Key Takeaways:
- Fidelity bonds are not interchangeable with fiduciary or D&O insurance. Each policy type serves a distinct risk category and compliance role.
- Coverage is required regardless of plan size or audit exemption. Even small plans or those not subject to audit may be noncompliant without proper bonding.
- Cybersecurity coverage is not automatically included. ERISA bonds must be reviewed to confirm whether cyber-related risks are addressed.
—
Fidelity bonds are known as the fundamental component of safeguarding your employee retirement plans. Required by the Employee Retirement Income Security Act (ERISA), these bonds protect plan assets from any losses due to misappropriation or misuse by the individuals who handle plan funds. Yet, despite the importance of this safeguard, there still exists widespread confusion among plan sponsors and their administrators.
Read on for further clarification on the key compliance requirements — by correcting five frequently encountered myths about these ERISA fidelity bonds, you can better align with the regulatory expectations and reinforce internal controls.
Understanding ERISA Fidelity Bond Requirements
Mandatory Coverage
ERISA generally mandates that most retirement plans maintain fidelity bond coverage equal to at least 10% of plan assets, with minimum and maximum thresholds. Exceptions apply to certain unfunded, governmental, or church plans. Form 5500, filed annually under penalty of perjury, asks directly about this coverage — so accurate compliance is essential.
Bond Sourcing and Structure
The bond must be obtained from an insurer listed on the Department of the Treasury’s approved surety list. It can be issued as a standalone bond or included within a broader insurance policy, but it has to meet ERISA’s first-dollar coverage rule, which prohibits deductibles.
Covered Individuals
Anyone with access to plan funds — including fiduciaries and relevant third-party administrators — must be included in the bond’s scope. The coverage has to apply to all plan assets, regardless of asset type or custody arrangements.
Five Myths That Can Risk Your Compliance
1. “Our fiduciary insurance covers the ERISA bond requirement.”
You’ve probably heard this common misunderstanding. That’s because fiduciary liability insurance covers breaches of fiduciary duty, while fidelity bonds cover acts such as theft or embezzlement by those handling funds. Both are important, but not interchangeable.
2. “Retroactive fidelity bond coverage can fix past gaps.”
Insurers generally can’t issue retroactive bonds due to legal constraints. Sponsors discovered without coverage during a plan audit must work with the Department of Labor (DOL) to document their remediation efforts and make sure they’re compliant.
3. “We’re exempt because our plan doesn’t require an audit.”
The thing is, audit exemptions don’t apply to fidelity bonds. ERISA requires fidelity coverage regardless of the number of plan participants or the size of the plan assets.
4. “Our D&O insurance includes fidelity coverage.”
D&O insurance may reference fidelity coverage, but this doesn’t guarantee your compliance with ERISA bonding requirements. For example, many policies include deductibles, which disqualify them under ERISA. You should review each policy carefully.
5. “The bond protects against cyber theft by default.”
Some fidelity bonds include provisions related to cybersecurity...but not all do. The DOL encourages plan sponsors to be proactive and assess and supplement your cyber protections. Combination policies can be explored but must still meet ERISA requirements.
Supporting Plan Integrity Through Review
Protecting retirement plan assets is both a regulatory obligation and a fiduciary priority. MGO’s Employee Benefit Plan Audit professionals can assist with evaluating your current fidelity bond coverage, identifying potential gaps, and supporting alignment with DOL and ERISA guidelines. Our team brings a detail-oriented, audit-first perspective to strengthen the security and compliance posture of your plan. Contact us to learn more.