DOL Finalizes Regulation Regarding Electronic Disclosures:

On May 27, 2020, the DOL published a final regulation addressing the electronic disclosure of certain documents required to be provided to participants and beneficiaries of ERISA-covered retirement plans. The regulation stems from President Trump’s Executive Order 13847, issued on August 31, 2018. That Executive Order directed the DOL to review whether regulatory or other actions could be taken to improve the effectiveness of ERISA-required disclosures and to ease employers’ associated costs and regulatory burdens, given the number and complexity of such disclosures.

The final regulation does not supersede the DOL’s 2002 regulation on this topic, which provided for certain safe-harbor electronic delivery methods. Instead, the final regulation provides a new, additional safe harbor for retirement plan administrators to use when furnishing certain information to plan participants and beneficiaries via electronic media.

The final regulation applies to any “covered individual.” That term is defined as a participant, beneficiary, or other individual entitled to “covered documents” and who, when he or she begins participating in the plan, provides the employer, plan sponsor, or administrator with an electronic address (e.g., email) or internet-connected mobile computing-device (e.g., smartphone) number at which the individual can receive a written notice of internet availability or an email (as described below). Alternatively, if an electronic address is assigned by an employer to an employee for employment-related purposes that include the delivery of “covered documents,” the employee is treated as if he or she provided the electronic address. The term “covered documents” refers to any document or information that the administrator is required to furnish to participants and beneficiaries pursuant to Title I of ERISA (e.g., Summary Plan Description; fee and expense disclosure). That term does not apply to any document or information that must be furnished only upon a participant’s or beneficiary’s request (e.g., the plan document).

If a plan is dealing with “covered individuals” and “covered documents,” then the new safe harbor requires the following:

1. The general rule is that plan administrators must provide to each covered individual a separate notice of internet availability for each covered document, and that notice must be provided when the covered document is made available on a website described in item #2 below. As an exception to that general rule, if an administrator provides a combined notice of internet availability for more than one covered document (as described under item #6 below), the combined notice of internet availability can be furnished each plan year. Under either approach, the notice must contain numerous statements and other information (e.g., an identification of the covered document by name; an explanation of how to exercise the right to request and obtain a paper version of the covered document(s) free of charge). Also, the notice must be written in a manner calculated to be understood by the average plan participant.
2. The plan administrator must ensure the existence of a website at which a covered individual is able to access covered documents. This involves ensuring that covered documents are available on the website no later than the date on which ERISA requires them to be furnished. Covered documents must remain available on the website for at least one year after the date on which ERISA requires them to be furnished (or, if later, the date on which they are superseded). Moreover, the administrator must take “measures reasonably calculated to ensure that the website protects the confidentiality of personal information relating to any covered individual.” Hopefully the DOL will publish guidance addressing that confidentiality requirement. I do anticipate the DOL publishing guidance addressing the broader topic of how plan fiduciaries can satisfy their duties in connection with plans’ cybersecurity policies and procedures, given the increasing number of cybersecurity breaches committed by fraudsters.
3. Upon request from a covered individual, the administrator must promptly furnish to such individual, free of charge, a paper copy of a covered document. Only one paper copy of any covered document must be provided free of charge, however. In this connection, covered individuals must have the right, free of charge, to globally opt out of electronic delivery and receive only paper versions of covered documents.
4. Before implementing the other procedures required by this new safe harbor, the plan administrator must furnish to each individual a paper notification containing certain information (e.g., a statement that covered documents will be furnished electronically to an electronic address; identification of the electronic address that will be used for the individual; instructions necessary to access the covered documents).
5. Another requirement specifically relates to covered individuals who are former employees for whom an electronic address assigned by an employer is used to furnish covered documents. When such individuals sever from employment with the employer, the administrator must: (a) ensure the continued accuracy and availability of that electronic address; or (b) obtain a new electronic address that enables receipt of covered documents after the individuals’ severance from employment.
6. A plan administrator can furnish one notice of internet availability that incorporates or combines the content requirements referenced in item #1 above with respect to certain documents (e.g., Summary Plan Description).   
7. If any covered document is temporarily unavailable for a reasonable period of time because of technical maintenance or unforeseeable events beyond the administrator’s control, the new safe harbor will still apply if the administrator: (a) has reasonable procedures to ensure that the covered document is available in the manner required by the final regulation; and (b) takes prompt action to ensure that the covered document becomes available as soon as practicable.
8. Notwithstanding any of the above requirements regarding disclosures via a website, a plan administrator can satisfy ERISA’s general obligation to furnish documents by using an email address to furnish a covered document to a covered individual, provided that the covered document is timely sent to the covered individual’s proper email address. In other words, instead of furnishing a notice of internet availability (as discussed in item #1 above), the administrator can send an email that satisfies several content requirements (e.g., it includes the covered document in the body of the email or as an attachment; it includes a subject line that reads: ‘‘Disclosure About Your Retirement Plan’’).

The final regulation will become effective on July 27, 2020, although its preamble states that the DOL is allowing plans to rely on it immediately. 

Here is a link to the final regulation:  https://www.govinfo.gov/content/pkg/FR-2020-05-27/pdf/2020-10951.pdf