Two recent lawsuits provide important lessons for plan sponsors to undertake their jobs using the highest levels of care to protect plan assets and information and, per ERISA, to strictly adhere to their fiduciary responsibilities.
Avoid Actual or Perceived Conflicts of Interest
In March 2024, in Haskins, et al. v. General Electric, et al., the parties reached the largest settlement ever in an ERISA case in which the plan beneficiaries alleged their retirement plan improperly offered proprietary funds. In this case, filed in federal court in Massachusetts, the judge approved a settlement of $61 million for the plan participants. The plaintiffs alleged that the retirement plan illegally offered proprietary General Electric funds, managed by General Electric’s wholly owned subsidiary GEAM, as investment vehicles within the plan. Specifically, they claimed the GEAM funds were the only actively managed funds offered to the plan participants and that those funds had substantially underperformed other comparable funds during the class period. In a move that seemed to represent General Electric’s conflict of interest in the plan’s management, the plaintiffs further alleged General Electric refused to consider adding comparable funds with a longer history of higher performance, as well as failed to replace GEAM fund managers who were underperforming the market. During the relevant time period, General Electric was marketing GEAM for sale, and the plan participants claimed General Electric steered plan assets to it in order to boost GEAM’s “assets under management” and inflate its market price. Ultimately, GEAM sold for $485 million.
Lesson for benefit plan managers: While benefit plan managers do not have to be perfect in their investment decisions, nor do they have to outperform the market, they do need to avoid practices that could suggest a conflict of interest in their management of plan assets. Exercising prudence in protecting plan assets and strategically maximizing returns are the manager’s highest priorities.
Cyberattack on Retirement Services Firm Results in $8.7 Million Settlement
In April 2024, in Sherwood, et al. v. Horizon Actuarial Service, LLC, retirement plan participants whose personal information was stolen in a data breach reached an $8.7 million settlement with the plan’s services provider, Horizon Actuarial Services (Horizon). Horizon, a national retirement services firm, suffered a 2021 cyber-attack that breached two Horizon servers, exposing critical financial and personal information of plan participants of its member clients. Horizon is an actuarial consulting firm that specializes in managing the data for multi-employer benefit plans. In this case, the plaintiffs alleged that the breach resulted in the theft of private information for over 100,000 participants in 25 multi-employer plans which Horizon was administering. While Horizon was not managing the plan assets, its liability arose because it breached its duty on behalf of the participants and the managed plans to implement safeguards in the protection of vital plan and participant information. Specifically, the plaintiffs alleged Horizon failed to comply with state and federal laws and regulations governing data security and failed to follow standard industry practices in its security process and procedures. Additionally, Horizon failed to promptly inform the participants of the breach for five months. Of importance, while this lawsuit was against Horizon only, client retirement plans whose data was stolen could also have been subject to liability for the compromised information because under ERISA the benefit plan has ultimate responsibility for proper plan management.
Lesson for benefit plan managers: With the prevalence of cyber-attacks in recent years, plan managers must exercise the highest level of vigilance in the protection of plan participant information. This includes not only the plan’s IT processes, but also the processes of its service providers.