Fiduciary Risk Management 101 – Building a 401k Plan Compliance File

Fiduciary Risk Management 101 – Building a 401k Plan Compliance File

Do you offer a 401k plan compliance file to help protect plan sponsors in the event of an audit?

I’ve heard it many times before that if a plan is audited, and the plan sponsor is able to quickly produce all of the items the auditor is requesting, the audit itself is usually pretty fast and painless.

However, if they don’t have, can’t find, takes forever to pull together the requested material, it’s a good sign the auditor will likely find additional things wrong with the plan (bad news for the plan sponsor).

So what does your process look like to onboard your plan sponsor clients, then help gather and organize the important plan documents that demonstrate prudence in the management of their plan?

Whose Job is it Anyway?

It’s not really the job of an advisor to hold all the plan documents.  I remember a prospecting situation where the Plan Sponsor said they had an Investment Policy Statement, but the Advisor had it in his office. They didn’t have a copy or access to a copy.  (And if you’re thinking maybe that was just a brush off – they did give us 80% of the documents we asked for.)

As an advisor, I’d submit you bring a lot of value to the table by helping plan sponsors understand how to document a prudent process, and how to build a solid plan compliance file that helps them demonstrate they’re meeting regulation with process.

I would not, however, recommend you take responsibility for holding this audit file in-house.

And with cybersecurity concerns, I’m not even sure I’d recommend you set up an online vault anymore (I used to be huge advocate for this back in the day – today however, you’re just one hacker away from leaking personal plan data).

I would recommend you provide plan sponsors with a compliance file checklist to identify what they should keep on file, including document retention guidelines.

I also feel that if plan sponsors need assistance in building out their compliance file, you should help them by providing sample documents and sample policy statements that they’re welcome to incorporate into their plan file. 

So, what should be in a plan compliance file?

First, I’d recommend organizing it by key area of responsibility:

Fiduciary Documents
Investment Documents
Service Provider Documents
Participant Documents
Administration Documents

Then, in additional to the usual you’d expect to find (e.g. plan document, SARs, quarterly investment reports, service contracts, tax forms, participant disclosures, ERISA bond, etc.), I’d consider offering your clients some sample documents to help them demonstrate prudence in how the plan is being managed in each of the key areas. 

NOTE: I would NOT provide all these documents to EVERY client. It would depend on plan type, client size, plan sponsor committee(s) involvement, etc.  But here is a list of some of the items you might consider sharing with your plan sponsor clients to help them build a more audit-proof compliance file:

Fiduciary Document Add Ons:

​​​​Internal Fiduciary Worksheet 
​Fiduciary Appointment & Acknowledgement Letters
​Fiduciary Resignation Letter Sample
​Sample Bylaws
​Sample Code of Ethics
​Sample Conflict of Interest Policy
​Recommended Reading Form for New Committee Members
​Sample Committee Minutes

Investment Document Add Ons:

​Sample Investment Policy Statement
​IPS Review Checklist
​Investment Review Checklist

Service Provider Add Ons:

​Service Provider Agreement Checklist
​Service Provider Review Checklist

​Participant Document Add Ons:

ERISA Section 404(c) Checklist
​Required Participant Disclosures Checklist
​Sample Employee Education Policy Statement
​Sample 404(c) Notice to Participants
​Sample Participant Education Program Calendar
​Participant Education Program Checklist

Administration Document Add Ons:

​Sample Plan Administration Calendar
Plan Operations Review Checklist
Committee / Advisor Responsibility Checklist

Today, there’s also a lot of discussion around policy statements (Education, QDRO, Loan, Missing Participant, Cybersecurity, QDIA, etc.) so having a sample template that reviews best practices in these areas could also help you provide tremendous value to your clients.

Less is More… Except When it isn’t…

So there are a few schools of thought on how much additional documentation plan sponsors should have on file.

On one hand there are those who say don’t adopt anything but the required plan document – because when you adopt a new policy for how you’ll manage the plan – you.must.follow.it.

On the other hand, it’s often what’s missing from an audit file that hurts a plan sponsor more than the efforts they took to document a prudent process.

I say use your best judgment, and always recommend your plan sponsor clients consult with an ERISA attorney before formally adopting any written policy.

If you’re interested in helping your plan sponsors clients build a more solid compliance file (aka fiduciary risk management file), and would like to have access to a complete set of compliance documents to use in your practice, then check out the 401k Plan Compliance File Kit.