ERISA’s Bond Requirement — An Overview

ERISA’s bond requirement is straightforward in many respects, but certain aspects of the requirement are complicated. This article is designed to provide a short explanation of ERISA’s bond requirement and a discussion of these complexities. 

The bond requirement is intended to protect ERISA plans from loss due to criminal and near-criminal conduct. The bond must cover losses that result from theft, embezzlement, forgery and other listed crimes that would be recoverable under state law from a bond protecting against theft or fraud.  (For the sake of simplicity, the term “theft or fraud” will be used in this article.) It is important to note that bonds are not insurance. Bonds pay the plans, not third parties. Additionally, bonds cannot have a deductible or other common insurance provisions and do not provide coverage for breach of fiduciary duty.

ERISA and related regulations require that all persons who “handle” plan funds must be bonded unless an exemption applies. The U.S. Department of Labor (DOL) has established detailed criteria for determining whether a person is handling plan funds, which can be summarized as follows: If a person has a realistic opportunity to steal plan funds in the ordinary course of his or her everyday duties, that person must be bonded. A person need not be bonded if the risk that the person could steal plan funds is negligible.   

According to the DOL, “plan funds” means all funds or property that might be used by a plan to pay benefits. As a practical matter, this should be understood to mean all plan assets. This includes assets held directly by the plan and assets held indirectly, such as investment assets held by a common or collective trust or an investment fund that is deemed to hold plan assets under ERISA. Conversely, mutual funds and other investment funds that do not hold plan assets under ERISA are not required to be bonded. 

ERISA bonds can only be issued by a surety company that is listed by the U.S. Department of the Treasury as an “approved surety.” The bond amount is 10% of the plan funds that are handled, with a minimum of $1,000 and a maximum of $500,000 per covered plan. If the plan holds employer securities, the maximum bond amount is $1 million. There is no required form of the bond, and the bond can cover a specific individual (e.g., the CEO of the plan sponsor) or groups of people (e.g., all employees of the investment manager). Bonds can also cover multiple plans as long as each plan is eligible to receive the maximum payment. The DOL has stated that a plan can pay for bonds, including bonds that cover employees of the plan sponsor or service providers. 

Although the general outlines of the bond requirement are clear, certain aspects are more complex. The most prominent of these are exceptions to the general rule that persons who handle plan funds must be bonded and the special increased bond maximum if a plan holds employer securities.  

Not every person who handles plan funds needs to be bonded. Most banks, trust companies insurance companies and broker dealers are not required to have an ERISA bond. Banks and insurance companies acting as fiduciaries need not be bonded if the bank or insurance company is organized and doing business under federal or state law, is subject to federal or state examination or supervision, and meets certain capital requirements. DOL regulations exempt trust companies (and certain other banking institutions), even those not acting as fiduciaries, as long as the trust company is subject to regulation and examination by a federal bank regulator. SEC-registered broker dealers need not have an ERISA bond if they are bonded pursuant to rules established by FINRA or another self-regulatory organization. Although most of these types of service providers are exempt from ERISA’s bond requirement, plan fiduciaries may wish to obtain a representation from the service provider to that effect. 

Some fiduciaries are also exempt. Although ERISA arguably requires every fiduciary to be bonded, the DOL treats fiduciaries like all other persons, requiring a bond only if the fiduciary handles plan funds. Perhaps the most common example of an exempt fiduciary is a fiduciary that provides nondiscretionary investment advice but does not manage plan assets. 

The maximum bond amount can vary. Until 2006, the rule was relatively simple: the maximum bond amount was $500,000. Congress changed this rule in 2006, raising the maximum bond amount to $1 million for plans that hold employer securities (i.e., securities issued by the plan sponsor, such as Apple stock for the Apple 401(k) plan). The text of the amendment suggests that the higher maximum amount applies to all persons handling funds of such a plan, even if a person has nothing to do with employer securities (e.g., the manager of a bank collective trust that is the fixed income option for the Apple 401(k) plan). 

This may not be what Congress intended. The technical explanation of the amendment says a plan should not be considered to hold employer securities if it only owns them through a broadly diversified fund, such as a mutual fund or index fund. But this explanation is inconsistent with the text of the amendment and odd — ERISA has always said assets held by mutual funds (including index funds organized as mutual funds) are not ERISA plan assets and so no bond should be required for mutual fund advisors and others. As a result, plans that hold employer securities and their service providers do not have any authoritative guidance on whether the applicable maximum bond amount is $500,000 or $1 million. 

Failure to have a bond is a breach of ERISA’s fiduciary rules. As with all other fiduciary violations, a fiduciary is liable for losses to the plan resulting from the breach, i.e., the failure to have a bond. Plan fiduciaries should therefore make sure that there are bonds covering all persons handing plan funds unless an exemption applies. A common approach to this review is to look first internally (i.e., at the plan sponsor’s officers, directors, and employees) and then externally (e.g., at investment managers, plan administrators and other service providers). ERISA bonds have historically been inexpensive and it has been comparatively easy to obtain a bond covering all “inside” persons. Third party service providers have differing approaches to ERISA bonds. Some service providers maintain their own ERISA bonds; others ask that the plan add the service provider to the plan’s bond. Although compliance with ERISA’s bond requirement is a fiduciary matter, maintaining and paying for the bond is often negotiated.

The consequences of failing to have a bond will vary from having to obtain a bond to a court order to pay the plan for losses resulting from failing to have a bond. An obvious factor affecting the scope of relief is the scope of the violation (i.e., from a plan having no bond, to having a bond that does not cover all of the required persons, to having a bond that covers all required persons but that is not in the correct amount). However, the most important factor is whether the plan has suffered a loss. Because an ERISA bond pays only in the event of theft or fraud, a plan suffers a loss only if a bonded person has committed theft or fraud (or other bad acts) and the plan would have recovered had a bond been in place. But even if the plan has a loss from a bond failure, that loss can never be more than $500,000 (or $1 million, if the plan holds employer securities).