DOL wants 'excessive' details from firms for its new 401(k) 'lost & found' database: ERIC

The ERISA Industry Committee wants the DOL to scale down what it calls “excessive amounts” of participant information for its SECURE 2.0-mandated Retirement Savings Lost and Found database to be launched in 2024.

Credit: VectorMine/Adobe Stock

Last year, the Department of Labor began seeking the voluntary assistance of retirement plan administrators to develop an online search tool to help workers locate an administrator so they can claim lost retirement savings they left behind when they switched jobs. However, the Employee Benefits Security Administration is seeking “excessive amounts of additional information outside the scope of SECURE 2.0,” according to the ERISA Industry Committee (ERIC), which sent a letter to EBSA.

The establishment of the Lost and Found database is required with a SECURE 2.0 provision, mandating EBSA establish the tool by Dec. 29, 2024. EBSA had planned to use data that plan administrators submitted to the IRS on their Annual Registration Statement Identifying Separated Participants with Deferred Vested Benefits. However, the division hit a snag, when the DOL informed the IRS that it will not release that data to the DOL officials, citing a section of the IRS code that prohibits the agency from releasing taxpayer information.

Because of this code, the DOL is asking plan administrators for their help.

“Unfortunately, the proposal overreaches by asking for too much information and failing to detail the cybersecurity measures needed to protect the data and privacy of plan participants,” said Andy Banducci, Senior Vice President of Retirement and Compensation Policy at ERIC.

Now, ERIC is calling on the DOL to reissue a request that adheres to the statutory requirements outlined in SECURE 2.0, safeguards employee data and avoids needless costs. “These costs could be substantial given the request to go back ‘as far as possible’ or to the date the plan first became subject to ERISA,” wrote ERIC.

“The amount of information requested raises serious privacy and data security questions” in the “case of breach,” wrote ERIC. The employer advocacy group highlighted several areas of concern, since the proposal:

Related: 401(k) plan administrators, DOL needs your help finding ‘missing’ participants

“It is unclear why much of the requested information could not be provided by the IRS …,” wrote ERIC. “We understand the IRS has expressed taxpayer privacy concerns … but it is difficult to understand why much of the information could not be provided in a redacted or modified form, or some other arrangement reached …We strongly urge the DOL and IRS to coordinate to reach an information sharing agreement.”