It seems that every
month there are new stories in the financial press about
participants suing their employers for mismanagement of the company
401(k) plan. While most of these suits have been directed at larger
companies, the increasing frequency has employers of all sizes
looking for ways to minimize their liability. One way to do that is
to comply with a set of "safe-harbor" rules found in section 404(c)
ERISA (the Employee Retirement Income Security Act) was passed in
1974, more than a decade before 401(k) plans came along. Since
participant-directed plans were not the norm that they are now, many
of ERISA's fiduciary rules focus on plans in which the trustees and
their advisors are responsible for making the investment decisions
and don't necessarily translate well into the era of the modern
One of the core principles of ERISA is that plan fiduciaries are
required to follow a prudent process in the selection and monitoring
of plan investments. They must carry out that duty just as an expert
would. If plan sponsors and/or trustees do not have that expertise,
they must hire someone who does. But how does that change when
investment decisions are turned over to plan participants? The short
answer is "not much." Fiduciaries generally retain the same level of
responsibility for the investment decisions made by the
However, section 404(c) of ERISA creates a framework that
provides an alternative method of managing that responsibility. In
short, plan fiduciaries that follow the checklist of requirements
can achieve a measure of protection from liability arising from
participants' imprudent investment decisions.
First, we will take a look at the basic requirements of 404(c)
and then consider some of the factors to be weighed in choosing to
pursue this safe harbor.
404(c) Basic Requirements
The regulations are extremely detailed, and a quick Google search
on "ERISA 404(c)" yields more than 400,000 hits. With that said, the
requirements can be distilled to around 20 items, most of which
involve providing a laundry list of disclosures to participants.
Prior to that, there are a couple of threshold requirements that
must be satisfied.
First, participants must be given the opportunity to direct the
investment of their accounts at least quarterly and must be able to
choose from at least three options that span a broad range of risk
and return. If market volatility dictates, it may be necessary to
allow participant direction more frequently than quarterly. Since it
is commonplace for plans to allow daily access to 20+ options from
the very conservative to the very aggressive, few plans will have
trouble meeting this requirement.
Second, plan fiduciaries must follow a prudent process to select
and monitor the investment menu that will be offered to plan
participants. This one is not quite as straightforward and requires
plan fiduciaries to remain involved in the investment process by
carefully considering plan investment options on an ongoing basis to
ensure they remain appropriate for participants.
The participant disclosures that are required can be broken down
into two broad categories: those that must be provided automatically
and those that must be provided only when requested.
- Explanation of plan's intention to comply with 404(c) and
that plan fiduciaries may be relieved of liability for losses
that directly result from participant investment decisions;
- Description of each investment option available in the plan:
- Risk/return characteristics,
- Investment managers, and
- Most recent prospectus;
- Information on how participants give instructions to invest
their accounts, including making transfers and exercising voting
and tender rights;
- Transaction fees and expenses;
- Identification of and contact information for plan
fiduciaries responsible for providing these disclosures.
Disclosure on Request
- Description of annual operating expenses for each investment
- Investment management fees,
- Administrative fees,
- Transaction costs;
- Prospectuses, financial statements and other reports for
each of the plan's investment options;
- List of the underlying assets comprising each portfolio or
- Performance information (past and current);
- Current share values.
I complied with 404(c), and all I got was
this lousy T-shirt
There are many opinions and a great deal of misinformation
circulating about what, exactly, plan fiduciaries get for their
efforts. These range from little more than that lousy t-shirt all
the way to a "get out of jail free card" that provides complete
immunity. The truth lies somewhere in the middle.
Compliance with 404(c) provides fiduciaries with relief from
liability for investment losses that are the direct result of
participant investment decisions. Sounds good, right? Well, the
"catch" is in how that relief is provided. It is not a simple matter
of just claiming 404(c) compliance; rather, it is what is referred
to in legal terms as an affirmative defense.
ERISA litigation is very complex, but generally speaking, the
party bringing the lawsuit (the plaintiff) must prove that the plan
fiduciaries breached their responsibility and that the breach
resulted in losses. The fiduciaries, on the other hand, seek to
rebut the assertions made by the plaintiff. The plaintiffs prove;
the fiduciaries rebut.
When plan fiduciaries claim a 404(c) defense, the roles reverse.
The fiduciaries must prove that they complied with all aspects of
404(c), and the plaintiff tries to rebut that assertion. In short,
404(c) compliance does not guarantee a fiduciary can't or won't get
sued. It just changes the manner in which that fiduciary
demonstrates he or she is not responsible for the losses in
Complying with 404(c) is not as easy as it might seem. For
starters, it is all predicated on the plan's investment menu being
prudently selected and monitored. If, for example, a plan fiduciary
followed a prudent process to select the menu a couple of years ago
but cannot show that he has monitored the options on an ongoing
basis, he is probably on shaky ground regardless of how faithfully
he has provided all the required disclosures.
To further complicate matters, 404(c) is, in many ways, an "all
or nothing" proposition. It is possible for plan fiduciaries to
satisfy 404(c) for some participants but not others or for only
certain investment options; however, if any single requirement is
missed with regard to a participant or account, protection is
completely lost. Consider the most recent prospectus in the
Automatic Disclosure list above. If a plan sponsor provides all
other disclosures but neglects to provide the most recent prospectus
for any of the investment options, 404(c) protection is lost.
While the solution may seem simple—just make sure none of the
disclosures are missed—the devil is in the details. Many employers
and participants alike are accustomed to receiving information
electronically. However, the Department of Labor (DOL) has very
specific rules governing when and how electronic disclosure is
permitted in the context of employee benefit plans. A sponsor that
provides 404(c) disclosures electronically but does not follow the
DOL's rules for doing so is deemed to have not provided the
disclosures at all.
Something as simple as using a personal e-mail account instead of
an employment-related account without proper consent could be
treated as a missed disclosure resulting in loss of 404(c)
Many recordkeepers have built systems to help plan sponsors
comply with most of ERISA 404(c)'s requirements; however, given the
potentially tenuous nature of the protection, it is worthwhile for
employers to read the fine print in service-provider contracts to
make sure they understand which parties have responsibility for the
various aspects of compliance.
Working with a third party administrator, consultant or
investment professional who has expertise in working with 404(c) can
also be a great way to identify any potential gaps.
An Optional Safe Harbor
In some circles, there is a misperception that ERISA mandates
compliance with 404(c). The reality, however, is that it is
completely optional. Throughout the various rules governing
qualified retirement plans, there are "safe harbor" provisions. Such
provisions are generally offered as one option to comply with a more
general rule. Since safe harbors provide some form of compliance
assurance, they tend to offer less flexibility than their
Take the safe harbor 401(k) plan as an example. It is possible to
maintain a 401(k) plan with no company contributions and up to a
six-year graded vesting schedule. However, if an employer is willing
to commit to make a contribution and provide full vesting, they can
get a free pass on the ADP and ACP nondiscrimination tests.
Like the safe harbor 401(k) plan, 404(c) is also a safe-harbor.
It is a method to demonstrate compliance with one aspect of ERISA's
fiduciary rules. To the extent a plan fiduciary prefers not to
pursue this safe harbor, there is nothing inherently illegal,
unethical or otherwise imprudent about choosing another means of
demonstrating he or she has followed a prudent process in managing
Worth the Effort?
There are differences of opinion as to whether 404(c) is worth
the effort, and it is really a decision that each plan fiduciary
must make given their specific facts and circumstances. Some believe
allowing participants to transfer among investments with regular
frequency tends to yield less favorable investment results;
therefore, they restrict transfers to the beginning of each year.
That may be a prudent design given the circumstances, yet it does
not satisfy 404(c)'s requirement to allow investment direction at
Others take a broader perspective. Since the general rule is that
fiduciaries need to follow prudent processes when managing plan
assets, they will use 404(c) as a part of their process rather than
as the process in and of itself. This approach has an added benefit.
If a plaintiff is able to rebut the 404(c) defense by demonstrating
that the fiduciary missed one of the checklist items, the fiduciary
can still fall back on the non-safe-harbor rule by showing that it
had documentation of having followed a prudent process.