Business Signals

US Department of Labor intensifies focus on cybersecurity and risky investments in employee benefit plans

Monday, 4 May 2026 5:31AM UTC

The US Department of Labor is sharpening its enforcement efforts on cybersecurity and investment risks within employee benefit plans, aiming to address profit-driven misconduct and protect participants' interests amid growing compliance concerns.

The U.S. Department of Labor is sharpening its scrutiny of employee benefit plans at a time when EBSA says it is concentrating resources on issues with the greatest impact on participants’ savings, health coverage and claims. In a recent field assistance bulletin, the agency said it wants to avoid cases that simply second-guess prudent process, while devoting more attention to conduct that produces direct harm, bad-faith administration or clear conflicts of interest.

That framework helps explain why cybersecurity has become a formal enforcement priority. EBSA has warned for years about the risks cyberattacks pose to benefit plans and their service providers, and investigators are now expected to examine whether fiduciaries have put in place written safeguards, incident-detection procedures and other protections for sensitive data. Where breaches lead to financial loss, the department has indicated it will look closely at whether participants are made whole.

Retirement plan investment oversight remains another major target. Under the department’s Retirement Asset Management project, EBSA is focusing on how fiduciaries select, monitor and retain advisers and managers, with particular attention to conflicts, excessive charges, hidden compensation and imprudent investment decisions. The agency is also paying close attention to how plan committees and sponsors vet third parties, and to whether disclosures and due diligence are robust enough to surface improper arrangements.

Within that broader investment review, underfunded defined benefit plans are drawing fresh attention. The department has said participants in such plans face a heightened risk of reduced or lost benefits, and its reviews are reportedly aimed at risky strategies and portfolio-wide vulnerabilities rather than isolated mistakes. A separate 404(c) Enforcement Project is also examining whether sponsors follow a sound process when choosing and monitoring participant-directed investment menus, especially in midsize plans that may have fewer internal resources.

The department continues to treat missing benefits and contribution failures as core enforcement issues. Its Terminated Vested Participants project expands on long-running missing participant reviews by testing whether plans keep accurate census records, search for former workers, send required notices and deal promptly with uncashed checks. At the same time, EBSA regularly audits whether employee deferrals and loan repayments are deposited on time, since those amounts are treated as plan assets once they can reasonably be separated from the employer’s general funds.

Health plan enforcement has also expanded sharply in recent years. According to EBSA, the agency’s work is now heavily focused on mental health parity compliance, No Surprises Act violations and emergency-care protections, alongside the continuing review of claims handling and required disclosures. The Consolidated Appropriations Act of 2021 gave the department additional tools and funding in this area, reinforcing an enforcement strategy that reaches well beyond retirement plans.

Even where issues are not branded as official priorities, they are still likely to draw attention in an investigation. EBSA routinely checks whether plans maintain required documents, issue mandated disclosures and hold the bond required under ERISA. It also examines claims and appeals procedures to ensure plans follow both their own terms and the department’s timing and notice rules. In more serious cases, document failures can become part of a broader fiduciary breach theory rather than a simple compliance correction.

One notable change is the department’s decision to drop employee stock ownership plan reviews from its official priority list for 2026, despite decades of focus on valuation, voting rights and stock-sale protections. Whether that signals a real retreat or only a reduced emphasis remains unclear. What is clear is that EBSA still wants to prioritise the worst conduct, especially cases involving self-enrichment, misappropriation or deliberate harm. For plan sponsors and fiduciaries, the practical lesson is straightforward: the strongest defence is a compliance programme that identifies and fixes these problem areas before investigators arrive.

Source Reference Map

Inspired by headline at: ^[1]

Sources by paragraph:

Paragraph 1: ^[2], ^[6]
Paragraph 2: ^[2], ^[4]
Paragraph 3: ^[2], ^[6], ^[7]
Paragraph 4: ^[1], ^[6], ^[7]
Paragraph 5: ^[2], ^[5], ^[6]
Paragraph 6: ^[3], ^[4], ^[5]
Paragraph 7: ^[1], ^[2], ^[5], ^[6]

Source: Noah Wire Services

More on this

https://www.plansponsor.com/dol-erisa-enforcement-10-areas-of-current-focus/?utm_source=rss-feed&utm_medium=news&utm_campaign=feed - Please view link - unable to able to access data
https://www.dol.gov/agencies/ebsa/about-ebsa/our-activities/enforcement - The U.S. Department of Labor's Employee Benefits Security Administration (EBSA) is responsible for enforcing the Employee Retirement Income Security Act (ERISA). EBSA's enforcement activities include investigating potential violations, promoting voluntary compliance, and taking corrective actions when necessary. The agency focuses on protecting plan assets and participants' benefits through various initiatives, such as the Employee Contributions Initiative, which addresses delinquent employee contributions, and the Employee Stock Ownership Plan (ESOP) project, which ensures compliance in ESOPs. EBSA also oversees the Voluntary Fiduciary Correction Program (VFCP) to help plan fiduciaries correct certain violations.
https://www.dol.gov/agencies/sol/divisions/plan-benefits-security - The Plan Benefits Security Division (PBS) within the U.S. Department of Labor safeguards the rights of workers and retirees to their pension, health, and other employment-related benefits under ERISA. PBS enforces ERISA through federal district court litigation, appellate and amicus curiae litigation, and provides advice on statutory changes, regulations, and interpretations of ERISA issued by the Secretary of Labor. The division's efforts cover a wide range of ERISA issues, including fiduciary responsibilities, reporting and disclosure requirements, and compliance with plan standards.
https://www.dol.gov/agencies/ebsa/about-ebsa/our-activities/enforcement/enforcement-alerts - The U.S. Department of Labor's Employee Benefits Security Administration (EBSA) issues Enforcement Alerts to inform the public about potential violations of the Employee Retirement Income Security Act (ERISA). These alerts highlight specific issues, such as mismanaged healthcare arrangements, and provide guidance on compliance. EBSA's enforcement activities aim to protect plan assets and participants' benefits by addressing violations and promoting voluntary compliance. The agency's efforts include investigating potential violations, taking corrective actions, and issuing alerts to raise awareness about common issues in employee benefit plans.
https://www.dol.gov/agencies/ebsa/about-ebsa/our-activities/enforcement/enforcement-accomplishments - The U.S. Department of Labor's Employee Benefits Security Administration (EBSA) reports on its enforcement accomplishments to demonstrate its commitment to protecting plan assets and participants' benefits under the Employee Retirement Income Security Act (ERISA). These accomplishments include recovering plan assets, ensuring proper claims processing, and promoting voluntary compliance. EBSA's enforcement activities cover various areas, such as fiduciary responsibilities, reporting and disclosure requirements, and compliance with plan standards. The agency's efforts aim to address violations and promote transparency and consistency in the enforcement of ERISA.
https://www.dol.gov/agencies/ebsa/about-ebsa/our-activities/enforcement/enforcement-priorities - The U.S. Department of Labor's Employee Benefits Security Administration (EBSA) outlines its enforcement priorities to focus resources on areas with the greatest impact on protecting plan assets and participants' benefits under the Employee Retirement Income Security Act (ERISA). These priorities include addressing delinquent employee contributions, ensuring compliance with reporting and disclosure requirements, and overseeing the Voluntary Fiduciary Correction Program (VFCP). EBSA's enforcement activities aim to promote voluntary compliance and take corrective actions when necessary to safeguard the interests of plan participants and beneficiaries.
https://www.dol.gov/agencies/ebsa/about-ebsa/our-activities/enforcement/enforcement-initiatives - The U.S. Department of Labor's Employee Benefits Security Administration (EBSA) conducts various enforcement initiatives to ensure compliance with the Employee Retirement Income Security Act (ERISA). These initiatives include the Employee Contributions Initiative, which addresses delinquent employee contributions, and the Employee Stock Ownership Plan (ESOP) project, which ensures compliance in ESOPs. EBSA also oversees the Voluntary Fiduciary Correction Program (VFCP) to help plan fiduciaries correct certain violations. These initiatives aim to protect plan assets and participants' benefits by promoting voluntary compliance and taking corrective actions when necessary.

Noah Fact Check Pro

The draft above was created using the information available at the time the story first emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed below. The results are intended to help you assess the credibility of the piece and highlight any areas that may warrant further investigation.

Freshness check

Score: 8

Notes: The article references a U.S. Department of Labor (DOL) press release dated January 15, 2026, announcing updates to its national enforcement projects for fiscal year 2026. ([dol.gov](https://www.dol.gov/newsroom/releases/ebsa/ebsa20260115?utm_source=openai)) The content appears to be based on this recent release, indicating high freshness. However, the article's publication date is not provided, so the exact recency cannot be confirmed.

Quotes check

Score: 7

Notes: The article includes direct quotes attributed to Deputy Secretary of Labor Keith Sonderling from the DOL press release. ([dol.gov](https://www.dol.gov/newsroom/releases/ebsa/ebsa20260115?utm_source=openai)) These quotes are consistent with the original source, suggesting accurate reporting. However, without access to the full text of the article, it's challenging to verify the completeness and context of the quotes.

Source reliability

Score: 9

Notes: The primary source is the DOL's official press release, a highly reliable and authoritative source. The article also references the DOL's website for additional context. ([dol.gov](https://www.dol.gov/newsroom/releases/ebsa/ebsa20260115?utm_source=openai)) However, the article's reliance on a single source may limit the breadth of perspectives and information presented.

Plausibility check

Score: 8

Notes: The article discusses the DOL's updated enforcement priorities, including cybersecurity, mental health benefits, and surprise billing, aligning with known concerns in employee benefit plans. ([dol.gov](https://www.dol.gov/newsroom/releases/ebsa/ebsa20260115?utm_source=openai)) The claims are plausible and consistent with the DOL's stated objectives. However, without access to the full article, it's difficult to assess the depth and accuracy of the analysis.

Overall assessment

Verdict (FAIL, OPEN, PASS): PASS

Confidence (LOW, MEDIUM, HIGH): MEDIUM

Summary: The article is based on a recent DOL press release, providing timely and relevant information on updated enforcement priorities. However, the heavy reliance on a single source and the lack of independent verification sources introduce potential biases and limit the depth of analysis. While the content is plausible and accessible, the absence of diverse perspectives and independent verification reduces the overall confidence in the article's accuracy and completeness.

employee benefit plans
DOL enforcement
cybersecurity