The modern fiduciary liability insurance policy will offer four basic coverage grants: (1) breach of fiduciary duty; (2) negligence in the administration of the plan; (3) voluntary compliance programs; and (4) regulatory penalties.
1. Breach of Fiduciary Duty:
The primary coverage grant in a fiduciary liability policy is for breaches of fiduciary responsibility under ERISA or other applicable fiduciary law. Depending on the nature of the breach and how many beneficiaries are involved, a claim for breach of fiduciary duty can result in significant exposure to the plan and the other policyholders. Historically, the most significant loss payments under fiduciary liability insurance policies are imprudent investment cases in which beneficiaries or other third-parties allege that the trustees breached their fiduciary duties in investing plan assets. The Department of Labor can also allege that plan trustees breached their fiduciary duties in the administration of the plan. The damages model for imprudent investment claims is typically the loss in investment principal as well as the lost opportunity cost if the principal had been prudently invested. Other breach of fiduciary duty claims may also present significant liability potential, including allegations of misinterpretation of a plan document, wrongful administration of a plan in a way that is not in compliance with the plan documents, providing imprudent investment options to participants in a defined contribution plan, failing to accurately communicate relevant information to plan participants, or making misrepresentations about plan investments.
2. Administration of the Plan:
The second coverage grant is coverage for negligent errors in the administration of the plan even if the errors do not constitute breaches of fiduciary duty. In this context, administration commonly includes handling paperwork and records for the plan, providing interpretations with respect to any plan (including calculating and determining benefits), or giving advice to participants regarding the plan. For example, the plan document may allow thirty days for an employee to add a newborn child to the health insurance plan. But the plan administration office may erroneously offer advice to the employee that the employee had sixty days to add the newborn when the plan only allows 30 days. If a plan participant relies on this incorrect advice and does not timely add the newborn to the health plan until fifty days after the date of birth, the health insurer could deny any claims for medical benefits. The employee then could sue the plan, alleging that they were given improper instructions on how to enroll the newborn child in the plan. This claim could qualify as a wrongful act under the policy as an error in the administration of the plan.
3. Voluntary Compliance Programs:
Historically, fiduciary liability insurance policies would cover claims only when a third- party was alleging some type of wrongdoing, and not loss by the insured itself (first-party claims). The reason is to avoid moral hazard claims, which would involve a policy coverage that could create an incentive to take unusual risks. But that has changed in recent years with regulatory agencies encouraging employee benefit plans to proactively remedy fiduciary violations under ERISA by taking
prescribed remedial actions – expenses that typically cannot be paid out of plan assets.
Both the IRS and DOL now have vibrant voluntary compliance programs. If you make mistakes with respect to your plan, for example, the IRS Employee Plans Compliance Resolution System “EPCRS” encourages plans to remedy mistakes and avoid the consequences of plan disqualification. Similarly, the DOL’s Voluntary Fiduciary Correction Program “VFC” allows those potentially liable for certain specified fiduciary violations under ERISA to voluntarily apply for relief from enforcement actions and certain penalties. Although not “voluntary,” the IRS also offers correction of mistakes that are discovered during an audit. This is known as the IRS Audit Closing Agreement Program “Audit CAP”, which allows a plan to enter into a Closing Agreement with the IRS, allowing the plan to correct identified issues and pay a sanction negotiated with the IRS.
The cost of correction of many of the violations specified in a voluntary compliance application or pursuant to an Audit Closing Agreement Program may not be paid with plan assets, unless such cost would have otherwise been paid from the plan (and assuming the plan document permits such payment of reasonable and necessary expenses to be paid from the trust). Modern fiduciary liability insurance policies solve this problem by providing coverage for voluntary compliance program expenditures. These expenditures are subject to a policy sublimit that is part of the aggregate limit of the policy, typically ranging from $50,000 to $250,000. Under this sublimit of coverage, the insurance carrier essentially allows the insured to make a claim against themselves and seek reimbursement from the insurer.
PRACTICE POINTER: The voluntary compliance coverage should cover both the expenses of attorneys and accountants to evaluate and investigate the possible regulatory non- compliance, as well as the fees, penalties or sanctions paid to the governmental authority under an authorized voluntary compliance program.
This coverage has become the most utilized fiduciary liability insurance feature in recent years. An employee benefit plan should consult its broker or insurance adviser to ensure that its fiduciary liability policy has an adequate voluntary compliance sublimit.
- Regulatory Penalties:
Most professional liability insurance policies are not designed to cover penalties. The typical policy will define “loss” or “damages” to exclude any taxes, fines or penalties that are not affirmatively covered in the policy. The problem for fiduciaries of employee benefit plans, however, is that they face individual liability from penalties under ERISA and several recent statutes, and these penalties cannot be paid out of plan assets. Fiduciary liability insurance companies have filled that void by providing coverage for certain penalties faced by employee benefit plans. But note: A penalty will not be covered unless specifically stated as covered under the policy, typically by endorsement, since the policy will otherwise exclude all penalties. [Miscellaneous penalties can sometimes be covered pursuant to endorsement, which is discussed later in the Handbook.]
The typical fiduciary policy will provide coverage for the following types of penalties:
1) Section 502 (i): Section 502(i) of ERISA permits the DOL to assess a five (5) percent civil penalty against a party in interest who engages in a prohibited transaction with respect to an employee benefit plan.
2) Section 502 (l): Section 502(l) of ERISA requires that, in the event of a fiduciary breach, the DOL assess a civil penalty of twenty (20) percent of the amount of settlements or courts orders against a breaching fiduciary or any other person who participated in the breach. The DOL has increasingly interpreted Section 502(l) to afford it no discretion not to impose the penalty when its investigation reveals that there may have been a breach of fiduciary duty.
3) Section 502 (c): Section 502(c) of ERISA imposes penalties for alleged failures by the plan or administrator to respond to written requests for plan information. Section 502(c) provides for penalties for an administrator’s refusal or failure to supply required information. The DOL is authorized to assess penalties of at least $100 a day [now indexed for inflation every year] from the date of refusal or failure, and every violation is treated separately for purposes of calculating the penalty. 502(c) claims are common claims because many benefit claims contain a tag-along reporting allegation. Section 502(c) became even more valuable with the reporting requirements of the Pension Protection Act of 2006, as these penalties are codified to be enforced under ERISA Section 502(c). Some carriers label this coverage “Pension Protection Act” coverage, but ensuring that your plan has a sublimit of coverage for 502(c) penalties will provide the necessary cover.
4) HIPAA: In 2008, the Health Insurance Portability and Accountability Act of 1996 “HIPAA” privacy and security rules were broadened by the enactment of the Health Information Technology for Economic and Clinical Health Act “HITECH”. One of the significant changes in the final rule is the expanded scope of the Department of Health and Human Services “HHS” enforcement authority, including civil monetary penalties up to an annual maximum for identical violations of $1.5 million.
PRACTICE POINTER: The key for HIPAA coverage is to ensure that your carrier provides cover for both HIPAA’s privacy and security rules, as some policies only refer to the privacy rule.
Many carriers will provide $25,000 to $100,000 for HIPAA violations. This will not be adequate to cover alleged intentional violations, or multiple violations in the same calendar year. If you have a health or welfare plan, you need at least $1.5M in HIPAA coverage, and should try to secure full policy limits if possible.
5) PPACA: The Patient Protection and Affordable Care Act “PPACA,” also known as “ACA,” and generally referred to as Obamacare, amended and expanded ERISA and the Public Health Service Act “PHSA” by incorporating PPACA coverage mandates for individual, group, self-insured and fully insured employer-sponsored health plans into Section 715 of ERISA. Various regulatory agencies have implemented penalties for PPACA violations. For example, the IRS may assess excise taxes upon group health plans (and church plans) that do not comply with PPACA insurance market reforms. HHS also enforces PPACA insurance market reforms against non-federal governmental plans and may assess penalties. Some carriers refer to this important penalty coverage as “Health Care Reform Coverage.”
6) IRC Section 4975 : Section 4975 of the Internal Revenue Code “IRC” gives authority to the IRS to assess excise taxes for prohibited transactions, such as the failure to remit contributions within the prescribed time frame. Section 4975 penalty coverage is becoming more important with the increased enforcement of contribution deadlines.
7) Social Security Death Master File Penalties: Although somewhat obscure, Section 203 of the Bipartisan Budget Act of 2013 established penalties of $1,000 to $250,000 per person for improper disclosure of confidential social security and other information in the Social Security Death Master File.