Finance Archives | Page 2 of 12 | PlanPILOT - Retirement Plan Consultants

What Retirement Plan Sponsors Need to Know About Cybersecurity

Posted on November 5, 2025 by Editorial TeamLeave a comment

By Mark Olsen, Managing Director at PlanPILOT

While October is recognized as Cybersecurity Awareness Month, the topic deserves attention year-round. For retirement plan sponsors, creating and maintaining an incident response plan is a critical fiduciary responsibility. It involves developing procedures for handling breaches, learning from real-world examples, and training internal teams and committee members on cybersecurity awareness.

At PlanPILOT, we are all too aware of the havoc a cybersecurity breach can cause to operations and participant confidence. Implementing a sound and effective plan to combat cyberattacks and preserve sensitive participant and plan information can not only boost employee morale and confidence, but also demonstrate fiduciary responsibility as a plan sponsor.

Let’s take a look at how such a Cybersecurity Response Plan might be implemented.

Steps for Creating and Maintaining an Incident Response Plan

According to the Department of Labor (DOL) and cybersecurity experts, a robust incident response plan (IRP) follows these steps:

1. Preparation

Create a formal cybersecurity program: Document your policies and establish a clear plan. Require senior management and response teams to review and clearly understand these policies and procedures. Have the “manual” readily available for review and retrieval when requested in an audit.
Conduct risk assessments: Annually identify and address vulnerabilities in your IT systems, including those of third-party vendors. Work with IT consultants who have up-to-date knowledge of ever-changing cyber threats and breach techniques.
Establish an incident response team: Define roles, responsibilities, and authority levels for a dedicated team (also known as a Computer Security Incident Response Team, or CSIRT) that can act swiftly.
Identify and categorize incidents: Define what constitutes a cybersecurity incident for your organization based on severity and potential impact.
Define communication protocols: Create procedures for internal and external communication with stakeholders, including participants, regulators, and legal counsel. Some P&C insurers will require inclusion in communications if claims for breaches are part of covered risks.

2. Detection and analysis

Monitor systems: Use monitoring tools and alert systems to detect potential security incidents. Schedule and document regular testing of such systems.
Validate potential threats: Thoroughly investigate and confirm whether a detected event is a real security incident.

3. Containment, eradication, and recovery

Contain the breach: Implement response protocols to quickly isolate affected systems and limit the exposure of data.
Engage experts: Bring in cybersecurity and forensics professionals to help remediate the breach.
Remove the threat: Eradicate the root cause of the incident, such as malware or unauthorized access, and patch vulnerabilities.
Recover and restore: Restore systems from clean backups and resume normal operations as quickly as possible.

4. Post-incident activities

Conduct a blameless retrospective: Document the full incident timeline and analyze the effectiveness of the response.
Update the plan: Learn from the incident to improve the IRP and overall security posture. Revise the plan annually or after any significant organizational change.
Document and report: Create detailed incident reports for legal and regulatory purposes.

Examples of Breaches and Lessons Learned

Recent breaches targeting retirement plans and associated third-party vendors offer valuable lessons for plan sponsors.

JP Morgan Chase data breach (2024): A software flaw exposed the personal information of over 451,000 retirement plan participants for an extended period. JP Morgan Chase is not only one of the world’s largest banks, but also a financial powerhouse, subject to scrutiny and cybersecurity regulations in banking and securities trading.
- Lesson: Vulnerabilities in systems and third-party software can lead to data breaches even without a direct cyberattack. Regular, thorough security reviews of all software are essential.

MOVEit cyberattack (2023): Vulnerabilities in a third-party file transfer tool led to breaches at several public pension systems and major recordkeepers, affecting millions of individuals.
- Lesson: Third-party vendors are a major source of risk. Plan sponsors must conduct strict due diligence on all vendors and maintain robust security controls.

Account takeovers: Criminals are increasingly aware that retirement plans are a valuable target. They use stolen participant data to take out unapproved loans or redirect funds.
- Lesson: Encourage participants to use strong, unique passwords and multi-factor authentication. Plan sponsors should also invest in modern fraud surveillance systems.

Training Internal Teams and Committee Members

Effective training can significantly reduce the risk of a breach and improve a plan’s response. The training should be tailored to the audience and provided regularly.

Regular awareness training: Educate all staff on how to recognize phishing emails, social engineering tactics, and other common threats.
Phishing simulations: Conduct regular phishing tests to measure employee vulnerability and reinforce lessons learned from training.
Data handling protocols: Train employees on how to securely handle sensitive data, use corporate devices, and access plan information.
Breach action plan: Train teams on their specific roles within the incident response plan, including detection, containment, and notification procedures.
Best practices: Promote strong passwords, use of multi-factor authentication, and vigilance against suspicious communications.

For Retirement Plan Committee Members

Understand fiduciary duty: Train committee members on their fiduciary responsibility for protecting plan assets and participant data.
Address key risks: Educate the committee on the specific cybersecurity risks facing the plan, including third-party vendor risks and account takeovers.
Review and approve policies: Train committee members on how to evaluate and approve the plan’s cybersecurity policies and incident response procedures.
Discuss vendor controls: Review Service Organization Control (SOC) reports and other security audits from recordkeepers and other vendors.
Conduct tabletop exercises: Simulate a breach scenario with the committee to test the incident response plan and evaluate decision-making under pressure.

In today’s fast-changing world of technology, cybersecurity and guarding against attacks on company IT systems is not only critical to protecting company information and operations, but an essential part of robust fiduciary responsibilities for retirement plan sponsors.

Plan sponsors interested in upgrading or implementing a cybersecurity protection and response plan would be wise to work with qualified benefit consultants who can offer customized plan design tailored to company objectives and resources as well as a good match with participant goals and demographics.

Is Your Company Retirement Plan Protected Against Cyberattacks?

Are you ready to upgrade to a new standard for your benefit planning and company retirement plan? Reach out to us at (312) 973-4913 or send an email to mark.olsen@PlanPILOT.com to learn more about how we can customize our services and your plan to fit your unique needs.

About Mark

Mark Olsen is the managing director at PlanPILOT, an independent retirement plan consulting firm headquartered in Chicago. PlanPILOT delivers comprehensive retirement plan advisory services to 401(k), 403(b), and 457 plan sponsors. His specialties include plan governance, investment searches, investment monitoring, and plan oversight. Mark is recognized as a leader in the industry and speaks at national conferences, including those organized by Pensions & Investments, and CUPA-HR.

The Rise of Managed Accounts: Are They Right for Your Plan?

Posted on September 13, 2025 by Editorial TeamLeave a comment

By Mark Olsen, Managing Director at PlanPILOT

For many years, employer-sponsored defined contribution retirement plans have relied on target-date funds (TDFs) as a core investment option. In many cases, these funds also serve as the plan’s Qualified Default Investment Alternative (QDIA), the investment automatically assigned to new participants who have not selected their own holdings.

For employers who sponsor defined contribution retirement plans for their employees, TDFs offer numerous advantages to both the company and the employee participants. These include:

Simplicity in choice and application: Target-date funds offer a simple, understandable, and automated choice for participants. Since the allocation is age or retirement-based, the funds are designed to adjust to lower risk over time in tandem as the participant approaches their designated retirement age. TDF investment and their popularity have grown over the years and have helped to increase plan participation.
A prudent QDIA holding: As the default choice for new participants, TDFs have helped millions of participants get started with saving for retirement, helping these employees overcome investing anxiety and decision paralysis. For employers, TDFs are viewed favorably by regulators when assessing a plan sponsor’s prudence and oversight.

The Rise of Managed Accounts

While TDFs remain overwhelmingly popular, demand has grown for more personalized options that include greater asset and sector diversification, customization, and the ability to incorporate more individualized data points than the rather limited scope of a selected retirement timeline.

Managed accounts are portfolios supervised by professional investment managers who direct the asset allocation based not only on retirement age, but also other material financial factors (such as expected pension income or other assets) that target-date funds don’t consider.

One potential fatal flaw of target-date funds is the one-size-fits-all approach that fails to consider relevant investment criteria like the participant’s risk tolerance or investment experience. With managed accounts, portfolios may be tailored to account for these variables among participants, as well as whether accounts are sufficiently large enough to prudently accommodate wider diversification and alternative assets.

In essence, including managed accounts in a plan may allow for similar types of personalized investment advice that may be found with traditional financial advisors but in a more scalable and cost-efficient manner. Depending upon the composition of the participant demographic (for example, a high percentage of higher-balance accounts with older, experienced employees with more complex personal financial situations), managed accounts may serve as a favorable option for those seeking a more sophisticated solution to achieving their retirement savings objectives.

Pros of Managed Accounts

In addition to the ability to develop a highly personalized strategy, managed accounts offer several other advantages:

Comprehensive advice: Plans may include an advice component that allows participants to interact with a financial advisor, something still highly desired among older participants. This feature can help to alleviate investor anxiety and emotionally based investment decisions, as well as provide clarity and objectivity.
Flexible investment management: Today’s investors are well aware of the many alternatives to traditional stocks and bonds and increasing their interest and further participation may require the ability to diversify their investments with such alternatives. In addition, the ability to periodically rebalance or adjust allocations based on market conditions may also be desirable features.

Cons of Managed Accounts

Managed accounts do come with drawbacks, however, that ought to be considered in plan design or upgrades:

Higher cost: Of course, with more features and services comes greater expense, especially for those with higher account balances if fees are percentage-based.
Participant engagement: One feature of TDFs is the general “hands-off” nature of the investment. Managed accounts, on the other hand, require the participant to, well, participate, by providing additional personal financial information, preferences, and objectives, etc., to fully realize the benefit. Many could fail to do so.
Increased plan sponsor fiduciary responsibility: Increased fees and complexity means employer sponsors need to exercise thoughtful care, due diligence, and document decision-making when implementing a managed account feature within their plan. Doing so could help avoid future adverse issues with regulators, auditors, and dissatisfied participants.

In summary, even if implemented as a hybrid solution with TDFs, managed accounts offer a flexible alternative investment solution for those participants desiring a more sophisticated, personalized approach to retirement savings and investment within their employer-sponsored plan.

Plan sponsors interested in upgrading their plan or implementing a new one would be wise to work with qualified benefit consultants who can offer customized plan design tailored to company objectives and resources as well as a good match with participant goals and demographics.

Are You Maximizing the Potential and Cost Efficiency of Your Benefits Program? Talk With Us.

About Mark

Selecting Plan Features That Appeal to Younger Employees

Posted on August 12, 2025 by Editorial TeamLeave a comment

By Mark Olsen, Managing Director at PlanPILOT

There’s little doubt that company culture and workplace benefits are undergoing a profound evolution today. As younger generations become a greater part of the workforce, companies will need to adjust and adapt their benefit programs to their needs if they want to retain young talent.

One area that PlanPILOT first examines for clients in this regard is the company-sponsored retirement savings plan. Younger workers may feel more pressure to depend upon their own savings and investments to secure a financial future instead of Social Security. In addition, many features may be added that address their own particular needs (such as paying down student loan debt) and their values (such as socially-based investments).

Here are recommendations that may appeal to younger workers.

Make Saving for Retirement Easier

While younger workers may be quicker with technology and have a head start on investing than their parents did at the same age, they still may need assistance in getting started and navigating the ever-changing investment world. Consider implementing these tools:

Auto-enrollment: Even small payroll deferrals can help get a retirement account started and build confidence that regular contributions and compounding can work. Get younger eligible workers started, especially if you can also provide a matching contribution.
Matching contributions: Don’t be stingy with the employer match. A 6% salary matching contribution sounds a whole lot better than 3%, even to a younger person.
Financial wellness and investing education: Help younger workers make sense of a changing investment world with interactive web-based educational tutorials, webinars and videos. Bring in financial experts who can not only discuss investing, but other relevant topics, such as debt management or a first home purchase.
Implement student loan match programs: Younger workers face a dilemma in whether to contribute to their retirement accounts or pay down student loans and forgo the employer match. To make the choice easier, the SECURE Act 2.0 allows for employers to make matching contributions based upon the worker’s student loan repayments instead of payroll deferrals to their retirement account. The worker gets the best of both choices.

Enhance the Plan’s Investment Menu

Limited choices of fee-heavy insurance-based mutual funds are financial dinosaurs in the retirement plan space. Make sure your plan offers modern features to attract young workers’ attention.

Offer a Roth Option: Younger workers may not need the annual income tax deduction as much as they want tax-free retirement resources. Include a Roth 401(k) feature to allow this choice. SECURE 2.0 also allows employees to designate their employer match and nonelective contributions to a Roth contribution within their account.
Include index-based investments: Actively managed mutual funds are still the predominant type of investment holdings within retirement plans, but low-expense index-based funds and “exchange-traded funds” (ETFs) are growing in popularity. Younger workers are well aware of these advantages and may prefer index funds.
Consider adding socially responsible investment choices: Today’s younger generation may be more socially and environmentally aware and want their investments to reflect their values. Environmental, social, and governance (ESG) investments consider factors such as environmental and societal impact when choosing holdings—something younger people consider important.
Increase the “menu” of investment choices: A major complaint about older plans is the limited choice of investment options, particularly in the fixed-income space. Make sure your plan includes a reasonable variety, perhaps with some alternative asset classes that may help with diversification objectives.
Include target-date retirement funds: Target-date funds (especially as a default investment choice) allow a one-choice solution for those inexperienced with investing and may reduce enrollment anxiety. These funds provide wide diversification and a time horizon-based allocation that adjusts to a more balanced or conservative selection as the participant gets closer to their anticipated retirement age.

Implement Technology Tools and Features

Today’s younger workers live in a technology-based world. It’s how they communicate with each other and organize their lives, particularly through their smartphone. Any aspect that cannot be accessed or managed via their phone will be a hindrance to them.

Your retirement plan should be tech-friendly: Plan features need to include an “app” for quick retrieval with a thumb press and access via a user/password app as well.
Easy to find and read statements or change investment choices: As Steve Jobs demanded with his 3-click rule for Apple products, make sure participants can find what they want in their account easily.
Include video tutorials or education materials: Younger participants embrace TikTok not only for entertainment, but to access and share information. Capitalize on this by including instructional or other types of videos to disseminate information or help them learn how to best utilize their retirement plan benefits.

In conclusion, by understanding the needs and preferences among younger workers, employers can demonstrate their commitment to their satisfaction by offering relevant features and enhancements to encourage retirement plan participation and retain young talent. Plan sponsors can also help fulfill their fiduciary obligation for proper oversight and management of their retirement plan and be confident they’re not missing important deficiencies that could hamper their plan’s effectiveness with their young workers.

We Can Analyze Your Plan and Improve It

About Mark

Evaluating Plan Success: Metrics and KPIs for Plan Sponsors

Posted on July 16, 2025 by Editorial TeamLeave a comment

By Mark Olsen, Managing Director at PlanPILOT

Business owners who actively measure and analyze their business are known to use KPIs (key performance indicators) to evaluate the efficiency and effectiveness of their operations. In a similar vein, plan sponsors of all types would be wise to also use KPIs to evaluate whether their retirement plans are truly providing participants with the tools, features, and means to fully utilize the plan in pursuing retirement success.

One of the core services we provide at PlanPILOT is assessing retirement plans to align with plan sponsor objectives and to help maximize the return on investment for the sponsor. In this endeavor, we utilize many types of KPIs to understand and measure the health of retirement plans, find potential gaps, and develop recommendations for upgrades or a plan redesign.

What Are Key Performance Indicators?

Key performance indicators are a collection of data points that provide a consistent method for measuring, analyzing, and monitoring the well-being of a program; in this case, a company or retirement plan. In the business world, KPIs normally measure data obtained in marketing programs, distribution operations, point-of-sale initiatives, and human resources procedures.

With the data, especially when collecting meaningful data and over time, experienced analysts can measure the results of a specific program or initiative to determine whether the results suggest success or ineffectiveness. Using KPIs and data metrics in a retirement plan may differ from a business, but are just as important to achieve successful outcomes. Let’s look at four of these critical areas.

Plan Participation

Unlike in the movie Field of Dreams, “…if you build it, he (they) will come” doesn’t always work with retirement plans. Just having a plan isn’t enough; whether and how many of the eligible employees are fully participating is the crucial question. Within this KPI, here are some data points that can indicate participation effectiveness or problems:

Participation rate: Measures the percentage of eligible employees in the plan.
Deferral rate: How much of their compensation are participants deferring to their plan account.
Demographic participation: Breaks down participation by age, demographic group, and length of employment; gaps in certain areas may indicate a need for greater education or communication.
Employer contributions: How much the plan sponsor is contributing in match and profit-sharing and whether this benefit is being maximized by participants.

Financial Health

Assessing the financial health of a plan is important, both for the longevity of the program and for it to meet both the employer’s and participants’ objectives.

Plan expenses: Is the plan cost effective? Are administrative or operating expenses excessive or in line with industry standards, relative to the benefits provided? Here is a study on how a plan sponsor may address fees within their plan.
Return on investment: Is the plan sponsor realizing a good ROI per employee or participant? This data metric should look to demonstrate how the plan and its benefits are helping in employee satisfaction, retention, productivity, and other objectives.
Investment performance: Relative to any given market environment, are the plan investments performing compared to reasonable benchmarks and are there better choices available?
Average account balance: Given parameters such as compensation, deferral rates, and tenure in the plan, how do the average account balances measure up?
Loans and withdrawals: Measures whether participant loans or pre-retirement withdrawals (hardship or otherwise) are detracting from plan effectiveness in meeting retirement readiness goals.

Participant Behavior

Investment behavior and asset allocation: Measures how participants are managing their accounts, including the use of target-date funds and whether accounts are properly diversified.
Participant satisfaction: Gauges whether participants are satisfied with the plan benefits and its effectiveness in helping their retirement readiness.
Employee contribution rate: Data that indicates whether participants understand how to maximize contribution limits, employer match, and if they are doing so.
Rate of return: Given levels of risk tolerance, are participants achieving a satisfactory long-term rate of return on their plan account and investments?
Participant retirement readiness: Analyzes whether employees are on track to meeting their prescribed retirement goals.

Other Important Metrics

There are other areas where the success of a retirement plan may be enhanced or improved.

Administration efficiency: Measures how well the plan is administered; as an example, here is a PlanPILOT case study that focuses on this aspect.
Retirement claims processing: Measures the amount of distribution requests over a time period and how efficiently these requests are processed.
New plan options or benefits: Analyzes the implementation of new features to the plan and how well or quickly participants add these upgrades to their accounts.
Replacement ratio: Assesses the percentage of pre-retirement income that is replaced by actual retirement income.

In summary, by understanding, collecting, and analyzing relevant performance indicators on a regular basis, plan sponsors can help fulfill their fiduciary obligation for proper oversight and management of their retirement plan and be confident they’re not missing important deficiencies that could hamper their plan’s effectiveness.

We Can Analyze Your Plan and Improve It

About Mark

How Economic Uncertainty Impacts Retirement Plan Participation and Savings

Posted on June 13, 2025 by Editorial TeamLeave a comment

By Mark Olsen, Managing Director at PlanPILOT

Economic uncertainty (such as we’re feeling today throughout the country) has a pervasive effect not only on business in general, but on the behavior and participation of employees enrolled in their company’s retirement savings plan. As an example, in a study released in the Journal of Pension Economics and Finance, researchers estimated that changes in behavior of a young participant during the Great Recession of 2008 could potentially decrease their retirement account value by as much as 8% by age 62.

At PlanPILOT, our experience shows that plan sponsors who are aware of these headwinds to effective retirement savings can prepare ahead of time to lessen the effect on employee participation. Better plan design, enhanced features, and thorough monitoring can all help lower impacts on participants.

Let’s take a look at the various ways economic downturns affect participant behavior.

Changes in Participant Contributions

Not surprisingly, economic downturns and recessions trigger uncertainty and reflexive defensive financial behavior in most consumers, especially those who heavily depend upon a weekly paycheck to meet their living expenses. The daily avalanche of media exposure and economic commentary that may suggest or forecast economic troubles only fan the flames of this uncertainty and instinctual fear among employees.

As a result, just as consumers naturally reduce spending, participants may be inclined to reduce current contributions if they fear they could have their work hours reduced, lose their job, or rising consumer prices may impact their ability to pay their monthly bills. This could incline participants to reduce their regular contributions, both to increase emergency savings and as a behavioral reaction to perceived (or real) threats to basic economic survival.

In addition, not only might eligible employees decline to enroll in the retirement plan during recessionary periods (despite attractive benefits, such as the employer matching contribution), those that do may be reluctant to choose a meaningful contribution rate during recessionary or other difficult periods, due to anxiety over committing too much of their paycheck at the time.

Impact on Employee Management of Their Account

Recessions and other economic declines often catch the consumer by surprise. These periods typically follow surges in consumer spending, heightened credit card and other consumer debt balances, and looser lending practices. As a result, when money becomes tight at home, participants can find themselves in a financial pinch in managing their debt payments and living expenses. This often leads to participant inquiries about loans from their retirement plan and hardship withdrawals.

Since such distributions lower the invested balances of the participants’ account, the net effect is a loss of compounding accumulation and lower probability of the participant meeting their retirement objectives. Participants sometimes justify their withdrawals and loans by rationalizing they will make it up later, but this seldom occurs, due to the same behavior impediments that often interfere with getting employees to enroll in the first place.

Unfortunately, loans and hardship distributions also occur during troughs in the market cycle, when account values have declined. Withdrawals at this inopportune time therefore have a greater impact on future wealth accumulation, since it may take several years of future growth to make up what has been lost by the distribution.

Loss in Account Value Affects Behavior Too

Since defined-contribution retirement plans (e.g., 401(k) or 403(b)) have participant savings and contributions invested in the financial markets (via exchanged traded funds or mutual funds), market pullbacks and volatility can have a significant effect on participant behavior as well.

A declining stock market can cause participants to either revise their contribution amounts (thinking they are contributing to a losing effort) or to reallocate their current holdings to a more conservative portfolio mix (potentially at an unfavorable time to do so). This reactionary behavior can be detrimental to long-term investment returns and retirement goals.

How Plan Sponsors Can Provide Support

There are many ways a plan sponsor can support participants when economic turbulence occurs. Many of these strategies are not difficult to implement and could go a long way in boosting employee morale and enthusiasm for the plan itself and in the workplace.

Communication: Communicate with employees. Let them know management is well aware of the difficulties everyone is facing in a down economy. Summarize steps the company is taking to assist and support the workforce. Outline new initiatives, features to benefit plans, and resources provided by the company.
Emphasize educational programs: Whether existing programs or new ones to be added, alert and promote educational workshops, webinars, and other information that could help participants with their financial issues and solutions that may be available.
Upgrade or implement retirement income planning resources: These programs may help employees understand “how the numbers work” and the possible outcomes before making crucial financial decisions (such as adjusting account allocations or contribution amounts).
Provide counseling: Many times, employees are not experienced with financial matters to make sound decisions or need qualified expertise with money matters. Provide company-paid debt counselors or financial professionals to meet with participants and answer questions or provide guidance.
Upgrade retirement account resources to include features to help with concerns or anxiety in difficult market conditions: These could include rebalancing functions, auto-rebalancing, target-date default investment choices, as well as specific articles that address how to approach and navigate through a down market period.
Review the retirement plan provisions: Are the hardship withdrawal and account loan procedures clear and understandable? Should there be more flexibility or choice for the investment options? Does the plan need an upgrade to reflect current laws and rules or to implement better features and resources?

Some or all of these initiatives can demonstrate the plan sponsor’s commitment to the company’s workforce and participants and foster goodwill and a more positive work environment during difficult periods.

Utilize Expertise to Design an Effective Plan or Improve It

PlanPILOT is uniquely positioned to help employers customize and design retirement benefit plans that meet your needs and objectives. Our mission is to deliver comprehensive advisory services that help plan sponsors meet and exceed their fiduciary responsibilities by providing the proper risk management solutions and independent advice they need and deserve.

Are you ready to upgrade to a new standard for your benefit planning? Reach out to me at (312) 973-4913 or send an email to mark.olsen@PlanPILOT.com to learn more about how we can customize our services and your plan to fit your unique needs.

M	T	W	T	F	S	S
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30