When you sponsor employee benefits, you take on fiduciary liability. That’s not a technicality buried in fine print. It means you, personally and organizationally, can be on the hook if something goes wrong with plan administration, fund management, or compliance. Health insurance, retirement plans, FSAs, HSAs — all of it falls under ERISA’s umbrella, and ERISA doesn’t care how confident you were that your PEO had it covered.
Here’s the misconception that gets business owners into trouble: signing with a PEO feels like handing off HR complexity, including benefits liability. And to be fair, a well-structured PEO relationship does shift meaningful fiduciary responsibility. But it doesn’t eliminate yours. The co-employment split is rarely clean, almost never total, and the details live in documents most clients never read carefully.
Which duties transfer depends on your specific client service agreement, how the plan documents are written, and how ERISA applies to your particular arrangement. Get this wrong and you’re exposed without realizing it, often until a claim or an audit surfaces the gap. By then, your options are limited and expensive.
This guide walks through a concrete, step-by-step strategy for identifying where your fiduciary exposure actually sits under a PEO arrangement, negotiating the right contractual protections, and building an ongoing monitoring process so nothing slips through the cracks.
A quick note on scope: this is written for business owners and HR leaders who already understand the basics of PEOs and want to get specific about benefit-related liability. If you need a broader foundation first, start with our PEO basics guide or our overview of PEO risk management and liability support before diving in here.
Step 1: Map Every Benefit Plan and Identify Who Holds Fiduciary Status
Before you can manage fiduciary risk, you need to know what you’re actually dealing with. Most business owners have a rough mental list of their benefits: health insurance, maybe a 401(k), possibly dental and vision. That’s not enough. You need a complete inventory, and for each plan, you need to know exactly who holds fiduciary status under the plan documents.
Start by listing every benefit plan your employees participate in. Group health, dental, vision, life insurance, short-term and long-term disability, 401(k) or other retirement plans, HSAs, FSAs, dependent care accounts. If employees are enrolled in it and it has a plan document, it belongs on your list.
For each plan, you’re trying to answer three distinct questions using the actual plan documents, not verbal summaries from your PEO rep.
Who is the plan sponsor? This is typically the entity that established the plan and has ultimate authority to amend or terminate it. For PEO master health plans, this is usually the PEO. For a 401(k) you set up independently before joining the PEO, it’s you.
Who is the plan administrator? Under ERISA, the plan administrator handles day-to-day administration and is responsible for compliance. This role carries significant fiduciary weight. It might be the PEO, a third-party administrator, or your company depending on the arrangement.
Who is the named fiduciary? ERISA requires every plan to designate at least one named fiduciary. This person or entity has explicit responsibility for plan management. Named fiduciary status is not the same as plan sponsor or plan administrator, and PEOs often leave this designation ambiguous in ways that default liability back to the client employer.
Here’s the common pitfall worth calling out directly: many business owners assume that because the PEO offers and manages a benefit plan, the PEO owns all the fiduciary risk. That’s not how ERISA works. ERISA’s fiduciary test is functional, not title-based. If your company is making decisions that influence plan management, communicating plan terms to employees, or making eligibility determinations, you may be acting as a fiduciary regardless of what the contract says. Understanding how co-employment actually protects your business is essential context for this analysis.
The DOL’s position is clear: fiduciary status cannot be fully disclaimed by contract if an entity is functionally acting as a fiduciary. A PEO contract that says “client employer retains no fiduciary responsibility” doesn’t automatically make that true.
Success check for this step: you have a working spreadsheet showing every benefit plan, who sponsors it, who administers it, who the named fiduciary is per the plan document, and whether your company has any functional fiduciary role. If you can’t fill in every column from actual plan documents, you have gaps to close.
Step 2: Audit Your Client Service Agreement for Fiduciary Language
Your client service agreement is the contract that defines the co-employment relationship. It’s also where most of the fiduciary ambiguity lives. Pull it out and read it with specific intent.
Search for these terms directly: “fiduciary,” “plan sponsor,” “plan administrator,” “ERISA,” “benefit plan fiduciary responsibility,” “named fiduciary.” If your CSA doesn’t contain these terms in any meaningful context, that’s a red flag on its own.
When you find relevant language, you’re evaluating two things: what the PEO expressly accepts, and what it quietly avoids.
Look for explicit assumption-of-liability clauses. Does the PEO expressly accept fiduciary status for the benefit plans it sponsors and administers? Or does the language hedge with phrases like “administrative services only,” “facilitation of benefits,” or “coordination of enrollment”? Those phrases are designed to limit the PEO’s fiduciary exposure. They’re not necessarily dishonest, but they signal that the PEO is not accepting fiduciary responsibility for those functions.
Cross-reference with the limitation of liability clause. This is often buried near the end of the agreement. Many PEOs cap their total liability at a fixed dollar amount, exclude consequential damages, or carve out fiduciary claims from indemnification provisions entirely. A PEO might broadly indemnify you for employment-related claims while explicitly excluding ERISA fiduciary breach claims from that indemnification. For a deeper dive into how these provisions work, review our guide on indemnification clauses in PEO agreements.
Flag any silence. If your CSA doesn’t address fiduciary responsibility for a specific plan type, particularly retirement plans, that liability almost certainly defaults back to you. Silence in a contract is not neutral. Courts interpret ambiguity, and when it comes to ERISA, the functional test means your company’s involvement in plan decisions can establish fiduciary status regardless of what the contract doesn’t say.
One practical recommendation worth emphasizing: bring an ERISA attorney into this step. Not your general business counsel, and not the PEO’s legal team. An independent ERISA attorney who reviews CSAs regularly. The cost of a two-hour review is genuinely trivial compared to the exposure you’re trying to understand. Fiduciary language is highly technical and the implications of specific phrases are not obvious to non-specialists.
Come out of this step with a written summary of what the CSA explicitly covers, what it explicitly excludes, and where it’s silent. That gap list becomes your negotiating agenda for Step 4.
Step 3: Understand the Health Plan vs. Retirement Plan Liability Split
These are fundamentally different risk categories, and PEOs handle them very differently. Treating them as a single “benefits liability” question will get you into trouble.
Health plans are where PEOs typically take on the most fiduciary responsibility. Most PEOs offer a master health plan where the PEO is the plan sponsor under ERISA. That structure generally shifts significant fiduciary responsibility to the PEO, including plan design decisions, carrier selection, and overall plan management.
But even in a master health plan arrangement, your company typically retains duties around employee communication, enrollment accuracy, eligibility determinations, and COBRA administration. The specifics depend on your CSA. Some PEOs handle COBRA administration directly. Others leave it entirely with the client employer. If your employees miss a COBRA notice because of an administrative failure and it’s not clear in your contract whose job that was, you’re in a dispute with real liability attached. Understanding the full scope of what’s covered is critical, and our breakdown of PEO risk management and liability support covers this in detail.
Retirement plans are where the exposure gets more complicated and where many business owners are significantly underprotected.
Some PEOs offer a Multiple Employer Plan (MEP) or a Pooled Employer Plan (PEP) under the SECURE Act framework. In a well-structured PEP, a pooled plan provider serves as the named fiduciary and plan administrator, which can meaningfully reduce your fiduciary burden. But “can reduce” is not the same as “eliminates.” You may still retain co-fiduciary duties, particularly around monitoring the pooled plan provider and ensuring the plan is being administered in participants’ best interests.
Many PEOs don’t offer retirement plans at all. They facilitate access to a third-party 401(k) provider but have no fiduciary role in that arrangement. If you maintain your own 401(k) outside the PEO relationship, the PEO has zero fiduciary involvement, and that plan is entirely your responsibility regardless of the co-employment structure.
The question to ask your PEO directly, and get answered in writing, is this: if an employee sues over a denied health claim or a 401(k) investment loss, who defends that claim and who pays? If the answer is vague or conditional, you have your answer about where the liability actually sits.
Also worth knowing: CPEO certification under IRS Section 7705 is a separate regulatory framework from ERISA fiduciary status. A PEO holding CPEO status has met certain financial and reporting standards with the IRS. That tells you nothing about how ERISA fiduciary duties are allocated. Don’t conflate the two.
Step 4: Negotiate Explicit Fiduciary Protections Before You Sign or Renew
Armed with the gap analysis from the first three steps, you’re now in a position to negotiate. This is where many business owners leave real protection on the table, either because they don’t know what to ask for or because they negotiate at the wrong time.
Push for explicit named fiduciary acceptance. For every plan the PEO sponsors and administers, the contract should expressly state that the PEO accepts named fiduciary status under ERISA. Not “administrative services,” not “coordination.” Named fiduciary. If the PEO pushes back, ask them to explain in writing which fiduciary duties they are and are not accepting. That response will tell you a lot.
Request fiduciary liability insurance documentation. Ask for the certificate of insurance, not a verbal assurance. Verify that the policy covers ERISA fiduciary breach claims and that your company is named as an additional insured or otherwise protected. Ask about policy limits and whether the coverage is claims-made or occurrence-based. These details matter when a claim actually surfaces.
Negotiate indemnification that specifically includes fiduciary breach claims. General employment liability indemnification is not sufficient. The contract should explicitly state that the PEO will defend and indemnify you for fiduciary breach claims arising from plans the PEO sponsors and administers. If the indemnification clause carves out ERISA claims, push to remove that carve-out or narrow it significantly. Be aware that these are among the most consequential PEO contract liability risks that can cost you if left unaddressed.
On timing: if you’re already in a PEO contract, renewal season is your primary leverage point. Come to renewal negotiations prepared with your gap analysis. PEOs want to retain clients, and a client who shows up with a specific, documented list of contractual gaps is in a much stronger position than one who simply asks for “better terms.” Understanding your PEO renewal clause negotiation strategy can help you maximize this leverage.
One realistic expectation to set: no PEO will accept unlimited fiduciary liability. That’s not the goal. The goal is clarity on who owns what, explicit contractual language that reflects that clarity, and indemnification that actually covers the risks you’re asking the PEO to own. Ambiguity is the enemy. Even an arrangement where you retain more fiduciary responsibility than you’d like is manageable if you know about it and can plan accordingly.
Step 5: Layer Your Own Fiduciary Liability Insurance
Even with strong contractual protections, carry your own fiduciary liability policy. Think of it as your backstop: it covers you if the PEO’s coverage has gaps, if a dispute arises over who was responsible for a specific failure, or if the PEO’s insurer denies a claim on technical grounds.
Before you go shopping for a policy, understand the distinction between two types of coverage that are frequently confused.
The ERISA fidelity bond is required by law under ERISA Section 412. Every fiduciary and every person who handles plan funds must be bonded. The minimum bond amount is typically 10% of the plan assets handled, up to $500,000 (or $1,000,000 for plans that hold employer securities). This is not optional and it’s not the same as fiduciary liability insurance. The fidelity bond protects the plan against dishonest acts. It doesn’t cover you against claims that you made a bad decision or failed to monitor the plan properly.
Fiduciary liability insurance is voluntary but critical. It covers defense costs and damages from breach-of-fiduciary-duty claims, including claims that you failed to prudently select or monitor plan investments, failed to follow plan terms, or failed to act in participants’ best interests. This is the coverage that matters when an employee or the DOL comes after you for how the plan was managed, not just whether someone stole from it. Building a clear picture of these costs is part of a broader PEO risk mitigation financial model that every business owner should develop.
Review your existing D&O policy before buying a standalone fiduciary liability policy. Some D&O policies include fiduciary liability coverage. Many explicitly exclude ERISA claims. Read the exclusions carefully, not the marketing summary.
One exclusion to watch for specifically: some fiduciary liability policies contain a “co-employment exclusion” or “PEO exclusion” that voids coverage because you’re in a co-employment arrangement. If you’re in a PEO relationship and your fiduciary liability policy has this exclusion, you may have coverage that doesn’t actually protect you. Confirm with your broker that your policy is explicitly compatible with co-employment structures.
The cost of fiduciary liability coverage for small to mid-size employers is often more manageable than business owners expect, particularly relative to the exposure it’s covering. Get a quote before assuming it’s out of reach.
Step 6: Build an Annual Fiduciary Compliance Review
Fiduciary risk isn’t a one-time fix. Plan documents change. PEO contracts get amended at renewal. Regulations shift. The SECURE Act 2.0 expanded PEP availability and changed certain compliance requirements. What was true about your fiduciary structure when you signed your PEO agreement may not be true two years later.
Build a simple annual review process. It doesn’t need to be elaborate. It needs to happen consistently and be documented.
Review plan documents for fiduciary designations. Confirm that the named fiduciary designations in your plan documents still reflect the current arrangement. If the PEO amended the master plan and your company is no longer listed the same way, that has implications for your liability.
Confirm PEO insurance certificates are current. Request updated certificates of insurance annually. Verify that coverage limits haven’t decreased and that policy terms haven’t changed in ways that affect your protection. Don’t assume last year’s certificate is still accurate.
Verify ERISA fidelity bond coverage meets DOL minimums. Plan assets change year to year. If your plan assets have grown, your required fidelity bond amount may have increased. Confirm the bond is still compliant.
Monitor your PEO’s financial health and CPEO status. This one gets overlooked. If your PEO becomes insolvent, loses its CPEO certification, or exits the market, fiduciary responsibilities for plans they were managing can snap back to you with little or no transition period. You should also understand the implications of your PEO termination clause in these scenarios so you’re not caught off guard.
Document everything. If a fiduciary claim ever surfaces, your defense depends on demonstrating that you acted prudently, monitored the arrangement, and didn’t blindly delegate. A documented review trail showing annual attention to fiduciary structure, insurance verification, and plan compliance is meaningful evidence of prudent behavior. Tracking and accounting for benefits expenses under your PEO arrangement is one concrete way to maintain that documentation trail. A vague intention to “check on it sometime” is not.
Assign a specific person to own this review. Put it on the calendar. Keep a simple record of what was reviewed, what was confirmed, and what was changed. That’s the whole system.
Putting It All Together
Reducing fiduciary liability under a PEO model isn’t about finding a provider that magically absorbs all your risk. That provider doesn’t exist. It’s about knowing exactly where the lines are drawn, getting those lines in writing, and maintaining your own safety net.
Before you move on, run through this quick checklist:
1. You’ve mapped every benefit plan and identified who holds fiduciary status for each, using actual plan documents.
2. You’ve audited your CSA for explicit fiduciary language and documented the gaps.
3. You understand the different liability profiles for health plans versus retirement plans under your specific PEO arrangement.
4. You’ve negotiated, or plan to negotiate at renewal, explicit fiduciary protections with contractual indemnification that covers ERISA breach claims.
5. You carry your own fiduciary liability insurance as a backstop, and you’ve confirmed it doesn’t contain a co-employment exclusion.
6. You have an annual review process documented, assigned to a specific person, and calendared.
If you’re comparing PEO providers and want to see how they handle fiduciary responsibility differently before you commit, that’s exactly the kind of detail that gets buried in standard sales conversations. Our side-by-side comparison tools surface those differences so you can evaluate them directly.
And if you’re approaching renewal on your current PEO contract, don’t treat it as a routine administrative task. Renewal is your leverage point for closing the gaps this guide identified. Don’t auto-renew. Make an informed, confident decision.
