Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus convallis sem tellus, vitae egestas felis vestibule ut.

Error message details.

Reuse Permissions

Request permission to republish or redistribute SHRM content and materials.

Who Is Liable for Retirement Plan Mistakes?

Professional fiduciaries can limit, not eliminate, a plan sponsor's liability

Two people sitting at a desk with papers and a cell phone.

When a 401(k) or similar defined contribution plan fails to apply the correct definition of compensation in determining benefits, fails to calculate vesting service correctly, or doesn't make distributions to participants who need to get required minimum distributions, who is responsible? Plan sponsors are often surprised to learn that they are.

Why Your Recordkeeper Is Not Responsible

Plan sponsors may find out that they are still responsible when their plans are selected for audit by the IRS or they are targeted in a lawsuit for miscalculating benefits. More frequently, the recordkeeper may find the mistake when reviewing operations and IRS procedures require that a costly correction be made.

Because they rely on their vendors to operate their plans, plan sponsors may mistakenly think that their recordkeeper is the legal plan administrator responsible to fix these mistakes. To understand why administrative responsibility has not been legally delegated to their recordkeepers, plan sponsors need to review their service agreements.

Typical Services Agreement Language

Plan recordkeeping agreements contain disclaimers that the recordkeeper is not performing services as a fiduciary, which means that they are not assuming the legal responsibilities of a plan administrator as defined in the Employee Retirement Income Security Act (ERISA). Admittedly, vendors could and many should do a better job of explaining their limited legal role to plan sponsors. Some years ago, I wrote a post called "What Your Prototype Provider Doesn't Tell You," highlighting this problem, but unfortunately too little has changed.

ERISA requires that every plan have a legal administrator and designates the plan sponsor as the default administrator when no other person has been appointed. This means that if the agreement doesn't make the recordkeeper the fiduciary plan administrator, plan sponsors remain responsible for the recordkeeper's mistakes found on audit or by a court, even if they just did what the recordkeeper told them to do or were unaware of the recordkeeper's actions. 

Further, the costs of correcting mistakes are not allowed to be paid from plan assets, so this understanding of the recordkeeper's real role may coincide with an obligation to pay substantial correction costs to keep the plan qualified.

Some recordkeeping agreements do provide that the recordkeepers will indemnify the plan sponsor for errors caused by their gross negligence or willful misconduct, but that is a threshold not reached by most ordinary mistakes. Today the indemnification obligation is also often subject to a dollar cap, which may be a multiple of fees paid to the recordkeeper. While plan sponsors can try to negotiate more favorable indemnification provisions, they will always provide limited protection.

There Are Alternatives

There are options available to busy company fiduciaries who want to make sure that their plans are run correctly. Just as they can pass fiduciary responsibility for day-to-day investments on to professional fiduciaries, plan sponsors can hire professional administrators to take over many of the legal responsibilities of plan administration. Professional administrators are referred to as 3(16) administrators after the section of ERISA that defines plan administrator and more busy company fiduciaries should consider hiring them.

Professional administration can be put into place for a single employer plan and also as part of a Pooled Employer Plan (PEP), a new type of plan created by the Setting Every Community Up for Retirement Enhancement (SECURE) Act that covers unrelated employers and is run by a Pooled Plan Provider. The Pooled Plan Provider must register with the Department of Labor and serves as the PEP's named fiduciary under ERISA.

What to Consider

There is no standard administration contract, and 3(16) administrators vary in the tasks that they are willing to assume. Best practice would be to do a request for proposal (RFP) for an administrator and compare not only the cost of the services provided, but also their scope. 

A good way to do that is to ask for a copy of the candidate's form contract, which should be specific about the responsibilities being assumed. Plan sponsors also need to vet the experience, qualifications and background of their candidates, as with any RFP. 

Given the incidence of hacking of participant accounts and ransomware, and the Department of Labor's new focus on best practices for cybersecurity, it is particularly important to investigate each candidate's cybersecurity procedures and whether the candidates have cybersecurity insurance and/or provide a warranty.

If a PEP option is under consideration, it is important to vet the qualifications of each of the PEP's service providers. There are advisers who can assist plan sponsors in evaluating and comparing these new plan options.

It's Not Complete Protection

As in any hiring situation, the plan sponsors remain responsible for prudently selecting the 3(16) administrator or the PEP bundle of providers and may have to replace them if they are not doing a good job, but that is much more limited responsibility than they had before. 

The 3(16) administrator also needs to get correct information from the plan sponsor in order to do its job properly. For example, is the plan sponsor part of a controlled group? What are the hire dates of employees? Who owns stock in the plan sponsor and other related companies? Wrong answers to these and similar questions from the 3(16) administrator can still lead to avoidable errors in plan operations.

There is no simple way to avoid all administrative errors, given the complexity of plan requirements, but outsourcing administration can materially restrict a plan sponsor's liability exposure.

Carol Buckmann is a founder and partner at law firm Cohen & Buckmann. © 2021 Cohen & Buckmann P.C. Originally published in LexisNexis Practical Guidance. All rights reserved. Republished with permission.

Related SHRM Articles:

Into the Pool? PEPping Up 401(k) Plans, SHRM Online, September 2021 

DOL: Retirement Plan Audits to Include Compliance with Cybersecurity Guidelines, SHRM Online, August 2021

[Small businesses can find offering a retirement plan to be daunting. SHRM is offering a program through Raymond James that may help. Visit to learn more.]


​An organization run by AI is not a futuristic concept. Such technology is already a part of many workplaces and will continue to shape the labor market and HR. Here's how employers and employees can successfully manage generative AI and other AI-powered systems.