August 1999

Dear Clients and Friends of the Firm:

With the new millennium quickly approaching, many clients report that they still have not devoted attention to Y2K issues affecting all types of employee benefit plans. If the millennium bug hits, this could prove to be a big mistake. In this special edition of the Employment Law Update, we outline the significant exposure that employers and benefit plan administrators face for Y2K failures and we suggest a course of action to address these issues. Since these matters take time and the deadline for compliance is fast approaching, we recommend that you devote the time and resources to protect your Company and its benefit plan executives from Y2K lawsuits. Your contact in the Firm is ready to assist you with this project.

Ballard, Rosenberg & Golper

This special issue of the Update is an expanded version of an article by Richard S. Rosenberg and Douglas N. Silverstein entitled "Benefit-Plan Administrators Must Prepare for Y2K." The article appeared in the June 21, 1999 edition of The Los Angeles Daily Journal legal newspaper.

I. INTRODUCTION

Employee benefit plans like pension, medical, life insurance and disability benefit plans are susceptible to potentially disastrous Y2K failures because they are so date dependent. An employee's birth, hire, participation, anniversary, eligibility, enrollment and retirement dates are just a few of the many computer-generated date calculations essential to the administration of employee benefit plans. Anticipating that Y2K failures could result in major disruptions to plan administration, the U.S. Department of Labor ("DOL") has issued a series of public announcements to alert employers, plan sponsors and others involved in benefit plan administration about what the DOL expects them to do to minimize the potential adverse effect of Y2K problems. Employers, benefit plan sponsors and plan fiduciaries are required to ensure that plan participants and beneficiaries are protected from Y2K failures affecting internal systems (such as plan computers, payroll or accounting) and external plan service providers (such as banks, insurance companies, actuarial firms or investment managers).

This special Client Bulletin sets forth what employers should be doing to minimize potential Y2K exposure.

II. RESPONSIBILITIES OF PLAN ADMINISTRATORS AND OTHER FIDUCIARIES

The DOL announced that plan fiduciary responsibility will be reviewed against the requirements of the Employee Retirement Income Security Act of 1974, as amended ("ERISA"). Notably, ERISA imposes personal liability on plan fiduciaries - employers, benefit plan sponsors, investment advisors, trustees, administrators and even potentially members of the corporate board of directors - if they fail to meet their ERISA obligations. These obligations include: (1) the duty of loyalty; (2) the duty to diversify plan investments; (3) the duty to act in accordance with plan documents; and (4) the duty of prudence. ERISA ? 404(a)(1)(A)-(D). In addition to matters of governmental compliance, we predict that enterprising plaintiffs' lawyers will be seeking to hold employers and others responsible for Y2K failures using a variety of legal theories.

A. The Duty Of Loyalty

The duty of loyalty requires plan fiduciaries to act solely in the interest of plan participants and beneficiaries for the exclusive purpose of providing benefits to them and defraying reasonable administration expenses. ERISA ? 404(a)(1)(A). This duty could become relevant in the Y2K context where, for example, a corporate officer or director also serves on the benefit plan committee. The officer or director may endorse a Y2K course of action that is in the best interests of the company, but that course of action may not necessarily be in the exclusive interests of the plan participants. An officer or director who acts without independent advice where such a conflict of interest exists could be subjected to personal liability for any losses to the plan.

B. The Duty To Diversify Plan Investments

Under ERISA ? 404(a)(1)(C), fiduciaries must "diversify the investments of the plan so as to minimize the risk of large losses, unless under the circumstances it is clearly prudent not to do so." Under this duty, Y2K claims also could be brought against an employer that had little or no control over a computer problem. For example, suppose an investment manager handling a retirement account invests fund assets in companies that are not Y2K compliant, resulting in losses to the plan. Under that scenario, the employer perhaps could be liable where it is established that the employer failed to question the investment manager about its Y2K compliance when making investment choices. In addition, some industries have a greater risk of exposure to Y2K problems than others. For example, the high technology industry will likely suffer more Y2K glitches than the garment industry. Employers will need to adequately monitor the plan's investment portfolio to reduce exposure to such industry-wide risks. Employers with 401(k) plans also should advise participants to consider Y2K compliance in making investment choices in their individually-directed accounts.

C. The Duty To Comply With Plan Documents

The duty to comply with plan documents requires fiduciaries to discharge their duties strictly in accordance with the plan documents insofar as they are consistent with pension law. ERISA ? 404(a)(1)(D). Most plan documents will not address Y2K issues, but, to the extent any such statements do exist, fiduciaries will be held to them. Employers who intend to make any statements about Y2K in summary plan descriptions, brochures, financial statements, correspondence or other documents are advised to carefully consider them.

D. The Duty Of Prudence

As a practical matter, it is the duty of prudence that dictates the principal obligation of fiduciaries to take action to address and remediate Y2K concerns. ERISA ? 404(a)(1)(B) provides that a plan fiduciary must act "with the care, skill, prudence, and diligence under the circumstance then prevailing that a prudent man acting in a like capacity and familiar with such matters would use in the conduct of an enterprise of like character and with like aims." This is an objective standard. The subjective good faith of a fiduciary is irrelevant to whether the fiduciary has acted prudently. However, the law recognizes that plan fiduciaries are not guarantors of a favorable outcome. They are judged more by their actions than the results of those actions. Thus, where a fiduciary has acted prudently to address Y2K concerns, they will not be responsible for losses attributable to Y2K failures.

III. Y2K FIDUCIARY DUTIES

A. What Constitutes A Prudent Procedure For Ensuring Y2K Compliance?

In a series of press releases, the Pension and Welfare Benefits Administration ("PWBA") arm of the DOL recently confirmed the personal liability of plan fiduciaries for Y2K-associated problems. See http://www.dol.gov/dol/pwba/. To avoid such liability, plan fiduciaries must establish and implement a prudent procedure for ensuring that the plan's own computers and those of the plan's service providers are Y2K compliant.

1. Establish A Y2K Compliance Plan

We recommend that employers commit sufficient resources to develop a well thought out written plan to ensure Y2K compliance for its employee benefit systems. A compliance plan should initially focus on the plan's computer systems and any internal systems, such as payroll, with which the plan interfaces. The compliance plan should provide for an inventory of computer hardware and software that has the potential to affect benefit plan administration.

Next, employers must assess the existence and severity of potential Y2K problems. As to computer systems relating to the plan, the PWBA has noted that, because of the complex and technological nature of the Y2K problem, plan fiduciaries may choose to hire outside consultants and experts to inventory, review, assess, convert and test these systems. However, plan fiduciaries should be cautioned that they still could be held personally liable if the selection and ongoing monitoring of consultants and experts is not performed in a prudent manner. To minimize potential liability in this regard, plan fiduciaries should:

? carefully evaluate the consultant's qualifications;

? ensure that the fee charged is reasonable;

? utilize appropriate time frames for the remediation effort; and

? implement periodic reviews to adequately monitor the process.

We strongly recommend retaining consultants and experts with technical experience in Y2K remediation at an early stage in the process.

After addressing Y2K as it relates to your own computer systems, the next step is to identify key service providers. The PWBA takes the position that plan fiduciaries also have an obligation to determine whether and to what extent the plan's operations will be endangered by the computer systems of service providers, such as banks, insurance companies, actuarial firms or investment managers. To accomplish this, fiduciaries should obtain information sufficient to evaluate and monitor each service provider's Y2K compliance efforts. This entire process should be well documented. Inquiries of each service provider should be tailored to the function provided. For example, inquiries of the investment manager should include how he or she is taking into consideration the Y2K compliance of specific companies in making investment decisions.

Once Y2K problems are identified, the next issue is what to do about them. Plan administrators will generally have two options: either repair or replace. Retained consultants should be able to provide the plan with the information necessary to make an informed cost-benefit analysis and determine the appropriate course of action. Regardless of what course of action is taken, it is critical that sufficient time be allowed for testing.

2. Establish A Y2K Contingency Plan

Finally, because of the pervasive nature of Y2K, it may not be possible to prevent all computer disruptions. In recognition of that fact, the PWBA has urged plan fiduciaries to determine how best to protect the plan and its participants and beneficiaries through the establishment of a contingency plan to be implemented in the event the plan's essential operations are disrupted. Like the compliance plan, the contingency plan should also be in writing. The contingency plan should state specific courses of action in the event that any of the plan's internal or external systems fail. For example, any contingency plan should address procedures to back-up data, the feasibility of performing manual operations, or outsourcing plan functions to a vendor.

Appendix A contains a "Y2K Action Checklist" to assist employers in developing an overall strategy to manage their potential Y2K issues.

B. Can The Plan Be Charged For Y2K Compliance Costs?

The implementation of such remediation efforts no doubt is time consuming and costly. ERISA provides that reasonable expenses relating to plan administration may be charged to the plan. ERISA ? 408(b)(2). Plan documents generally describe which costs may be charged to the plan. If the plan permits reasonable expenses to be charged to the plan and the fiduciary determines that the plan's Y2K compliance costs are reasonable, then the cost may be charged to the plan.

C. Will The Government Be Investigating Y2K Compliance Efforts?

The PWBA has publicly announced that it is already investigating the Y2K compliance efforts of plan fiduciaries in the course of new and ongoing civil investigations. Where plan fiduciaries have failed to act prudently, or otherwise breached their fiduciary duties in addressing their plan's Y2K remediation efforts, the PWBA has indicated that it will initiate appropriate enforcement action.

To assist those with Y2K compliance responsibility in responding to government investigations, the PWBA released a set of sample questions used by their investigators when evaluating Y2K compliance. Prudent employers will want to thoroughly review these questions and be prepared to have the answers. Notably, many of the PWBA sample questions ask for copies of Y2K remediation and contingency plans. Accordingly, prudent employers, plan administrators and fiduciaries should immediately evaluate the extent to which the plan has procedures in place to ensure that the plan is properly documenting its Y2K efforts in a manner that will satisfy PWBA inquiries. A complete list of the DOL's sample questions can be found in Appendix B.

D. Should Disclosures About Y2K Compliance Be Made To Plan Participants And Beneficiaries?

Although ERISA is silent about Y2K disclosures, the PWBA "strongly encourages" plan administrators to disclose to plan participants and beneficiaries the steps being taken to ensure that the Y2K problem does not interrupt the operation of the plan or participants' access to their individual accounts and benefits. Specifically, administrators are advised by the PWBA to inform plan participants and beneficiaries about the following:

? the plan's current level of readiness;

? the strategy for bringing the plan's systems into Y2K compliance;

? a timetable for when the critical systems will become Y2K compliant;

? the level of compliance for service providers;

? the possible effect on participants and their beneficiaries should the plan become impaired due to Y2K-associated problems; and

? contingency plans that have been devised in the event the plan is not Y2K compliant in time.

Great care should be given to the representations made to plan participants and beneficiaries. Since these are legally significant communications, we recommend that you review the matter with your contact at the Firm.

IV. OTHER SOURCES OF PROTECTION FOR POTENTIAL Y2K FAILURES

A. The Y2K Act

Just before we went to press, President Clinton signed into law the federal Y2K Act, Public Law 106-37, which provides considerable limitations on Y2K lawsuits. The Y2K Act applies to all "Y2K actions," as defined, brought in federal or state court after January 1, 1999 for any harm (except personal injury or wrongful death) resulting from Y2K failures which occur before January 1, 2003. The Y2K Act does not create any new causes of action for plaintiffs. Instead, the primary purpose of this new law is to give incentives to businesses and technology providers and users to solve and remedy Y2K computer date-change problems before they develop, while discouraging "insubstantial" or frivolous Y2K lawsuits.

Employers and benefit plan administrators should familiarize themselves with the numerous features of the Y2K Act. A few of the more notable provisions are summarized below:

? Plaintiffs must give at least 30 days' notice before filing a Y2K lawsuit, and the defendant is entitled to an additional 60-day "cooling off" period if it responds to the notice by describing the actions it has taken or will take to address the alleged Y2K problem. The defendant must also state whether it is willing to engage in alternative dispute resolution ("ADR"), which Congress expressly "urges" parties to pursue if necessary to avoid litigation.

? The Y2K Act applies to actions brought by government entities. However, it also creates an affirmative defense of "Y2K upset," which is an exceptional incident of temporary noncompliance with certain federal regulations directly related to a Y2K failure and beyond the defendant's reasonable control. "Y2K upset" can be a complete defense in cases brought by the government based on such noncompliance, but only if the defendant satisfies several technical requirements, including: (a) making a previous good-faith effort to remedy Y2K problems; (b) taking immediate action to remedy any violations resulting from Y2K upset; and (c) giving notice to the applicable federal agency within 72 hours from the time the defendant became aware of the Y2K upset. This defense does not apply to any Y2K upset occurring after June 30, 2000.

? Punitive damages and class action lawsuits are limited under the Y2K Act as well. Plaintiffs must present "clear and convincing evidence" in support of punitive damages, and a cap of $250,000 or less applies to punitive damage awards against small businesses with less than 50 full-time employees and individuals with a net worth of $500,000 or less, except in cases where the defendant specifically intended to injure the plaintiff.

? The Y2K Act further protects those who are not directly involved in Y2K failures, and limits a defendant's liability to damages which are proportionate to fault, except in contract cases or where the defendant is guilty of fraud or a specific intent to injure.

? Plaintiffs in Y2K cases are prohibited from recovering damages they could reasonably have avoided, except where the defendant specifically intended to defraud the plaintiff.

? The Y2K Act permits states to enact even stronger protections for defendants against liability and damages. On the other hand, the Y2K Act does not overrule existing state law protections for small businesses or unwary consumers against unfair or illegal contracts.

B. The Year 2000 Information And Readiness Disclosure Act

Congress also enacted some protective Y2K legislation last year. The Year 2000 Information and Readiness Disclosure Act, 15 U.S.C. ? 1 note, provides a measure of additional protection to plan fiduciaries from lawsuits brought by private parties. These protections are not affected by the recent Y2K Act, but, notably, do not apply to lawsuits brought by government enforcement agencies:

? First, disclosures about a plan's Y2K compliance may be inadmissible in court to prove the truth or accuracy of the disclosure, although the disclosure may be admissible for other purposes. However, this protection only applies to statements made after October 18, 1998 that are clearly designated on their face as "Year 2000 Readiness Disclosure(s)."

? Second, the Act bars misrepresentation claims based on statements about Y2K readiness or compliance unless the statements are: (a) material; and (b) made with actual knowledge that they are false or misleading, made with the intent to deceive or made with reckless disregard as to their truth.

? Third, a statement about Y2K will not modify existing contracts or warranties unless: (a) the issuer of the statement agrees in writing to modify the contract; (b) the parties to the contract previously agreed to permit amendment of the contract to add a Y2K warranty; or (c) the Y2K statement was made as part of the formation of the contract.

? Fourth, a fiduciary cannot be held liable for any inaccuracy in the Y2K statement of another that it republishes as long as the fiduciary identifies the source or makes clear that it has not verified the republished statement's accuracy. Of course, this protection does not apply if the fiduciary republishing the statement has actual knowledge that it is false or misleading, or republishes it with the intent to deceive.

C. Insurance

In evaluating the matter, employers should not overlook their insurance policies, as they may also provide additional protection against Y2K liabilities with respect to employee benefit plans. Fiduciary, directors and officers, business interruption, employee practices liability, and general liability insurance all may be sources for potential coverage. While Y2K specific insurance is available, it is expensive and requires extensive Y2K compliance audits.

V. CONCLUSION

The susceptibility of employee benefit plans to the potential adverse effect of Y2K issues - coupled with the imposition of personal liability on plan fiduciaries who fail to adequately address these issues - necessitates that employers accurately assess the existence and extent of any Y2K problems, communicate with plan participants and beneficiaries about Y2K readiness and, where necessary, act now to implement remedial steps. By implementing these prudent procedures, employers with employee benefit plans can put themselves in the best position to ensure that the millennium transition is a non-event for themselves, their plan participants and beneficiaries.

STEP ONE: Evaluate Y2K susceptibility and decide how best to ensure compliance.
Establish a comprehensive plan to assess and remediate problems.
? Establish a compliance team
? Document all meetings
? Create a written Y2K action plan
? Review DOL written questions (Appendix B)
Inventory internal and external systems affecting plan administration that must be Y2K compliant.
? Computer systems
? Telecommunication systems
? Data
? Other infrastructure systems
? Financial systems
? Financial institutions' systems
? Investment managers' systems
? Third party administrators' systems
? Health care delivery systems
? Trustee's systems
Conduct due diligence of the plan's internal and external systems.
Hire consultants as needed to audit and remediate.|
Establish compliance priorities.
Document every step of the way.
Determine how to respond to participants' requests for information.

STEP TWO: Ensure that internal systems are compliant before January 1, 2000.
Audit plan-owned systems.
Establish priorities regarding which systems to remediate first.
Hire consultants where necessary.
Implement any necessary changes.

STEP THREE: Ensure that suppliers and service providers are compliant.
Send letters to ascertain their level of Y2K readiness and confirm compliance (put all such communications in writing and keep copies of them).
Establish criteria for appropriateness of responses.
Analyze contract terms to determine grounds for requiring compliance if the suppliers and service providers indicate they will not be compliant.
Prepare warranty and damages language for new contracts.
Amend current contracts if needed to confirm compliance.
Establish contingency plans if a supplier will not be compliant.
Create and implement comprehensive testing criteria.
? Stand-alone products
? Integrated products
Determine whether existing software can be modified and whether modification would void warranties.

STEP FOUR: Establish contingency plans.
Establish backup systems.
Establish procedures to isolate Y2K corrupted data from other systems.
Review insurance policies.
? Commercial general liability
? Property
? Business interruption
? Directors and officers
? Fiduciary
? Y2K special insurance
Determine whether the plan's current insurance provides coverage or whether Y2K special insurance is needed.

STEP FIVE: Document everything you do.

STEP SIX: Answer the DOL's list of questions following this checklist.

? Provide the name, position title, and telephone number of the person in your organization responsible for addressing the Year 2000 compliance of the plan's computer system.

? If applicable, provide the name and telephone number of the person or entity hired to address the Year 2000 compliance of the plans' computer system. Provide a copy of the service contract.

? If applicable, describe how the plan's Year 2000 service provider was selected and what information was reviewed in the course of the selection process.

? What stages have been completed in addressing the Year 2000 problem (e.g., inventory development, assessment, remedial action, testing, contingency planning)?

? If applicable, provide a copy of the strategy or planning document addressing how Year 2000 compliance will be ensured with respect to plan operations.

? Has an inventory of plan-related computer information systems been developed for purposes of assessing Year 2000 compliance? Please provide a copy.

? Has a Year 2000 compliance assessment been conducted? Please provide a copy.

? What information has been reviewed by the plan fiduciaries regarding the plan's Year 2000 compliance?

? What corrective measures have been identified to date? What remedial action, if any, has been taken? By whom? How much did it cost?

? Who determined the remedial actions to be taken by the plan? What information provided the basis for the decision?

? Has the plan been "certified" as Year 2000 compliant? If so, please explain and provide a copy of the certification.

? Has a testing schedule been devised for the plan's computer systems? Who will perform the test?

? Has a contingency plan been devised in the event critical computer operations are disrupted? If so, provide a copy.

? What information has been provided, or will be provided, to plan participants regarding the Year 2000 problem?

? Who is responsible for paying the costs of addressing the Year 2000 problem?

? Has the plan compiled a list of service providers for purposes of determining Year 2000 compliance? Has the plan determined which of these providers renders essential or critical services? Provide a copy of the list.

? Provide the name and telephone number of the plan fiduciary responsible for hiring the plan service providers.

? Has the plan notified service providers of its expectations regarding Year 2000 compliance? If so, provide a copy of the notification.

? Have contracts between the plan and its service providers been amended to address the plan's expectations regarding Year 2000 compliance? If so, provide copies of the contract amendments.

? Has each plan service provider been contracted to determine their Year 2000 compliance? If so, please provide copies of the information requested and obtained from the service providers.

? Has the plan fiduciary reviewed documentation from plan service providers regarding their Year 2000 compliance? If so, what information was reviewed and what action was taken by the plan fiduciary to ensure the plan's interests, and those of participants and beneficiaries, were protected?

? Were any concerns expressed by the plan regarding the service provider's Year 2000 compliance? If so, what were those concerns and what actions were taken to address them?

? What action has the plan taken to ensure that the remedial measures required to bring the service provider's computer system into Year 2000 compliance have been or will be implemented?

? Has the plan determined that the service provider has scheduled or conducted testing of its computer systems for purposes of determining Year 2000 compliance?

? Has the plan obtained documentation describing the service provider's contingency plan or the measures the service provider intends to implement in the event essential plan operations are disrupted due to a Year 2000 problem?

? Has the plan obtained appropriate and timely information from the plan's sponsor regarding the Year 2000 compliance of its computer system?

? Has the plan's fiduciary considered the potential impact of a Year 2000 problem in the plan sponsor's computer system in developing the plan's contingency plan?

? Identify the types of services provided to ERISA-covered employee benefit plans (e.g., trustee services, banking, brokerage, investment management, record keeping). Describe the measures that have been taken to ensure that all such services have been evaluated for Year 2000 compliance.

? If the financial institution is subject to regulation by a federal, state or other regulatory agency, what actions were taken to comply with that agency's requirements?

? Has any governmental agency (state or federal) or other independent organization reviewed the company's computer operations for Year 2000 compliance? If so, identify the agency or agencies. If any report was produced and provided to the institution, please provide a copy.

? What actions have been taken by the financial institution to ensure that its service providers and vendors are Year 2000 compliant (e.g., have investment managers checked on the Year 2000 compliance of their brokers)?

? If the fiduciary makes investment decisions on behalf of the plan, what specific procedures are followed to determine that the investments are Year 2000 compliant?

? If the plan offers investment options in connection with the individually directed accounts under section 404(c) of ERISA, has the plan fiduciary taken appropriate steps to ensure that the investment options and related information systems are Year 2000 compliant?

? If a plan has delegated investment responsibility or authority, in whole or in part, to an investment manager or other fiduciary, what procedures has the fiduciary implemented to monitor that fiduciary's investment decisions in connection with the Year 2000 problem?

? In selecting, hiring, and retaining an investment adviser or manager, has the plan fiduciary obtained and reviewed appropriate information aimed at determining that investment decisions are made with the consideration of Year 2000 compliance?

The Ballard, Rosenberg & Golper Employment Law Update is published as a service for clients and business associates of the Firm. While every effort is made to ensure accuracy, it is not intended to serve as legal advice. Copyright 1999, Ballard, Rosenberg & Golper. All rights reserved. Additional copies of this publication are available upon request.