Issue link: http://read.dmtmag.com/i/96778
Risk Management Seems around every corner someone's waiting to sue – so you might consider another layer of protection. BY BY BOBETTE PUCKETT AND CHRIS BRECK One area of concern for business owners and CFOs is: Where am I and/or my business exposed to liabilities? The two most common places are fiduciary liability and cyber liability. Most reply back "Someone else administers the 401(k) plan and I have an IT consultant – what exposure could I possibly have?" More than you know is the universal answer we give. We will briefly explain the exposures to you and your company and how you can easily (and usually inexpensively) protect yourself. Fiduciary Liability This may come as a surprise to you, but if you are an owner or officer of a company who makes decisions about your company's 401(K) plan or other qualified employee benefit plan, odds are you are putting your personal assets at risk. The key words are "makes decisions" – any decisions. This includes choosing what administrator to work with, options that the administrator offers, loan provisions, etc. What is a fiduciary? Business entities that administer, design, evaluate, manage, and have discretionary control over a plan's administration or the investment of plan assets are called "Fiduciaries." ERISA law (the Employee Retirement Income Security Act) states that plan fiduciaries (also known as Plan Trustees) can be held personally liable for losses to a benefit plan incurred as a result of their alleged errors, omissions, or breach of fiduciary duties. ERISA was created in 1974 in response to abuses of benefits administration and retirement programs. ERISA law regulates the administration of pension and welfare benefit plans offered by private employers. Oddly enough, ERISA does not require Fiduciary Liability Insurance, only a fidelity bond. The fidelity bond does not protect the personal assets of the fiduciary. It is designed to protect the plan and its beneficiaries, not the trustees. Claims can be brought upon trustees by plan participants, participants' legal estates, the Department of Labor, and the Pension Guaranty Corporation. They include allegations of improper advice or disclosure, inappropriate selection of Watch Out for Another Legal Gotcha – Fiduciary and Cyber/ Privacy Liability advisors or service providers, lack of investment diversity, breach of duties, negligence in the administration of a plan, and conflicts of interest. Pretty much anything someone can think of. A common misconception is that claims like these are covered under other insurance policies that you may have (Directors & Officers, Employment Practices, Crime). Most policies specifically exclude fiduciary exposure as well as any ERISA related exposures. A survey conducted by Tillinghast, Towers, and Perrin shows that the frequency of claims has doubled since 1993. With the recent economic downturn and stock market losses still in our rear view mirror, one can only expect plan participants to try and figure out "unique" ways to recover their investment losses. The good news is that there is insurance coverage that can provide financial protection for fiduciaries called Fiduciary Liability. The coverage transfers the personal risk of a fiduciary's legal liabilities, including the cost to defend these claims (usually the most expensive part). Cyber/Privacy Liability Another area where most companies mistakenly feel that they have no exposure is cyber/privacy risk. Most business owners think that cyber means Internet, or that privacy liability only applies if they do credit card transactions. It is your company's obligation to protect the data, financial and personal information of its customers, suppliers, and even employees. In addition, most of the valuable assets of a company are now found on a network. All someone needs to access your customer lists, records, receipts, tax documents, intellectual property and trade secrets is a data connection and the expertise to do it. Companies are exposed internally as well as externally. As the victim, you are faced with heavy regulatory burdens for notification and the resulting expense to comply. If 500 records are breached, the minimum cost to notify the affected parties is $107,000. The more records that are breached, the more this cost increases. (continued on page 58) 56 | www.cedmag.com | Construction Equipment Distribution | December 2012