• The settlement focuses on limiting the ability of the current recordkeeper (Fidelity) and any future recordkeeper from using participant data.
It’s official–retirement plan fiduciaries need to start caring (and, perhaps, worrying) about how plan providers use participant information to promote non-plan related financial products and services. And, this time it is not just RetireAware warning about the misuse of participant data (Twenty-One Years After HIPAA Added Protections for Health Information, What About Financial Information?)–it is a federal court.
In a significant new development, Vanderbilt University reached a settlement with plaintiffs who challenged a number of practices in the Vanderbilt retirement plan. And, for the first time, the settlement includes future prohibitions on the use of participant data to market or sell non-plan products and services. This settlement should have every plan fiduciary asking about how their plan providers use participant data–and what the fiduciaries should do now to avoid the next round of fiduciary litigation.
This case (Cassell v. Vanderbilt University) was first filed in 2016 and contained the “usual” fiduciary suit allegations–that fiduciaries breached their responsibilities by allowing vendors to charge excessive fees and by retaining poorly performing assets in the plan. Indeed, the original complaint made no mention of the misuse of participant data.
However, as the case progressed (and amended complaints were filed) a new claim emerged. The new claim focused on the allegation that the plan’s recordkeepers (which, at the time included TIAA, Fidelity and VALIC) used participants’ confidential data to promote the sales of non-plan products and services to the plan. (Cassell v. Vanderbilt, Second Amended Complaint) This use of data then created several challenges under ERISA–that the participant data represented a valuable plan asset that the fiduciaries improperly transferred to these recordkeepers and that the recordkeepers then exploited this plan asset — to the recordkeepers’ advantage and not for the benefit of the plan or participants. The emergence of this claim is not surprising; the same plaintiffs’ law firm involved in the Vanderbilt litigation had already started focusing on the exploitation of participant data in other cases. See our blog post on this topic, as the focus on participant data started to emerge, Fiduciary Lawsuits: A New Chapter Opening?
As the case continued surviving motions to dismiss, it became increasingly likely that the parties would reach some kind of settlement. We now know that a settlement has been reached and the proposed terms of that settlement.
The Vanderbilt Twist
Here’s the real news: the proposed settlement agreement includes significant new restrictions on vendors’ use of participant data to promote non-plan products and services. In effect, the settlement accepts the claim that fiduciaries have a responsibility to protect against the exploitation of plan participant data to promote non-plan products and services.
Specifically, under the terms of the proposed settlement:
• The plan fiduciaries shall conduct an RFP for recordkeeping services and after conducting the RFP “the Plan’s fiduciaries shall contractually prohibit the recordkeeper from using information about Plan participants acquired in the course of providing recordkeeping services to the Plan to market or sell products or services unrelated to the Plan to Plan participants unless a request for such products or services is initiated by a Plan participant.”
• “Vanderbilt University shall inform Fidelity, the Plan’s current recordkeeper, that when communicating with current Plan participants, Fidelity must refrain from using information about Plan participants acquired in the course of providing recordkeeping services to the Plan to market or sell products or services unrelated to the Plan unless a request for such products or services is initiated by a Plan participant.”
In effect, the use of participant data to promote non-plan products and services stops. Now.
As we think about the implications of this settlement, there are a number of important items to note:
• The use of participant data to promote non-plan products and services goes beyond one university and two providers. As we have noted elsewhere, bundled providers are under tremendous economic pressure–caught between fee compression in their recordkeeping business and lower asset management fees due to the rise of indexed funds and ETFs. See Fee Compression: Fiduciaries Take Note and The Lure of the IRA and the Power of Inherent Conflict. These pressures are driving recordkeepers to seek new sources of revenue-enhancement.
• We anticipate that these providers will not (and perhaps, cannot) readily relinquish a core component of their revenue strategy–to move money from (carefully scrutinized) retirement plans into individual products. Accordingly, these providers will find more and more creative ways to escape the pressures created by fee compression and indexed funds. For example, see Who’s Inside Your (Participants’) Wallets? And rooting out these practices will require more than contractual provisions; with tens (or hundreds) of millions of dollars at stake, providers will develop new practices to allow them to evade the contractual limits and carry on with business as usual.
• This is about more than (somewhat) abstract notions of privacy. Providers with conflicted service models are doing more than analyzing participant data. They can engage in sophisticated campaigns to target participants and utilize the implicit endorsement of the employer, enhanced access to participants’ “mind share” and plan data to promote financial services and products. And, these products can have fees that are multiples of in-plan investments. At the end of the day these practices can undermine the financial security that employers are trying to develop.
• The settlement focuses on limiting the ability of the current recordkeeper (Fidelity) and any future recordkeeper from using participant data. However, due to the unique nature of 403(b) plans, there are prior recordkeepers who retain any plan assets held in individual annuity contracts. By focusing on the recordkeeper that is providing ongoing services to the plan, the settlement overlooks the risk that these legacy/inactive providers will use plan data to aggressively market their non-plan products to participants and siphon assets away from the current recordkeeper.
• Recordkeepers are not the only providers who may have a conflicted service model– one that encourages them to exploit access to plan participants and data. For example, an investment advisor with a wealth management division may also take advantage of access to participants to promote non-plan products.
• This is not just an issue for ERISA-plans. Governmental plans are an attractive target for providers looking for deep pools of assets that can be transferred into individual products upon a plan distributable event. See Public Employees: (Un)Equal Protection Under the Law. And the risks to employers–that plan providers will engage in activities that undermine employees’ financial security–is not limited to ERISA plans.