Consolidation is Vital to Reducing 401(k) Cybersecurity Risk

By Ricki Ingalls | March 8, 2022

With $10 trillion in 401(k) and other defined contribution retirement assets to safeguard, retirement industry regulators are intensely focused on the issue of cybersecurity.

The latest developments signifying regulatory resolve include enforcement actions by the Securities and Exchange Commission (SEC), who in August 2021 sanctioned 8 firms in three separate actions (links here, here and here), for failing to have cybersecurity policies and procedures in place, potentially leading to compromised private client data. The SEC’s actions were preceded in April 2021 by the Department of Labor (DOL), who issued three guidance documents for plan sponsors, plan fiduciaries, recordkeepers and plan participants on best practices for maintaining cybersecurity.

Amid these actions, the retirement industry should expand their cybersecurity focus to actively address another vitally important element: the consolidation of small-balance retirement savings accounts, achieved by improved plan-to-plan portability.

Minimizing Fraud-Prone, Small-Balance Forgotten Accounts

A key principle in loss prevention is that “big frauds start small.” In our retirement system, nowhere is this axiom more applicable than for small-balance retirement savings accounts. In recent years, there’s been a very well-documented explosion of both small-balance 401(k) accounts and small-balance IRAs, which can present tempting targets, as system controls and monitoring can often be lax.

In cybersecurity terminology, the presence of vast numbers of small, unconsolidated retirement savings accounts scattered across thousands of plans and housed on a myriad of recordkeeper platforms creates a larger cyber “attack surface” -- the sum of the different points, or attack vectors, that cyber-intruders can attempt to leverage to compromise security.

That’s where consolidation comes in. Consolidation is, by definition, the combination of two accounts into one, resulting in one less retirement savings account. Combining retirement savings accounts translates into a smaller cyber attack surface.

How Auto Portability Promotes Retirement Cybersecurity

Auto portability, via consolidation, significantly reduces the odds of exposure for millions of 401(k) participants. Data from the Auto Portability Simulation shows that, over 40 years, the adoption of auto portability would result in a net increase of 124.3 million plan-to-plan account consolidations.

That level of consolidation activity means that securing personal information is paramount, requiring the application of stringent cybersecurity standards. To achieve that, auto portability’s cybersecurity has been built to comply with NIST Special Publication 800-171, a security framework that is specifically designed to protect confidential information.

To effect consolidation, auto portability relies upon highly secure, transient data exchanges to ensure that accounts are located, matched, and moved forward quickly, safely and securely, employing the following key cybersecurity features:

Sensitive data, including all personal information is continuously protected with strong encryption, whether the data is in-transit or at rest.
Social security numbers are not provided with any other personally identifiable information (PII) in data transfers. Thus, there is never enough PII in any data transmission for a hacker to steal an identity.
Any file containing encrypted personal information never includes the identity of either the plan sponsor or the recordkeeper, further thwarting a hacker from accessing an individual participant’s retirement account.
Each participating service provider has their own, dedicated and secure channel for transmitting participant data.

Auto portability stands in stark contrast to other current or proposed policies that do not promote consolidation and do little to improve cybersecurity, including:

Forcing out small 401(k) balances into dead-end safe harbor IRAs.
Creating a government-run lost and found to warehouse unclaimed balances.

Consolidation: A Vital Element for Retirement Cybersecurity

It’s clear that account consolidation can lower retirement savings cybersecurity risks by minimizing the sheer number of fraud-prone, small-balance retirement savings accounts, and the best path to enabling consolidation – particularly for small balance 401(k) accounts – is via auto portability.

Back

Retirement Clearinghouse An RLJ Company 1916 Ayrsley Town Boulevard
Suite 200
Charlotte, NC 28273

Individuals should consult their tax advisers or legal counsel for advice and information concerning their particular situation. Retirement Clearinghouse does not give legal, investment, or tax advice. IRA account fees and product information provided by Retirement Clearinghouse, LLC is subject to change without notice at the discretion of the IRA Provider. Securities are offered through RCH Securities, LLC, a wholly owned subsidiary of Retirement Clearinghouse, LLC and a member of FINRA (www.finra.org). RCH Shareholder Services is a wholly owned subsidiary of Retirement Clearinghouse, LLC and a registered transfer agent with the U.S. Securities and Exchange Commission.

© 2024 Retirement Clearinghouse, LLC. This site is directed at, and made available to, persons in the U.S. and Puerto Rico.
Sitemap

Search Our Site

Quicklinks

Individuals

Individuals Home

Who is RCH?

Why Does RCH Have My Retirement Funds?

Manage Your RCH IRA Account

Cash Out Calculator

RMD Calculator

Moving Your Retirement Savings Forward

Contact Us

Contacto Retirement Clearinghouse

Learning Center

Auto Portability

Auto Portability Overview

Auto Portability FAQs

Recent Developments

Foundational Research

Public Policy

Media Coverage

Press Releases

Regulatory Information

The RCH Auto Portability Plan Calculator

National Cash Out Clock

Downloads & Video

Get Updates on Auto Portability

Plan Sponsors

The Small Account Problem

RCH Portability Services

RCH Client Services

Addressing the Problem of Missing Participants

Terminating 401(k) Plans

Participant Testimonials

Due Diligence Material

Contact Us

Company

About RCH

Mission

Management Team

Contact RCH

Careers - Job Opportunities

Our Benefits

The RLJ Companies

News & Information

News

Press Releases

Thought Leadership

Consolidation Corner

Events

Auto Portability

Consolidation is Vital to Reducing 401(k) Cybersecurity Risk