I am a financial services professional with 20+ years of treasury management experience. I have worked at the management level in either the business or technology sides at many major banks where compliance and adherence to regulatory requirements have always been of the utmost responsibility. It is up to the bank to be educated on all of the rules and ensure their systems comply with them. In my last banking role, I supported various banking investment and transaction-based products for several years. A bank’s responsibility is to adhere to all regulatory requirements and provide the necessary due diligence when with external partners to ensure they adhere to any regulatory/privacy requirements. If the agreement material provided to the customers did indeed indicate safekeeping of plan assets, then the bank is liable to have performed the necessary due-diligence and is somewhat responsible for the failed investments. I would have to investigate how closely (or not) the bank adhered to the laws in this case.