Confidentiality and the ASPPA Code of Conduct

By Karen Smith • September 03, 2015 • 0 Comments

This article originally appeared in the Summer 2013 issue of Plan Consultant. To view a PDF version, please click here.

In the age of Twitter and Facebook, information moves almost at the speed of light. We can get instant updates on topics as important as breaking news and as mundane as what people ate for breakfast. Today's culture and technology puts a greater premium on quick dissemination of information and less of a premium on discretion. But as members of ASPPA, we have a duty to keep certain of our client's information confidential.  

Confidentiality Defined

Breaking the duty of confidentiality down into smaller pieces, we need to understand what is confidential information and to whom we owe the duty of confidentiality. All references to the ASPPA Code of Conduct are to the newly adopted revised ASPPA Code of Conduct effective July 1, 2013. The revised ASPPA Code of Conduct is available on the ASPPA website.

Precept 5 of the ASPPA Code of Conduct provides as follows:

A Member shall not disclose to another party any Confidential Information obtained in rendering Professional Services for a Principal unless authorized to do so by the Principal or required to do so by Law.

The ASPPA Code of Conduct defines confidential information as:

Information not in the public domain of which the Member becomes aware during the course of rendering Professional Services to a Principal. It may include information of a proprietary nature, information which is legally restricted from circulation, or information which the Member has reason to believe that the Principal would not wish to be divulged.
To be confidential information, the information must be both not in the public domain and we must become aware of the information while rendering professional services. There is no universal definition of what it means for information to be “in the public domain.” However, in considering whether the information is in the public domain, we would want to consider how many people have access to the information. As an example, after a Form 5500 is filed the information on the Form 5500 would generally be considered the public domain because the information is posted on the EBSA website and is available to everyone. The information on a Form 5500-EZ would generally not be in the public domain because the information is not available to the public.  

If we are friends with our clients, it may be hard to differentiate when information is being shared with us in the course of a professional assignment.  For example, if a client shares information with us at a social event, is the information obtained through a professional assignment?  When sharing information with us, most clients probably expect that our treatment of confidential information is the same whether we are told in social setting or at the office.

Duty of Confidentiality

If we determine that we are in receipt of confidential information, we must then determine to whom we owe a duty of confidentiality. Precept 5 indicates that we owe a duty to “Principals.” The ASPPA Code of Conduct defines a Principal as:

Any present or prospective client of a Member or the employer of a Member where the Member provides retirement plan services for their employer’s plan.

First, we owe a duty of confidentiality to our clients. On most days this is easy to understand, but sometimes it gets complicated. For example, assume that a 401(k) plan client contact tells Service Provider A that he is dissatisfied with Service Provider B. Service Provider A and Service Provider B have a great working relationship, and Service Provider A and Service Provider B work together on a regular basis to service their mutual clients. Additionally, Service provider A and Service Provider B refer business to each other. Overall, Service Provider A may attach much more economic value to its relationship with Service Provider B than its relationship to this particular 401(k) plan. 

Service provider A may want to alert Service Provider B to the client's dissatisfaction so that Service Provider B can address the client’s concerns and rehab the relationship. Service Provider A may actually believe that it is in his 401(k) client's best interest to do so. However, Service Provider A owes a duty of confidentiality to his 401(k) client and this duty trumps any loyalty to Service Provider B and what Service Provider A believes is best. Before Service Provider A discusses the matter with Service Provider B, Service Provider A must determine whether the information that the client is dissatisfied is confidential. If the information is confidential, then Service Provider A cannot discuss the 401(k) client’s comments with Service Provider B unless the client confirms that he may.
Second, we owe a duty of confidentiality to prospective clients. Because the definition of Principal includes a prospective client as a Principal and Precept 5 extends the duty of confidentiality to Principals, we owe a duty of confidentiality to prospective clients. If the prospective client shares confidential information with us in sales process, we need to keep that information confidential unless authorized to disclose the information.
Third, in certain circumstances we have a duty of confidentiality to our employer. The definition of Principal includes our employer when we work on our employer’s retirement plan, so the Precept 5 duty of confidentiality applies. Any information that is shared with us by our employer so that we can provide services to our employer’s retirement plan is confidential.  
When we have a duty of confidentiality, we may disclose the information when either authorized by the Principal or required to so by law. Many confidentiality issues can be handled through appropriate contract drafting or clarifying with Principals what information they expect us to treat as confidential. While retirement professionals have certain obligations to promptly to respond to IRS, DOL and PBGC requests, under the ASPPA Code of Conduct, we may only release information without the Principal’s consent or when required to do so. So when information is requested by a government agency, we should either request the client to consent to the release of the information or get clarity that we are required by law to release the information. This may require the assistance of an attorney.


In close situations, we should also remember that we have a duty to act with integrity under Precept 10.  So, even if we can construct a hyper-technical argument that particular information is not confidential, we may have an overriding obligation to act with integrity.

Many confidentiality issues can be solved by raising our awareness of our duty of confidentiality and stopping to consider whether we can disclose the information before sharing the information. Just a short pause before speaking or typing can often prevent an imprudent disclosure.   

Karen Smith is an actuary and attorney in Houston. She is the president of Nova 401(k) Associates.