For those of you who may not know me, I see a lot of concerts. There’s something about the way live music brings people together in a shared experience that’s both exhilarating and deeply human.

Just like a great concert relies on coordination behind the scenes, a strong compliance culture supports a company’s rhythm. It ensures that everyone—from front-line employees to leadership—knows the beat we’re marching to. It sets the stage for trust, safety, and integrity, creating an environment where everyone can perform at their best. For me, compliance isn’t about restriction; it’s about harmony. It’s making sure systems are in place so the show can go on without a hitch—whether that show is a Friday night setlist or a key business initiative.

With 40 years of experience in the insurance industry, I’m  sharing everything I appreciate about fiduciary compliance because there’s a lot to know—and love. My hope is that by the end of this blog, you’ll feel the same way.

ERISA: “Music” to My Ears

In 2024, the Employee Retirement Income Security Act (ERISA) reached a monumental milestone—its 50th anniversary. Signed into law in 1974, ERISA sets minimum standards for most health plans in the private sector. Essentially, ERISA aims to protect employee benefit plan participants and their beneficiaries by establishing rules for how plans are administered, funded, and managed. One of ERISA’s core tenets is the establishment of fiduciary responsibilities. Fiduciaries—typically plan sponsors, trustees, investment advisors, and others exercising discretion over a plan—are held to the highest standards of conduct. Under ERISA Section 404, fiduciaries must act solely in the interest of plan participants and beneficiaries, with the exclusive purpose of providing benefits and defraying reasonable plan expenses.

As we mark half a century of ERISA, it's the perfect time to reflect on fiduciary compliance for health plans through the lens of the insurance industry, which has played a crucial role in supporting plan sponsors, fiduciaries, and service providers in managing their responsibilities and risks. This anniversary is not just a celebration of longevity but also a reminder of the evolving regulatory environment and the critical importance of fiduciary risk management. As plan risks have grown, so too has the role of insurance in mitigating the liabilities that come with fiduciary duties.

If you don’t practice compliance properly, you’ll end up like a “Band on the Run” (Wings)

The “Harmony” of Fiduciary Compliance

Recent class action lawsuits accusing plan sponsors of breaching fiduciary responsibilities have raised concerns among many employers. Establishing a strong governance plan is essential to reducing the risk of facing similar legal action. Here are some questions to consider:

• Who are the fiduciaries under our plans?
• Do our plan fiduciaries understand their duties under ERISA?
• Is there a formal process in place to ensure we meet our obligations, including monitoring plan service providers?
• Have we had a recent compliance review of the plans’ terms?

It’s only fiduciary compliance, but I like it (Rolling Stones)

Health Plan Governance: Your Fiduciary “Setlist”

ERISA plan fiduciaries ensure the plan operates in a prudent manner, in the best interest of the plan’s enrollees and in accordance with plan documents. By adopting and consistently following written governance processes, plan fiduciaries can clearly demonstrate that they are meeting their responsibilities under ERISA. This includes establishing routines such as:

• Quarterly committee reviews of claims reports or administrative reports (e.g., identifying overpayments or underpayments) provided by third-party administrators.
• Internal procedures for handling participant complaints, claims-processing errors, and appeals—especially for self-insured plan sponsors.

Equally vital: documenting your actions. Record meeting minutes, decisions made, and the rationale behind those decisions to create a clear compliance trail.

Hooked on a feeling /compliance is easy (Blue Swede)

Accountability is “Key”

Fiduciary responsibilities can be delegated—but accountability remains.

Plan fiduciaries often assign administrative duties to others—either within the organization or to external service providers. However, under ERISA, fiduciaries are still required to:

• Understand who is managing key aspects of the plan.
• Monitor those individuals, committees, or providers.
• Ensure that delegated tasks are being handled properly and in the best interest of participants.

Delegating functions like claims processing doesn’t remove fiduciary status or obligations. If a service provider makes an error or violates laws (such as ERISA, COBRA, or HIPAA), fiduciaries—such as a company’s board or plan committee—could still be held liable. This is especially true if they failed to perform due diligence or didn’t reasonably monitor the provider’s performance.

Make sure your plan is compliant, don’t rock the boat, don’t tip the boat over (Hues Corporation)

From Oversight to Insight: An “Overture” to Checklists

A checklist can also be extremely helpful in developing plan committees, procedures and policies to ensure plan fiduciaries are meeting their fiduciary responsibilities as mandated by ERISA. Having these types of plan governance processes in place—and adhering to them—provides strong indication that fiduciaries are taking their responsibilities seriously and acting diligently and prudently, which can be helpful in the event of a Department of Labor audit or plan-related litigation.

Formal plan governance procedures, if faithfully followed, help in other ways too. They can ensure consistent and appropriate plan operations and provide guidance to assist in instances of key corporate personnel changes, such as turnover of human resources and benefits administration personnel.

Consider the following five steps for your fiduciary checklist:

1. Identification of plan fiduciaries and plan committee
2. Plan document & administrative review
3. Plan internal administrative procedures & protocols
4. Periodic plan-related reviews & audits
5. Other reviews & assessments

Don’t let the sun go down with(out) being compliant (Elton John)

A Final “Note”

Fiduciary compliance is not punishment—it’s tuning.

So next time you’re checking off your fiduciary compliance duties, just imagine it’s your setlist. Play it well, and the audience will thank you.

Ken Ralff, SVP, Client Executive, Lockton Companies
[email protected]
linkedin.com/in/kennethralff