Axio CTO and 2017 PLUS Cyber Liability Symposium session moderator Jason Christopher discusses the state of cyber risk for critical infrastructure.
Peiter “Mudge” Zatko… famed hacker, director of the Cyber Independent Testing Laboratory, and luncheon keynote at the 2017 PLUS Cyber Liability and Management & PL Symposia, stops by the PLUS Media Zone to discuss why it is important to create a standardized way to compare software, his advice for CTOs and ERMs, and the current cyber security landscape.
To avail themselves of the protections of the Employee Retirement Income Security Act (“ERISA”), plaintiffs must prove, as a threshold matter, that the defendant was a fiduciary. If plaintiffs are successful in meeting their burden, the fiduciary is subject to the mandates of ERISA, which requires it to perform certain duties (the highest duties known to law) vis-à-vis a pension plan’s participants and beneficiaries. Simultaneously, ERISA’s prohibited transaction provisions (describing what a fiduciary cannot do) are triggered.
Pursuant to ERISA, a fiduciary can be a named fiduciary by an employer sponsoring the plan. Alternatively, one can become a fiduciary simply by exercising (or having) any discretionary authority or control over a plan’s administration or assets. ERISA Section 3(21).
Recently, in Malone v. Teachers Ins. & Annuity Ass’n of Am., 2017 U.S. Dist. LEXIS 32308 (S.D.N.Y., Mar. 7, 2017), plaintiff asked the court to determine that defendant Teachers Insurance and Annuity Association of America (“TIAA”) was a fiduciary in its capacity as record keeper. On defendant’s motion to dismiss, the court found that TIAA was not a fiduciary.
Per the complaint in Malone, TIAA, as part of its investment services to the plan, had five-year annuity contracts which provided in part that the investment fees charged would offset any record keeping fees so long as the record keeper was TIAA (a practice known in the industry as “revenue sharing”).
At the time these contracts were signed, this revenue sharing arrangement was not disclosed to the plan and, according to plaintiffs, this failure to disclose constituted a breach of fiduciary duty under ERISA. The primary issue for the Court was whether TIAA “exercised discretion” over the plan’s administration or assets thus making it a fiduciary. The Court ultimately rejected plaintiff’s arguments after considering the following facts:
- TIAA locked in the plan to a five-year contract;
- TIAA failed to disclose revenue sharing at signing of the contract;
- Plaintiff did not plead that the contracts were not negotiated at arm’s length;
- TIAA had no prior relationship with the plan;
- Fees paid from plan assets do not give the collector, in and of itself, fiduciary status;
- TIAA periodically collected fees; and
- TIAA adhered to a specific contract term.
Best practice Tips: Despite the ruling in Malone in favor of the Defendant, there is always a risk that one could be deemed a fiduciary. Thus, it is important to not get caught by surprise. One should review all relevant plan documents and outline every party involved in servicing the plan. Aside from named fiduciaries, determine at an early stage who has the critical “discretionary authority” in order to identify other fiduciaries and to ascertain if they are meeting their duties.
– Jose M. Jara