Privacy and Security Issues Facing Qualified Retirement Plans

Similar documents
Educate your plan participants on the following tips to ensure the security of their retirement savings accounts.

Cyber Risks & Insurance

PRIVACY AND CYBER SECURITY

Educate your plan participants on the following tips to ensure the security of their retirement savings accounts.

457 Plan Oversight Best Practices for Plan Sponsors TACA 2010

Cybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do

Times RETIREMENT. January Six Easy Steps to Keep Your Plan Assets Safe. Joel Shapiro, JD, LLM, Senior Vice President, ERISA Compliance

Cyber Risk Management

Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data

Who is the Plan Fiduciary? Employment Law Briefing June 25, 2018 CUPA HR Conference 2

Sara Robben, Statistical Advisor National Association of Insurance Commissioners

Fraud and Cyber Insurance Discussion. Will Carlin Ashley Bauer

Cyber Risk Mitigation

ERISA Fiduciaries, Data Privacy and Cybersecurity Risks: HIPAA, HITECH, and ERISA Preemption of State Data Breach Laws

O P C S. OPCS Overview 9/28/2017 (OPCS) The implementation of the Ohio Pooled Collateral System creates a unique partnership between:

DOL EXAMINATIONS OF RETIREMENT PLANS & FIDUCIARY BEST PRACTICES

CYBER AND INFORMATION SECURITY COVERAGE APPLICATION

Best Practices for Educating & Protecting Your Members in Light of the Equifax Breach

Health Service System Trust Fund Fiduciary Standards and Board Member Roles

Outsourcing Fiduciary Responsibility

Surviving DOL Service Provider Investigations

ANALYSIS & ASSESSMENT OF TECHNOLOGY FROM A BOARD S PERSPECTIVE STEPHANIE L. BUCKLEW SLB CONSULTING

DALBAR Due Diligence: Trust, but Verify

Cyber Risks & Cyber Insurance

Cybersecurity Privacy and Network Security and Risk Mitigation

The Wild West Meets the Future: Key Tips for Maximizing Your Cyber and Privacy Insurance Coverage

Community Action Program Legal Services (CAPLAW) Navigating Retirement Plan Fiduciary Rules and Correcting Plan Errors

CYBERSECURITY: IMPLEMENTING BEST PRACTICES FOR PLAN SPONSORS

ChicagoLand RIMS Cyber Insurance Coverage Pitfalls and How to Avoid Them

Lifetime protection for what s important

Bank Secrecy Act OFAC FinCEN

Defined Contribution and Defined Benefit Plans: Have you considered everything?

Identity Theft Information for Tax Professionals. August 2017

Managing Fiduciary Risk Insulating Investment Committees from Potential Liability

HOT TOPICS FOR RETIREMENT PLAN FIDUCIARIES

Protecting against and recovering from fraud and identity theft WHAT TO DO

403(b) Bulletin for Advisors and Consultants

Fiduciary Breach: Avoidance and Mitigation. Bruce Ashton, Esq., APM, Partner Drinker Biddle & Reath LLP Los Angeles, CA

Understanding the Roles and Responsibilities of a Fiduciary

FIDUCIARY RESPONSIBILITIES/ PLAN GOVERNANCE

Claims and Litigation Trends in Credit Unions. June 21, 2017

Staying Ahead of the Curve: Saving Money by Auditing Your 457 Plan

Credit Union Trends and Risks: The NCUA Perspective

"Mamas, Don t Let Your Babies Grow Up to be Fiduciaries"

Provided with permission to Mauch Chunk Trust Company Source: Security Breaches & Identity Theft Consumer Survey presented by RateWatch

A guide to the fiduciary role in a retirement plan

CYBER ATTACKS AFFECTING FINANCIAL INSTITUTIONS GUS SPRINGMANN, AON PAVEL STERNBERG, BEAZLEY

ERISA FIDUCIARY BASICS AND BEST PRACTICES

ARE YOU READY FOR NEW DOL FEE DISCLOSURE RULES?

Negotiating Cybersecurity Contractual Protections for Retirement Plans

WORKSHOP 9: What s the Hype on 3(16) and 3(38) Fiduciaries?

Checklist for Employee Benefit Plan Sponsors

Personal Information Protection Act Breach Reporting Guide

National Benefit Services. 3(16) Fiduciary Services

HIGHER EDUCATION LITIGATION UPDATE

2017 Cyber Security and Data Privacy Study

A World of Change and Opportunity in 401(k) Plans

Fiduciary Responsibility, Delegation & Oversight Multnomah Group, Inc. All Rights Reserved.

Year-end 2016 fraud update: Payment cards, remote banking and cheque

Fiduciary 3(16) Services: How to Survive in the New Fiduciary World

Bank of America Merrill Lynch Future of Financials Conference 2018

Unblurring the Lines: Understanding the Roles of Investment Providers

Who Are the Fiduciaries and What Are Their Key Responsibilities?

Equifax Data Breach: Your Vital Next Steps

Cybersecurity Insurance: The Catalyst We've Been Waiting For

Employee benefit plan large filers: Meeting your compliance and fiduciary requirements. April 20, 2016

EMPLOYEE BENEFIT PLANS FOR NFPs. Bertha Minnihan, Partner, Moss Adams LLP Brad Wall, Partner, Moss Adams LLP

CYBER LIABILITY REINSURANCE SOLUTIONS

Insuring your online world, even when you re offline. Masterpiece Cyber Protection

HIPAA COMPLIANCE. for Small & Mid-Size Practices

Know and Control Your Risk with Retirement Plans PHILLIP LONG, VP EMPLOYEE BENEFIT LEGAL SERVICES BB&T RETIREMENT AND INSTITUTIONAL SERVICES

ARE YOU HIP WITH HIPAA?

Bank Secrecy Act OFAC FinCEN

PRIVACY: BRIDGING THE GAP BETWEEN THIRD PARTY/VENDOR RISK MANAGEMENT AND CYBER RESILIENCY. Annmarie Giblin, Esq. Thursday, April 21, 2016

Cyber Risk Quantification: Translating technical risks into business terms

You recognize that your retirement plan is a critical benefit that can help your company attract and retain quality employees.

At the Heart of Cyber Risk Mitigation

Designing Privacy Policies and Identifying Privacy Risks for Financial Institutions. June 2016

Request For Proposal (RFP) Retirement Plan Advisor Search

ERISA's Higher Calling

404(a) annual participant fee disclosure Frequently asked questions

Fiduciary Responsibilities and Oversight for Deferred Compensation Retirement Plans

Bitcoin in Your 401k?

1C. HR: Retirement Benefits Refresher. CAPLAW 2011 National Training Conference

Overview of ERISA s Fiduciary Requirements: Retirement Plan Sponsor Considerations

EQUIFAX AFTERMATH ONE YEAR LATER. id theftcente r.o r g

FIDUCIARY INSIGHTS & UPDATES

The FRS provides comprehensive resources through the MyFRS Financial Guidance Program. Please use these resources to help you choose a plan.

Managing Fiduciary Risk Under ERISA: A Primer for Employers, HR Directors, and Plan Administrators. Copyright

408(b)(2) Checklist. IS YOUR PLAN COVERED? Plans not Covered. Covered Plans

Retirement Plan Fiduciary Best Practices Houston Compensation and Benefits Total Rewards Summit

IDShield National Plan Benefit Overview

Evaluating Your Company s Data Protection & Recovery Plan

Process & Decision Making of the ESOP Administration Committee

Here is some more information on the Equifax Breach and how you may protect yourself in the aftermath...

Cyber Hot Topics: Vendor Management

Up for Grabs: Taking Charge of Your Digital Identity

Fiduciary Duty in Retirement Plans The facts to combat the fiction when assessing fiduciary risk

Fiduciary Considerations for Plan Sponsors - Evaluating Plan Fees

Fee Disclosure Q&A for Employers September 2014

Transcription:

SECURIAN FINANCIAL 1 Privacy and Security Issues Facing Qualified Retirement Plans Theodore Schmelzle, JD, CIPP/US Senior Director, Retirement Solutions November 2018

SECURIAN FINANCIAL 2 Agenda Why advisors, plan sponsors and participants should care Plan sponsor considerations Emerging trends Advisor role

Why you should care SECURIAN FINANCIAL 3

SECURIAN FINANCIAL 4 Examples of breaches Massive Amounts of Information* 2013 2014 2015 2016 2017 2018 Yahoo!, 3 billion accounts Ebay, 145 million records Anthem, 78.8 million records LinkedIn, 117 million records Equifax, 143 million records Facebook 87 million records United States Population 323 million *https://www.csoonline.com/article/2130877/data-breach/the-biggest-data-breaches-of-the-21st-century.html

SECURIAN FINANCIAL 5 ERISA Advisory Council report on cyber security Employee Benefit Plans: Considerations for navigating Cybersecurity Risks Raises awareness of cybersecurity threats Provides information on risk mitigation and emerging threats Malware Ransomware Phishing Wire Transfer Cyber Threats https://www.dol.gov/sites/default/files/ebsa/about-ebsa/about-us/erisaadvisory-council/2016-cybersecurity-considerations-for-benefit-plans.pdf

SECURIAN FINANCIAL 6 Gathering information is easy in today s electronic environment Social Networking LinkedIn Facebook Internet Company website Government Free ERISA EBSA Dark Web

SECURIAN FINANCIAL 7 Account breaches in other industries Credit Cards Many have experienced fraudulent credit card charges - Mature threat - Established process - October 2016 Nilson report cites $21.8 billion global losses in 2015 Bank Accounts ACH fraud Tax Returns Stolen Identity Refund Fraud (SIRF) - DOJ estimates 5 million tax returns filed in 2013 with false identities, claiming approximately $30 billion in refunds

Plan sponsor considerations SECURIAN FINANCIAL 8

SECURIAN FINANCIAL 9 Plan Sponsor considerations Participant Advisor Record Keeper TPA Plan Sponsor Access to Data

SECURIAN FINANCIAL 10 Plan Sponsor considerations Plan fiduciaries must discharge their duties prudently with care, skill, and diligence under the circumstances then prevailing that a prudent man acting in a like capacity and familiar with such matters would use in the conduct of an enterprise of a like character and with like aims Fiduciary Issue - No precise description of what is procedurally prudent under every circumstance Process protects! - Plan documents follow provisions - Communication With vendors With participants - Document

SECURIAN FINANCIAL 11 Plan Sponsor considerations Procedural Prudence - Selection of service providers RFP questions may include: Inquire about past breaches of private information Request information on privacy and security standards currently in place SOC reports Document Ongoing cooperation How do you stay one step ahead? Industry trends

SECURIAN FINANCIAL 12 Plan Sponsor considerations Procedural Prudence (continued) - Employee Oversight Employee error and/or fraud can be a primary contributor to data breaches Over 50% of surveyed companies reported they have experienced a security incident because of a negligent or malicious employee* - Vulnerabilities Response to targeted phishing and spear phishing attacks Malicious viruses and downloads *Source: Experian Data Breach Resolution and Ponemon Institute (2016)

SECURIAN FINANCIAL 13 Plan Sponsor considerations Procedural Prudence (continued) - Educate plan participants and beneficiaries about cyber security and privacy Electronic security controls Complex passwords Register for account two-factor authentication Physical security controls Shred unneeded files Timing out computers Locks, etc.

Emerging trends SECURIAN FINANCIAL 14

SECURIAN FINANCIAL 15 Emerging trends Qualified retirement plans are being identified and targeted* Recent Empower case* Sharing of credentials with other individuals and/or not adequately securing credentials from family members / acquaintances Fraudulent activity by way of malware or breach of security by the Plan Sponsor, Advisor, or Third Party Administrator (TPA) *http://www.napa-net.org/news/technical-competence/defined-contribution-plans/fraud-scheme-targeting-401k-accounts-uncovered/

SECURIAN FINANCIAL 16 Emerging trends Malicious Account Takeovers Distributions what the criminals are after Age 59½ Term vests Plan provisions Approval protocol Social engineering by using publically available information Authentication Available information Third party services CSR operations

SECURIAN FINANCIAL 17 Emerging trends Malicious Account Takeovers (continued) Record keepers bobbing and weaving Where and how forms are accessed Front door vs. back door safeguards Information available to record keepers Technological safeguards

SECURIAN FINANCIAL 18 Emerging trends Malicious Account Takeovers (continued) Recordkeeping and administrative challenges Threat aptitude Real-time fraud detection hampered by data Everyone wants to be helpful Publically available information

Advisor role SECURIAN FINANCIAL 19

SECURIAN FINANCIAL 20 Advisor role Trusted advisor Risk mitigation steps Ask the right questions Industry Knowledge Important liaison Procedural prudence

Questions? These materials are for informational and educational purposes only and are not designed, or intended, to be applicable to any person's individual circumstances. It should not be considered investment advice, nor does it constitute a recommendation that anyone engage in (or refrain from) a particular course of action. Securian Financial Group, and its affiliates, have a financial interest in the sale of its products. Securian Financial is the marketing name for Securian Financial Group, Inc. and its affiliates. Securian Retirement s qualified plan products are offered through a group variable annuity contract issued by Minnesota Life Insurance Company, a Securian Financial Group affiliate. For financial professional or plan sponsor use only. Not for use with participants. Securian Financial Group, Inc. securian.com/retirement 400 Robert Street North, St. Paul, MN 55101-2098 2018 Securian Financial Group, Inc. All rights reserved. F91447 Rev 7-2018 DOFU 4-2018 456442

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback