How To Evaluate Service Providers as a 401(k) Fiduciary

We often receive questions from clients about their 401(k) plans and recently had a client ask two thought provoking questions: “What steps should I take to monitor service providers I hire to help me administer our 401(k) plan?” and “What are my fiduciary responsibilities regarding the service providers I hire?”

Many organizations need to hire service providers to assist in administering 401(k) plans. Service providers fill various roles including custodians, third-party administrators (TPAs), investment advisors, and auditors, among others. Here are four areas to consider when hiring a service provider.

1. Review Your Plan.

Any service provider should ask for a complete copy of your existing plan. If they do not, that may be a good indication of either lack of experience or assumptions about your plan that may or may not be accurate. Have a complete copy of your plan with you when you meet with any service provider.

2. Clarify Expectations and Roles.

While it sounds like common sense, be sure to clarify the services you want and your expectations regarding the delivery of those services. If the services and your expectations do not align, ask for clarification. It is critical to clearly understand any scope limitations regarding the services they are providing. Ask detailed questions regarding roles, areas of responsibility, timing, and reporting. If interviewing more than one service provider, use the same list of questions so that you can make a meaningful comparison.

3. Compare Contracts to Expectations.

Review service provider contracts detailing the services and compensation. Compare the contract to the services requested and their responses to the questions. Look for any discrepancies regarding services and fees. Examine the fee structure to assess the reasonableness of the compensation, gain an understanding of direct and indirect fees, and to determine any conflicts of interest that may impact the service provider’s performance. Transparency is the key.

4. Understand Cybersecurity Protocols.

Security breaches continue to make headline news. If your service provider is responsible for keeping confidential participant data and maintaining plan records, they should have strong cybersecurity practices in place. Ask about the service provider’s cybersecurity protocols and their process for handling a breach. The lack of a written cybersecurity protocol should be a red flag.

5. Ask for a SOC Report.

A service provider’s SOC report can give plan sponsors a more complete understanding of the controls in place and the operating effectiveness of those controls for a specific period.

For more information regarding fiduciary responsibilities for third-party service providers and evaluating SOC reports, here are some helpful links:

Latest News

road with cars and sunset

IRS Increases Mileage Rate For Second Half of 2022

On June 9, the IRS released Announcement 2022-13, which modifies Notice 2022-3, by revising the optional standard mileage ...


New Schedules K-2 and K-3 for Passthrough Entity Tax Returns

At the tail end of 2021, the Internal Revenue Service (IRS) released new Schedules K-2 and K-3 effective ...

The Build Back Better Act – Update

This information is current as of Sunday, November 21, 2021. On Friday, November 19, 2021, after the Congressional ...

HM&M Updates

Pearl Balsara Breaks Attendance Record at Financial Planning Association of DFW Annual Conference

Last month, Senior Manager, Pearl Balsara was invited to speak at the 2023 FPA DFW Annual Conference in ...

HM&M Excellence Awards

We are pleased to announce the winners of the 2022 HM&M Excellence Awards. Ronna Beemer, Keith Phillips, and ...

HM&M Keep on Keepin’ on Awards

Huselton, Morgan and Maultsby is composed of a spectacular team of individuals. During our annual What’s Happening Meeting, ...

Payments Client Portal