Take Steps to Cover Your 401k Plan from Cyber Attack
Your plan is probably not covered by your company’s Crime Insurance!
A legacy condition in corporate crime insurance causes most company crime insurance policies to leave benefit plans exposed to theft by computer hackers. This is because the policy forms were developed (in a simpler age) to respond only to regulatory compliance. In the Cyber Risk era, though, the plans are exposed to much more than what the regulators had foreseen.
401k plans are regulated under the Employee Retirement Security Act (ERISA). One of the things ERISA mandates is that the plans be insured for theft of the assets, but only in a narrow way. Here is a summary of the rule provided by the Department of Labor:
Outdated Legacy Language
Because of this, Crime insurance policies were developed to address 401k plans (and other retirement plans as well) by covering theft of assets by the persons at the sponsor organization who handle (have access to) plan funds.
One policy- writing approach is via the definition of “Insured.” Here’s an example of how that can work (highlight added):
Insuring agreement A.2 is only the employee theft section of the policy. Under this policy benefit plans are not “insureds” with respect to any of the other insuring agreements which would include (with respect to non-employees of the parent company):
a) Forgery,
b) Computer Fraud,
c) Funds Transfer Theft.
Missing from coverage: the dreaded computer hack
What is clearly missing: theft of the plan’s assets via computer hacking or funds transfer fraud.
This is a problem that should be fixed it if exists—- and can be fixed as well. Some of the newer crime policy forms have already been modified to make this change, and some other insurers may agree to amend their form for each client on request. As a last resort, change insurers if you have to – this issue is that important.
Have a risk manager on your side
The largest companies have entire risk management departments reporting to the CFO. You need risk management too.
(c ) Licata Risk & Insurance Advisors, Inc. 2021
Frank Licata
[email protected]; 617.718.5901
Nov 17, 2021