Most retirement plan sponsors don’t think about fidelity bonds until a Form 5500 filing flags an issue or an auditor asks for proof. By that point, you can be looking at amended filings, late penalties, or worse, a referral to the Department of Labor’s enforcement unit. The irony is that getting the ERISA bond right is one of the simplest compliance tasks a fiduciary faces. The trouble stems from two things: people confuse the ERISA fidelity bond with fiduciary liability insurance, and they underestimate the nuances in the Department of Labor’s rules. The fix is to slow down, check the right details, and document your work so you can prove compliance when asked.
I have reviewed hundreds of plan documents, audit binders, and bond certificates. The same problems repeat. Bonds written to the plan sponsor instead of the plan. Bonds that insure the wrong risks. Coverage that tops out at 10 percent of last year’s plan assets, even though the plan now holds employer securities and needs more. A “blanket” crime policy that never added the ERISA endorsement. If you know where to look, you can find these gaps in minutes and fix them before they cause trouble.
What the bond is, and what it is not
ERISA requires every person who handles plan funds or property to be bonded. The ERISA bond, also called an ERISA fidelity bond, protects the plan, not the employer or the fiduciaries personally. It covers loss to plan assets caused by fraud or dishonesty by those who handle the funds. Think theft, embezzlement, forgery, larceny. It is not the same as fiduciary liability insurance, which protects individual fiduciaries from claims of breach of duty. The two are complementary. You often need both, but they solve different problems and the Department of Labor treats them differently.
This distinction matters because the DOL will not accept a fiduciary liability policy in place of an ERISA bond. Nor will it accept a general commercial crime policy unless that policy has the proper ERISA endorsements and names the plan as the insured. The fidelity bond is a statutory requirement under ERISA section 412. If you fail to maintain it in the right amount, you have a compliance issue even if you also carry excellent fiduciary liability coverage.
Who must be bonded
The rule focuses on handlers of plan funds or property. Handling means physical contact or the power to transfer, negotiate, or disburse plan funds, or to direct those who do so. In practice, that includes internal staff who process contributions and distributions, write checks, reconcile trust statements, or have authority over online access. It also includes officers who can instruct a trustee or custodian, payroll personnel who transmit plan contributions, and anyone with authority to sign or disburse plan checks.
For most single-employer plans, you will bond the sponsor’s finance or HR employees who touch plan money, and sometimes executives who have control or authority even if they rarely exercise it. For plans that hire a third-party administrator or contract with a recordkeeper, those firms usually carry their own ERISA bonds for their personnel, but you should not assume their bond satisfies your obligation. Your plan’s handlers still need to be bonded, and the bond must protect the plan itself. If a service provider has discretionary control over assets or the ability to move money, verify their bond too and keep a current certificate on file. This is a common point raised during audits, and most providers expect the question.
The required amount: calculating the right coverage
The baseline rule is simple: the bond must be at least 10 percent of the amount of plan funds handled in the previous year, subject to a minimum of 1,000 dollars per handler and a standard maximum of 500,000 dollars for most plans. If the plan holds employer securities at any point during the plan year, the maximum goes up to 1,000,000 dollars. Many sponsors rely on a blanket amount that covers all handlers, and that is fine, as long as the aggregate limit is large enough. Where plans get tripped up is failing to update coverage as assets grow or misunderstanding how the cap works.
A few scenarios illustrate where judgment comes in:
- A 401(k) plan with 4.8 million dollars in assets last year needs at least 480,000 dollars in bond coverage. Many brokers round up to the nearest 50,000 or 100,000 for convenience. That helps avoid undercoverage during the year if assets grow a bit. A plan with 9 million dollars in assets last year would calculate 900,000 dollars by the 10 percent rule. If the plan does not hold employer securities, the maximum required amount is 500,000 dollars. Bonding at 500,000 dollars meets the rule even though the 10 percent math is higher. A plan with 6 million dollars in assets and any employer stock, even a small amount in a company stock fund, needs up to 1,000,000 dollars in coverage by the same 10 percent rule with the higher cap. Here, 10 percent is 600,000 dollars, so a 600,000 dollar bond is adequate. If assets rise past 10 million dollars and employer stock remains in the plan, the cap becomes 1,000,000 dollars, and you should increase coverage. A start-up plan that began last quarter might have very modest assets on December 31. The bond still must meet at least the 1,000 dollar minimum per handler. In practice, most sponsors buy a bond sized to projected year-end assets to avoid repeated changes.
There is also a practical nuance for contribution timing. If your payroll cycle results in large, rapid deposits, the amounts handled on a given day can spike. Blanket bonds with per-loss limits, rather than per-person limits, help cover these peaks, but you still size the bond against 10 percent of last year’s assets. If your plan grew by 50 percent this year, consider increasing midyear. The DOL’s baseline is last year’s value, yet auditors care about whether coverage was reasonable and continuous. Right-sizing sooner saves headaches.
The DOL’s approved surety list and why it matters
Not every insurer can write an ERISA bond that the DOL will accept. The surety must appear on the Department of the Treasury’s Listing of Certified Companies, often called the Treasury List or Circular 570. The DOL looks to that list to ensure the surety meets federal solvency standards. If your bond is issued by a non-listed carrier, you may technically have no valid bond in place.
I have seen this happen with small, regional carriers that offer competitive crime policies but never bothered to get on the Treasury List. The certificate looks fine, the premium is attractive, and a busy administrator checks the box and moves on. Two years later, the plan’s independent auditor catches the issue. You do not want that conversation in the middle of an audit fieldwork week.
The verification is easy. Ask your broker for proof the surety is on the Treasury List for the policy period. Or search the public database and save a screenshot with the issue date circled. Insert it into your compliance binder next to the bond certificate.
The bond must protect the plan
The beneficiary matters. The bond must run to the plan. Many certificates are issued to the plan sponsor as the named insured. That is convenient for brokers who think in terms of corporate policies, but ERISA requires the plan to be protected. You can name the plan sponsor as the policyholder if the bond includes a rider or endorsement that names each plan as https://sites.google.com/view/swiftbond/surety-bonds/limitations-impact-bondholders-ability-to-comply-regulatory-requirements a covered plan and states that loss is payable to the plan. If you sponsor more than one plan, make sure each plan is scheduled or clearly covered by a blanket ERISA rider.
A small but important detail: the bond must cover loss to plan property, even if the assets are held in trust at a third-party custodian. The fact that no checks are issued from your office does not change the handling status of people with authority to move funds. A common miss in bond language is a limitation that excludes loss discovered by anyone other than the insured. ERISA requires discovery by any plan official to be sufficient to trigger coverage. Well-drafted ERISA endorsements fix that, but you should read the form.
Who is covered and what dishonest acts are covered
An ERISA bond covers loss from fraud or dishonesty by people who handle plan assets. That includes employees, officers, and sometimes outside parties to the extent they serve as plan officials or are otherwise covered by the bond’s definition of “employee.” Many bonds define employee broadly for ERISA purposes, but some do not. If your plan relies heavily on a payroll provider, a TPA with trust authority, or a recordkeeper that can move money, verify that either their own ERISA bond covers their handlers with sufficient limits or your bond’s definition extends to them. If in doubt, ask your broker to obtain a written confirmation from the carrier.
Covered acts should include theft, embezzlement, forgery, misappropriation, and larceny. Some carriers add computer fraud and funds transfer fraud endorsements to crime policies. Those are valuable, but remember, the ERISA bond’s job is fidelity, not third-party cybercrime. If a hacker outside your organization steals plan money, that may fall under a computer crime or cyber policy, not the ERISA bond. This is one reason why it matters to pair a compliant ERISA bond with an appropriately structured commercial crime policy. They overlap in helpful ways but serve different purposes.
How auditors and the Form 5500 look at bonding
If your plan requires an annual audit, your CPA firm will review your ERISA bond as part of the audit. They check the amount, the dates, the issuer, and the endorsements. They also compare the bond to the answers on Form 5500, Schedule H, line 4f, which asks if the plan is covered by a fidelity bond, and if so, in what amount. Discrepancies draw questions, and a pattern of undercoverage can cause an internal control finding.
Even plans that do not require an audit must answer the 5500 bonding questions. The DOL uses data analytics to identify plans with no bond or inadequate amounts based on reported assets. Letters then go out to plan sponsors requesting proof and corrective steps. You want your file to contain the current bond certificate, any riders, the Treasury List verification, and a brief worksheet showing your 10 percent calculation with last year’s asset figure and whether the employer securities cap applies.
A practical verification process
You can verify compliance in under an hour if you gather the right documents and follow a consistent routine. Here is a streamlined checklist that works well during year-end close or before filing the 5500.
- Pull last year’s plan asset value from the trust statement as of the last day of the year, and note whether the plan held any employer securities during the year. Calculate 10 percent of that value, then apply the appropriate cap: 500,000 dollars for most plans, 1,000,000 dollars if employer securities were held. Round up to create a small cushion. Obtain the current bond certificate and any endorsements. Confirm the effective dates cover the full plan year, the plan is a named insured or loss payee, and the coverage limit meets or exceeds your calculation. Verify the issuing surety appears on the Treasury Department’s list for the policy period, and save proof. Confirm the individuals and entities who handle plan funds are covered, including internal staff and any provider with authority to move money. Keep evidence of service providers’ bonds on file.
That is one list. You likely will not need another. Most gaps surface when you run those steps with a critical eye.
Common pitfalls and how to handle them
A frequent and expensive mistake is relying on a corporate crime policy without the ERISA rider. The carrier issues a clean, broad form that covers employee theft. It looks similar to a fidelity bond, but the policy names the company as the insured and does not promise to pay loss to the plan. When asked, the broker says, “We can add the ERISA endorsement at renewal.” Without that endorsement, you have not satisfied ERISA’s bonding requirement. Insist on the endorsement now, effective back to the start of the plan year if the carrier will agree. If they will not, purchase a separate stand-alone ERISA bond for the remaining months and document the correction.
Another miss involves growing plans that outpace the bond limit. A plan that doubled from 3 million to 6 million dollars in assets still shows a 300,000 dollar bond on the 5500 because no one recalculated. The DOL often views this as an administrative oversight rather than bad faith, but it still needs to be fixed. Increase the bond as soon as you discover the shortfall, and keep a memo noting the date you found the issue, the steps taken, and the new certificate. If the plan invests in employer securities, err on the higher cap and update immediately.
A subtler edge case is a plan that uses a pooled account arrangement where the trustee holds assets of multiple client plans in one fund. The service provider controls the account and is bonded. Plan staff have no direct control over the pooled account, so the sponsor assumes no bond is needed. That assumption can be wrong. If your staff transmits contribution files and initiates instructions that cause funds to move, they are handling plan funds under ERISA. Maintain coverage for your team even if the provider is also bonded.
Changes in payroll systems or banking platforms can create temporary gaps. When you switch to a new ACH platform with broader access rights, somebody gains the authority to move plan money. If your bond schedule lists named positions, update it. If the bond is blanket and not position-specific, the change is likely covered automatically, but keep a record showing the new access list and why you believe coverage applies. Auditors appreciate documentation that connects HR and IT changes to plan controls.
What counts as employer securities
The higher bonding cap of 1,000,000 dollars applies when the plan holds employer securities. That includes the obvious case of a company stock fund in a 401(k) plan or an ESOP. But employer securities can appear in unexpected places. A safe harbor matching contribution paid in company stock, then converted to cash soon after, still counts. Private company plans that hold employer notes or warrants through a profit-sharing feature might also trigger the higher cap. If you are unsure, ask counsel or your auditor for a determination. When in doubt, many sponsors choose the higher limit because the premium difference at these bond levels is relatively modest.
Duration and retroactive periods
The bond must be in place for the full plan year. Multi-year bonds exist and can be efficient, particularly for small plans that do not want to manage annual renewals. If you buy a three-year bond, track renewal dates with the same rigor you use for your plan’s fidelity and fiduciary policies. A lapsed period of even a few days can create an ugly footnote in an audit report. The ERISA bond is not designed to be retroactive; it covers loss discovered during the bond period subject to policy terms. If you suspect a loss that predates the bond, consult counsel and your carrier immediately. Trying to backdate a bond is not an option.
Interaction with Form 5500 small plan audit waiver
Small plans, generally defined as those with fewer than 100 participants at the start of the year, can avoid a full audit if they meet certain conditions, including having at least 95 percent of plan assets in “qualifying plan assets,” or meeting alternative conditions with enhanced disclosures. The fidelity bond plays into this because if a plan does not meet the qualifying asset threshold, it can still avoid an audit by obtaining a bond amount equal to 100 percent of non-qualifying assets. This is separate from the standard 10 percent rule and can require a substantially higher bond. If you rely on the small plan waiver route, talk to your auditor or advisor. The difference between a 500,000 dollar bond and a 2 million dollar bond can be significant, but it may be cheaper than an audit.
I worked with a 70-participant plan invested partly in a self-directed brokerage window. The assets in that window did not meet the qualifying definition. The sponsor initially carried a 250,000 dollar bond under the 10 percent rule. To rely on the audit waiver, we needed a bond equal to all non-qualifying assets, which came to roughly 1.4 million dollars. The premium increase was painful but still a fraction of a full audit cost.
Documentation that stands up
Good compliance shows its work. Create a short annual memo that states last year’s plan assets, the 10 percent calculation, the applicable cap, and the elected bond limit. Attach the certificate, endorsements, a Treasury List confirmation, and a roster of handlers. If you rely on provider bonds, include their certificates and note their limits and carriers. Save this packet with your 5500 workpapers. When your auditor or the DOL asks, you can produce the packet in minutes. That speed signals control and helps keep inquiries short.
Working with brokers and carriers
Not all brokers understand ERISA bonding nuances. Ask pointed questions. Does the policy include an ERISA rider that names the plan? Does the definition of employee cover any non-employee plan officials for ERISA purposes? Is the carrier on the Treasury List? Is the limit per loss, per plan, or per employee? Are there aggregate limits that could reduce available coverage after a claim under another part of the crime policy? How are new plans or mergers handled midterm?
One sponsor I advised bought a bond that had a per-employee sublimit far below the total limit. The plan had three handlers with 200,000 dollar per-employee sublimits and an overall 600,000 dollar policy limit. On paper, it looked like 600,000 dollars of coverage, but in practice, a single dishonest act by one person was capped at 200,000 dollars. That structure may pass muster with ERISA if the total is at least 10 percent and other terms are right, but it undermines practical protection. We changed to a per-loss structure that applied the full limit regardless of which handler caused the loss.
Mergers, acquisitions, and plan changes
Corporate transactions often push the bond to the bottom of a long integration checklist. When plans merge, participant counts and asset levels shift quickly. The 10 percent rule still looks at last year’s assets, but a midyear merger adds complexity. If you fold a 15 million dollar plan into a 4 million dollar plan, you should not wait until next year to increase the bond. Update during the merger, and schedule all plans now covered. If you terminate a plan and liquidate assets, keep the bond in force until final distributions are complete and the trust is empty. Distributions are high-risk moments for dishonest acts. Letting the bond lapse before the last check clears is a mistake.
When you adopt a new plan feature that changes how money moves, reevaluate your controls and bonding. Adding hardship withdrawals or in-plan conversions gives more people the chance to touch funds. That does not always change the bond amount, but it can change who must be covered and how you document handling.
Handling service provider transitions
Switching recordkeepers or TPAs is a prime time to audit your bonding. The outgoing provider may have been the only party with transaction authority. The incoming provider might require employer staff to approve ACH distributions or authorize wire instructions. That small change turns a previously non-handling role into a handling role. Update your bond roster and internal access logs. Keep the provider’s bond certificate on file, and if the provider is a fiduciary with discretionary control, verify their coverage is robust.
During one transition I oversaw, the new recordkeeper temporarily gave two HR generalists distribution approval rights to address a backlog. No one updated the bond roster. The auditors later noted that those two employees were handlers for six weeks without documented bonding. We had a blanket bond that applied to all employees, so we were ultimately fine, but the lack of documentation created a finding we could have avoided with a one-page access change memo.
Cost, premiums, and shopping the market
ERISA bonds are relatively inexpensive for most plans. Premiums vary by limit, term, carrier, and whether the bond is stand-alone or part of a broader crime policy. For a 500,000 dollar limit, annual premiums for small to mid-size plans often sit in the low hundreds to low thousands of dollars. Multi-year policies can offer a discount. If your plan needs a large bond to avoid a small plan audit, the premium will climb, but it is still often cost-effective compared to audit fees.
When shopping, do not choose on price alone. The value is in clean ERISA endorsements, Treasury List status, responsive claims handling, and policy language that avoids gaps. Ask to see specimen forms and endorsements. A well-written stand-alone ERISA bond from a recognized surety beats a bargain bundle with ambiguous language.
What to do if you discover noncompliance
If you find that your ERISA bond has lapsed, the issuer is not on the Treasury List, the limit is too low, or the plan was not named properly, correct it at once. Buy the proper bond, adjust the limit, or secure the right endorsement. Document the error and the fix with dates. Update the 5500 if a filed return is incorrect and your advisor recommends amendment. If a significant period lacked coverage, consult ERISA counsel about whether to make a voluntary correction or disclosure. The DOL’s enforcement posture is firmer when they find the issue first and your file shows no intent to comply.
The quiet value of getting this right
A compliant ERISA bond rarely saves the day in dramatic fashion, but when a dishonest act occurs, it is the one requirement that converts a bad story into a recoverable loss for participants. More commonly, a clean bond file shortens audits, prevents DOL letters, and signals that your fiduciary house is in order. It is a simple thing that reflects a larger culture of care. That culture shows up in how you reconcile contributions, who can move money, how you train staff, and how you document decisions. The bond is one thread in a strong net.
If you have not looked at your ERISA bond since last renewal, take an hour this week to verify the pieces. Confirm the limit, the carrier’s status, the named insured, and the roster of handlers. Match it to last year’s assets, note whether employer securities apply, and capture the proof in your compliance binder. Quiet, routine work, done well, is what keeps plans safe and keeps fiduciaries out of headlines. An ERISA bond is the epitome of that kind of work.