Defined contribution plans and their partners share many important pieces of personally identifiable information (PII). Therefore, plan administrators should implement measures to protect PII and their participants from cyber attacks wherever possible.
Types of PII that are shared in normal, day-to-day plan activity can include:
- Name
- Date of birth
- Social Security number (SSN)
- Address
- Email address
- Bank account information
- Account balance
- Compensation data
Plans using paper forms for enrollment, account statements or other reasons – particularly when SSNs are used – present additional risks to participant accounts because much of the above information is presented together, with few to no security controls.
Both the Securities and Exchange Commission (SEC) and the Federal Trade Commission (FTC) have adopted a series of requirements for financial institutions servicing defined contribution plans. Financial service providers are required to develop and implement various security and confidentiality procedures and tools designed to detect fraud and theft. These requirements generally apply to a plan’s consultants, investment advisors and service providers.
What can be done to improve security and minimize risk of fraud to participant accounts?
There are two initial steps a plan sponsor can take to help reduce risk of cyberattacks:
First, encourage all participants to set up an online account. Without an online account, the participant’s vulnerability to fraud is greatly increased, because it allows hackers to set up new online accounts and gain access to a participant’s funds.
Second, plan sponsors can request a copy of a provider’s Report on Controls SOC-II, an audit report describing an organization’s internal controls and attesting to their strength.
Plexus Financial Services, LLC (“PFS”) does not provide specific investment, tax, and/or legal advice and the information referenced/provided is not specific to any company’s or individual’s circumstances. These materials are general in nature and provided for educational purposes based upon publicly available information from sources believed to be reputable and reliable; we cannot assure the accuracy or completeness of these materials and as a result, personal diligence should be completed before relying or acting upon the information presented. Any general information referenced/provided is not be construed as personalized investment, tax, and/or legal advice. Always consult an advisor, attorney and/or tax professional regarding your specific situation.
This communication is strictly intended for individuals residing in the states of Alabama, Arkansas, Colorado, Georgia, Illinois, Indiana, Louisiana, New Jersey, New York, North Carolina, Ohio, Oklahoma, Pennsylvania, Texas, Washington, and Wisconsin and does not provide any information regarding any offers or services directly provided by PFS. The information referenced/provided is not to be considered an offer to buy or sell, or a solicitation of any offer.
You may request receipt of PFS’s Form ADV, Privacy Policy Statement, Code of Ethical Behavior, and/or Conflict of interest Policy at any time by written request to communications@plexusfs.com. For additional details or questions regarding this or any information provided by or related to PFS please visit our website at www.plexusfs.com located at 21805 Field Parkway, Suite 320, Deer Park, Illinois 60010. To contact us by phone please call (847) 307-6222.
PFS is a wholly owned subsidiary of The Plexus Groupe LLC. Advisory services are offered through Plexus Financial Services LLC, a registered investment advisor with the SEC which transacts business in states where it is properly registered, or is excluded or exempted from registration requirements, member FINRA www.finra.com, and the SIPC www.sipc.com. SEC registration does not constitute an endorsement of the firm by the Commission nor does it indicate that the adviser has attained a particular level of skill or ability.
Retirement Plan Advisory Group (“RPAG”) is not in the business of providing legal advice with respect to ERISA or any other applicable law. The materials and information do not constitute, and should not be relied upon as, legal advice. The materials are general in nature and intended for informational purposes only. All content, including any brochures or other materials designed for potential use with plan sponsors, fiduciaries, and plan participants, must be reviewed and approved by the compliance and legal department(s) of the financial professional and/or firm prior to any use to confirm that they meet the firm’s legal and compliance policies and standards. The financial professional and his/her firm are solely responsible for the use of content and any materials included herein, and for ensuring that all services provided by the financial professional conform to the firm’s legal and compliance policies and standards.