It Doesn’t Have To Be That Way: Negotiating Good Service Provider Agreements Is More Important than Ever
It may be an understatement to say that compliance with benefit plan laws and regulations is becoming increasingly more complicated. In my experience, the COVID era has brought about some of the widest-sweeping changes on the burden of administering benefit plans in some time.
There has been major evolution around service provider fee disclosure, DOL reporting and disclosure on mental health parity and disclosure of plan costs, new claims procedure rights, expanded expectations around Cyber Security protections, and expansion of the use of ESG and crypto currency (and on-again, off-again regulatory efforts).
Couple these changes with an expanding myriad of state laws that take diverging views on things like reproduction rights, privacy and security protections for employees, leave rights, and ESG (once again), it is enough to make an employer’s head spin and maybe cause some to wonder whether it is really possible to comply with these requirements.
As we exit the COVID period (fingers crossed), employers should take a fresh look at their compliance efforts, starting by looking at their service agreements with their TPAs and recordkeepers.
With these observations as a backdrop, here are some suggestions around monitoring service providers (as required by ERISA for most benefit plans):
- If you don’t have an action plan/checklist for complying with the Consolidated Appropriations Act, 2021 (CAA), you should get one. Many of these laws have gone into effect and should be clearly reflected in updated service agreements. Use this action plan/checklist to confirm that your TPAs, insurance companies, and carriers are in compliance with these requirements or determine where there might be gaps.
- Pay close attention to who has the responsibility to comply with Mental Health Parity disclosures (and other disclosure requirements) related to the CAA. In our experience, many TPAs, recordkeepers, and carriers have not agreed to actually comply with these requirements, but instead agree only to offer some level of assistance/support. For most employers, this is probably not the right approach to complying.
- It is time to get serious (and maybe even more serious) about privacy and security. This is getting to be a big deal in the benefit plan space. There are a growing number of states that require employers to ensure privacy protections for their employees. The frontrunner on this is the state of California and the recently implemented California Privacy Rights Act, but there are other states following close behind. Employers who have employees located in California in particular should be looking at these rules to ensure that their benefit plan service providers are in compliance with these requirements.
These suggestions all boil down to a common thread. If you have not paid close attention to the service agreements updates you have received from your service providers over the past few years, you should. Your service agreements should include clear delineation of responsibility with respect to reporting and disclosure as well as privacy and security now more than ever. If your service provider has not expressly assumed responsibility for complying with these requirements then it is likely they are not required to do so.