Concerned about cybersecurity? Here’s how to protect 401(k) plans

Do you offer a 401(k) retirement plan to your employees? A new emerging cybersecurity risk for plan sponsors is retirement plans. Continue reading this blog post for tips on protecting 401(k) plans from cyberattacks.

All companies that manage personal consumer data are already concerned — or should be concerned — about cybersecurity. The scope and scale of cyberattacks continue to rise worldwide, as demonstrated last year by a breach that compromised data of 50 million Facebook users.

Retirement plans pose a new risk. Lawmakers are keen to protect the personal information of defined contribution plan participants. Recently, Sen. Patty Murray (D.-Wash.) and Rep. Bobby Scott (D.-Va.) asked the U.S. Government Accountability Office to “examine the cybersecurity of the private retirement system.”

Fortunately for plan sponsors, record-keepers and other parties in the retirement services industry, the same solution designed to address the multiple problems stemming from the upsurge in small, stranded 401(k) accounts — auto-portability — can also augment existing practices that protect plan participants’ personal data.

Auto-portability is the routine, standardized and automated transfer of a retirement plan participant’s 401(k) savings account from their former employer’s plan to an active account associated with their current job. This solution is underpinned by paired “locate” and “match” algorithms which work together to locate participants with multiple 401(k) plan accounts, confirm their identities, obtain consent for rolling over their stranded accounts. These accounts can exist in former employer plans or rolled into safe-harbor IRAs before they're moved into active accounts in their current employers’ plans. In addition, consolidation can include a roll-in to the participant’s current employer plan.

The act of consolidating accounts reduces the number of small accounts in the 401(k) system through auto-portability, which makes plan participant data more secure. Consolidating a participant’s multiple 401(k) accounts reduces the number of systems that store a participant’s data, and also encourages participants, sponsors and record-keepers to become more engaged when it comes to keeping track of accounts.

Auto-portability meets cybersecurity best practices

While there is currently no central legal framework regulating cybersecurity in the retirement services industry, the SPARK Institute published a compilation of recommended cybersecurity best practices for retirement plan record-keepers in 2017. Auto-portability, which went live that same year, operates in conformance to the SPARK Institute’s cybersecurity recommendations.

For example, the SPARK Institute, a retirement policy center in Simsbury, Connecticut, issued 16 security control objectives, including the practice of encryption, which requires protection of both “data-in-motion and data at rest.” The institute suggests that the same data protection risk management standards be applied to suppliers. To address cybersecurity, the institute suggests these steps:

  • Encrypt all sensitive information subject to auto-portability using Advanced Encryption Standard 256-bit encryption, an industry standard developed by the National Institute of Standards and Technology. There is no known type of cyberattack that can read AES-encrypted data without having the cryptographic key.
  • Never combine a Social Security number with other personally identifiable information in any single file transfer. The objective should be to ensure there is never enough personal data in any single transmission for a hacker to use to steal an identity. In addition, any file with personal information should never include the identity of either the plan’s sponsor or the record keeper. That further thwarts a hacker from accessing an individual participant’s retirement account.
  • Know that auto-portability supports multiple methods of exchanging secure data.
  • Ensure that any information flagged during the locate-and-match process that doesn’t adhere to certain criteria requires additional verification to confirm an identity.
  • Conduct full address-location searches to ensure that the correct participant is found and properly matched to multiple accounts.

When participants strand 401(k) savings accounts in former-employer plans, and nothing is done to transport them to active accounts in their present employers’ plans, there’s a strong chance that the worker may fall victim to a cybercrime. Plan sponsors can protect themselves and their participants from hackers, and strengthen their overall cybersecurity preparedness, by implementing auto-portability to cull small accounts and missing participants.

SOURCE: Williams, S. (25 April 2019) "Concerned about cybersecurity? Here’s how to protect 401(k) plans" (Web Blog Post). Retrieved from

Automation making huge retirement plan impact

Paula Aven Gladych gives great insight on how automated retirement contributions are helping increase participation. See the full article from below.

Retirement plan participation has increased 19% in the past five years because of design features that make it simple and quick for employees to participate in their workplace retirement plans.

Wells Fargo Institutional Retirement and Trust examined the savings behaviors of 4 million defined contribution plan participants from 5,000 companies and found that features such as automatic defaults into diversified investments, target-date funds and automatic escalation have had a huge effect on employee savings rates.

The company’s Plan Health Index is a retirement plan health measure that includes a plan’s participation and savings rates and its diversification as a measure of employee retirement readiness.

Employees “have to join the plan, be saving at an adequate rate and be adequately diversified for their time horizon. If they are doing all three of those things well, they have a good chance for a good outcome, assuming they started saving early enough,” says Joe Ready, executive vice president and director of institutional retirement and trust at Wells Fargo.

To score well on the Wells Fargo Plan Health Index, employees need to participate in their workplace plan, save at 10% or higher, including the employer matching contribution, and have their retirement savings in diverse investments.

“Plan health across our book of business increased 37% from five years ago,” Ready says.

Participation increased 19%, contributions were up 7.3% from five years ago and diversification improved 26%, according to Wells Fargo research.

Generationally, millennials are reaping the biggest benefit from this industry shift toward automatic features. They have essentially grown up with these options, Ready says, and they have the highest increase in participation in the last five years. They also are the most diversified generation, taking advantage of target-date funds and other managed account options.

Millennials are also taking advantage of Roth 401(k) features at a higher rate than other generations. Wells Fargo found that 16% of millennials are taking advantage of a Roth option, compared to 12% of other participants.

“They are engaged,” Ready says. “They are thinking about their future taxes and tax diversification. That’s pretty good.”

The key drivers of plan participation are income, automatic features, tenure and age, Ready says. Wells Fargo analyzed tenure and found that once a company’s employees are hired and with the company for two years, their attrition rates tend to drop off dramatically.Ready encourages employers to design their retirement plans so that loyal employees, those who have stayed longer than two years, are eligible for the employer matching contribution. It’s a balance between helping employees achieve their retirement goals and wanting to invest in those who are invested in their company, he said.

Ready encourages employers to design their retirement plans so that loyal employees, those who have stayed longer than two years, are eligible for the employer matching contribution. It’s a balance between helping employees achieve their retirement goals and wanting to invest in those who are invested in their company, he said.

The way the matching contribution is designed can also have a major impact on how much employees save for retirement. If a company switches from contributing 50 cents on the first 3% to 25% on the first 6%, it automatically gets employees saving an additional 3% they wouldn’t save otherwise. Automatic increase is another feature that is underutilized, according to Ready.

Many companies set their automatic increase at 1% per year with an opt-out option. Ready says that whether the auto increase is 1% or 2%, the opt-out percentage is the same, so why not make the auto escalation 2% per year, bringing employees closer to that 10% savings rate sooner?

“It makes a material difference, especially at a younger age, to get to a higher savings rate quicker. It makes a big difference in outcome,” Ready says.

Two-thirds of Wells Fargo’s clients use an auto increase program, but “less than 30% of those plans implemented it on an opt-out basis,” the research found.

Having an opt-out option — meaning employees have to make the effort to opt out of the increase – takes advantage of participant inertia, Wells Fargo reported. Even with an opt-out option, 79% of plan participants stayed with the automatic increase on their retirement savings accounts.

Millennials tend to be more diversified in their retirement investments than older generations, due in large part to by the increase of automatic features in plans. Because of that, Wells Fargo found that 78% of millennials are on track to replace 80% of their pay in retirement, compared to 62% for Generation X and 50% for baby boomers.

“Some of that has to do with the fact that millennials are getting into the plan at an early age, saving early and diversifying appropriately with managed products,” Ready says.

That said, only 28.6% of millennials are contributing to their retirement account at the 10% level, compared to 35.2% for Generation X and 44.5% for the boomers.

“I’m very bullish on millennials, the way they are participating and the way they are engaging in the Roth
and leveraging diversification products in their plans,” Ready says. “If they keep increasing their savings rate, they have the power of time.”

Ready says he expects the trend toward automatic features in retirement plans to continue. He also sees a future rise in technology with a purpose. Wells Fargo has a mobile app that gives employees a one-click option to sign up for their company retirement plan. The company will send a text to all new employees with a link to the retirement plan sign-up page. It might say, “You are eligible to join our 401(k) plan.” When the participant clicks on the link, it takes her to a pre-filled screen that tells her what the default saving rate is and the default investments. If the employee is happy with the defaults, all she has to do is click the enroll button.

“We have seen a material increase in the number of people enrolling because of that,” Ready says.

See Original Post from Here.


Gladych, P.A. (2016, July 21). Automation making huge retirement plan impact [Web log post]. Retrieved from

Employers still not successfully communicating pensions auto-enrollment

By David Woods

Most employers (70%) are aware of pension reform changes but 68% of employees have little or no knowledge of automatic enrolment yet, according to a report from Aviva.

The survey found 43% of employees without a pension said they would remain in a scheme once they were automatically enrolled - but opt outs could be significant.

The challenge of getting Britain's workers saving for their retirement is highlighted in Aviva's first Working Lives Report, which reveals the daily struggle faced by employers and employees as they seek to balance business priorities against personal financial needs.

Surveying UK private sector employees and employers about their attitudes to saving in the workplace, the Working Lives research shows businesses, Government and the pensions industry across Britain have significant work to do in encouraging employees to start putting some of their hard-earned cash aside for their retirement.

Opt out rates from automatic enrolment are also potentially significant, with employers thinking that the typical percentage of employees opting out will be 33%, and a similar number (37%) of employees saying they may choose to leave. But 43% of employees currently without a pension said they would remain within the scheme once enrolled, and of those 8% said they would contribute more. Those that were undecided amounted to 21%.

Employees are most concerned (53%) about how their pay compares to the cost of living, while employers worry most about keeping up with the competition (58%). More than half (56%) of employees agree pensions are the best way to save for retirement but 55% of employees without one say they simply don't have the cash.

UK private sector employers (96%) surveyed said their employees were absolutely critical to the success of the business. And overall, UK employees seemed to be generally happy in their work - with 27% saying they really enjoy their work and 45% saying they quite enjoy their work.

But for both employers and employees - the issue of money is absolutely central to their workplace relationship. Over a third (39%) of employers said they were looking for ways to motivate their workers without 'unduly increasing remuneration' and 46% said they designed their pay and benefits packages carefully to control costs.

While employers recognized the contribution made by employees, their most immediate business concern was a commercial one - how to keep ahead of the competition (58%). However, the highest percentage of employees (53%) said that ensuring their pay kept up with the cost of living was their key workplace concern.

While pensions top the list (56%) as the best way people like to save for retirement, those actually saving into a workplace pension in the private sector right now remains relatively low at 35%. At the same time, the number of employees who say their employer offers a workplace pension (54%) is on the brink of radical change with the start of automatic enrolment.

Of those employees who are offered a workplace pension but neither they nor their employer contribute 55% say they don't have the spare cash to contribute to a pension, 28% say they need to repay debts and 20% say they need to pay for immediate family costs.

Broader workplace benefits are increasingly coming to the fore as employees seek help in bridging the cost of living gap. The top five benefits valued by employees (and which they are offered) are: annual bonus (36%), pension (16%), health insurance (15%), life insurance (14%), and non-financial benefits (14%), such as discounts on products, subsidized gym membership and crèche facilities.

Aviva's managing director of corporate benefits Graham Boffey said: "Aviva is a long-standing advocate of automatic enrolment, but we recognize that Britain's employers are facing the significant challenge of transforming the way they provide pensions and workplace benefits at a time of continuing economic uncertainty.

"When the first companies start to automatically enroll their employees in October this year, we can't expect an immediate step-change in how people save for their retirement - employers and the industry will need to make a long-term commitment to ensuring it's a success.

"Companies are increasingly going to need to find relevant and compelling ways to talk to their employees about their savings and benefits options. And as more people start to use the workplace for managing their money, practical planning tools and clear guidance will be essential.

"While the time, resources and commitment being called for from employers over the next few years should not be under-estimated, there are clear benefits for those who really understand what savings and benefits their employees value, and importantly, how best to discuss them in the workplace.

"Employers willing to put in the time and effort will find themselves in a win-win situation. Broader workplace savings and benefits are a cost-effective way of boosting employees' total packages beyond basic pay, and we know employees want additional and more relevant benefits that help them make the most of their money.

"While Working Lives shows some areas for concern, there are equally positive signs that employers and employees are willing to embrace this period of workplace change and in doing so they will help to re-invigorate Britain's savings culture."