Retirement Plan Disclosures Move Into the Digital Age

Plan sponsors need to understand requirements in the new DOL rule, including how to ensure cybersecurity, before moving forward.

The Department of Labor (DOL) issued a final rule late last month expanding options for distributing disclosures to retirement plan participants to email and online platforms.

The final rule will act in accordance with the 2002 DOL safe harbor on electronic delivery methods. That 18-year-old ruling had addressed emerging internet and email trends in the early 2000s, but only applied to participants who could access electronic documents in work settings, or who consented to receiving disclosures electronically.

“The last time the DOL issued broad electronic disclosure guidance was in 2002, in the time of flip phones, so [the new rule is] certainly significant,” notes Arsalan Malik, associate at Groom Law Group. “From a functional perspective, the conditions of the final rule are much more streamlined than the prior 2002 rule.”

Modern advancements in technology throughout the years, and arguably, the effects of the COVID-19 pandemic—such as a mass workplace shift to remote environments—led to the decision to expand e-disclosure delivery for retirement plan notices. With the new rule, plan sponsors can either email documents to participants or apply a notice and access framework. The notice and access option requires plan sponsors to post the disclosure on a website or app-based platform and let participants know it is available there.

While the rule streamlines conditions for electronic disclosure, it does not replace the 2002 ruling. Plan sponsors can still rely on the past directive, and can continue delivering paper copies to participants, if the latter prefers, Malik says. Additionally, even though the final rule permits electronic disclosure, there is a requirement for plan sponsors to provide initial notice of online availability by paper, along with annual notices, he continues.

The initial paper notice must clarify whether plan sponsors will communicate disclosure details through email or online and must explain and instruct how the participant can access the document, says Brian Kearney, a principal at Mercer. The notice must inform participants what email addresses will be used, and if they would rather have notifications sent through text message, they may opt to do so, but they can only use this feature to view updates on document availability. “You can’t send documents directly through text message, but you can send notifications letting participants know that their document is available on the website,” Kearney says.

Additionally, participants will need to set up a username and password if online platforms are used and they must be given the ability to opt in to paper delivery instead.

The growth of e-disclosure delivery has long been associated with modernizing the retirement industry. New app-based solutions and increasing smartphone accessibility have revolutionized the industry and boosted engagement, allowing participants to view retirement accounts and notices with the tap of a button. “Generally, participants have looked at their retirement accounts almost like their beach house. They maybe visit it once or twice a year, versus than their regular house, which is like their savings or checking account,” Malik explains. “Beyond the conveniences of electronic disclosure, a major consequence is that we’ll have more participant engagement—people checking their retirement accounts more often.”

However, the growth of e-delivery has long raised concerns about cybersecurity issues. To minimize cybersecurity risk, Malik recommends plan sponsors enact their due diligence before adding any changes, especially if employees are working remotely. “For instance, there’s an obligation that the website to which disclosures are posted protect confidentiality of information,” he explains. “In the context of current events, there’s now a shift towards remote work and the idea of doing things electronically. Things that you would traditionally see being done by paper, like notarization, are switching over to electronic methods. In the context of those trends, this rule is even more valuable now.”

It’s important to note that researching a platform’s confidentiality is part of a plan sponsor’s fiduciary duty, says Allison Itami, principal at Groom Law Group. “In the preamble, the department takes time to highlight there are fiduciary duties to protect electronic disclosures,” she says.

Plan sponsors will also want to be in close contact with their service providers, should they want clarity on technical safe-harbor or other notice requirements they’re currently following, Itami adds. “They’ll want to have that check-in conversation and see what they’re relying on—the 2002 safe-harbor or the technical releases that have come out since then,” she says. “Take stock of which one are they using and whether it will exist 18 months from now. Interim guidance, like the technical releases, will be phasing out.”