Skip to content

ERISA Fidelity Bonds: 10 Facts Plan Sponsors Need To Know

Jul 10, 2026
Share

Compiled with guidance from accountants, attorneys, and ERISA compliance experts

If you sponsor a workplace retirement plan — a 401(k), profit-sharing plan, or similar arrangement — you carry one of the most consequential legal obligations in employment law. Embedded within the Employee Retirement Income Security Act of 1974 (ERISA) is a federal mandate that many plan sponsors overlook, misunderstand, or unknowingly violate: the requirement to obtain and maintain an ERISA Fidelity Bond.

The stakes are real. Noncompliance is costly and disruptive: it can trigger Department of Labor (DOL) audits, personal liability, and reputational damage. Below are ten essential facts that every retirement plan sponsor, committee member and plan administrator needs to understand.

Fact #1: An ERISA Fidelity Bond Is Federally Mandated — Not Optional

This is not a best practice or a suggested safeguard. ERISA Section 412 — and its related regulations at 29 C.F.R. § 2550.412-1 and 29 C.F.R. Part 2580 — requires that every person who handles funds or property of an employee benefit plan be covered by a fidelity bond. The operative language is clear and has remained the guiding principle since ERISA’s enactment in 1974: plan assets must be protected from mismanagement and abuse.

The requirement applies regardless of the size of the plan. A small business with a handful of employees and a modest 401(k) is just as obligated as a large corporation. Unfunded plans, government plans, and church plans are among the narrow categories that may be exempt — but for the vast majority of private-sector retirement plans, the bond is a legal requirement, full stop.

(For verification on the specific bonding requirements of ERISA, review the FAQ provided by the Department of Labor). 

Fact #2: The Bond Protects the Plan — Not the Plan Sponsor

This distinction trips up a surprising number of plan sponsors. An ERISA Fidelity Bond is not liability insurance for the people running the plan. Its sole purpose is to protect plan participants’ retirement assets from losses caused by fraud or dishonesty — including theft, embezzlement, forgery, misappropriation, wrongful conversion, and willful misapplication of funds.

The business owner, the company, and the fiduciaries themselves receive zero financial protection from the ERISA Fidelity Bond against their own potential liability. That is a separate issue — and a separate coverage — addressed under Fiduciary Liability Insurance.

Fact #3: An ERISA Bond Is Not a Standard Insurance Policy

The structure of an ERISA Fidelity Bond is often misunderstood. Unlike conventional insurance, this is a three-party surety agreement involving the plan (the obligee), the person being bonded (the principal), and the surety company (the guarantor). The surety company guarantees the honesty of those handling plan funds and ensures immediate reimbursement to the plan if fraud or theft occurs.

Critically, because it functions as a bond rather than insurance, the surety retains the legal right to pursue the dishonest individual to recover whatever it paid out. This structure is designed to ensure that retirement savings remain recoverable in cases of malfeasance — and to place ultimate accountability on the wrongdoer.

Fact #4: Coverage Must Equal at Least 10% of Plan Assets

The required bond amount is calculated based on the value of plan funds handled by plan officials during the preceding plan year. The minimum coverage required under ERISA is 10% of those handled assets, subject to the following thresholds:

  • Minimum bond amount: $1,000 per plan
  • Standard maximum: $500,000 for most plans
  • Extended maximum: $1,000,000 for plans holding employer securities (such as ESOPs and KSOPs)

For example, if plan officials handle $1,000,000 in assets, the plan must carry at least $100,000 in fidelity bond coverage. As the plan grows, coverage must grow with it — making it critical for plan sponsors to revisit their bond amounts annually. (Obtaining a three year ERISA Fidelity Bond from Colonial Surety Company is another way to ensure continuous compliance.)

Fact #5: Failing to Keep Bond Coverage Current Is One of the Most Common Violations

The IRS, through its review of Form 5500 filings, has identified inadequate ERISA fidelity bond coverage as one of the two most common compliance failures among retirement plans. Accountant Kim Moore of Anders CPA notes four recurring ERISA bond mistakes plan sponsors make:

  1. Bond coverage is below the required 10% threshold
  2. Coverage was not maintained for the full plan year
  3. The bond is issued in the wrong name
  4. Plan asset growth has outpaced the bond coverage amount

All four of these errors are avoidable — but only if sponsors are actively monitoring their bond against current plan asset values and reviewing coverage at renewal.

Fact #6: The Bond Must Be Issued in the Plan’s Name — Not the Employer’s

This is a detail that catches many plan sponsors off guard. The bond must be issued in the name of the retirement plan itself, not the sponsoring employer or business entity. A bond issued to “ABC Company” rather than “ABC Company 401(k) Plan” may be deemed noncompliant during a DOL audit.

Plan sponsors should verify this detail carefully when obtaining or renewing their bond, and confirm it is reflected correctly on their annual Form 5500 filing.

Fact #7: The Bond Must Come from a Treasury-Listed Surety Company

ERISA bonds cannot be obtained from just any insurance or surety provider. They must be issued by a company appearing on the U.S. Department of the Treasury’s Listing of Approved Sureties (also known as Treasury Circular 570 or “T-Listed” companies). Neither the plan nor any interested party may have any control or significant financial interest in the surety company from which the bond is obtained.

Plan sponsors should verify the Treasury listing status of any provider before purchasing, and also evaluate the provider’s financial stability and expertise in ERISA compliance. For example, Colonial Surety Company is  Treasury-Listed, rated “A” (Excellent) by AM Best, has been in business since 1930, and maintains a dedicated ERISA service team with consistently strong customer reviews. 

Fact #8: Form 5500 Compliance — and DOL Audits — Hinge on This Bond

Every plan sponsor must report fidelity bond information on the annual Form 5500 filing with the Department of Labor. Leaving the bond section blank, or reporting coverage below 10% of plan assets, sends an immediate signal to DOL examiners.

The DOL regularly monitors Form 5500 filings and treats missing or inadequate bond coverage as a red flag warranting further scrutiny. A DOL audit is not a minor inconvenience — it can be time-consuming, expensive, and expose additional compliance gaps. Notably, Form 5500 filings are public record, meaning that noncompliance is visible to anyone who looks.

It’s helpful for plan sponsors to keep in mind that the purpose of Form 5500 is to provide an annual status report on employee retirement savings, with assurance that these savings are protected. As Groom Law Group reminds us, completion of Form 5500 satisfies reporting requirements for the Employee Retirement Security Act (ERISA) and is used by three federal agencies as a major enforcement and oversight tool: the Department of Labor (DOL); the Internal Revenue Service (IRS) and the Pension Benefit Guaranty Corporation (PBGC). 

Fact #9: The ERISA Bond Does Not Protect Against Fiduciary Mistakes — That Requires Separate Coverage

This is perhaps the most consequential misconception in the retirement plan world. The ERISA Fidelity Bond covers fraud and dishonesty. It does not protect plan sponsors or other fiduciaries from liability arising from more common challenges such as:

  • Allegations of poor investment selections or failure to diversify
  • Allegations of excessive plan fees or failure to monitor service provider costs
  • Administrative errors (improper enrollment, incorrect benefit calculations)
  • Failure to follow plan documents or government regulations
  • Oversights in monitoring provider services
  • Inadequate cybersecurity protections and associated breaches 

Under ERISA, fiduciary liability is personal — it can follow an individual fiduciary directly, separate from their employer or the plan entity. As the ERISA Advisory Group underscores: “Fiduciary liability under ERISA is not just a corporate issue. It can follow you individually.” 

ERISA fiduciary risks can be mitigated, but never be fully eliminated–even by outsourcing plan services. Under the standards of ERISA, the sponsor remains responsible for the outsourcing decisions—and continuous monitoring.

For protection against these risks, plan sponsors need Fiduciary Liability Insurance — a separate coverage that addresses legal defense costs, settlements, and judgments arising from errors and alleged breaches of fiduciary duty.

Fact #10: Cybersecurity Is Now a Fiduciary Obligation — and the DOL Is Watching

Since the DOL issued cybersecurity guidance for retirement plan sponsors, failing to adequately protect participant data and plan assets from cyber threats can itself constitute a fiduciary breach. Retirement plans contain both money and sensitive personal data, making them attractive targets for cybercriminals, and the Employee Benefits Security Administration (EBSA) has recently made cybersecurity its number one enforcement priority.

The DOL obligates plan sponsors to maintain a documented expert response plan for cyber incidents, implement strong access controls, and monitor the cybersecurity practices of vendors who handle plan data. Standard fidelity bonds and most fiduciary liability policies do not address cyber risk directly — making it essential for plan sponsors to evaluate whether they have appropriate cyber coverage in place.

The Bottom Line: Three Protections Plan Sponsors Need

Taking stock of the ten facts above, a clear picture emerges. Retirement plan sponsors need three distinct protections — and most are flying without at least two of them:

Coverage What It Protects
ERISA Fidelity Bond

REQUIRED

Required by law to protect plan assets from fraud/theft
Fiduciary Liability Insurance

RECOMMENDED

Protects personal assets from errors/lawsuits
Cyber Liability Insurance

RECOMMENDED

Protects the plan and company from data breach liability

 

 

Why Colonial Surety Company’s ERISA Bundle Is the Smartest Move a Plan Sponsor Can Make

Most plan sponsors navigate ERISA compliance and protection by piecing together separate products from different providers — often ending up with gaps, duplicated effort, and unnecessary cost. Colonial Surety Company has solved that problem with a unique all-in-one bundle designed specifically for retirement plan sponsors.

Colonial Surety Company is the only carrier offering all three essential ERISA protections in a single, seamless package:

  • ERISA Fidelity Bond — Satisfies your federal mandate, issued correctly in the plan’s name, from a Treasury-Listed, “A”-rated surety
  • Fiduciary Liability Insurance — Provides up to $1,000,000 in coverage for legal defense costs and penalties from administrative errors, investment decisions, or fiduciary oversight failures
  • Complimentary $50,000 Cyber Liability Insurance — Directly addresses the DOL’s cybersecurity response plan requirements, protecting your company and plan from data breach liability

What makes the Colonial Surety Company a uniquely trustworthy and efficient provider of ERISA Fidelity Bonds, Fiduciary Liability Insurance and Cyber Liability Insurance? Colonial Surety Company is:

  • Treasury-Listed and “A” Excellent rated by A.M. Best — credentials that matter
  • In business since 1930 — institutional stability and deep ERISA expertise
  • Direct carrier, not a broker — no agent markups, no unnecessary fees, no waiting on callbacks
  • Fully digital — quote, purchase, and download proof of coverage in minutes online
  • Licensed nationwide with a U.S.-based customer service team trained on ERISA

Plan sponsors who rely on an ERISA Fidelity Bond alone may be technically meeting the minimum legal requirement — but they are leaving themselves personally exposed to fiduciary liability and cyber risk. Colonial Surety Company’s bundle closes all three gaps efficiently and affordably in one transaction.

Don’t wait for a DOL audit or a fiduciary lawsuit to discover your coverage gaps. Get your instant quote from Colonial Surety Company today — and download your proof of coverage in minutes.

👉 Get Your Instant Quote & Download Your Proof of Coverage in Minutes

Frequently Asked Questions (FAQs)