On May 21, 2020, the Employee Benefits Security Administration (“EBSA”) finalized its regulations that greatly relax plan administrators’ ability to deliver information to participants and beneficiaries electronically. After decades of pleas from employers and benefits practitioners alike, the Department of Labor (“DOL”) finally made a significant—albeit halting—step into the electronic age. The final rule establishes a default notice-and-access safe harbor for furnishing ERISA-mandated retirement plan disclosures through a website, mobile application, or by email. Before delving into the details of the new safe harbor, we would like to note a few important points:
- The notice-and-access safe harbor becomes available on July 26, 2020, but EBSA will not take any enforcement actions against plan administrators who choose to rely on it sooner.
- The notice-and-access safe harbor applies only to retirement plans. It does not cover welfare benefit plans.
- The notice-and-access safe harbor applies only to documents and information that ERISA requires plan sponsors to furnish to participants and beneficiaries. It does not encompass information required by the Internal Revenue Code. However, the IRS and Treasury might be issuing additional guidance on Code-related disclosures.
- The new safe harbor does not cover information that administrators must furnish only upon request. However, for those documents, the pre-existing safe harbor for delivery of information to individuals who are “wired at work” and those who consent to electronic delivery is still available.
- The new safe harbor is optional and is available as an alternative to the existing DOL safe harbor (see 29 C.F.R. § 2520.104b-1). The new safe harbor, however, will, after an 18-month transition period, supersede prior subregulatory guidance. In particular, after December 31, 2021, it will supersede guidance relating to continuing website access to pension statements (FAB 2006-03), notice of a qualified default investment alternative (FAB 2008 03 (Q&A 7)), and interim enforcement policy for participant-level investment disclosures (TR 2011-03R).
Plan administrators are not novices in using websites and email for furnishing information to participants. Retirement plan vendors’ exceedingly sophisticated web-based platforms make it possible. An explosion of mobile apps further advances electronic document delivery. However, the legal landscape has been fraught with obstacles, uncertainty, and, inevitably, mistakes. The new safe harbor provides more structure and certainty to plan administrators. Granted, administrators who wish to avail themselves of the safe harbor must jump through a few hoops, but ultimately they would greatly benefit from the relaxed rules.
Importantly, a plan administrator must first send a paper notice to those individuals that the plan administrator wants to cover under the safe harbor. The notice, as discussed in more detail below, would need to apprise the individuals of the new electronic delivery procedures. Then, at the time of making the document available on the website or an app, the administrator must send notice of internet availability (“NOIA”) to covered individuals. The NOIA must disclose the covered document’s importance and advise individuals of their rights with respect to the provided information. In some instances, administrators may provide a combined NOIA for several pieces of information. Not surprisingly, individuals must have the right to opt-out from electronic delivery and/or receive a paper copy of any document. Administrators must honor their requests and provide the paper copy or opt-out opportunity free of charge. Prevalent throughout the final regulations is the requirement for various documents, notices, and website postings to be written or presented in a manner that is easily understandable by an average participant. However, more prescriptive readability standards contained in the proposed regulations did not make it into the final regulations. Below, we discuss the requirements for the safe harbor in more detail.
Administrators may use the safe harbor for participants and beneficiaries (or other individuals that are entitled to disclosures) who provide the administrator an email address or an internet‑enabled mobile computing device number (a smartphone number that can receive texts). The requirement for the email is satisfied if the employer assigns to the individual an email for work-related purposes (not just for purposes of furnishing ERISA notices). Of course, non‑employees would need to furnish an email address or mobile number to the administrator. Administrators and vendors may not use email addresses of mobile numbers they obtain through any search engines.
Administrators may use the safe harbor only for documents that ERISA requires retirement plan sponsors to deliver automatically (even if individuals may also request these documents). As we mentioned above, plan sponsors still have other tools in their administrative toolbox to deliver documents electronically upon a participant’s request. For example, administrators may use the pre-existing safe harbor and email a copy of a plan document upon request to a participant who is “wired at work” (i.e., is routinely as part of their duties required to sign into the employer’s email system).
Initial notification of electronic default
Before an administrator may rely on the safe harbor, it must (i) notify the individual on paper that future documents will be delivered electronically; (ii) identify the address to which information will be sent; (iii) include instructions for accessing the documents; (iv) caution that the documents need not be retained on the website for longer than a year or, if later, until superseded by a new version of the document; (v) explain the individual’s right to opt-out of electronic delivery of all documents and request a paper copy of any documents; and (vi) explain how the individual can exercise those rights.
Notice of internet availability
The centerpiece of the regulations is the Notice of Internet Availability or NOIA. At the time that a covered document becomes available on the website, the administrator must furnish each covered individual at the specified email address an electronic NOIA. The notice must have a very specific content and must not contain any extraneous information (although pictures and logos are permitted). The administrator must provide the notice separately from any other documents, except as permitted for certain combined disclosures. The NOIA must:
- Have a prominently displayed statement (in a subject line, legend, or title): “Disclosure About Your Retirement Plan.”
- Contain a statement: “Important information about your retirement plan is now available. Please review this information.”
- Identify the document by name and briefly describe it if the name alone does not convey the nature of the document (e.g., an SPD would not require an additional description, but a blackout notice would).
- The website address and/or hyperlink where the document is located. The address or link must be sufficiently specific to provide ready access to the document. The address or link may lead directly to the document or to a login page where the link is available or available immediately after the individual logs in.
- A statement of the right to request a paper copy of the covered document free of charge and an explanation of how to exercise this right.
- A statement of the right to opt-out, free of charge, of the electronic delivery of all documents and an explanation of how to exercise this right. A document-by-document opt-out is not required to be provided.
- A cautionary statement that the document is not required to be retained on the website longer than one year or, if later, until it is superseded by a new version of the document.
- A telephone number to contact the administrator or its representative.
An administrator may include a statement as to whether an individual’s action is required or not required in connection with the document, so long as such statement is not inaccurate or misleading.
The regulations permit administrators to issue a combined NOIA in certain instances. The most important exceptions currently include summary plan descriptions (“SPDs”) and notices and information that the administrator must provide annually (e.g., pension plan funding notices, annual benefit statements, participant-level fee and investment disclosures). Two other categories of documents would require written guidance from the DOL or Treasury (where disclosures required by the Code are involved). For administrative convenience, the regulations permit an administrator that provided the NOIA in a prior year to have up to 14 months to furnish an updated NOIA.
Requirement for internet website
Plan administrators must ensure the existence of a website where covered documents will be made available and satisfy a number of requirements. They must take measures reasonably calculated to ensure that:
- The covered documents are available by the time they are required to be provided by ERISA (hence a single NOIA might not always work).
- The document remains available until it is superseded by a new version of the document, but in no event less than for one year. For example, a blackout notice that has limited relevance would still need to be displayed for at least one year.
- The document is presented on a website in a manner calculated to be understood by an average participant.
- The document must be presented in a widely available format that is suitable for reading online, printed clearly on paper, and retained electronically and on paper.
- The document must be searchable by words, numbers, and letters.
- The website must be designed to protect confidentiality of the individual’s personal information.
The administrator must also maintain an electronic system that is designed to alert the administrator when an individual’s address becomes invalid or inoperable (e.g., receipt of an undeliverable email). The administrator must promptly rectify the situation by sending information to a previously supplied secondary address or obtaining a valid address from the individual. If the administrator is unable to obtain a valid address, the administrator must treat the individual as though the individual opted out of all electronic delivery and start sending information on paper until the administrator obtains a valid address.
The administrator must establish reasonable procedures for responding to individuals’ opt-out elections and requests for paper copies of the covered documents. The procedures are not reasonable if they unduly inhibit or hamper the requests or responses to the requests.
Special rules for terminating employees
When an individual whose workplace email was used for delivering covered documents severs from employment, the employer or administrator must either ensure that the workplace address remains accessible (which is extremely rare) or obtain a new address.
The regulations recognize that technical issues, scheduled maintenance, and unpredictable events outside of the administrator’s control may disrupt availability of covered documents on the website. Those temporary unavailability instances would not revoke reliance on the safe harbor. Of course, administrators must have reasonable procedures in place to address these contingencies and must make the documents available as soon as possible after the earlier of the time the administrator knew or reasonably should know that the documents are temporarily unavailable.
Good old email
While internet websites, mobile apps, or even texts have become the new normal, the regulations do not prohibit administrators from furnishing covered documents in the body of or as an attachment to an email. To use this “old” method, the administrator must satisfy mostly the same requirements that apply to web disclosures, scaled down to account for differences in the delivery mode. Thus, there is no need for a cautionary statement that the document would be on the website for only one year or until replaced by an updated version. While most of the NOIA content would still be required, a separate NOIA is similarly not needed.
All in all, the final regulations are a significant advance in bringing administration of ERISA plans into the twenty-first century. It is disappointing that the safe harbor leaves out welfare benefit plans. Even welfare plan SPDs are outside of the safe harbor. Although the DOL indicated it continues to look into the availability of the safe harbor in the welfare plan context, we are not there yet. For retirement plans, the coast is almost clear. Plan sponsors and administrators who wish to use the new safe harbor would need to send paper notices to all individuals they wish to cover by it. The DOL provided no exception for individuals who have been receiving information electronically. Thus, every sponsor and administrator would be affected by this new requirement, unless they want to stick with the pre-existing safe harbor or expensive and burdensome paper notification. After the initial push, however, it should be smooth sailing. Although dramatic changes to service providers’ systems would probably not be required, some modifications may be needed. As always, plan sponsors should work closely with their legal advisors and plan vendors.