It seems that
every month there are new stories in the financial press about participants
suing their employers for mismanagement of the company 401(k) plan. While
most of these suits have been directed at larger companies, the increasing
frequency has employers of all sizes looking for ways to minimize their
liability. One way to do that is to comply with a set of “safe-harbor” rules
found in section 404(c) of ERISA.
ERISA (the Employee Retirement Income Security Act) was passed in 1974,
more than a decade before 401(k) plans came along. Since
participant-directed plans were not the norm that they are now, many of
ERISA's fiduciary rules focus on plans in which the trustees and their
advisors are responsible for making the investment decisions and don't
necessarily translate well into the era of the modern 401(k).
One of the core principles of ERISA is that plan fiduciaries are required
to follow a prudent process in the selection and monitoring of plan
investments. They must carry out that duty just as an expert would. If plan
sponsors and/or trustees do not have that expertise, they must hire someone
who does. But how does that change when investment decisions are turned over
to plan participants? The short answer is “not much.” Fiduciaries generally
retain the same level of responsibility for the investment decisions made by
However, section 404(c) of ERISA creates a framework that provides an
alternative method of managing that responsibility. In short, plan
fiduciaries that follow the checklist of requirements can achieve a measure
of protection from liability arising from participants’ imprudent investment
First, we will take a look at the basic requirements of 404(c) and then
consider some of the factors to be weighed in choosing to pursue this safe
404(c) Basic Requirements
The regulations are extremely detailed, and a quick Google search on
“ERISA 404(c)” yields more than 400,000 hits. With that said, the
requirements can be distilled to around 20 items, most of which involve
providing a laundry list of disclosures to participants. Prior to that,
there are a couple of threshold requirements that must be satisfied.
First, participants must be given the opportunity to direct the
investment of their accounts at least quarterly and must be able to choose
from at least three options that span a broad range of risk and return. If
market volatility dictates, it may be necessary to allow participant
direction more frequently than quarterly. Since it is commonplace for plans
to allow daily access to 20+ options from the very conservative to the very
aggressive, few plans will have trouble meeting this requirement.
Second, plan fiduciaries must follow a prudent process to select and
monitor the investment menu that will be offered to plan participants. This
one is not quite as straightforward and requires plan fiduciaries to remain
involved in the investment process by carefully considering plan investment
options on an ongoing basis to ensure they remain appropriate for
The participant disclosures that are required can be broken down into two
broad categories: those that must be provided automatically and those that
must be provided only when requested.
- Explanation of plan’s intention to comply with 404(c) and that plan
fiduciaries may be relieved of liability for losses that directly result
from participant investment decisions;
- Description of each investment option available in the plan:
- Risk/return characteristics,
- Investment managers, and
- Most recent prospectus;
- Information on how participants give instructions to invest their
accounts, including making transfers and exercising voting and tender
- Transaction fees and expenses;
- Identification of and contact information for plan fiduciaries
responsible for providing these disclosures.
Disclosure on Request
- Description of annual operating expenses for each investment option:
- Investment management fees,
- Administrative fees,
- Transaction costs;
- Prospectuses, financial statements and other reports for each of the
plan’s investment options;
- List of the underlying assets comprising each portfolio or mutual
- Performance information (past and current);
- Current share values.
I complied with 404(c), and all I got was this lousy T-shirt
There are many opinions and a great deal of misinformation circulating
about what, exactly, plan fiduciaries get for their efforts. These range
from little more than that lousy t-shirt all the way to a “get out of jail
free card” that provides complete immunity. The truth lies somewhere in the
Compliance with 404(c) provides fiduciaries with relief from liability
for investment losses that are the direct result of participant investment
decisions. Sounds good, right? Well, the “catch” is in how that relief is
provided. It is not a simple matter of just claiming 404(c) compliance;
rather, it is what is referred to in legal terms as an affirmative defense.
ERISA litigation is very complex, but generally speaking, the party
bringing the lawsuit (the plaintiff) must prove that the plan fiduciaries
breached their responsibility and that the breach resulted in losses. The
fiduciaries, on the other hand, seek to rebut the assertions made by the
plaintiff. The plaintiffs prove; the fiduciaries rebut.
When plan fiduciaries claim a 404(c) defense, the roles reverse. The
fiduciaries must prove that they complied with all aspects of 404(c), and
the plaintiff tries to rebut that assertion. In short, 404(c) compliance
does not guarantee a fiduciary can’t or won’t get sued. It just changes the
manner in which that fiduciary demonstrates he or she is not responsible for
the losses in question.
Complying with 404(c) is not as easy as it might seem. For starters, it
is all predicated on the plan's investment menu being prudently selected and
monitored. If, for example, a plan fiduciary followed a prudent process to
select the menu a couple of years ago but cannot show that he has monitored
the options on an ongoing basis, he is probably on shaky ground regardless
of how faithfully he has provided all the required disclosures.
To further complicate matters, 404(c) is, in many ways, an “all or
nothing” proposition. It is possible for plan fiduciaries to satisfy 404(c)
for some participants but not others or for only certain investment options;
however, if any single requirement is missed with regard to a participant or
account, protection is completely lost. Consider the most recent prospectus
in the Automatic Disclosure list above. If a plan sponsor provides all other
disclosures but neglects to provide the most recent prospectus for any of
the investment options, 404(c) protection is lost.
While the solution may seem simple—just make sure none of the disclosures
are missed—the devil is in the details. Many employers and participants
alike are accustomed to receiving information electronically. However, the
Department of Labor (DOL) has very specific rules governing when and how
electronic disclosure is permitted in the context of employee benefit plans.
A sponsor that provides 404(c) disclosures electronically but does not
follow the DOL’s rules for doing so is deemed to have not provided the
disclosures at all.
Something as simple as using a personal e-mail account instead of an
employment-related account without proper consent could be treated as a
missed disclosure resulting in loss of 404(c) protection.
Many recordkeepers have built systems to help plan sponsors comply with
most of ERISA 404(c)’s requirements; however, given the potentially tenuous
nature of the protection, it is worthwhile for employers to read the fine
print in service-provider contracts to make sure they understand which
parties have responsibility for the various aspects of compliance.
Working with a third party administrator, consultant or investment
professional who has expertise in working with 404(c) can also be a great
way to identify any potential gaps.
An Optional Safe Harbor
In some circles, there is a misperception that ERISA mandates compliance
with 404(c). The reality, however, is that it is completely optional.
Throughout the various rules governing qualified retirement plans, there are
“safe harbor” provisions. Such provisions are generally offered as one
option to comply with a more general rule. Since safe harbors provide some
form of compliance assurance, they tend to offer less flexibility than their
Take the safe harbor 401(k) plan as an example. It is possible to
maintain a 401(k) plan with no company contributions and up to a six-year
graded vesting schedule. However, if an employer is willing to commit to
make a contribution and provide full vesting, they can get a free pass on
the ADP and ACP nondiscrimination tests.
Like the safe harbor 401(k) plan, 404(c) is also a safe-harbor. It is a
method to demonstrate compliance with one aspect of ERISA’s fiduciary rules.
To the extent a plan fiduciary prefers not to pursue this safe harbor, there
is nothing inherently illegal, unethical or otherwise imprudent about
choosing another means of demonstrating he or she has followed a prudent
process in managing plan assets.
Worth the Effort?
There are differences of opinion as to whether 404(c) is worth the
effort, and it is really a decision that each plan fiduciary must make given
their specific facts and circumstances. Some believe allowing participants
to transfer among investments with regular frequency tends to yield less
favorable investment results; therefore, they restrict transfers to the
beginning of each year. That may be a prudent design given the
circumstances, yet it does not satisfy 404(c)’s requirement to allow
investment direction at least quarterly.
Others take a broader perspective. Since the general rule is that
fiduciaries need to follow prudent processes when managing plan assets, they
will use 404(c) as a part of their process rather than as the process in and
of itself. This approach has an added benefit. If a plaintiff is able to
rebut the 404(c) defense by demonstrating that the fiduciary missed one of
the checklist items, the fiduciary can still fall back on the
non-safe-harbor rule by showing that it had documentation of having followed
a prudent process.
[top of page]