Personal Liability and Beyond: Navigating the Most Common Fiduciary Risks

In Part 2 of our Fiduciary Training series, we explored why your fiduciary duty is the "highest known to law." Now, in Part 3, we're looking at what happens when that standard isn't met—and the specific risks every plan sponsor needs to manage.

One of the reasons we take fiduciary training so seriously at Castle Rock is because the consequences of a breach are personal. Let's break down the reality check.

Personal Liability: The Reality Check

Unlike most corporate roles where the "corporate veil" protects your personal assets, ERISA fiduciaries can be held personally liable to restore any losses resulting from a breach of duty. This means your personal bank account, home, and your own retirement savings could be at risk if the plan is mismanaged.

Prohibited Transactions: Where Fiduciaries Get Burned Fast

A prohibited transaction is a transaction ERISA generally forbids because it creates conflicts of interest. These can trigger an excise tax that starts at 15% and can escalate to 100%.

Common examples include:

• Loans between the plan and a party in interest.
• Late employee deferral deposits (using employee contributions as short-term cash flow is a big red flag).
• Self-dealing, like using plan assets to benefit the owner or a related business.

Limiting Liability: Build the Process

The good news: ERISA isn't asking you to predict the future. It's asking you to follow a prudent fiduciary process.

Action items:

1. Document the "why" behind decisions. Keep minutes and follow a documented process like the one in ERISA Plan Governance.
2. ERISA Section 404(c): This can help limit fiduciary liability for investment outcomes when participants control their own accounts—but only if you follow the rules exactly.
3. QDIAs (Qualified Default Investment Alternatives): Use monitored defaults like target date funds to improve outcomes and strengthen your position.

Cybersecurity: A Fiduciary Issue Now

The DOL has made it clear: cybersecurity is part of prudent plan oversight.

Practical steps:

• Vet providers' security programs (SOC-1/SOC-2 reports).
• Put breach responsibilities in the contract, including notification timelines and who pays for remediation.

Master the Fiduciary Standard

If you want to reduce fiduciary risk, the best place to start is simple: know the standard and build repeatable habits around it. That's exactly why we built our fiduciary training resources.

Here's a practical way to level up (and make sure it sticks):

• Download Fiduciary Training: Part 1.
• Download Fiduciary Training: Part 2.
• Then, challenge yourself (and your internal team): take the two fiduciary quizzes on the training page to test what you know and spot gaps before they become real-world problems.

The Castle Rock Solution: A Safer, Simpler Path

All of this is exactly why many employers decide a Pooled Employer Plan (PEP) is the right choice. With Castle Rock PEP, we handle the 3(16) administrative and 3(38) investment fiduciary roles for you.

We help reduce these risks by:

• Handling day-to-day plan administration.
• Running the single audit for the pooled plan.
• Bringing a structured, repeatable governance process.

Don't let your plan sit on autopilot. If you haven't reviewed your fiduciary oversight in the last year, now is the time.

Simplifying retirement for all. One plan. Every business.

This content was prepared with the assistance of artificial intelligence tools and reviewed by Castle Rock Investment Company for accuracy and completeness.