When you contract with a service provider, make sure that the contract requires ongoing compliance with cybersecurity and information security standards – and beware contract provisions that limit the service provider’s responsibility for IT security breaches. Also, try to include terms in the contract that would enhance cybersecurity protection for the Plan and its participants […] such as: information security reporting, clear provisions on the use and sharing of information and confidentiality, notification of cybersecurity breaches, compliance with records retention and destruction, privacy and information security laws, and insurance.

In recent years, many plans have started developing their own cybersecurity policies and procedures, and they may expect their service providers to acknowledge and adopt provisions that are at least as robust. Many asset managers themselves have developed their own cybersecurity policies and procedures, and these will need to be reconciled with the plan’s in the context of managing a portion of a plan’s assets, usually having a limited amount of access and information about plan participants, and dealing primarily with the plan sponsor and its appointing fiduciaries.

III. Best Practices – The third aspect of the guidance is entitled “Cybersecurity Program Best Practices” and is aimed at “recordkeepers and other service providers responsible for plan-related IT systems and data,” as well as “fiduciaries making prudent decisions on the service providers they should hire.” As such, an asset manager should expect both inquiry as to its own policies by the appointing plan fiduciary, and responsibility to inquire of entities the manager hires (i.e., brokers and sub-advisers) in connection with management of plan assets. In the DOL’s view, best practices include:

1.     Have a formal, well documented cybersecurity program.

2.     Conduct prudent annual risk assessments.

3.     Have a reliable annual third-party audit of security controls.

4.     Clearly define and assign information security roles and responsibilities.

5.     Have strong access control procedures.

6.     Ensure that any assets or data stored in a cloud or managed by a third party service provider are subject to appropriate security reviews and independent security assessments.

7.     Conduct periodic cybersecurity awareness training.

8.     Implement and manage a secure system development life cycle program.

9.     Have an effective business resiliency program addressing business continuity, disaster recovery, and incident response.

10.   Encrypt sensitive data, stored and in transit.

11.   Implement strong technical controls in accordance with best security practices.

12.   Appropriately respond to any past cybersecurity incidents.