Auto Portability and Cybersecurity

TRANSCRIPT:

Tom Hawkins: Welcome to another edition of the RCH Consolidation Corner Channel, where we provide you with audio content that explores key issues in the preservation and consolidation of retirement savings. In this episode, we examine the topic of retirement savings cybersecurity, and how auto portability, through the process of consolidation, is beginning to make an important contribution. We hope you’ll find the audio enjoyable and informative.

NARRATOR: With trillions of dollars in 401(k) and other defined contribution retirement assets requiring protection, regulatory bodies within the retirement industry are intensely focused on cybersecurity. Significant actions have been taken, demonstrating regulatory commitment to safeguarding retirement savings. These include enforcement measures by the Securities and Exchange Commission, as well as the Department of Labor, which in 2021 issued three guidance documents outlining best practices for cybersecurity maintenance for plan sponsors, fiduciaries, recordkeepers, and participants.

Alongside these initiatives, the retirement industry has begun to broaden its cybersecurity efforts to encompass another crucial element: the consolidation of small-balance retirement savings accounts, primarily through enhanced plan-to-plan portability. Most importantly, in 2022, the Portability Services Network (PSN) was launched to facilitate the widespread adoption of auto portability amongst its members and their plan sponsor clients.

A fundamental principle of loss prevention asserts that significant frauds often originate from minor vulnerabilities. This is particularly relevant for small-balance retirement savings accounts, which have seen a documented surge in recent years. These accounts, frequently subject to less rigorous system controls and monitoring, can become appealing targets.

From a cybersecurity perspective, the existence of a vast number of small, unconsolidated retirement savings accounts dispersed across numerous plans and various recordkeeper platforms creates a larger "cyber-attack surface." This term refers to the collective points through which cyber intruders might attempt to compromise security. This is precisely where consolidation becomes essential.

Consolidation, by its very nature, is the merging of two accounts into one, thereby reducing the total number of retirement savings accounts. This process directly translates into a smaller and more manageable cyber-attack surface. Auto portability, through its consolidation mechanism, substantially mitigates the risk of exposure for millions of 401(k) participants. Data from the Auto Portability Simulation indicates that over a 40-year period, adopting auto portability would lead to a net increase of 166.7 million plan-to-plan account consolidations.

Such a high volume of consolidation necessitates that securing personal information remains paramount, requiring the application of stringent cybersecurity standards. To meet this demand, auto portability’s cybersecurity framework has been developed to comply with NIST Special Publication 800-171, a security standard specifically designed for the protection of confidential information. To facilitate consolidation, auto portability relies on highly secure, transient data exchanges, ensuring accounts are located, matched, and transferred swiftly, safely, and securely.

Other key auto portability cybersecurity features include the continuous protection of sensitive data, including all personal information, with robust encryption, whether the data is in transit or at rest. Furthermore, social security numbers are transmitted separately from other personally identifiable information, ensuring that no single data transmission contains enough information for a hacker to compromise an individual's identity. Any file containing encrypted personal information never includes the identity of either the plan sponsor or the recordkeeper, serving as an additional deterrent against unauthorized access to participant retirement accounts. Finally, each participating service provider in the Portability Services Network utilizes their own dedicated and secure channel for transmitting participant data.

It is evident that account consolidation can reduce retirement savings cybersecurity risks by minimizing the sheer volume of small-balance, fraud-prone retirement savings accounts. The most effective method for enabling this consolidation, particularly for small-balance 401(k) accounts, is through the adoption of auto portability. And the best news is that plan sponsor adoption of auto portability is rapidly occurring. Now operational, as of June 30th, 2025, the PSN network has almost 20,000 active plan sponsors who have adopted auto portability, and this development has to be welcome news for proponents of enhanced retirement savings cybersecurity.

Back

Retirement Clearinghouse An RLJ Company 1916 Ayrsley Town Boulevard
Suite 200
Charlotte, NC 28273

Individuals should consult their tax advisers or legal counsel for advice and information concerning their particular situation. Retirement Clearinghouse does not give legal, investment, or tax advice. IRA account fees and product information provided by Retirement Clearinghouse, LLC is subject to change without notice at the discretion of the IRA Provider. RCH Shareholder Services is a wholly owned subsidiary of Retirement Clearinghouse, LLC and a registered transfer agent with the U.S. Securities and Exchange Commission.

© 2025 Retirement Clearinghouse, LLC. This site is directed at, and made available to, persons in the U.S. and Puerto Rico.
Sitemap

Search Our Site

Quicklinks

Auto Portability

Auto Portability Overview

Auto Portability FAQs

Recent Developments

Foundational Research

Public Policy

Media Coverage

Press Releases

Regulatory Information

The RCH Auto Portability Plan Calculator

National Cash Out Clock

Downloads & Video

Get Updates on Auto Portability

Plan Sponsors

The Small Account Problem

RCH Portability Services

RCH Client Services

Addressing the Problem of Missing Participants

Terminating 401(k) Plans

Participant Testimonials

Due Diligence Material

Contact Us

Accountholders

Individuals Home

Who is RCH?

Why Does RCH Have My Retirement Funds?

Manage Your RCH IRA Account

Cash Out Calculator

RMD Calculator

Moving Your Retirement Savings Forward

Contact Us

Contacto Retirement Clearinghouse

Learning Center

Company

About RCH

Mission

Management Team

Contact RCH

Careers - Job Opportunities

Code of Conduct

Our Benefits

The RLJ Companies

News & Info

RCH Consolidation Corner Channel Ep. 16 - Auto Portability and Cybersecurity