Confused by 3(16), 3(21), and 3(38)? A Plan Sponsor’s Guide

Apr 20, 2026

When you sponsor a 401(k), securing expert help is wise—but understanding what you can’t give away is imperative too. While 3(16) administrators, 3(21) advisors, and 3(38) managers can handle a lot of the heavy lifting, you retain the ultimate legal risk for their performance.The Bottom Line: As an ERISA retirement plan sponsor, the DOL holds you accountable for the plan’s proper functioning. You can delegate the work, but you cannot delegate the oversight. You remain responsible for prudently selecting your partners and continuously monitoring them to ensure every decision is made solely in the best interest of your participants.

Retirement Plan Sponsors Are Inherently Fiduciaries

As the sponsor of an employee retirement plan governed by the Employee Retirement Income Security Act (ERISA), your primary playbook is this publication from the Department of Labor: Meeting Your Fiduciary Responsibilities. Notice it explicitly explains that while you can hire others to run the plan, the act of selecting and monitoring those providers is itself a fiduciary function. In other words, no matter what responsibilities you outsource, as the plan sponsor, you are inherently a fiduciary in the eyes of ERISA: you can never completely eliminate the risk of being held personally responsible for mistakes and oversights, including those made in selecting and monitoring the third parties hired for the plan. Consider, for example, that even failure to monitor the cybersecurity protocols of your providers can result in a fiduciary breach allegation against you. Should you face allegations that you erred in your fiduciary responsibilities, your only shield for the out of pocket defense costs and penalties you may personally incur is fiduciary liability insurance.

Securing Professional Services For The Retirement Plan

ERISA experts at 401ktv emphasize that given the standard of “prudent expert,” it is wise for retirement plan sponsors to seek professional services for the plan. Fully understanding exactly what responsibilities you are contracting others to perform for the plan is essential too. As attorney Carol Buckmann of Cohen & Buckmann PC cautions: “Everyone following developments in the employee benefits field knows that fiduciary breach litigation has skyrocketed in recent years. Actions taken by plan fiduciaries are scrutinized by class action lawyers and there is no shortage of potential plaintiffs. Despite this scrutiny, fiduciaries continue to cling to misperceptions about their responsibilities that can hobble their efforts to protect themselves.” In Buchmann’s experience, a common and dangerous area of confusion for retirement plan sponsors is making the assumption that a recordkeeper automatically becomes the legal plan administrator:

Unless there is a specific agreement under which the recordkeeper has assumed legal responsibility for administration (called a 3(16) agreement)…that is not the case. Standard recordkeeper agreements will disclaim fiduciary status and are drafted on the assumption that the recordkeeper employees are not exercising discretion when they follow procedures agreed to by the plan sponsor.

Every ERISA plan must have an administrator, and the default administrator is the plan sponsor unless another administrator has been appointed. The administrator will be the plan sponsor (or a committee it has appointed) in most situations, even if the individuals functioning as fiduciaries do not understand their status or the rules they are required to follow. This almost guarantees noncompliance. It also means that the plan sponsor remains legally responsible for the recordkeeper’s compliance violations and mistakes.

To avoid confusion over the role of the recordkeeper selected for your 401k plan, be sure to clarify what, if any legal responsibilities the provider has agreed to take on. Keep in mind that 3(16) is a board term. Some providers are “Full 3(16)” (taking on legal plan administrator status), while others are “Partial 3(16)” (only doing specific tasks).

What’s The Difference: 3(21) Advisers and 3(38) Managers?

For Us All shares that another area of confusion for retirement plan sponsors relates to 3(21) and 3(38) investment services: “Named for the sections of ERISA which define them, 3(21) and 3(38) fiduciaries are both individuals or entities that provide investment expertise to 401(k) plan sponsors.” While a 3(21) adviser can recommend investment options for the plan, and share the related fiduciary liability, it is ultimately up to the plan sponsor as to whether or not to follow the investment advice. Therefore, the sponsor, and other company fiduciaries, such as committee members, remain responsible for prudently selecting and diversifying the investments as “co-fiduciaries” of the adviser.

As Buchmann verifies: “It will not be a defense to a fiduciary breach lawsuit that the company fiduciaries were merely following the recommendations of the adviser.” Retirement plan sponsors can go one step further than a 3(21) adviser, when obtaining investment services (and reducing liability). Under section 3(38) of ERISA, it is possible to outsource more fiduciary responsibilities to an 3(38) investment manager, who, unlike a 3(21) adviser, has “the discretion to make day-to-day investment decisions….”

Reducing Fiduciary Risks: Role Clarity, Diligence, and Protection

Whenever choosing providers for the retirement plan, sponsors and committees must be rigorous in their work to:

make prudent selections about the services provided and fees charged
monitor by periodically reviewing and benchmarking performance and fees
meticulously document both decision making processes and decisions.

Sponsoring a retirement plan is not a “set it and forget it” task. Continuously ensuring that services benefit the plan is an essential responsibility for retirement plan sponsors, as The Plan Sponsor University reminds us:

Since fiduciaries can be held personally liable for losses, skipping professional help is penny-wise and pound-foolish. Plan sponsors don’t have to go it alone. They can outsource fiduciary responsibilities through 3(38) investment managers, 3(16) plan administrators, OCIOs, and pooled plan providers. These arrangements can significantly limit liability exposure, though plan sponsors retain responsibility for prudently hiring and monitoring these outside fiduciaries.

Protection in the form of fiduciary liability insurance is another best practice that helps retirement plan sponsors significantly reduce their personal risks. Though not required by the Department of Labor, fiduciary liability insurance provides critical protection for plan sponsors. Eisner Amper explains that while ERISA fidelity bonds provide protection from acts of fraud and dishonesty, they do not provide protection for unintended acts—as fiduciary liability insurance does:

For instance, an employee acting in good faith may make a mistake in administering the plan according to plan documents or fail to monitor third-party service providers, which may result in penalties or losses arising to the plan. Because these acts were taken in good faith and are not acts of dishonesty or fraud, they are not covered under an ERISA bond….ERISA does not require fiduciary liability insurance, however, it should be considered as protection against fiduciary breaches. Fiduciary liability insurance is designed to provide defense costs and applicable damages for actual or alleged breaches of fiduciary duty. Unlike the fidelity bond, fiduciary liability insurance offers plan fiduciaries protection of personal assets.

Without coverage, even a mere allegation of a fiduciary breach against the high standards of ERISA law can be ruinous for plan sponsors. Consider, for example, that defense costs alone are about $600 per hour. That’s why national ERISA Bond expert, Colonial Surety Company, ensures retirement plan sponsors from businesses of every size can protect themselves with fiduciary liability insurance.

For a few dollars a day, Colonial Surety Company’s fiduciary liability insurance arms retirement plan sponsors with:

$1,000,000 for Defense and Penalties if faced with alleged or actual breaches of fiduciary duty.
Cybersecurity Coverage for the business and plan, which addresses Department of Labor recommendations, and includes expert response services to curtail damage after an incident.

Get protected: Quote Fiduciary+Cyber Liability Insurance Here

Colonial Surety Company: