.png)
2026 ENFORCEMENT ACTIVE
CMS began auditing MSP compliance in February 2026. Is your plan documented?
Most compliance risk isn't obvious — until it becomes a cost. If your plan can't produce a defensible Medicare coordination paper trail today, you are already exposed to penalties that are now actively being assessed.
$1,512
max daily MSP penalty per employee — 2026 HHS inflation-adjusted rate
​​
$365K
maximum annual MSP penalty per individual under current CMS rules
​
Personal
ERISA fiduciary duty — HR Directors & CFOs can be individually named in breach of fiduciary duty claims
CURRENT PENALTY EXPOSURE
The 2026 penalty landscape, verified and current.
These are not theoretical risks. CMS enforcement of new civil money penalties began October 2025. The first audit cycle was completed in February 2026. Penalty notices began mailing March 2026. Private plaintiff MSP recovery activity is accelerating in parallel.
.png)
ERISA & FIDUCIARY RESPONSIBILITY
Plan fiduciaries can be personally named in a claim. Regardless of job title.
ERISA defines a fiduciary not by title — but by function. If you exercise discretionary authority over a benefit plan, you are a fiduciary under federal law. That means personal legal exposure alongside organizational exposure. Understanding what that means — and how documentation protects you — is the first step.
What ERISA requires of plan fiduciaries
ERISA Section 404 imposes four core duties on anyone who exercises discretionary authority over a benefit plan — including HR Directors, CFOs, and benefits committee members. These duties apply to health and welfare plans, not just retirement plans. Failing to meet these standards can result in personal liability for plan losses.
Duty of Prudence
Fiduciaries must act with the care, skill, and diligence of a prudent person familiar with such matters. Courts evaluate not just the outcome of a decision — but the thoroughness of the process used to arrive at it. A documented, reasonable process is the standard.
Functional Fiduciary Status
ERISA doesn't care about job titles. If you exercise discretionary authority over plan management, you are a fiduciary — whether your title says so or not. HR Directors, CFOs, and committee members are routinely named as individual defendants in ERISA breach claims.
Duty of Loyalty
Fiduciaries must act solely in the interest of plan participants and beneficiaries. Failing to educate Medicare-eligible employees about their options — when doing so would benefit them — may raise questions about whether this duty was met.
The Process Defense
​Courts evaluate fiduciary conduct based on process, not perfection. A fiduciary who followed a documented, prudent process has a strong defense — even if the outcome wasn't ideal. Aevitas builds that process.
"Under ERISA, HR Directors and CFOs can be individually named in a fiduciary breach claim — not just the company. Indemnification may be available, but it is not automatic and not guaranteed in every circumstance. A documented compliance process is your strongest protection."
A note on indemnification — what it covers and what it doesn't
​
ERISA does allow plan sponsors to purchase fiduciary liability insurance and to establish indemnification agreements for plan fiduciaries. This means the company can — in many circumstances — cover legal costs and settlements on behalf of individual fiduciaries. However, indemnification is not automatic or universal. There are important limitations:
​
-
Indemnification agreements must be explicitly established—they do not exist by default
-
If the company itself faces financial stress, the value of indemnification may be limited
-
Some egregious fiduciary breaches may not be fully covered depending on policy terms
-
Individual fiduciaries may still face DOL investigation and reputational exposure regardless of indemnification
-
The best protection in every scenario is a documented, defensible compliance process — not reliance on indemnification alone
FIDUCIARY RISK BREAKDOWN
Where fiduciary exposure lives in your benefit plan.
Each scenario below represents a documented fiduciary failure pattern in employer health and welfare plans. Consult your ERISA counsel to assess which ones apply to your specific plan.
Legal notice: The information on this page is provided for general informational purposes only and does not constitute legal advice. ERISA fiduciary obligations vary based on plan structure, individual roles, and specific circumstances. Aevitas is not a law firm and does not provide legal counsel. Consult qualified ERISA counsel to assess your plan's specific obligations and your individual fiduciary exposure.
Every Aevitas engagement produces the documented, timestamped compliance record that demonstrates a prudent process — the standard courts use when evaluating fiduciary conduct. This documentation supports both organizational compliance and individual fiduciary defense.
-
Education sessions documented with attendance records and content logs
-
MSP coordination tracked at the individual employee level
-
Monthly utilization reports — timestamped, shareable with counsel
-
Section 111 reporting reviewed and gaps identified in month one
-
Full audit-ready paper trail — defensible if DOL or CMS ever asks
How Aevitas supports your fiduciary process
COMPLIANCE REVIEW SCOPE
Six areas we evaluate, manage, and document.
The Aevitas compliance review evaluates where Medicare rules, plan design, ERISA obligations, and administrative processes intersect — uncovering gaps that create unnecessary cost and fiduciary exposure.
THE ROI OF COMPLIANCE
Compliance isn't the cost. Non-compliance is.
For about $18 per employee per year, Aevitas protects against hundreds of thousands in penalties and supports your fiduciary documentation — while unlocking meaningful plan savings.
