Final DOL Rule Establishes New Safe Harbor With Two Alternatives for Electronic Delivery of 401(k) and Other Pension Plan ERISA Disclosures

The DOL has issued final regulations establishing a new safe harbor for the electronic delivery of ERISA-required disclosures by 401(k) and other pension plans. When proposed in October 2019 (see our Checkpoint article), the safe harbor only addressed electronic disclosure of covered documents via Internet posting after delivery of a notice of Internet availability. (A covered document is any pension plan-related document or information required to be furnished under ERISA Title I, other than one furnished only on request.) But in response to public comments, the final regulations add a second delivery method allowing plan administrators to send covered documents directly to covered individuals in the body of an email or as an email attachment. Otherwise, the DOL has characterized the final regulations as “fundamentally similar” to the 2019 proposal. Most of the requirements proposed for the original “notice-and-access” safe harbor method have been retained, and many have been incorporated into the new “email-delivery” safe harbor method. However, the final regulations include some noteworthy clarifications and changes. Here are highlights:

• Requirements Applicable to Both Safe Harbor Methods. Under both methods, the electronic address to be used may be provided by the covered individual or, for employees, assigned by the employer (but not solely for delivery of covered documents). Before a covered document is provided under either method, covered individuals must receive, on paper, an initial notification of default electronic delivery that, among other things, explains their right to receive one copy of any covered document in paper form free of charge, or to opt out of electronic delivery globally and receive only paper versions (again, free of charge). This initial notification must identify the electronic address that will be used and include any instructions necessary to access the covered documents. For the notice-and-access method, a “cautionary statement” must be included regarding the length of time documents are required to be available on the website. Both safe harbor methods require that plan administrators take measures reasonably calculated to ensure the confidentiality of covered individuals’ personal information.
• Website Definition and Standards. The term “website” includes any Internet or electronic-based information repository—including a mobile phone application—to which covered individuals have been provided reasonable access. Documents provided on a website pursuant to the notice-and-access safe harbor must be kept available for at least one year or, if later, until the document is superseded by a subsequent version.
• Changes to Notice of Internet Availability (NOIA). NOIAs will not have to include a description of the covered document being disclosed if the document’s name would reasonably convey its nature. A hyperlink to the website hosting the document may be provided in lieu of the actual Internet address. NOIAs will be deemed to provide “ready access” to the covered document if the address or hyperlink leads directly to the document or to a login page that provides (or upon login provides) a prominent link to the document. NOIAs must include the same “cautionary statement” that is provided on the initial (paper) notice. And they may include a statement explaining whether a response is invited or required. Detailed readability standards included in the proposed regulations have been dropped in favor of a general requirement that NOIAs be written in a manner calculated to be understood by the average plan participant. And proposed provisions allowing the NOIAs for certain specified documents to be combined have been replaced with a general description of the documents for which NOIAs can be combined.
• Email-Delivery Requirements. With the email delivery method, instead of sending a NOIA regarding the posting of a document on a website, plan administrators can simply send a covered document directly via email to the address provided by the covered individual. The regulations prescribe certain content for those emails, and set minimum document-format requirements similar to those applicable to documents provided on a website (i.e., documents must be in a widely available format that can be read online, printed clearly, permanently retained in an electronic format, and searched electronically).

The final regulations’ applicability date is July 27, 2020, but the DOL has announced it will not take any enforcement action against a plan administrator that relies on the final regulations before that date, to give employers and plan administrators more flexibility and reduce administrative burdens during the COVID-19 pandemic.

EBIA Comment: The changes in these final regulations illustrate the power of public comments to alter—and sometimes significantly enhance—regulatory proposals. As explained in the lengthy preamble to the final regulations, many changes noted above—including addition of the email-delivery safe harbor—were influenced by comments on the DOL’s 2019 proposal. Employers and plan administrators should consult the preamble for background and useful additional information regarding the changes. For example, the preamble offers an important clarification that the initial notice must be provided to any covered individual who will be provided covered documents under the new safe harbor methods, even if those covered individuals are already receiving disclosures electronically under the DOL’s 2002 safe harbor (see our Checkpoint article), which remains in effect as an ongoing alternative—and is the only electronic delivery safe harbor for ERISA welfare plan disclosures, as they are not covered by these final regulations. For more information, see EBIA’s 401(k) Plans manual at Section XXVIII.G (“Electronic Delivery of SPDs and Other ERISA-Required Documents”), which will soon be updated for the new safe harbor methods.

Contributing Editors: EBIA Staff.