You sign the PEO agreement. The rep walks you through the benefits package, the 401(k) options, the compliance support. It all sounds comprehensive. You leave the meeting thinking, “Good — they’ve got the benefits side covered.”
Then something goes wrong. A participant files a claim alleging the health plan was mismanaged. Or a 401(k) investment option underperforms and someone raises a breach of fiduciary duty allegation. Maybe the DOL sends a letter. And suddenly you’re on the phone with your attorney asking a question you probably should have asked before you signed: who actually holds the fiduciary liability here?
This is one of the most under-examined aspects of PEO evaluation. The co-employment model does shift certain responsibilities to the PEO — but ERISA fiduciary duties don’t automatically follow. The allocation depends on how your contract is written, how your plan is structured, and what decisions your company continues to make in practice. Assuming the PEO absorbed all of it is a mistake that can be expensive to discover after the fact.
This article walks through exactly where fiduciary liability sits under a PEO arrangement: what the PEO typically assumes, what often stays with you, where the real exposure lives in retirement plans, and what to look for in your contract before you assume you’re protected.
ERISA Fiduciary Duties in a Co-Employment Setup
Here’s the foundational thing to understand about ERISA fiduciary status: it’s determined by function, not by title. The DOL’s position is that if you exercise discretionary authority or control over the management of a benefit plan, its assets, or the administration of benefits, you’re a fiduciary — regardless of what your contract says.
That matters enormously in a PEO arrangement, because the co-employment model creates a situation where multiple parties are touching the plan. The PEO might be the named plan administrator. But if your company is making eligibility decisions, selecting plan options, or communicating benefit terms to employees, you may have just walked into functional fiduciary status without realizing it.
There are three roles worth keeping distinct here:
Plan Sponsor: The entity that establishes and maintains the plan. In a PEO arrangement using a master plan, the PEO is typically the plan sponsor — which carries significant fiduciary responsibility.
Named Fiduciary: The party specifically identified in the plan document as having authority over plan management. This is often the PEO in a master plan structure, but it can be shared or partially delegated.
Functional Fiduciary: Anyone who exercises discretionary authority over plan management or assets, even without being formally named. This is the category that catches client companies off guard.
In a well-structured PEO co-employment arrangement, the PEO serves as plan sponsor and named fiduciary for the master benefit plan. That shifts primary fiduciary responsibility to them. But the client company’s role doesn’t disappear entirely. Depending on how the Client Service Agreement (CSA) is written and how operations actually play out, you may retain residual duties — including the duty to monitor the PEO’s performance as a fiduciary. Understanding the full scope of PEO benefits fiduciary oversight is essential before entering any agreement.
The monitoring obligation is the one most business owners don’t expect. Even if the PEO holds fiduciary status, a client company that has any oversight role under the CSA may be required to ensure the PEO is actually performing its duties properly. Ignoring that obligation doesn’t eliminate it — it just creates a different kind of exposure.
What PEOs Typically Assume — and Where the Language Gets Slippery
Most established PEOs do take on meaningful fiduciary responsibility. For health plans offered through a master plan structure, the PEO as plan sponsor typically carries the primary fiduciary role for plan administration and compliance reporting. For retirement plans, many PEOs accept named fiduciary status and serve as the 3(16) plan administrator, handling participant communications, recordkeeping oversight, and compliance filings.
But “most PEOs” and “your specific PEO” are not the same thing. The scope of what a PEO actually accepts varies significantly by provider, and the CSA language is where that difference becomes real.
Watch for this pattern in contracts: a PEO that wants to limit its fiduciary exposure will describe itself as providing “administrative services” rather than accepting fiduciary status explicitly. The phrase “administrative services only” is a signal worth pausing on. It suggests the PEO is positioning itself as a service provider, not a fiduciary — which means the fiduciary responsibility may stay with you by default. Uncovering these distinctions is one of the key benefit plan transparency issues you should address before signing.
On the health plan side, the picture is somewhat cleaner. When the PEO operates a true master plan and serves as the plan sponsor, they generally carry the fiduciary weight for plan administration. The complication arises when client companies exercise discretion over plan design or eligibility decisions. Let’s say your HR team decides that a particular class of employees qualifies for a benefit that wasn’t contemplated in the standard plan terms. That discretionary decision can pull your company into functional fiduciary territory, even if you never signed up for it.
On the retirement plan side, the picture is more complicated and the stakes are higher. Some PEOs explicitly accept fiduciary status for investment selection and monitoring under the plan. Others provide a 401(k) platform without accepting fiduciary responsibility for the investment lineup — leaving that exposure with the client company or a third-party advisor. The difference matters enormously if a participant later claims the investment options were imprudent.
Indemnification clauses are the other place to read carefully. Some CSAs include indemnification language that appears protective but contains carve-outs that push liability back to the client for decisions made at the company level. If the PEO’s indemnification excludes “plan design decisions” or “employer-directed eligibility determinations,” you need to understand exactly what falls into those categories before you assume you’re covered.
The 401(k) Problem: Where Fiduciary Exposure Is Highest
Retirement plans carry the heaviest ERISA fiduciary exposure. Breaches can result in personal liability for plan fiduciaries, including the requirement to restore losses to the plan out of pocket. The DOL has enforcement authority and has pursued cases against both plan sponsors and service providers who acted as functional fiduciaries. This is not a theoretical risk.
PEO-sponsored retirement plans typically take one of two forms: multiple employer plans (MEPs) or, since the SECURE Act created the structure in 2021, pooled employer plans (PEPs). These structures allow multiple employers to participate in a single plan, which is part of the PEO value proposition — access to institutional-quality plans that smaller employers couldn’t afford independently. A thorough financial impact analysis can help quantify what this fiduciary exposure actually costs your business.
In a PEO-sponsored MEP or PEP, the PEO (or a designated pooled plan provider) typically serves as the named fiduciary and 3(16) plan administrator. That’s a meaningful transfer of administrative fiduciary responsibility. But client companies should verify a few things that often get glossed over in the sales process.
Investment fiduciary status: Does the PEO accept 3(21) or 3(38) fiduciary status for investment management? A 3(38) investment manager has full discretionary authority over investment selection — that’s the cleanest transfer of investment fiduciary risk. A 3(21) co-fiduciary makes recommendations but the plan sponsor retains final decision authority. If the PEO isn’t accepting either, someone else is holding investment fiduciary responsibility, and you need to know who.
Residual monitoring duties: Even when the PEO holds primary fiduciary status, client companies may retain a duty to monitor the PEO’s performance. This is a real obligation under ERISA. If the PEO is selecting investments poorly or failing to send required participant communications, and you knew or should have known, your company’s monitoring failure can create independent liability.
CPEO certification: This one trips people up. IRS CPEO certification addresses tax liability and wage base restart issues — it’s a meaningful credential for certain purposes. But CPEO status doesn’t resolve ERISA fiduciary questions. A CPEO is not automatically a fiduciary under ERISA, and CPEO certification doesn’t tell you anything about how the PEO has structured its fiduciary responsibilities under its retirement plan. These are separate frameworks, and conflating them is a common mistake.
The practical question to ask your PEO: “Under our 401(k) plan, who is the named fiduciary, who holds 3(38) investment manager status, and what residual fiduciary duties does our company retain?” If they can’t answer that clearly, that’s a problem.
What to Actually Read in Your CSA Before Signing
Most business owners skim the CSA or rely on a summary from the PEO rep. That’s understandable — these agreements are long and dense. But the fiduciary provisions are where the real exposure lives, and they’re worth a focused read or a review by ERISA counsel.
Here’s what to look for specifically:
Explicit fiduciary acknowledgment: Does the CSA explicitly state that the PEO accepts fiduciary status for the benefit plans? Or does it describe the PEO’s role in service-provider language only? The distinction between “we are the plan fiduciary” and “we provide administrative services to the plan” is not subtle — it’s the entire question. Understanding how joint employer liability allocation in PEO contracts works can provide additional context for reading these provisions.
3(21) vs. 3(38) fiduciary status for investments: For retirement plans, confirm whether the PEO or its investment advisor holds 3(38) discretionary investment manager status. If the answer is 3(21) co-fiduciary or nothing at all, you need to understand what that means for your company’s residual investment oversight responsibility.
Indemnification scope and carve-outs: Read the indemnification clause closely. Broad indemnification language is only as useful as its carve-outs are narrow. Common carve-outs that can leave you exposed include: employer-directed decisions, plan design choices, eligibility determinations made at the company level, and claims arising from inaccurate information provided by the employer. Know what’s excluded before you assume you’re protected.
ERISA bond and fiduciary liability insurance: Ask whether the PEO carries fiduciary liability insurance separate from the required ERISA fidelity bond. These are different things. The fidelity bond protects the plan against dishonest acts. Fiduciary liability insurance covers claims arising from fiduciary breaches. A PEO that carries robust fiduciary liability insurance is putting real skin in the game. One that doesn’t — or won’t disclose coverage limits — is worth questioning.
Claims history: You’re allowed to ask whether the PEO has faced DOL audits, participant lawsuits, or fiduciary breach claims related to their benefit plans. Not every PEO will volunteer this, but the willingness to answer the question honestly is itself informative. Reviewing the PEO’s benefit markup transparency alongside fiduciary terms gives you a more complete picture of what you’re actually paying for.
Red flag summary: vague “administrative services only” framing, broad indemnification carve-outs for employer-level decisions, no explicit 3(38) investment fiduciary status for retirement plans, and no fiduciary liability insurance disclosure. Any one of these warrants a follow-up conversation. Multiple of them together should make you pause before signing.
When the PEO Model Doesn’t Actually Reduce Your Fiduciary Risk
The PEO model can transfer meaningful fiduciary responsibility — but it doesn’t always. There are specific situations where the transfer is weaker than you’d expect, and business owners should go in with eyes open.
Smaller PEOs with limited compliance infrastructure: A PEO that accepts fiduciary status on paper but doesn’t have the operational infrastructure to actually perform those duties creates a different kind of risk. If they’re not monitoring investments, filing required documents on time, or sending accurate participant communications, the nominal fiduciary acceptance may not protect you if the DOL comes looking at the plan as a whole. This is especially relevant for employers navigating ACA reporting responsibility alongside fiduciary obligations.
Pass-through insurance arrangements: Some PEOs don’t operate a true master plan — instead, they act as an intermediary for insurance products, with the client company remaining the plan sponsor. In this structure, the fiduciary responsibility for the health plan may stay with your company more than you realize. This is more common with smaller or regional PEOs and is worth clarifying explicitly.
Retained plan design authority: If your company negotiates plan design flexibility — choosing specific benefit tiers, adjusting eligibility rules, selecting coverage levels — that discretion can pull you into functional fiduciary status for those decisions. The more control you exercise over plan terms, the more fiduciary responsibility tends to follow.
When the PEO model isn’t providing the fiduciary clarity you need, there are alternatives worth considering. Engaging independent ERISA counsel to review your current arrangement is a good starting point — not to find problems, but to understand where you actually stand. For retirement plans specifically, hiring an independent third-party administrator (TPA) with explicit 3(16) fiduciary status can provide cleaner liability allocation than some PEO arrangements offer.
On cost: fiduciary liability protection is a real value driver when comparing PEOs, and it deserves weight alongside premium costs and service scope. A PEO that costs slightly more but accepts explicit 3(38) investment fiduciary status and carries robust fiduciary liability insurance may be the better financial decision when you account for the risk you’re not carrying. Building a PEO scenario analysis financial model that accounts for fiduciary risk transfer can help you quantify this tradeoff. Treating fiduciary allocation as a checkbox item rather than a cost-relevant factor is how businesses end up with arrangements that look good on paper but leave them exposed.
The Bottom Line on Fiduciary Liability Under the PEO Model
Fiduciary liability under the PEO model isn’t binary. It’s not “the PEO takes it” or “you keep it.” It’s a spectrum defined by contract language, plan structure, and what your company actually does in practice. The co-employment model creates real opportunities to shift meaningful fiduciary responsibility — but those opportunities only materialize if the CSA explicitly accepts them and the PEO has the infrastructure to back it up.
The businesses that get into trouble are the ones who assumed the PEO handled everything and never verified the specifics. The ones who come out ahead treat fiduciary allocation as a core evaluation criterion when comparing providers — alongside pricing, service scope, and technology.
If you’re currently in a PEO arrangement, pull out your CSA and look specifically at the fiduciary language, the indemnification carve-outs, and the retirement plan structure. If you’re evaluating PEOs, make fiduciary acceptance a direct question in every conversation, not an afterthought after you’ve already decided on pricing.
And if you’re heading into a renewal without having done that review, now is the right time. Don’t auto-renew. Make an informed, confident decision. A side-by-side comparison that surfaces fiduciary terms alongside pricing and service scope is the kind of visibility that makes the difference between a PEO arrangement that actually protects your business and one that just looks like it does.
Before you sign that PEO renewal, make sure you’re not leaving money on the table.
Many businesses unknowingly overpay because of bundled fees, hidden administrative markups, and contracts designed to limit flexibility. We give you a clear, side-by-side breakdown of pricing, services, and contract terms—so you can see exactly what you’re paying for and choose the option that truly fits your business.
