Jeffrey Mamorsky talks about the state of ERISA.
Have a comment, insight, or burning opinion on this article? Make your feelings known in the comments section at the end of the article.
Scott Simon: Jeff, some of what I've written about in this column over the past year or two concerns the poor governance practices of even very large companies that sponsor 401(k) plans such as the investment options they offer to plan participants like retail mutual funds. It seems to me that even many Fortune 500 companies, much less mom-and-pop operations, just don't know what they're doing in running their 401(k) plans. Am I way off base here?
Jeffrey Mamorsky: No, not at all. But before going any further, let me go back to the basic fundamentals of ERISA. It's the board of directors of the company sponsoring a 401(k) plan that has the ultimate legal responsibility for the plan. That's ERISA 101. But in drafting ERISA we knew that boards of directors ordinarily would not be focused on the plan even though they are plan management fiduciaries and have personal liability under ERISA. However, ERISA provides a number of ways in which a board may allocate and delegate fiduciary responsibility to various entities. These include, for example, a 3(21) Named Fiduciary to make discretionary decisions and oversee the plan, a 3(16) Plan Administrator and a non-fiduciary third party administrator for the administrative side of the plan, and a 403(a) Trustee or a 3(38) Investment Manager for the investment side of the plan. It's all right there in ERISA, what you're allowed to do and the way to do it.
ERISA really is an exquisite pension law, isn't it?
It really is but only if people are paying attention! And that, I think, is what your last question was getting at. The problem, though, is that through the years, companies sort of lost sight of the fact that they have available to them all these ways of mitigating their risk and at the same time ensuring that their plans are governed by best practices for the benefit of plan participants and their beneficiaries. A good example is Enron. Apart from the outright fraud that resulted in many people losing their jobs and their retirement benefits, what was glaringly apparent was the non-existence of prudent practices governing Enron's retirement plans that if utilized could have benefitted both the board and plan participants. I've paid particular attention to this because over the years my law practice has evolved into one specializing in retirement plan governance and best practices structures governing retirement plans.
Do you think that companies are starting to see the light here?
I think in general they're beginning to wake up because without best practices, they now realize that there's a higher probability that they'll be exposed to personal liability. Other more increasingly probable dangers are sanctions from the IRS and DOL and the relatively recent flurry of participant litigation in the stock drop cases and fee disclosure cases. So I think that more and more companies are finally seeing that they have to get their act together and set up proper governance structures.
What would such a governance structure look like?
Best practices governance structures can be quite different from plan to plan. However, in a typical governance structure for a 401(k) plan, the board of directors would appoint a plan committee as the "Named Fiduciary" under ERISA responsible for plan investments and administration. This limits the board's liability to a residual monitoring responsibility to make sure that the members of the plan committee are prudently exercising their responsibilities under ERISA. Best practice is to have this monitoring responsibility performed by a committee of the board (such as a benefits committee, audit committee or compensation committee) comprised of individuals who are knowledgeable about the standards required by ERISA and are therefore able to prudently monitor the compliance of the 401(k) plan committee. In turn, the members of the plan committee could appoint appropriate independent fiduciaries if they felt that they weren't knowledgeable enough about certain aspects of the plan. Or, if the plan committee chose to, it could appoint the 3(21) Named Fiduciary to help them either on the administrative side of the plan or the investment side, or both. On the investment side, for example, the 3(21) Named Fiduciary would have the responsibility of monitoring any 3(38) Investment Managers. On the administration side, you'd have the 3(16) Plan Administrator and the third party administrator to provide best practice governance, giving you monitoring at every level.
Aren't many companies, even large ones, woefully deficient on the operational and administration side of their retirement plans?
Yes, that's true. Companies are typically compliant on the investment side but in many cases neglect the oversight required to properly monitor the administration of their plans. For example, when we perform Fiduciary Audit Operational Compliance Reviews for very large defined benefit or defined contribution plans, we rarely find an administration manual. And even if there is, it's really not an administration manual, it's not even a good summary plan description booklet; it's just general boiler plate that only reflects the TPA's administration of the plan based on their computer systems and not based on the terms of the plan document. So how can anybody monitor a plan's administration if there's really nothing describing adequately what to monitor? So you need to start with a proper administration manual which not only reflects plan terms but also incorporates internal control procedures between the employer and TPA to assure that correct information is provided to the TPA. This is critically important to comply with IRS requirements and avoid the imposition of monetary sanctions on the employer plan sponsor in the event of an IRS audit. Establishing a self-auditing internal control structure is also important to comply with the new accounting rule SAS 115 [Statement on Auditing Standards (SAS) No. 115; Communicating Internal Control-Related Matters Identified in an Audit] which requires plan auditors to make sure that robust internal controls exist with respect to operational compliance with the plan document and all applicable legal requirements. In addition, you have to make sure that the plan document, the summary plan description and the administration manual are consistent with each other. But many companies don't do these things and only wake up when hit with an IRS or DOL audit or participant litigation.
You mentioned that you're now doing some work in the United Kingdom.
I've been representing English clients and U.S. clients operating in the U.K. for almost 30 years. The last five or ten years I've been working more with financial institutions and the U.K. government, specifically the Pension Regulator and Pension Protection Fund, informally advising them on governance and best practices. My law firm has an office in the Netherlands which passed a pension governance law in 2007 that's modeled after ERISA. So what I do in the US, I also do in the U.K. and the Netherlands, and I'm now working with the European Union on the same issues as well. I'm having a great time and enjoying every minute of it. The biggest issue in the U.K., Netherlands and EU is the flight from defined benefit to defined contribution plans and the concerns of regulators about the absence of governance when an employer contracts out their DC plan to an insurance company. The best model for achieving governance in such a situation is a defined contribution multiple employer plan run by a board of independent trustees who are experts in plan investment and administration, including the establishment of best practices governance procedures. So what some say is the best model for a defined contribution plan in the U.S. is now being copied in Europe, and I'm helping the Europeans on that.