Skip to content

How Did You Make That Decision: Prudence and ERISA

Apr 3, 2026
Share

When you sponsor a retirement plan, like a 401k, you are automatically held to fiduciary standards of law–which are exceptionally high. Given that employees are essentially placing their savings into your care, the Employee Retirement and Income Security Act (ERISA) requires you to take better care of their money than you do of your own—and holds you personally responsible in the event of oversights. Your duty of prudence is an important aspect of fulfilling your fiduciary obligations, and it requires you not just to work toward benefitting plan participants, but also to use a prudent process for each and every decision you make on behalf of the plan. Read on for guidance from attorneys about prudent decision making. 

Investigate Thoroughly, Decide, and Document….

It is understandably challenging for retirement plan sponsors to fully grasp their fiduciary obligations. To help, Plan Sponsor provides a roadmap which begins with unpacking “who is a fiduciary” and moves into the associated duties and risks. If you are looking to get grounded (or re-grounded) as a retirement plan sponsor, the full webinar may be very helpful to you: Fiduciary 101.

 

Fundamentally, as R. Bradford Huss, director at employee benefits law firm Trucker Huss underscores, retirement plan sponsors need to know that “ERISA is a participant-friendly statute … .It was enacted to protect plan participants, and it has strict rules on liability.” Specifically, for example, Huss offers these three key points on the duty of prudence under ERISA Section 1104:

 

  • The duty of prudence requires a fiduciary to act “‘with the care, skill, prudence and diligence under the circumstances then prevailing that a prudent person acting in the capacity and familiar with such matters would use in the conduct of an enterprise of a like character and with like aims.”
  • That duty includes diversifying the investments of a plan to minimize the risk of large losses, unless under the circumstances it is clearly prudent not to do so. 
  • A fiduciary must act in accordance with the “documents and instruments governing the plan insofar as they are consistent with the provisions of ERISA….”

As a plan sponsor, it’s not just what you do, it’s how you do it that counts. In other words, how do you arrive at decisions related to matters like the selection of service providers, investment menus and plan design features? Because you are a fiduciary, every decision you make needs to be carefully researched and thoroughly documented, as Huss explains: 

When evaluating whether a fiduciary breached the duty of prudence, a court will evaluate not only the “merits of the transaction” but also the “thoroughness of the investigation into the merits of the transaction,”….Donovan v. Bierwirth, heard by the U.S. Court of Appeals for the Second Circuit, held that the duties under the ERISA prudent-person rule are “the highest known to law….“The court is going to look at how you arrived at your decision and whether it was reasonable at the time you made the decision,”

According to experts at Plan Sponsor, key action steps for retirement plan sponsors to take toward fulfilling their fiduciary obligations include:

  • Establish a prudent process for selecting investment options and service providers;
  • Ensure that fees paid by the plan and other expenses of the plan are reasonable in light of the level and quality of services provided;
  • Select investment options that are prudent and adequately diversified;
  • Monitor investment options and service providers once selected to ensure that they continue to be appropriate choices; and
  • Comply with the ongoing duty to monitor.

Monitoring The Cybersecurity of Retirement Plans?

Yes, the Department of Labor (DOL) obligates retirement plan sponsors to mitigate cybersecurity threats to plan assets and data. Toward that end, the DOL provides these best practices specifically for plan sponsors. Additionally, plan sponsors must ensure that all service providers use strong security protocols. The DOL also provides these online security tips for distribution to retirement plan participants. 

At Adcock Financial Group, Brian Adcock advises retirement plan sponsors to take their cybersecurity monitoring obligations seriously, noting: Many plan sponsors assume data protection falls outside their wheelhouse. But when it comes to your 401(k) plan, cybersecurity is very much a fiduciary responsibility, and it’s one that can have serious consequences if you don’t address it properly.” 

Decide Today: Protect Yourself, Your Business, And Plan 

As a retirement plan sponsor, if you are faced with an investigation, civil penalties or allegations that you failed in any of your fiduciary duties, you can be held personally responsible. Even if you did nothing wrong, defending yourself over an honest mistake is an out-of-pocket expense that adds up quickly: ERISA defense averages $600—-per hour. 

Fiduciary liability insurance is the only coverage that safeguards retirement plan sponsors personally. In fact, attorneys at Plan Sponsor explain that while not required, fiduciary liability insurance has become an essential protection for plan sponsors, and point out: “ERISA allows a plan fiduciary to purchase insurance for their own account to protect the fiduciary against liability for breaches of fiduciary duty under ERISA and to pay the costs of defending an action brought against the fiduciary…”

Colonial Surety Company makes fiduciary liability insurance affordable for plan sponsors with businesses of every size, and for added value and protection, includes cyber liability insurance at no extra cost. For a few dollars a day, plan sponsors can obtain protection for the company, the plan, and themselves, with a one-of-a-kind Cyber Liability+ Fiduciary Liability Insurance package.

In addition to providing retirement plan sponsors with defense costs and penalty limits up to $1,000,000, if faced with claims of alleged or actual breaches of duty in connection with the employee retirement plan, the Cyber Liability+ Fiduciary Liability Insurance package from Colonial Surety Company addresses numerous DOL recommendations by explicitly covering the plan and the business, and including: 

  • Expert-led response services following a data breach.
  • Protection from lawsuits and regulatory actions related to the breach
  • Legal services.
  • Computer forensic services.
  • Public relations and crisis management expenses.
  • Notification services.
  • Call Center services.
  • Credit and Identity monitoring 

Retirement plan sponsors can obtain this comprehensive coverage online in minutes today. Mitigate threats to the retirement plan, and reduce your personal liabilities right here:

Cyber+ Fiduciary Liability Insurance for Retirement Plan Sponsors

Colonial Surety Company

  • In business since 1930
  • Rated “A” Excellent by A.M. Best Company
  • US Treasury Listed

Helpful Resources

Cyber for Plan Sponsors
Cybersecurity: Very Much A Fiduciary Responsibility

When you sponsor a retirement plan, it can be very tempting to trust that everybody else…

Feb 19, 2026

Cyber for Plan Sponsors
Ordinary Days Can Bring Real Scares

If you’re like most retirement plan sponsors, your intentions are truly the best: helping employees save…

Jan 26, 2026

Cyber for Plan Sponsors
Inform and Respond: Communicating With Plan Participants

Sponsoring a retirement plan requires timely information sharing, as well as diligence in responding to inquiries…

Feb 19, 2026

Read Our Blog