A TPA fiduciary risk is the legal and financial exposure a self-funded employer faces when its third-party administrator processes claims incorrectly and the employer, as ERISA plan fiduciary, is held responsible for the losses. Because TPAs are typically not ERISA fiduciaries themselves, the liability stays with the plan sponsor.
A mid-sized manufacturer in Ohio recently discovered that its TPA had been paying a terminated employee's medical claims for 14 months after the employee left the company.
The total exposure: $340,000. Under ERISA, the employer, not the TPA, bore responsibility for recovering those funds. The Department of Labor does not grade plan sponsors on how trusting they were of their vendor.
What the TPA Relationship Actually Means for Fiduciary Liability
Most employers believe their TPA carries the legal risk when something goes wrong with claims. That belief is incorrect, and it is expensive.
Under ERISA Section 404, the plan sponsor (the employer) is a named fiduciary obligated to act solely in the interest of plan participants, follow the plan document and exercise the skill of a prudent expert.
TPAs are hired as service providers. Unless a TPA contractually accepts discretionary authority over plan assets and explicitly agrees to ERISA fiduciary status, which almost none do, it operates as a vendor, not a co-fiduciary.
Think of it like hiring a contractor to wire your building. If the work is faulty and someone gets hurt, the building owner faces liability. The contractor may owe indemnification under the service contract, but that is a separate civil dispute that takes time and money to resolve. Meanwhile, the DOL or an aggrieved participant is looking at you.
Why the Problem Exists
The TPA model was built for efficiency, not for employer oversight.
When an employer moves from fully insured to self-funded, it gains cost transparency and control. It also inherits accountability.
The administrative services only (ASO) agreement that governs the TPA relationship is typically written by the TPA's legal team. These contracts often include liability caps, indemnification carve-outs and language that limits the TPA's responsibility for errors to a narrow definition of "gross negligence."
The Real Cost of Unchecked Claims
The financial exposure from TPA claims errors is not theoretical. It is documented, recurring and significant.
The Government Accountability Office has reported that improper payments in employer health plans are a persistent problem across both public and private sectors.
Industry benchmarks from claims audit firms consistently show that between 3 and 10 percent of processed claims contain some form of error, ranging from duplicate payments to incorrect member eligibility to miscoded procedures.
For a self-funded employer spending $5 million annually on medical claims, a 5 percent error rate represents $250,000 in potential misprocessed payments. A 2022 analysis by the Healthcare Financial Management Association found that coordination of benefits (COB) errors alone cost employers an average of $350 per affected employee per year.
Beyond the direct dollar loss, there are secondary costs:
What Is Actually Happening Behind the Scenes
Most claims errors are not fraud. They are systemic, predictable and preventable through routine auditing.
Duplicate Claims
A provider submits the same claim twice with minor coding variations. Auto-adjudication systems miss the duplication. Both claims pay. This is among the most common and most recoverable error types.
Eligibility Errors
Dependents age off coverage but are not removed from the system. Former employees remain active in the TPA's eligibility file. Claims pay for individuals who are no longer entitled to benefits. These errors are often months old before anyone notices.
Coordination of Benefits Failures
When a member has coverage under two plans, the primary payer should pay first and the secondary payer should pay only the remaining balance. When COB logic is applied incorrectly or not applied at all, both plans pay in full. The employer's plan absorbs a cost it should never have incurred.
Incorrect Repricing and Network Discounts
A claim is processed at billed charges rather than the contracted network rate. The provider is overpaid. Recovery from a provider after the fact is possible but administratively burdensome and often partial.
Unbundling and Upcoding
Providers submit separate line items for services that should be billed as a single bundled procedure code, inflating the allowed amount. Upcoding, billing for a higher-acuity service than was documented, is an ongoing issue that claims review software sometimes catches and sometimes does not.
Terminated Provider Contracts
A provider's network contract expires or is terminated, but the TPA continues to process claims as if the contract is in force. The employer pays network rates on claims that should have been processed as out-of-network, which may create additional downstream liability.
Why Current Approaches Are Not Enough
Relying solely on TPA internal controls to protect your plan is the equivalent of asking the contractor to inspect their own work.
Most employers receive monthly or quarterly claims reports. Those reports show aggregated spend by category, provider type or member. They are useful for budgeting. They do not reveal individual claim errors.
Some TPAs offer internal audit functions. These are not independent by definition. The TPA auditing its own claims adjudication has an inherent conflict of interest, regardless of how diligent the staff may be.
How to Fix It: A Practical Action Plan
Closing the fiduciary gap requires structure, contract language and independent verification. None of these steps requires replacing your TPA.
Red Flags That Signal This Problem Applies to Your Plan
The ROI of Doing It Right
Independent claims auditing consistently returns more than it costs, often by a multiple of three to five.
Retrospective audits of self-funded plans regularly recover between 1 and 3 percent of total paid claims. On a $5 million claims spend, that is $50,000 to $150,000 in recoveries per audit cycle. Contingency-fee audit arrangements mean the employer pays nothing unless recoveries are made.
The less quantifiable but equally real returns include:
- Documented fiduciary process that withstands a DOL inquiry
- Corrected eligibility files that reduce future claim errors
- Data that reveals patterns requiring TPA system corrections
- Leverage in TPA contract renegotiation backed by actual performance data
- Stop-loss carrier confidence that reduces friction at claim time
One regional health system with approximately 1,200 covered lives conducted its first independent claims audit after a compliance review flagged the absence of any oversight process. The audit recovered $218,000 in overpayments and identified a COB configuration error in the TPA system that had been generating duplicate payments for 22 months.
Conclusion and Next Steps
The fiduciary risk inside your TPA relationship is not a hypothetical. It is a documented, measurable and addressable problem that most plan sponsors have simply not prioritized.
ERISA does not expect perfection. It expects process. The plan sponsors who fare best in DOL audits, stop-loss disputes and participant complaints are those who can show a documented, repeatable approach to monitoring their TPA and correcting errors when they occur. An independent claims audit is the most direct tool available to accomplish that.
If you have never conducted an independent claims audit, that is the place to start. If you have not reviewed your ASO agreement with ERISA counsel, that is the second step. Neither task requires replacing your TPA. Both tasks are within reach for any plan sponsor, regardless of plan size.
Frequently Asked Questions
Is my TPA an ERISA fiduciary?
Almost certainly not. Most TPAs operate under administrative services only (ASO) agreements and explicitly disclaim ERISA fiduciary status in those contracts. Unless your TPA has signed a written agreement accepting discretionary fiduciary authority over plan assets, ERISA fiduciary responsibility stays with the employer as plan sponsor. Always verify this with ERISA counsel by reviewing your ASO agreement directly.
What does ERISA actually require me to do to oversee my TPA?
ERISA Section 404(a) requires plan fiduciaries to act with the care, skill, prudence and diligence of a knowledgeable professional. Applied to TPA oversight, this means having a documented process for selecting, monitoring and, when warranted, replacing your TPA. Courts and the DOL have held that "monitoring" requires more than receiving summary reports. It requires meaningful review of the TPA's actual claims performance.
How often should we conduct a claims audit?
Most benefits consultants recommend a full retrospective audit every one to two years, with continuous or quarterly monitoring in between. High-volume plans or plans that have recently changed TPAs, plan designs or eligibility rules benefit from more frequent review. The first audit typically yields the highest recoveries because it establishes a baseline and catches errors that have accumulated over time.
What types of errors does a claims audit typically find?
The most common categories are duplicate payments, eligibility errors (covering ineligible members or dependents), coordination of benefits failures, incorrect network repricing, unbundled or upcoded procedure codes and terminated provider contract issues. Eligibility errors and COB failures tend to generate the largest individual recoveries because they often persist for months before detection.
Can we require our TPA to conduct audits on our behalf?
You can require it contractually, and many ASO agreements include provisions for TPA self-reporting and internal quality reviews. However, a TPA auditing its own claims adjudication is not independent oversight. It does not satisfy the prudent expert standard under ERISA and will not carry the same weight with the DOL or in litigation as an audit conducted by a firm with no financial relationship to the TPA.
What should we look for in an ASO agreement before signing?
Prioritize four provisions: (1) unrestricted access to claim-level data, (2) explicit audit rights allowing independent review at any time, (3) defined liability for claims errors with no cap that effectively eliminates recovery, and (4) performance guarantees with financial penalties tied to measurable claims accuracy metrics. Most standard TPA contracts require negotiation to include all four.
Does our stop-loss carrier care whether we conduct claims audits?
Increasingly, yes. Stop-loss carriers are paying closer attention to plan sponsor fiduciary practices because their own exposure depends on the accuracy of underlying claims data. Some carriers now include audit requirements as a condition of coverage or give premium credit to employers with documented audit programs. If your stop-loss carrier has never asked about your audit practices, raise the topic proactively.
What is the difference between a prospective and a retrospective claims audit?
A prospective audit reviews claims before payment, typically for high-dollar or complex claims, to catch errors before money leaves the plan. A retrospective audit reviews claims already paid to identify recoverable overpayments and systemic errors. Most employers start with a retrospective audit because it yields immediate recoveries and reveals patterns for the TPA to correct going forward.
