SECURE 2.0 Lost and Found Proposal Faces Industry Headwinds
ERIC and SPARK argue that the DOL’s data request goes beyond the intent of the statute and may create participant data security risks.
Major industry leaders expressed concern this week about the breadth of the Department of Labor’s data request to create the lost and found database for missing retirement plans, as required by the SECURE 2.0 Act of 2022.
The DOL issued an information request in April asking interested parties to comment on what information the DOL should collect to make a lost and found database possible to unite missing participants with their plans, while also imposing the least burden possible on fiduciaries. The request also proposed some items that sponsors should voluntarily turn over to the DOL, including participant names and Social Security numbers, contact information and whether they have received their benefits already, among other items. The comment period for this request and proposal expired on June 17.
The ERISA Industry Committee characterized the request as a “lost and found data grab.” In an emailed statement, ERIC said that: “The proposal requests far more information from plan administrators than necessary and exceeds the authority permitted under the statute. The proposal lacks details about how the DOL will safeguard worker and retiree data and does not include a process for notifying plan administrators and plan participants in the case of a data breach.”
In their comment letter, ERIC elaborated that: “For example, DOL simply does need to know the nature, form, and amount of the benefits owed in order to help a participant locate a plan administrator.” Further, ERIC noted that this information is beyond what is authorized in the statute.
ERIC also implored the DOL to continue to coordinate its efforts with the Internal Revenue Service to reduce administrative burden on providers, by obtaining information from Form 8955-SSA, a form that identifies separated participants with vested benefits.
In the information request, the DOL indicated that the IRS did not have the legal authority to share this form with the DOL to create the database and contact participants.
ERIC responded by writing: “It is unclear why much of the requested information could not be provided by the IRS using data provided on the Form 8955-SSA.” It added that it “is difficult to understand why much of the information could not be provided in a redacted or modified form, or some other arrangement reached. Additionally, to the extent that the IRS’ reticence is attributable to a perceived intent to conduct proactive outreach to participants using this data (which the statute does not authorize), DOL should clarify it does not intend such communications.”
Form 8955-SSA is already shared by the IRS with the Social Security Administration, hence the SSA in the form’s name. When retirees claim Social Security benefits, the SSA uses the filing to inform them of their unclaimed benefits.
The Society of Professional Asset Managers and Recordkeepers also weighed in. In its letter, they asked the DOL to permit recordkeepers to send the participant information over instead of plan sponsors.
SPARK also warned the DOL of the risk of false positives, or participants who see that they are entitled to benefits to which they are not actually entitled, because the benefits were distributed in the past and the records were not updated to reflect that fact in the database.
Lastly, SPARK urged the DOL not to rush to meet the statutory deadline of December 29, 2024. SPARK recommended that the DOL explore an interim option before creating a more thorough platform later. The industry group explained that requiring sponsors to use their 2023 Form 5500, due at this year’s end, would be unmanageable for plan sponsors since the database regulations are not even complete yet and sponsors will not have the time to turn over all the requested information.