Call for Guidance on Recordkeeping in the Electronic Age

Editor’s Note: This is Part II of a two-part series on a recent report by the Advisory Council on Employee Welfare and Pension Benefit Plans to Acting Secretary of Labor Julie Su. Part I is here. 

Recordkeeping has long been moving from paper-based to electronic. The Advisory Council on Employee Welfare and Pension Benefit Plans in a recently released report has outlined the circumstances that have arisen as a consequence of that trend and the complexities of protecting their integrity. 

Guidance Needed 

The council said in the report that in light of the issues that have come to the fore as a result of the shift from paper to electronic recordkeeping, the Department of Labor (DOL) needs to issue guidance and provide education. 

The council considers this necessary due to: 

• lack of clarity regarding which records plan sponsors must maintain in order to comply with ERISA Sections 107 and 209; 
• lack of knowledge and clarity among plan fiduciaries regarding their responsibilities in selecting and monitoring third-party recordkeepers, especially concerning the transition from one recordkeeper to another; 
• wide disparities in recordkeepers’ contracts with plans; 
• the need to maintain certain types of paper records or digitized copies of those records in order to resolve disputes or questions about entitlement to and amounts of benefits, and for purposes of plan audits; 
• plan fiduciaries’ responsibilities in preserving—or providing for a third party to preserve—certain records after termination of pension plans; and 
• loss of data and unavailability of documents due to corporate transactions that result in mergers of defined benefit and defined contribution plans.

Recommendations

The council makes a variety of recommendations regarding what can be done to address the problems the shift to electronic recordkeeping have occasioned and how those records can be better handled and protected. 

Retain documents in accordance with ERISA Section 209. The DOL should issue guidance to plan sponsors of pension plans that makes it clear that as part of their obligations under ERISA Section 209, they should retain the following documents in a retrievable electronic or paper format for no less than seven years after the plan has terminated and the last participant, beneficiary or alternate payee has received all accrued benefits under the plan.

• payroll records from which eligibility for benefits and the amount thereof can be determined (e.g., dates of hire and termination, employment classification, compensation and hours worked). 
• birth certificates, marriage certificates, and divorce documents, including QDROs, if maintained before plan termination. When these documents were submitted in paper format, they must be preserved either on paper or in an easily retrievable electronic reproduction.

The council further suggests that when it drafts the guidance, the DOL should recognize and address the facts that:

• some plan sponsors employ the services of a third party to perform such functions; and 
• in the case of a multiemployer plan, when the board of trustees is the plan sponsor, the plan may not have access to payroll records but rather may receive only employer remittances and contribution reports. 

Retain documents in accordance with ERISA Section 107. The DOL should issue guidance to pension plan fiduciaries that makes it clear that as part of their obligations under ERISA Section 107, they should keep the following documents in a retrievable electronic or paper format for no less than seven years after the plan has terminated and the last participant, beneficiary or alternate payee has received all accrued benefits under the plan.

• benefit elections;
• spousal waivers of benefits;
• records of benefit payments—such as copies of checks, checking account registers or other documents—that would establish that payments were made to a participant or beneficiary when that is disputed and/or where a database does not include the person.
• plan documents;
• adoption agreements;
• trust agreements;
• plan amendments; 
• summary plan descriptions;
• statements of material modification;
• IRS determination or opinion letters; 
• annual trust statements; 
• plan investment/fiduciary committee minutes and notes;
• annual participant level reports; 
• annual participant statements; and 
• divorce documents, including QDROs.

This obligation could be fulfilled, the council suggests, (1) regarding an annuity purchase, by transferring the documents to the annuity provider and agreement by the annuity provider to maintain the documents, or (2) by arranging for one or more service providers to maintain the documents.

Further, the council recommends that the DOL should consult with the ERISA plan auditor community regarding:

• whether there are other documents that should be included in this guidance; and 
• whether some types of documents may be kept for fewer years.

Update regulations under ERISA Sections 107 and 209. The DOL should update these regulations so they include a comprehensive list of plan documents and their applicable retention periods for inclusion in a plan's written records retention policy.

Consider HIPAA Security Rule standards. The council recommends that the DOL consider standards that the Department of Health and Human Services use for the HIPAA Security Rule.

Annual participant level reports. The data that should be preserved in such reports should include: 

• end-of-year (EOY) balance by fund and source; 
• EOY loan balance and new loans initiated; 
• year-to-date (YTD) employee contribution by source; and 
• YTD employer contribution by source. 

Further, suggests the council, this guidance should not require that the following be preserved for this period, but rather should provide that it be preserved for a shorter period.

Encourage maintaining a written records retention policy. The council argue that the DOL should encourage maintaining a written records retention policy that:

• documents how the organization maintains, reviews, updates, and discards documents related to plan administration; and
• indicates that having such a policy is consistent with ERISA fiduciary obligations. 

The DOL also should consider offering a model records retention policy that plan sponsors and plan fiduciaries can customize and adopt.

David Dorsey and Aaron Slaughter, of the ERISA plan auditing firm Withum, in their testimony made similar suggestions. They believe updated guidance is needed from the DOL in the form of guidelines or best practices as to how electronic records should be received, used, stored, and otherwise handled. “This guidance could be accepted as an industry standard, similar to the published cybersecurity guidelines. It should provide a baseline directive as to all plans, regardless of size. In addition, the unique differences of multiemployer plans should be considered,” they said.

Clarify guidance on ministerial functions. The DOL should clarify that its 1975 guidance on ministerial functions does not mean that recordkeeping institutions may never be found to be fiduciaries, but that it is a facts and circumstances test regarding the discretion the recordkeeper has exercised in determining benefits due, or communicating with, participants and beneficiaries.

Terms in contractual agreements. The DOL should issue guidance regarding the terms that should be in contractual agreements between plans, recordkeepers, and payroll providers in order for the terms of such agreements to be reasonable under ERISA Section 408.

Educate plan sponsors and fiduciaries about SOC reports. The council says this effort should include: 

• an explanation of system and organization controls (SOC) reports and how they are used; 
• the importance of inquiring with recordkeeping and payroll service providers about the availability of SOC reports as part of the initial vendor evaluation and contracting process; 
• the importance of obtaining and understanding the annual SOC reports; and 
• ensuring that the required complementary user entity controls (CUECs) are implemented.

In her testimony to the council, April Mitchell, Senior Consultant with the employee benefit and retirement consulting firm USI, lent credence to this suggestion. She stressed the importance of SOC reports to identify controls currently in place at service providers and determine whether they are operating effectively. “Many plan sponsors, especially small companies that have never been audited, are not aware of the information available in the SOC reports, including CUECs, or how this information affects their plan and their responsibilities,” she remarked.

Awareness of recordkeeping obligations. The council suggests that the DOL consider an informational campaign to make pension plan sponsors and fiduciaries aware of their recordkeeping obligations.