Reports and Surveys | October 1, 2019

Managing Operational Risk in Multiemployer Plans

This issue of Ideas looks at operational risk in multiemployer defined contribution (DC) plans. It covers:

  • What operational risk is,
  • Why managing it matters,
  • Key components for successfully managing it, and
  • Getting started on the journey.

Get the details.

Get the Publication

Multi-ethnic business people discussing over digital tablet Download Now

Got questions? We have answers.

Get in touch with one of our consultants to start a conversation today.

Contact Us

What is DC plan operational risk?

Risk is the chance of something happening that will affect the ability to achieve objectives. Traditionally, for retirement plans (both defined benefit and defined contribution), the discussion is in terms of investment risk and longevity risk. Yet operational risk is every bit as important.

Operational risk is the risk of direct or indirect loss resulting from unanticipated events or inadequate or failed internal and external processes, people and systems.

It encompasses potential losses attributable to failures across a range of functions. Compliance with the Internal Revenue Code (IRC) and the Employee Retirement Income Security Act of 1974 (ERISA) is part of operational risk. Operational risk also covers these crucially important areas:

  • Transaction processing;
  • Participant financial reporting,
  • Recordkeeping services;
  • Data security; and
  • Consolidation of plans through mergers.

Merger increase operational risk because they have implications for plan administration, benchmarking fees and consolidation of vendors.

Many experts consider operational risk to be the broadest, largest and most complex risk category. The overlap among functions, such as data security and recordkeeping services, adds to the complexity.

Operational failures can, and do, occur for a number of reasons, including:

  • The volume of transactions;
  • The use of multiple interfaces;
  • Inadequate internal controls;
  • Manual processes;
  • Poor data;
  • Increasing sophistication of cyber criminals; and
  • Changing regulations or new laws.

Anything new — investment structures, technology and service-delivery platforms — can increase operational risk.

Evolving plan designs also have that effect. For example, multiemployer DC plans are more frequently adding a 401(k) feature (usually with participant direction) or increasing the valuation frequency of member account balances.

These features enhance benefits and options for participants, but, at the same time, add operational requirements.

DC trustees should seek to fully understand their vulnerability to operational risk. Protecting plan assets and data and the fund’s tax-qualified status requires an increasingly sophisticated, proactive approach.

Adopting an integrated framework of policies and procedures for managing operational risk can be a helpful step.

Download Now
Two Businesspeople Working Late On A Laptop In An Office

Keeping Retirement Plans Secure from Cyber Attacks

As they've increasingly used electronic means for both disclosures and transactions, plans have become more tempting targets for cyber criminals.
Girl Hugging Her Grandma I Love You Grandma

Updated PBGC Lump-Sum Methodology Will Affect Few Plans

Find out how this regulation change affects your plan.
Man Taking Notes While Doing Home Office

DOL’s Latest Proposed Regulation: Proxy Voting

Learn about how the DOL's proposal would address your fiduciary responsibility to vote proxies.

This page is for informational purposes only and does not constitute legal, tax or investment advice. You are encouraged to discuss the issues raised here with your legal, tax and other advisors before determining how the issues apply to your specific situations.

Don't miss out. Join 16,000 others who already get the latest insights from Segal.