Cybersecurity is Augmented by Auto Portability

EBN By Spencer Williams | April 8, 2019

All companies that manage personal consumer data, regardless of where they are based or what industry they are part of, are right to be concerned about cybersecurity. The scope and scale of cyberattacks continue to increase around the world, as last year’s breach compromising 50 million Facebook users demonstrated.

The U.S. retirement system is not immune to the threat. In fact, it is a tempting target for cybercriminals, and lawmakers are keen to protect defined contribution plan participants’ personal data. In a recent example, on February 12, 2019, Sen. Patty Murray (D.-Wash.) and Rep. Bobby Scott (D.-Va.) sent a letter to Gene Dodaro, Comptroller General of the U.S. Government Accountability Office, asking the organization to “examine the cybersecurity of the private retirement system.”

Fortunately for plan sponsors, record-keepers, and other parties in the retirement services industry, the same solution designed to address the multiple problems stemming from the upsurge in small, stranded 401(k) accounts—auto portability—can also augment existing practices that protect plan participants’ personal data.

Auto portability is the routine, standardized, and automated movement of a retirement plan participant’s 401(k) savings account from their former employer’s plan to an active account in their current employer’s plan. This solution is underpinned by paired “locate” and “match” algorithms which work together to 1) locate participants with multiple 401(k) plan accounts, 2) confirm their identities, 3) obtain their consent for beginning the process of rolling their stranded accounts—which are either still in former-employer plans or have been automatically rolled into safe-harbor IRAs—into active accounts in their current employers’ plans, and 4) effect account consolidation by implementing a roll-in to the participant’s current employer plan.

The act of consolidating accounts reduces the number of small accounts in the 401(k) system via auto portability, making plan participant data more secure. Consolidating a participant’s multiple 401(k) accounts reduces the number of systems with that participant’s data, and also encourages participants, sponsors, and record-keepers to become more engaged when it comes to keeping track of accounts.

Auto Portability Meets Cybersecurity Best Practices

While there is currently no central legal framework regulating cybersecurity in the retirement services industry, the SPARK Institute published a compilation of recommended cybersecurity best practices for retirement plan record-keepers in 2017.

Auto portability, which went live that same year, operates in conformance to the SPARK Institute’s cybersecurity recommendations.

For example, the SPARK Institute’s compilation of 16 security control objectives includes the practice of encryption, which requires protection of both “data-in-motion and data at rest” and goes one step further by suggesting that the same data protection risk management standards be applied to suppliers. The below proof points illustrate how the auto portability solution we developed addresses these areas of cybersecurity:

All sensitive information stored for auto portability is encrypted using Advanced Encryption Standard (AES) 256-bit encryption, an industry standard for encrypting electronic data developed by the National Institute of Standards and Technology. At present, there is no known type of cyberattack that would allow a hacker to read AES-encrypted data without knowledge of the cryptographic key.
During the locate-and-match process described above, a social security number is never combined with other personally identifiable information (PII) in any single file transfer. The objective is to ensure there is never enough PII in any single data transmission for a hacker to use to steal an identity. In addition, any file with personal information never includes the identity of either the plan sponsor or the recordkeeper, further thwarting a hacker from accessing an individual participant’s retirement account.
Auto portability supports multiple methods of exchanging secure data.
Each participating service provider has its own secure channel for transmitting participant data.
Any potential matches flagged during the locate-and-match process which don’t adhere to certain criteria require additional verification in order to confirm the identity.
Full address-location searches are conducted to ensure the correct participant is found and properly matched to multiple accounts.

When participants strand 401(k) savings accounts in former-employer plans, and nothing is done to transport them to active accounts in their present employers’ plans, the likelihood of becoming a victim of cybercrime increases. Plan sponsors can protect themselves and their participants from hackers—and, simultaneously, strengthen their overall cybersecurity preparedness—by implementing auto portability to proactively reduce small accounts and lost/missing participants.

Back

Retirement Clearinghouse An RLJ Company 1916 Ayrsley Town Boulevard
Suite 200
Charlotte, NC 28273

Individuals should consult their tax advisers or legal counsel for advice and information concerning their particular situation. Retirement Clearinghouse does not give legal, investment, or tax advice. IRA account fees and product information provided by Retirement Clearinghouse, LLC is subject to change without notice at the discretion of the IRA Provider. Securities are offered through RCH Securities, LLC, a wholly owned subsidiary of Retirement Clearinghouse, LLC and a member of FINRA (www.finra.org). RCH Shareholder Services is a wholly owned subsidiary of Retirement Clearinghouse, LLC and a registered transfer agent with the U.S. Securities and Exchange Commission.

© 2024 Retirement Clearinghouse, LLC. This site is directed at, and made available to, persons in the U.S. and Puerto Rico.
Sitemap

Search Our Site

Quicklinks

Individuals

Individuals Home

Who is RCH?

Why Does RCH Have My Retirement Funds?

Manage Your RCH IRA Account

Cash Out Calculator

RMD Calculator

Moving Your Retirement Savings Forward

Contact Us

Contacto Retirement Clearinghouse

Learning Center

Auto Portability

Auto Portability Overview

Auto Portability FAQs

Recent Developments

Foundational Research

Public Policy

Media Coverage

Press Releases

Regulatory Information

The RCH Auto Portability Plan Calculator

National Cash Out Clock

Downloads & Video

Get Updates on Auto Portability

Plan Sponsors

The Small Account Problem

RCH Portability Services

RCH Client Services

Addressing the Problem of Missing Participants

Terminating 401(k) Plans

Participant Testimonials

Due Diligence Material

Contact Us

Company

About RCH

Mission

Management Team

Contact RCH

Careers - Job Opportunities

Our Benefits

The RLJ Companies

News & Information

News

Press Releases

Thought Leadership

Consolidation Corner

Events

Auto Portability

Cybersecurity is Augmented by Auto Portability