Founders focus on product, runway, hiring, and growth. The first 401(k) often arrives right as the company hits 20 to 50 employees and starts competing for seasoned talent. That is when a different set of rules shows up. ERISA is federal law, and it does not care how fast you are scaling or whether your finance stack is still duct tape and spreadsheets. If the plan holds employee contributions or plan assets, you need a fidelity bond. Skipping it is not a rounding error, it is a compliance failure with personal fiduciary exposure.
I have helped young companies stand up their first retirement plans, and the same questions come up every time. What exactly is an ERISA bond? How much coverage is required? Does cybercrime count? What if the recordkeeper already has insurance? Most importantly, how do we manage this without slowing the launch?
Let’s walk through the essentials with the level of detail you need to get this right the first time.
What an ERISA bond actually is
An ERISA bond is a specific kind of fidelity bond required by federal law to protect plan assets against loss from fraud or dishonesty by those who handle the plan’s funds. Think theft, embezzlement, forgery. The bond exists for the benefit of the plan, not the employer. If someone misappropriates plan money, the bond pays the plan.
The requirement comes from ERISA Section 412 and the Department of Labor’s rules. The Department of Labor focuses on who handles funds, not job titles. If a person can access plan money, move it, or direct it, they likely count as handling funds. That could include the primary payroll administrator who uploads contribution files, the finance director who approves the ACH, and an HR generalist who adds bank instructions in the recordkeeper portal.
An ERISA bond is not fiduciary liability insurance. That distinction trips up founders. A bond covers losses from dishonesty. Fiduciary liability insurance protects fiduciaries from claims alleging breach of duty, such as imprudent investment selection or late remittance of contributions. One protects assets, the other protects people. Many startups need both, but the bond is the legal minimum and often the first compliance question on a DOL audit checklist.
Why startups get tripped up
A typical early-stage company adopts a safe harbor 401(k) using a bundled provider. Payroll is semi-automated, the headcount is buy Swiftbonds online growing, and the CFO wears three other hats. In this environment:
- The team assumes the recordkeeper’s or TPA’s bond covers everything. It does not. Vendors usually bond their own employees, not yours. The plan needs coverage that names the plan and covers individuals at the company who handle funds.
A second common misread is thinking the plan is exempt because the provider is a 3(16) administrator or a 3(38) investment manager. Those roles take certain fiduciary duties off your plate, but they do not remove the bonding requirement for people at your company who handle contributions, loans, or distributions.
Timing is another pitfall. The bond should be in place when the plan becomes subject to ERISA and certainly before assets are handled. If you launch January 1, you want the bond effective as of that date. If you switch recordkeepers midyear and change payroll flows, confirm that the bond will continue without gaps.
How much coverage is required
Federal rules set a floor using a simple formula, then add a ceiling in certain cases. The standard amount is at least 10 percent of plan funds handled during the preceding plan year, with a minimum of 1,000 dollars and a typical cap of 500,000 dollars per plan. If the plan holds employer securities, the cap increases to 1,000,000 dollars.
For a first-year plan with no prior-year assets, you estimate. Most carriers and TPAs suggest choosing a reasonable projected asset level and adding a buffer. If you expect 2 million to accumulate in year one, a 250,000 dollar bond is usually adequate. If you expect rapid growth to 6 to 8 million by the end of year two, set the bond at 500,000 dollars out of the gate and revisit annually. It is inexpensive relative to the risk.
Be mindful of the per-plan calculation. If you sponsor multiple plans, each needs its own analysis. For a single startup 401(k), the key is that the bond amount keeps pace with assets. In practice, many companies simply carry the maximum 500,000 dollars to avoid annual adjustment and the administrative churn of small increments.
Who must be bonded
The rule applies to every person who handles plan funds. Handling means having physical contact with cash, the power to transfer funds, or the ability to sign checks or authorize electronic transfers. For startups, that usually includes:
- The payroll or HR contact who uploads the deferral file and initiates the ACH to the recordkeeper. The finance lead or controller who approves or releases plan-related payments, including employer match funding. Any employee who can change bank information in the plan’s systems or who can direct distributions.
You do not have to bond individuals by name. Most bonds allow blanket coverage for all persons who handle funds. That is cleaner and scales as you hire.
Vendor staff need their own bonds from their employers, handled separately. You are responsible for your company’s handlers. Auditors and the DOL will expect to see both: your plan’s bond certificate and evidence that key vendors have their own fidelity coverage.
Bond vs. fiduciary liability insurance
This distinction deserves a deeper look because claims behavior differs. The ERISA bond responds when a plan loses money due to dishonest acts by a handler. It is specific and narrow. Fiduciary liability insurance responds to allegations that fiduciaries breached their duty of loyalty or prudence, caused prohibited transactions, or mismanaged plan operations. Examples include not remitting participant contributions promptly, choosing an imprudent fund lineup, or failing to monitor fees.
Some founders hope to rely on D&O insurance. That is usually a dead end. Standard D&O excludes ERISA claims. You need a fiduciary liability policy or an endorsement that expressly covers ERISA exposures. Prices vary, but for an early plan with under 10 million in assets, annual premiums for fiduciary liability often land in the low thousands, while the ERISA bond is usually a few hundred dollars per year for a 500,000 dollar limit. They are different tools for different risks.
Simple math, messy realities
The 10 percent formula sounds easy until the year closes and the plan’s assets spike faster than expected. You do not have to adjust the bond midyear unless your carrier or internal policy requires it, but you should recalibrate at renewal. If the bond falls below the minimum for the prior year’s assets handled, that is a technical noncompliance for the period of the shortfall. During audits, I have seen the DOL request a rider or catch-up endorsement to backfill coverage for the prior period. Not every carrier offers retroactive riders, so staying ahead of growth avoids awkward conversations.
Watch the definition of funds handled. If you permit participant loans or in-service withdrawals, the people processing those transactions may now handle funds. If you add Roth deferrals or after-tax contributions with in-plan conversions, the flow could touch different systems and more hands. Each change should trigger a quick bonding check.
Working with carriers and what to ask
ERISA bonds are sold by surety companies and insurers that are named on the Department of the Treasury’s Listing of Approved Sureties. Most reputable carriers qualify. Your benefits broker can place one in a day. The underwriting is light for straightforward plans.
Ask for three simple things. First, confirm the bond names the plan as the insured party or otherwise states that plan losses are payable to the plan. Second, ask for a blanket schedule that covers any person who handles funds, not just named individuals. Third, verify the coverage limit and whether there is a deductible. ERISA bonds should not have deductibles that erode plan recovery.
If you organize multiple related companies under a single control group, confirm whether the bond covers all plans and entities, or if you need separate bonds. If you move from one recordkeeper to another, tell the broker so the bond can be updated with any new plan names or trust arrangements.
Timing it so launch stays on track
I have seen startups delay their first deferral payroll because the bond certificate was still sitting in a broker’s queue. It is avoidable. Right after you sign the plan document and provider agreements, kick off the bond. Carriers can issue certificates within 24 to 72 hours when the request is complete. Provide the legal plan name, the expected asset range for the first year, and the effective date. Store the certificate with your plan records and share it with your TPA or 3(16) administrator.
On the first payroll with employee deferrals, confirm the ACH process. The Department of Labor expects timely remittance. Small plans must remit as soon as administratively possible, often within a few business days. Large plans have a safe harbor of seven business days for small contributions in certain cases, but relying on the outer limit invites scrutiny. The bond does not excuse late remittances, and late remittances can become a fiduciary issue. Coordinating payroll and bonding avoids compounding risks.
What counts as a loss and how claims play out
Dishonesty is the trigger. Classic examples include an employee diverting contributions to a personal account or forging distribution authorizations. Less dramatic cases happen too. I once reviewed a claim where a payroll clerk changed destination bank details inside the recordkeeper portal after a phishing email. The insurer debated whether that act was dishonest or a simple error. The claim turned on intent. The bond paid because evidence showed the clerk knowingly assisted a third party for personal gain, even if the method was crude.
If a cybercriminal tricks a participant into authorizing a distribution, recovery may land under the recordkeeper’s cyber policy, not the ERISA bond. The line is fact-specific. This is one reason many startups now ask providers for a copy of their cyber theft guarantee and controls. The ERISA bond is not a cyber policy. It will not fill every gap. Strong multi-factor authentication and dual controls for bank changes still matter.
Claim handling is usually faster than liability litigation, but it is not instant. Expect to document user permissions, transaction logs, and internal policies. If you have a 3(16) administrator, they can coordinate the claim, but the plan sponsor will still need to sign off on attestations. Maintain clear access records and keep your SOC 2 reports or vendor control summaries handy.
Recordkeeper myths and reality
Modern recordkeepers are good at pushing automation and guardrails. Their marketing can leave the impression that the plan is fully insulated from fraud and therefore the bond is perfunctory. It is not. Providers limit their liability contractually and require plan sponsors to manage internal controls. I have seen master services agreements that cap the provider’s liability at a multiple of fees, which is far below potential loss. The bond becomes a meaningful backstop if an internal actor is the problem.
Ask the recordkeeper where human access intersects with money movement. Who can change the funding account? Who can add a new signer? Do they require two-factor approvals for outbound distributions above a threshold? In one case, a startup discovered that a junior HR admin had the same entitlements as the CFO, strictly because the default permission set was too broad. Cleaning that up took one call and reduced the bonding exposure profile overnight.
Auditor expectations and Form 5500 lines
Once the plan crosses 100 eligible participants with account balances at the start of a plan year, it generally becomes a large plan and needs an annual audit. Auditors will request the bond certificate and compare the amount to plan assets. They will also ask for a list of people who handle funds. If the bond is short, they will note a finding and may require a corrective action plan. The Form 5500 asks whether the plan is properly bonded and for the amount. Checking the wrong box is easy to catch and irritating to fix.
For small plans, the audit requirement does not apply, but the bonding requirement still does. Filing the 5500-SF will still ask you for bond information. Make it a habit to update the bond at renewal, typically aligned with your plan year end, then drop the new certificate into your plan documents folder along with the annual notices, fee disclosures, and board consent.
Controlled groups, PEOs, and startups with global teams
Edge cases create confusion. If you operate under a PEO arrangement and use the PEO’s 401(k), you may not be the plan sponsor. In that case, the PEO manages bonding for the plan, but you still need to confirm that your staff who handle contributions within your payroll process are covered appropriately. Some PEOs structure payroll so that you never handle funds, which reduces your responsibilities. Read the agreement. If you sponsor your own plan while using a PEO for HR, you still need your own ERISA bond.
For controlled groups, such as a parent company with subsidiaries, the sponsor can obtain a single bond that covers all plans under the umbrella if structured correctly. The important part is that the bond names each plan or includes language broad enough to encompass all plans and handlers. Do not assume the bond follows automatically. Ask the broker to list every plan explicitly.
For teams outside the United States, remember ERISA applies to U.S. plans and U.S.-sourced assets. If your Israel-based payroll manager logs into the U.S. recordkeeper and can initiate transfers from the U.S. plan trust, that person is handling funds and needs to be covered, even if their employment contract is international.
Building practical controls that complement the bond
The bond is the last line of defense. Operational controls reduce the chance you will need it. Dual approvals for bank changes and ACH releases, restricted admin permissions in the recordkeeper portal, and quarterly spot checks on participant loans and distributions catch issues early. Treat the plan trust account like you treat your operating account: no single person should be able to move money end to end.
Training matters. New HR or payroll hires should get a 30-minute onboarding on plan cash flows, timing rules for deferral remittances, and phishing red flags. Provide a one-page runbook for the contribution process with screenshots. The DOL’s late remittance cases often start with well-meaning staff who did not know the clock starts when payroll is withheld.
If you work with a 3(16) administrator, align who does what. If they initiate distributions, your staff should not have redundant authority. The more hands, the more to bond and the higher the risk surface.
Cost reality and budgeting
Most startups ask the cost question late. For planning purposes, an ERISA bond with a 500,000 dollar limit often costs between 150 and 500 dollars annually, depending on carrier and structure. A 1,000,000 dollar bond for plans with employer securities is more, but most startups do not hold employer stock in their 401(k). You can usually buy multi-year terms to lock pricing and reduce renewals. Fiduciary liability insurance, if you add it, will cost more, commonly 1,500 to 5,000 dollars per year for small plans, scaling with assets and limits.
Given these numbers, the financial barrier is not the premium. It is the attention cost. Calendar the renewal with your other annual plan duties, like fee benchmarking, investment review, and notice distribution. Once it is part of the rhythm, the bond becomes easy.
Two quick checklists to stay out of trouble
Startup teams benefit from crisp steps that fit on a page. The following two lists are short by design.
- Determine who handles funds: name the payroll initiator, approver, and anyone who can change bank details. Choose blanket coverage. Set the bond amount: 10 percent of prior-year funds handled subject to a 1,000 dollar minimum and a typical 500,000 dollar cap, or estimate for the first year and round up. Verify the bond form: plan is the insured beneficiary, no deductible that reduces plan recovery, carrier is on the Treasury approved list. Align timing: effective on plan start date, no gaps when changing providers, certificate stored with plan documents and shared with the TPA or 3(16). Revisit annually: adjust for asset growth, coordinate with the Form 5500, and confirm vendor bonds and cyber guarantees are current. Tighten controls: dual approvals for ACH and bank changes, least-privilege access in recordkeeper portals, MFA enforced, and quarterly spot checks on distributions and loans. Train the team: 30 minutes for new payroll and HR on remittance timing, phishing, and the runbook for contributions. Clarify roles: if a 3(16) or 3(38) is engaged, document who initiates transactions and who reviews logs. Validate vendors: obtain their fidelity bond certificates, SOC 2 or equivalent, and written cyber theft guarantees with caps. Document exceptions: if an error delays remittance, record cause, correction, and steps to prevent recurrence.
What to do if you realize you missed it
Discovering you have been operating without a bond or with an insufficient amount is fixable. First, buy the correct bond immediately. Second, inform your TPA and auditor. Third, if there was a period of shortfall, ask the carrier if they can issue an endorsement to provide retroactive coverage. Not all will. If not, document the remediation and maintain proof of current compliance. If you also had late remittances, you may need to use the DOL’s Voluntary Fiduciary Correction Program, which allows you to correct and pay calculated interest, then receive a no-action letter. It is paperwork, but it clears the deck.
Do not try to backdate a bond. Carriers will not do it, and it creates a credibility problem if the DOL asks for policy issuance records. Transparency and prompt correction go further than perfection after the fact.
Final perspective for founders
Launching a 401(k) is a milestone. It signals you plan to retain people and invest in their future. The ERISA bond is a small but non-optional part of that step. It is not a heavy lift, and when handled early, it never slows the plan. Identify who handles funds, get a bond sized to your likely assets, tighten access, and put the certificate where your auditor will Swiftbonds find it. Paired with a modest fiduciary liability policy and clean payroll processes, you will have covered the real risks without burning time or budget.
One last reminder: revisit after growth spurts and system changes. When you raise a round, double headcount, or switch payroll, the money flow changes. Spend ten minutes with your broker and TPA to confirm the bond and controls still fit. That small discipline keeps your plan safe and your team confident that the company is handling their retirement dollars with care. If you remember nothing else, remember this: the erisa bond protects the plan from dishonesty, but good operations protect you from ever needing it.