As a benefit plan auditor for over 10 years, I found it surprising how many of my clients didn’t know their recordkeeper had a SOC 1 report, let alone what to do with it once they got it for the audit. The truth is that the United States Department of Labor (DOL) publication Meeting your Fiduciary Responsibility provides an overview of the basic fiduciary responsibilities applicable to retirement plans under the Employment Retirement Income Security Act (ERISA), and monitoring service organizations and controls is one of them.
Outsourcing of recordkeeping services is very common and is a way to reduce costs and increase efficiencies in administering employee benefit plans. While choosing a recordkeeper is important, the fiduciary responsibility doesn’t stop there. Management should be periodically monitoring the service organization to ensure they are meeting the agreed upon procedures as it relates to the plan.
These are some steps plan management can take to fulfill this responsibility on a yearly basis: