As retirement plan administration has become more and more digitized over the years, retirement plan sponsors and recordkeepers have become the custodian of a variety of sensitive plan participant data. Information such as personal investment history and preferences, details on financial assets held outside of the plan and earnings history are often collected and retained by plan sponsors and third-party recordkeepers and plan administrators, most notably vendors for 401(k) plans. Often, this information can paint a very accurate picture of a plan participant’s financial wellness and retirement strategy. Moreover, the value of this information is not lost on certain vendors who collect and retain it, and the use of this data is the focus of an emerging area of retirement plan fiduciary litigation.
Background and Recent Complaints
It is no secret that the number of lawsuits alleging violations of the fiduciary requirements applicable under the Employee Retirement Income Security Act of 1974, as amended (“ERISA”) have grown exponentially over the last decade or so. Amongst other requirements, ERISA generally requires that plan fiduciaries act in the best interest of plan participants and for the exclusive purpose of providing retirement benefits under the plan.
Two recent cases—one settlement agreement and one participant-initiated lawsuit—have brought into question how participant data collected by a plan’s third party recordkeeper can and should be used for non-plan purposes. A complaint filed in January 2020 by participants in Shell Oil’s 401(k) plan alleged wrongdoing on behalf of the plan’s third-party recordkeeper, Fidelity. In its role as the plan’s recordkeeper, Fidelity collected participant investment data, including investment history and financial asset information. When participants terminated employment or neared retirement (i.e., distributable events under the plan), Fidelity shared this data with sales persons at Fidelity affiliated companies, including brokers and investment advisors. Those individuals then solicited plan participants to market and sell other non-plan Fidelity products, including individual retirement accounts, life insurance products, credit cards, brokerage accounts and other retail products and services, which, according to the complaint, resulted in substantial revenue to Fidelity.
In its lawsuit against Fidelity, amongst various other complaints, Shell Oil plan participants have alleged that disclosure of this participant data to Fidelity brokers and advisors for non-plan purposes was a self-dealing prohibited transaction and a breach of Fidelity’s fiduciary duty to act in the best interest of the participants and for the exclusive purpose of providing benefits under the plan. The participants also alleged that Shell Oil breached its duty as plan sponsor to ensure that disclosure of participant data was restricted for the sole benefit of plan participants.
A 2019 settlement reached between Vanderbilt University and participants in its 403(b) plan was similarly noteworthy in that it required the plan’s fiduciaries to revise its recordkeeping agreement with Fidelity to prohibit Fidelity from gathering plan participant information in order to market and sell non-plan Fidelity products to Vanderbilt plan participants.
Plan Data as a “Plan Asset”
This is a developing area of retirement plan fiduciary litigation, and there are several threshold matters that must be decided and analyzed by the courts as lawsuits like these move forward. The foremost open issue is whether recordkeepers, like Fidelity, are considered plan fiduciaries for purposes of ERISA, and whether participant plan data is considered a “plan asset” to which fiduciary duties would apply. These are gating issues to consider whether a practice like Fidelity’s cross-selling efforts (and a plan sponsor allowing such information to be shared in the first place) is a violation of ERISA fiduciary duties and a potential self-dealing prohibited transaction on behalf of the vendor. In the absence of the heightened standards applicable to ERISA fiduciaries, such practices likely would not run afoul of other legal requirements under ERISA.
Action Items for Employers
Prudent plan sponsors and employers should keep an eye on updates in this developing area of the law. It is advisable to review existing service agreements and engage in open dialogues with third-party recordkeepers and administrators to understand what types of data are collected and retained by such vendors, and what those vendors are able to do with such data. Prior to entering into new service agreements, candid discussions should be held with vendors about their intentions to use plan and participant data for non-plan purposes. To this point, having legal counsel review such agreements prior to their execution is always considered a best practice.
The Morris, Manning & Martin Employee Benefits and Executive Compensation team is monitoring these developments closely. If you have any questions about this developing area, please do not hesitate to reach out to any of your contact(s) on our team.