The Retirement Readiness Gap: How Plan Sponsors Can Respond

The Retirement Readiness Gap: How Plan Sponsors Can Respond

Posted on by Editorial TeamLeave a comment

By Mark Olsen, Managing Director at PlanPILOT

As a plan sponsor for your company’s retirement plan, your role in helping your employees achieve their retirement goals may be more involved than you may think. Even though you’re likely acting responsibly, managing the mechanics of the plan and meeting fiduciary obligations, you have the opportunity to help your participants meet lifelong objectives that could significantly impact their retirement futures. One of the most valuable gifts you can offer is the ability for participants to retire on time, with financial stability and dignity. 

At PlanPILOT, we believe that providing more than just the basics in a company retirement plan not only helps with employee retention and job satisfaction, but also provides an opportunity to make an impact on the lives of employees and their families. 

To help employees close their retirement savings gap, plan sponsors can adopt several actionable strategies, including optimizing plan design, improving financial wellness offerings, and simplifying the retirement planning experience. Leveraging behavioral science can significantly boost participation and contribution rates. Let’s see how these could be implemented.

Optimize Plan Design Using Automation

  • Implement automatic enrollment and escalation: Automatically enroll new employees in the retirement plan at a default contribution rate and gradually increase their contributions over time. If desired, employees may opt-out or adjust their contributions, but this ‘gentle introduction’ may help get them started.
  • Improve investment defaults: Default employees into well-designed, diversified investments like low-cost target-date funds (TDFs). These automatically adjust asset allocation as a participant ages, making investing simple.
  • Offer both Roth and traditional 401(k) options: Give employees the flexibility to choose their tax advantage. Roth contributions are made with after-tax dollars, and qualified withdrawals in retirement are tax-free, while traditional defined contribution plans offer a tax break today. Today’s younger participants are more inclined to save in after-tax Roth accounts than traditional tax-deductible ones.
  • Facilitate higher catch-up contributions: Inform and educate older employees about the SECURE 2.0 rules, which provide higher catch-up contribution limits for those ages 50 and over. (Note that “catch-up” contributions must be made into after-tax Roth 401(k) or 403(b) accounts starting in 2026 for higher-paid older employees. Be sure to add this aspect to your plan to help your older participants save more).

Enhance Financial Wellness and Education

  • Provide financial coaching: Offer employees one-on-one sessions with financial advisors or coaches to discuss personal finances, including budgeting, debt management, and retirement goals. Personalized advice addresses individual needs and can result in tangible actions.
  • Promote emergency savings options: Employees with high-interest debt or low emergency savings often feel they cannot afford to save for retirement. Offering a workplace emergency savings account (ESA) can help reduce financial stress and improve long-term retirement savings.
  • Implement student loan matching: Under SECURE 2.0, employers can “match” an employee’s student loan payments with contributions to their retirement plan. This can help alleviate high debt loads, especially for younger employees, without sacrificing retirement savings. Student loan debt remains an issue for many younger workers.
  • Use visual and interactive tools: Provide online calculators and tools that allow employees to model various savings scenarios. Seeing the potential impact of small contribution increases can motivate them to save more. 

Improve Communication and Engagement

  • Provide personalized statements and reports: Instead of generic mailers, provide personalized reports to employees showing their estimated monthly retirement income and how they compare to peers.
  • Simplify plan communication: Use clear, simple language to communicate plan benefits. Overly complex or jargon-filled information can overwhelm employees and discourage participation.
  • Leverage social proof: Use peer comparisons to motivate employees. For example, a statement can show how an employee’s savings rate compares to the average for their team or age group.
  • Promote a culture of financial wellness: Position retirement benefits as a vital part of overall financial wellness. Emphasize that the company is invested in its employees’ long-term financial stability to increase loyalty and engagement. 

Enhance Retirement Income Solutions

  • Offer in-plan income solutions: Provide options within the retirement plan for converting savings into a reliable income stream during retirement. This can include annuities, managed payout funds, or customized managed accounts that offer both growth potential and stability.
  • Consolidate accounts with auto-portability: This is especially helpful for younger employees who change jobs frequently. Auto-portability can automatically transfer an employee’s small-balance retirement account to a new employer’s plan, preventing lost or forgotten savings. 

In summary, implementing even a few of these strategies can inspire and motivate employees to have confidence in saving for their future. Inspired employees who also have confidence their employer is doing its best to help can improve employee morale, productivity, and deliver ancillary benefits to everyone.

Are Your Participants Behind Saving for Retirement?

Are you ready to upgrade to a new standard for your benefit planning and company retirement plan to help your employees meet their retirement goals? 

At PlanPILOT, we’re creating the standard for client experience. Independent and impartial by design, we apply our skill to every facet of plan development and implementation to help you enjoy meaningful results. Our client partnerships are built on trust, communication, and responsibility—cornerstones of a healthy, prosperous relationship. We’re committed to providing unbiased guidance, informed innovation, and an integrated approach tailored to your unique objectives.

Our team of seasoned professionals upholds the highest professional standards, so every strategy we recommend supports both your organization and the participants who depend on it.

Reach out to us at (312) 973-4913 or send an email to mark.olsen@PlanPILOT.com to learn more about how we can customize our services and your plan to fit your unique needs.

About Mark

Mark Olsen is the managing director at PlanPILOT, an independent retirement plan consulting firm headquartered in Chicago. PlanPILOT delivers comprehensive retirement plan advisory services to 401(k), 403(b), and 457 plan sponsors. His specialties include plan governance, investment searches, investment monitoring, and plan oversight. Mark is recognized as a leader in the industry and speaks at national conferences, including those organized by Pensions & Investments, and CUPA-HR.

What Retirement Plan Sponsors Need to Know About Cybersecurity

What Retirement Plan Sponsors Need to Know About Cybersecurity

Posted on by Editorial TeamLeave a comment

By Mark Olsen, Managing Director at PlanPILOT

While October is recognized as Cybersecurity Awareness Month, the topic deserves attention year-round. For retirement plan sponsors, creating and maintaining an incident response plan is a critical fiduciary responsibility. It involves developing procedures for handling breaches, learning from real-world examples, and training internal teams and committee members on cybersecurity awareness. 

At PlanPILOT, we are all too aware of the havoc a cybersecurity breach can cause to operations and participant confidence. Implementing a sound and effective plan to combat cyberattacks and preserve sensitive participant and plan information can not only boost employee morale and confidence, but also demonstrate fiduciary responsibility as a plan sponsor.

Let’s take a look at how such a Cybersecurity Response Plan might be implemented.

Steps for Creating and Maintaining an Incident Response Plan

According to the Department of Labor (DOL) and cybersecurity experts, a robust incident response plan (IRP) follows these steps: 

1. Preparation

  • Create a formal cybersecurity program: Document your policies and establish a clear plan. Require senior management and response teams to review and clearly understand these policies and procedures. Have the “manual” readily available for review and retrieval when requested in an audit.
  • Conduct risk assessments: Annually identify and address vulnerabilities in your IT systems, including those of third-party vendors. Work with IT consultants who have up-to-date knowledge of ever-changing cyber threats and breach techniques.
  • Establish an incident response team: Define roles, responsibilities, and authority levels for a dedicated team (also known as a Computer Security Incident Response Team, or CSIRT) that can act swiftly.
  • Identify and categorize incidents: Define what constitutes a cybersecurity incident for your organization based on severity and potential impact.
  • Define communication protocols: Create procedures for internal and external communication with stakeholders, including participants, regulators, and legal counsel. Some P&C insurers will require inclusion in communications if claims for breaches are part of covered risks. 

2. Detection and analysis

  • Monitor systems: Use monitoring tools and alert systems to detect potential security incidents. Schedule and document regular testing of such systems.
  • Validate potential threats: Thoroughly investigate and confirm whether a detected event is a real security incident. 

3. Containment, eradication, and recovery

  • Contain the breach: Implement response protocols to quickly isolate affected systems and limit the exposure of data.
  • Engage experts: Bring in cybersecurity and forensics professionals to help remediate the breach.
  • Remove the threat: Eradicate the root cause of the incident, such as malware or unauthorized access, and patch vulnerabilities.
  • Recover and restore: Restore systems from clean backups and resume normal operations as quickly as possible.

4. Post-incident activities

  • Conduct a blameless retrospective: Document the full incident timeline and analyze the effectiveness of the response.
  • Update the plan: Learn from the incident to improve the IRP and overall security posture. Revise the plan annually or after any significant organizational change.
  • Document and report: Create detailed incident reports for legal and regulatory purposes.

Examples of Breaches and Lessons Learned

Recent breaches targeting retirement plans and associated third-party vendors offer valuable lessons for plan sponsors. 

  • JP Morgan Chase data breach (2024): A software flaw exposed the personal information of over 451,000 retirement plan participants for an extended period. JP Morgan Chase is not only one of the world’s largest banks, but also a financial powerhouse, subject to scrutiny and cybersecurity regulations in banking and securities trading.
    • Lesson: Vulnerabilities in systems and third-party software can lead to data breaches even without a direct cyberattack. Regular, thorough security reviews of all software are essential.
  • MOVEit cyberattack (2023): Vulnerabilities in a third-party file transfer tool led to breaches at several public pension systems and major recordkeepers, affecting millions of individuals.
    • Lesson: Third-party vendors are a major source of risk. Plan sponsors must conduct strict due diligence on all vendors and maintain robust security controls.
  • Account takeovers: Criminals are increasingly aware that retirement plans are a valuable target. They use stolen participant data to take out unapproved loans or redirect funds.
    • Lesson: Encourage participants to use strong, unique passwords and multi-factor authentication. Plan sponsors should also invest in modern fraud surveillance systems. 

Training Internal Teams and Committee Members

Effective training can significantly reduce the risk of a breach and improve a plan’s response. The training should be tailored to the audience and provided regularly. 

  • Regular awareness training: Educate all staff on how to recognize phishing emails, social engineering tactics, and other common threats.
  • Phishing simulations: Conduct regular phishing tests to measure employee vulnerability and reinforce lessons learned from training.
  • Data handling protocols: Train employees on how to securely handle sensitive data, use corporate devices, and access plan information.
  • Breach action plan: Train teams on their specific roles within the incident response plan, including detection, containment, and notification procedures.
  • Best practices: Promote strong passwords, use of multi-factor authentication, and vigilance against suspicious communications. 

For Retirement Plan Committee Members

  • Understand fiduciary duty: Train committee members on their fiduciary responsibility for protecting plan assets and participant data.
  • Address key risks: Educate the committee on the specific cybersecurity risks facing the plan, including third-party vendor risks and account takeovers.
  • Review and approve policies: Train committee members on how to evaluate and approve the plan’s cybersecurity policies and incident response procedures.
  • Discuss vendor controls: Review Service Organization Control (SOC) reports and other security audits from recordkeepers and other vendors.
  • Conduct tabletop exercises: Simulate a breach scenario with the committee to test the incident response plan and evaluate decision-making under pressure. 

In today’s fast-changing world of technology, cybersecurity and guarding against attacks on company IT systems is not only critical to protecting company information and operations, but an essential part of robust fiduciary responsibilities for retirement plan sponsors.

Plan sponsors interested in upgrading or implementing a cybersecurity protection and response plan would be wise to work with qualified benefit consultants who can offer customized plan design tailored to company objectives and resources as well as a good match with participant goals and demographics.

Is Your Company Retirement Plan Protected Against Cyberattacks?

Are you ready to upgrade to a new standard for your benefit planning and company retirement plan? Reach out to us at (312) 973-4913 or send an email to mark.olsen@PlanPILOT.com to learn more about how we can customize our services and your plan to fit your unique needs.

About Mark

Mark Olsen is the managing director at PlanPILOT, an independent retirement plan consulting firm headquartered in Chicago. PlanPILOT delivers comprehensive retirement plan advisory services to 401(k), 403(b), and 457 plan sponsors. His specialties include plan governance, investment searches, investment monitoring, and plan oversight. Mark is recognized as a leader in the industry and speaks at national conferences, including those organized by Pensions & Investments, and CUPA-HR.