PEO Compliance & Risk

Benefit Fiduciary Liability Under the PEO Model: What Your Compliance Framework Actually Needs to Cover

Benefit Fiduciary Liability Under the PEO Model: What Your Compliance Framework Actually Needs to Cover

Most business owners signing a PEO agreement walk away thinking one thing: the PEO handles benefits, so the PEO owns the liability. It’s a reasonable assumption. You’re co-employing through their platform, they’re sponsoring the master plan, they’re handling enrollment and administration. Surely that means the fiduciary exposure transfers to them.

It doesn’t. Not cleanly, anyway.

Under ERISA, fiduciary responsibility is functional. It follows discretion, not contracts. And in a co-employment model, you’re almost certainly exercising some discretion over benefit-related decisions whether you realize it or not. That makes you a fiduciary. Which means a compliance failure isn’t just a vendor problem — it’s a personal liability problem.

The stakes here aren’t abstract. Fiduciary breaches under ERISA can trigger DOL investigations, plan disqualification, and personal liability for the business owners and executives who made the offending decisions. The PEO’s indemnification clause won’t necessarily protect you if the DOL determines you exercised discretionary control. And in practice, the gaps between what the PEO covers and what you’re still responsible for are rarely spelled out clearly in the service agreement.

This article walks through where fiduciary liability actually sits in a PEO relationship, what a real compliance framework needs to address, and where the exposure tends to hide. If you’re currently in a PEO arrangement or evaluating one, this is the part of the conversation most vendors skip.

ERISA Fiduciary Duty in a Co-Employment Structure

ERISA Section 3(21) defines a fiduciary based on function, not job title. If you exercise discretionary authority or control over plan management, plan assets, or plan administration, you’re a fiduciary. Full stop. The statute doesn’t care whether you signed a document accepting that role. It cares what you actually do.

This matters enormously in a PEO context because the co-employment model creates a layered structure where both the PEO and the client company are making decisions that touch benefit plans. The PEO sponsors the master plan and administers it. But the client company is typically making decisions about which plan tiers to offer, which employees are eligible, when employment starts and ends, and whether the PEO arrangement itself is appropriate for the workforce. Each of those decisions can carry fiduciary weight.

There’s a useful distinction to understand here: named fiduciary versus functional fiduciary. The named fiduciary is the entity explicitly designated in the plan document as responsible for plan administration. In most PEO arrangements, that’s the PEO. But ERISA recognizes that named status doesn’t capture everyone who actually exercises control. A functional fiduciary is anyone who, regardless of title or designation, exercises the kind of discretion the statute describes.

Business owners become functional fiduciaries more easily than they expect. If you decide to offer the higher-tier health plan to attract a key hire, you’ve exercised discretion over plan design. If your HR director makes an eligibility call that isn’t clearly dictated by plan documents, that’s discretionary. If you selected the PEO in the first place and chose it partly based on its benefit offerings, you may have exercised discretionary control over the plan by choosing who administers it. For a deeper look at the dollar impact of these decisions, the financial impact analysis of benefit fiduciary liability breaks this down quantitatively.

The co-employment wrinkle is that neither party can fully escape fiduciary exposure by pointing at the other. The PEO is a fiduciary for the functions it controls. You remain a fiduciary for the functions you control. And in the gray zones where both parties touch the same decision, liability can be concurrent rather than exclusive.

This isn’t a theoretical concern. The DOL has pursued both named and functional fiduciaries in enforcement actions, and courts have consistently held that the functional definition in Section 3(21) is broad. Understanding that you may hold fiduciary status is the starting point for building a compliance framework that actually protects you.

How Liability Splits Between You and the PEO

A well-drafted PEO service agreement will attempt to allocate fiduciary responsibility between the parties. Typically, the PEO assumes responsibility for plan design, benefits administration under the master plan, investment selection in 401(k) contexts, and compliance with plan document terms. The client company retains responsibility for accurate employee census data, timely premium payments, and eligibility determinations based on employment status.

That’s the clean version. The reality is messier.

Take contribution remittance timing. ERISA requires that employee contributions be deposited into the plan as soon as they can reasonably be segregated from employer assets — which the DOL has interpreted strictly for small plans. In a PEO model, the client company collects payroll, the PEO processes it, and contributions flow through the PEO’s administrative infrastructure. If there’s a delay, the question of who’s responsible depends on where in that chain the lag occurred. If your payroll data was late getting to the PEO, that’s a client-side failure. If the PEO sat on the funds, that’s their problem. In practice, the handoff points are rarely documented clearly enough to assign blame cleanly after the fact. Understanding how to properly handle PEO payroll tax liability accounting is critical to getting these handoffs right.

COBRA administration is another gray zone. When an employee loses coverage, the PEO typically handles COBRA notices under its master plan. But the triggering event — termination, reduction in hours, a qualifying life event — originates with the client company. If you’re slow to report a termination to the PEO, the COBRA notice clock is already running against you. The liability for a missed notice may fall on the client even if the PEO is the plan administrator, because the client controlled the information that would have triggered timely action.

Then there’s the communication liability problem. If your HR team or a manager tells an employee something about their benefits that doesn’t match the PEO’s plan documents, you’ve created exposure. Courts have recognized estoppel claims in ERISA cases where employees relied on informal representations about coverage. The PEO’s plan document controls legally, but that doesn’t insulate you from the consequences of what your people said.

The most important thing to understand here is that fiduciary liability under ERISA cannot be fully disclaimed by contract. This is well-established. Your PEO service agreement may say the PEO assumes all fiduciary responsibility for the master plan. The DOL doesn’t have to accept that framing. If you exercised discretionary control, you’re a fiduciary regardless of what the contract says. Knowing the PEO contract liability risks that commonly surface in these agreements is essential before you sign anything.

What this means practically: the service agreement is a starting point for understanding liability allocation, not an endpoint. You need to understand what decisions you’re actually making day-to-day and whether any of them carry fiduciary weight.

Building a Compliance Framework That Actually Holds Up

A real compliance framework for benefit fiduciary liability under a PEO model isn’t a one-time checklist. It’s an ongoing operational structure. Here’s what it needs to include.

A documented fiduciary allocation matrix. This is a written record of which party is responsible for each fiduciary function: plan design decisions, investment selection, eligibility determinations, contribution remittance, claims administration, COBRA processing, Form 5500 filing, and any other function where discretion is exercised. It should be aligned with the service agreement but more granular. The goal is to eliminate ambiguity about who owns what — both internally and in the event of a DOL inquiry.

An annual plan document review process. Plan documents change. Master plan amendments by the PEO can affect your employees’ coverage in ways you won’t catch unless you’re reviewing them. A formal annual review — ideally with outside ERISA counsel — catches drift between what the plan documents say and what your company is actually doing. Tracking the compliance reporting requirements that apply to your arrangement ensures nothing slips through the cracks during this review.

Written procedures for data transmission and eligibility reporting. The handoff between your HR systems and the PEO’s enrollment platform is one of the highest-risk points in the entire arrangement. Documenting the process, the timing, and the reconciliation steps creates a paper trail and forces operational discipline. If something goes wrong, you want to be able to demonstrate that you had a process and followed it.

A monitoring protocol for the PEO’s fiduciary performance. This is where a lot of companies fall short. The Supreme Court’s 2015 decision in Tibble v. Edison International reinforced that appointing a fiduciary doesn’t end your obligations. The appointing party has an ongoing duty to monitor the fiduciary’s performance. In a PEO context, that means periodic review of plan fees, administrative accuracy, claims handling procedures, and investment performance in 401(k) plans. Monitoring doesn’t mean micromanaging the PEO — it means having a documented process for evaluating whether they’re doing their job.

The right insurance coverage. Two separate instruments matter here. ERISA Section 412 requires a fidelity bond covering fiduciaries against losses caused by fraud or dishonesty. This is a minimum requirement, not comprehensive protection. Fiduciary liability insurance is a separate product that covers losses from alleged breaches of fiduciary duty, including honest mistakes. Relying solely on the PEO’s coverage is risky. Their policy may have subrogation clauses that allow the insurer to recover against you, coverage limits that don’t extend to client-side decisions, or exclusions that apply to co-employment arrangements. Understanding how to properly track and account for benefits expenses under your PEO arrangement helps you verify that insurance costs and coverage are aligned with your actual exposure.

The Gaps That Create Real Exposure

Even companies that think they have their compliance posture figured out tend to have the same blind spots. These are the ones worth examining closely.

Failing to verify the PEO’s fidelity bond. ERISA Section 412 requires that every person who handles plan funds be bonded for at least 10% of the plan assets they handle, subject to regulatory minimums and maximums. Many client companies assume the PEO’s bond covers their plan. It may — or it may not, depending on how the bond is structured and whether the master plan arrangement creates separate coverage obligations. Asking for documentation of the PEO’s bond and confirming it meets Section 412 requirements for your specific plan is basic due diligence that most companies skip.

No reconciliation process for census data and plan enrollment. Enrollment errors are common in PEO arrangements, particularly around life events, terminations, and new hires. If your payroll records and the PEO’s enrollment records diverge, employees may be enrolled in plans they’re not eligible for, or excluded from plans they should be in. Without a regular reconciliation process, these errors accumulate. When they surface — usually during a DOL audit or a claims dispute — they become evidence of administrative failure that can support a fiduciary breach allegation. A clear understanding of how PEO benefits administration actually works helps you identify where reconciliation breakdowns are most likely.

Assuming the PEO handles Form 5500 without verifying. Form 5500 filing obligations in a PEO context depend on plan structure. If the PEO sponsors a multiple employer plan (MEP), it typically files on behalf of the master plan. But if your company maintains its own plan that happens to be administered through the PEO, you may have independent filing obligations. Getting this wrong — or not filing at all — creates significant penalties and can trigger DOL scrutiny. Confirm in writing who is filing, what they’re filing, and review the filing before it goes out.

The communication liability trap. Informal benefit promises are a persistent problem. A manager tells a new hire they’ll be covered from day one. An HR coordinator explains a benefit incorrectly during onboarding. These conversations happen constantly, and they create exposure when they contradict the plan documents. Training your HR team and managers on what they can and cannot say about benefits — and directing employees to the plan documents for authoritative answers — is a compliance function, not just a communication preference.

PEO transitions and terminations. Fiduciary liability doesn’t end when the PEO contract ends. When you leave a PEO arrangement, there are live fiduciary obligations around COBRA continuity, contribution timing, benefit run-outs, and plan document handoffs. A thorough PEO termination clause risk analysis before you exit can prevent the most expensive mistakes. These transitions are operationally complex and often rushed. Planning the exit with the same compliance rigor as the entry is something most companies don’t do — and it’s where some of the most expensive problems originate.

Evaluating Whether a PEO’s Fiduciary Framework Is Actually Solid

When you’re comparing PEO providers, most of the conversation focuses on pricing, HR technology, and service tiers. Compliance infrastructure rarely gets the same scrutiny. Here’s what to actually ask.

Does the PEO maintain its own ERISA fidelity bond, and can they provide documentation? Can they provide a copy of their fiduciary liability insurance policy, including coverage limits and any exclusions relevant to co-employment arrangements? Does the service agreement explicitly define fiduciary allocation, or does it use vague language that leaves the boundaries unclear? Does the PEO have documented procedures for handling prohibited transactions under ERISA Section 406? Understanding the broader landscape of PEO state compliance liability is also important, since fiduciary obligations can interact with state-level regulatory requirements.

These aren’t trick questions. A PEO with a mature compliance infrastructure will have straightforward answers. Evasiveness or vague reassurances here are red flags worth taking seriously.

IRS-certified PEO (CPEO) status under IRC Section 7705 is worth understanding in this context. CPEO certification imposes additional bonding and financial reporting requirements on certified PEOs, which provides some additional compliance infrastructure compared to non-certified providers. That said, CPEO status is primarily a tax certification — it addresses payroll tax liability allocation, not benefit fiduciary exposure specifically. CPEO status is a positive signal, but it doesn’t eliminate client-side fiduciary risk and shouldn’t be treated as a compliance substitute.

Independent fiduciary audits are another tool worth considering if your plan is large enough to justify the cost. A third-party audit of the PEO’s fiduciary performance creates documentation of your monitoring obligation being met and can surface problems before they become enforcement issues. Building a PEO savings projection model that accounts for compliance costs — including audit expenses and insurance premiums — gives you a more accurate picture of the true cost of each provider.

This is where a structured comparison framework becomes genuinely useful. Most businesses evaluate PEOs on price and HR features. PEO Metrics builds compliance depth into the evaluation criteria, so you can see how providers stack up on fiduciary infrastructure, not just cost per employee per month. That kind of side-by-side analysis is harder to do on your own without knowing what to ask for — and the stakes are high enough that guessing isn’t a great strategy.

The Bottom Line on Fiduciary Exposure

Fiduciary liability in a PEO model is shared. Not transferred. The PEO takes on significant fiduciary responsibility for the functions it controls, but that doesn’t create a clean wall between their exposure and yours. The decisions you make — about eligibility, about which PEO to use, about how your HR team communicates benefits — carry fiduciary weight whether or not you intended them to.

The compliance framework that protects you isn’t a document you create once and file away. It’s a set of ongoing practices: documented allocation of responsibilities, regular plan document review, disciplined data reconciliation, monitoring of the PEO’s performance, and appropriate insurance coverage that doesn’t depend entirely on the PEO’s policy.

Fiduciary allocation should also be a primary criterion when you’re comparing PEO providers, not an afterthought. The provider who’s cheapest on paper may be the most expensive if their compliance infrastructure is weak and the liability lands on you.

If you’re approaching a renewal or actively evaluating providers, don’t rely on the vendor’s sales pitch to understand where your exposure actually sits. Don’t auto-renew. Make an informed, confident decision. The difference between a PEO that genuinely shares fiduciary responsibility and one that contractually appears to while leaving the gaps to you is exactly the kind of distinction a rigorous side-by-side comparison will surface.

Author photo
Tom Caldwell

Tom Caldwell reviews content related to PEO agreements, multi-state compliance, and employer liability. He helps make sure everything reflects current regulations and real-world risk considerations, not just theory.

See If You're Overpaying Your PEO

We compare 8 leading PEOs side by side using real cost data, contract terms, and benefits benchmarks — so you always negotiate from a position of knowledge.

Compare PEO Plans
Compare PEO Plans