Products July 19, 2023

Allianz Finds Growing Interest in Annuities in Employer-Sponsored Retirement Plans

Meanwhile, Nationwide announces a new lifetime income annuity.

Reported by


According to a recent study conducted by Allianz Life Insurance Co. of North America, there is growing interest from participants in including annuities as part of employer-sponsored retirement plans, such as 401(k)s.

Over the past few years, interest in annuities has increased significantly, Allianz found. The study revealed that nearly 68% of respondents expressed a desire for more information about incorporating annuities into their retirement plans, up from 62% in 2022 and 56% in 2021. Furthermore, 67% of participants stated they would consider adding an annuity to their plan if it were available, compared to 60% in 2022 and 59% in 2021.

For more stories like this, sign up for the PLANADVISERdash daily newsletter.

“Americans are eager to have their plan sponsors add a guaranteed lifetime income option such as an annuity as part of their employer-sponsored retirement plan,” Matt Gray, head of employer markets at Allianz Life, said in a statement. “In today’s economic environment, adding an annuity to a portfolio can help mitigate risks to a retirement strategy and improve outcomes.”

Growing Interest

The growing interest in annuities comes as Americans increasingly depend on employer-sponsored defined contribution retirement plans to secure their retirement, according to Allianz.

More than three-quarters (77%) of respondents indicated that having an option to establish a protected foundation for lifelong income would enhance their loyalty to their employer, compared to 74% in 2022 and 65% in 2021.

Additionally, 72% of Americans anticipate that a significant portion of their retirement income will come from their employer-sponsored plans. Meanwhile, 66% of respondents are concerned about depleting their retirement funds during their post-employment years.

New Offering

On Wednesday, Nationwide Mutual Insurance Co. furthered its commitment to annuities with a new lifetime income annuity, Nationwide Defender Annuity, which offers customized growth potential and investment protection. This marks Nationwide’s second product offering in what it calls a “rapidly growing” sector, though not an in-retirement plan option. Registered index-linked annuity sales have surged from $1.9 billion in 2014 to exceed $41 billion in 2022, according to the firm.

The new annuity allows investors to tailor their strategy with a term of one, three or six years to fit their investment goals. It features five different index investment options offering upside potential and customization to fit a broad range of investment objectives.

Compliance July 19, 2023

MOVEit Hack Brings Vendor Assessment to Forefront

SPARK Institute members provide guidance on how advisers can both prepare for and respond to participant data concerns stemming from nationwide breach.

Reported by


Retirement plan providers and advisers should be taking a close look at vendor cybersecurity protocols after a software transfer hack exposed the private data of millions of people, including retirement plan participants, according to industry experts.

A hack of data transfer software firm MOVEit, which is owned by Progress Software Corp., has hit nearly 20 million people and more than 378 firms, according to the most recent data from anti-malware company Emsisoft. At least 1 million consumers were exposed by participant locater services vendor Pension Benefit Information LLC, which works with numerous retirement plans.

Want the latest retirement plan adviser news and insights? Sign up for PLANADVISER newsletters.

A hack to PBI’s services led to data exposure to more than 350,000 participants with Fidelity Investments and more than 1 million combined between the California Public Employees’ Retirement System and the California State Teachers’ Retirement System, according to filings. The breach also reached nonprofit retirement provider TIAA via PBI, thus reaching colleges and universities across the country, according to alerts from those organizations.

While the breach does not necessarily mean fraud will take place, it is certainly a possibility in the months and even years to come, according to Brett Callow, a threat analyst with Emsisoft.

“Fraud happens all the time, and it’s not always easy to link it to any particular incident,” he says. “How this unfolds and if any connection can be made over the next months and years will be something to watch.”

Response Tactics

For organizations hit by the data breach, they first need to patch their system to make sure it is secure, Callow says. The government’s Cybersecurity and Infrastructure Security Agency has been issuing regular software release updates related to the hack from Progress Software. PBI is also, according to filings, providing impacted consumers with free data protection services for a set period of time.

The real work, however, should be done at the front end to prevent future attacks, Callow notes, with organizations and their advisers doing as much as possible to vet vendor cybersecurity protocols when starting business. This can be a tall order in an ever-evolving world of cyber-threats.

“It runs deeper than [one vendor],” he says. “In some cases, organizations are impacted because their vendor is using a contractor who was using a subcontractor who was using MOVEit.”

The SPARK Institute, a retirement member and advocacy group, has stated that upfront cybersecurity assessment for vendors is critical for both retirement plan advisers and plan sponsors.

“The real work should be done prior to contracting with a third-party vendor,” the institute stated in an email expressing the thoughts of various members focused on cybersecurity.

Vetting Vendors

Advisers should also understand a vendor’s incident response plan and have a contract with a reputable independent cyber-forensic expert, the members noted. “A firm should not accept the word of just their vendor that their environment is clean without assurance from a third party,” SPARK Institute members wrote.  

Members of the institute also noted that, after a breach occurs, firms should look at the severity of the incident and their own risk tolerance when it comes to continuing the relationship with the vendor.

In the event of a breach, “SPARK members will typically: 1) Assess the impact of the breach, 2) Communicate with their clients, 3) Review the vendor’s security measures, 4) Conduct a risk assessment to mitigate any further risks, and 5) Enhance monitoring and controls over the vendor.”

Beyond preparation, if and when a breach occurs, the best thing an adviser can do is be “transparent, empathetic, and proactive” with those impacted, SPARK committee members said.

“The most common steps in this process include: 1) Prompt communication, 2) Have all the necessary facts and details, 3) Know client-specific impact, 4) Share your firm’s response and mitigation plans, 5) Assure them of your firm’s availability for questions and concerns,” they wrote.

The MOVEit breach saga looks to be continuing in the courts. Progress Software has been sued by those exposed in the breach in the U.S. District Court for the District of Massachusetts, according to court filings. Meanwhile, law firms are posting advertisements for people who have been notified by the exposure to participate in class action complaints.

«