5/15/25 Documentation and Review: Reminders for the ERISA Plan Fiduciaries in Your Life

May 15, 2025

By Jeff Robertson  &  Iris Tilley

As part of our ongoing series focusing on employee benefits compliance, this installment focuses on concrete steps plan sponsors should consider as part of their ongoing compliance efforts.

1. Establish a Process for Service Provider Selection and Monitoring

Plan vendors are all too easy to set and forget. Since they operate in the background, plan sponsors often only consider vendor selection where a vendor implements a large price increase or just becomes wildly unresponsive to the client’s needs. However, plan fiduciaries have a duty to prudently select and monitor service providers.

In order to ensure that a plan engages in a prudent selection process and satisfies its duties to monitor plan service providers on an ongoing basis, we recommend that plans establish formal processes surrounding both of these duties. Formal processes help to avoid engagement of a service provider based on a personal relationship (and not necessarily what is best for plan participants) as well as a regimented structure to ensure that ongoing monitoring takes place, even where staff changes.

2. Update and Review Service Provider Contracts for Reasonable Fees and Transparency

Part of any good service provider monitor process will include the regular review of service provider contributions to ensure that fees charged are reasonable and that agreements are drafted with appropriate transparency. Determining the reasonableness of fees charged can sometimes feel like a big lift as the process of putting services out to bid using a request for proposal can be time consuming. However, speak with plan consultants about requests for information and other benchmarking work that can be used to determine the reasonableness of fees between larger requests for proposal efforts.

Group health plans and insurers are prohibited from entering into agreements with providers, networks, or other entities offering access to a network that contains provisions that preclude a plan from disclosing specified information. Plans must certify compliance with these rules on an annual basis. Most provider contracts have been adjusted (if necessary) at this point to make necessary adjustments. However, if you have not considered the contents of your health plan contracts in some time, now is a good time to take a fresh look.

3. Ensure That Plan Documents Comply With Any Applicable State or Federal Rules That May Apply

As the health plan industry continues to consolidate, we have started to see plan documents come across our desks from national providers that do not necessarily comply with applicable state law. As a general rule, self-insured health plans are subject to federal law, not state law. However, insured plans are subject to state law, and those self-insured plans that cover employees of unrelated employers, and that are sponsored by governmental employers, are subject to state law.

With this in mind, it remains important to understand what bodies of law apply to your health plans and ensure that they are drafted in compliance with the full scope of applicable law.

4. Understand the Fees Charged and Paid for Administration, Consulting, and Plan Networks

As employers who sponsor self-insured health plans can attest, health plan fees are overwhelming, and it can be difficult to parse what each vendor brings to the table. However, these fees are generally paid directly out of plan assets, which means that plan fiduciaries have an obligation to understand these fees and ensure that they are reasonable.

Plan fiduciaries should ask for training and explanation as needed to ensure that they can easily explain why each amount is paid from plan assets and how they know that the fees charged are reasonable.

5. Update Contracts and Procedures for Cybersecurity Responsibility

Cybersecurity remains an ever-expanding threat, and many older vendor contracts do not contain any language related to this topic. In response to this ongoing threat, the U.S. Department of Labor has published tips and identified recommended cybersecurity plan provisions: https://www.dol.gov/sites/dolgov/files/ebsa/pdf_files/tips-for-hiring-a-service-provider-with-strong-security-practices.pdf. Plan sponsors should consider their own vendor contracts in light of this guidance and demand contractual changes as necessary.

The Barran Liebman Employee Benefits Group assists employers with retirement and health plans.  Please contact Jeff Robertson at 503-276-2140 or jrobertson@barran.com, or Iris Tilley at 503-276-2155 or itilley@barran.com, or your regular attorney at Barran Liebman if you have any questions.