Retirement Security

Jump To:
Image

Open Recommendations

Social Security Disability: SSA Expedited Most Critical Cases at Hearings Level but Lacks Consistent Policy Implementation

GAO-22-104191
Jul 18, 2022
Show
2 Open Recommendations
Agency Affected Recommendation Status
Social Security Administration The Commissioner of the Social Security Administration should ensure that appropriate oversight staff review the consistency of the Office of Hearings Operation's use of documentation requirements for dire need situations and consider changes that balance the potential for abuse under the current policy—such as some applicants falsely claiming dire need in order to receive priority processing—against the potential that excessive documentation requirements may prevent otherwise eligible claimants from having dire need cases expedited. (Recommendation 1)
Open
SSA agreed with this recommendation but did not indicate plans to address it.
Social Security Administration The Commissioner of the Social Security Administration should examine the agency's handling of cases at the hearings level that indicate homelessness, eviction, or another critical need, and revise the agency's procedures to ensure that hearing offices are expediting these cases in accordance with SSA policy. (Recommendation 2)
Open
SSA agreed with this recommendation but did not indicate plans to address it.

401(k) Retirement Plans: Many Participants Do Not Understand Fee Information, but DOL Could Take Additional Steps to Help Them

GAO-21-357
Aug 26, 2021
Show
5 Open Recommendations
Agency Affected Recommendation Status
Employee Benefits Security Administration The Assistant Secretary of the Employee Benefits Security Administration should require, in a manner deemed effective, that fee disclosures for participant-directed individual retirement accounts use a consistent term for asset-based investment fees (e.g. gross expense ratio). (Recommendation 1)
Open
DOL officials stated that would carefully consider this recommendation with a focus on the potential practical impact of mandating such disclosures.
Employee Benefits Security Administration The Assistant Secretary of the Employee Benefits Security Administration should require, in a manner deemed effective, that quarterly fee disclosures for participant-directed individual retirement accounts provide participants the actual cost of asset-based investment fees paid. (Recommendation 2)
Open
DOL officials stated that would carefully consider this recommendation with a focus on the potential practical impact of mandating such disclosures.
Employee Benefits Security Administration The Assistant Secretary of the Employee Benefits Security Administration should take steps to provide participants important information concerning the cumulative effect of fees on savings over time. For example, steps could include ensuring disclosures cite a working, specific DOL web address for where such information is shown and requiring that fee disclosures include the agency's graphic illustration on the cumulative effect of fees. (Recommendation 3)
Open
DOL officials stated that would carefully consider this recommendation with a focus on the potential practical impact of mandating such disclosures.
Employee Benefits Security Administration The Assistant Secretary of the Employee Benefits Security Administration should require, in a manner deemed effective, that participant fee disclosures for participant-directed individual retirement accounts include fee benchmarks for in-plan investment options. (Recommendation 4)
Open
DOL officials stated that would carefully consider this recommendation with a focus on the potential practical impact of mandating such disclosures.
Employee Benefits Security Administration The Assistant Secretary of the Employee Benefits Security Administration should require, in a manner deemed effective, that participant fee disclosures for participant-directed individual retirement accounts include ticker information for in-plan investment options, when available. (Recommendation 5)
Open
DOL officials stated that would carefully consider this recommendation with a focus on the potential practical impact of mandating such disclosures.

Retirement Savings: Federal Workers' Portfolios Should Be Evaluated For Possible Financial Risks Related to Climate Change

GAO-21-327
Jun 24, 2021
Show
1 Open Recommendations
Agency Affected Recommendation Status
Federal Retirement Thrift Investment Board The Executive Director of the Federal Retirement Thrift Investment Board, to better inform the Board's ongoing oversight activities, should evaluate TSP's investment offerings in light of risks related to climate change.
Open
FRTIB did not indicate whether it agreed or disagreed with this recommendation. FRTIB noted that it subscribes to a strict indexing discipline and that the efficient market theory concludes that the market is pricing all risks into its valuation on an on-going basis. FRTIB stated that its next investment consultant review is planned for fiscal year 2022 and that it would review any recommended changes to its fund offerings at that time. FRTIB further stated that it would examine any recommendations made by the U.S. Securities Exchange Commission and the Federal Stability Oversight Commission on climate change-related risks and determine whether and how to apply those lessons to the TSP. GAO recognizes FRTIB's established process for evaluating TSP's investment options. Its 2022 review is an opportunity for FRTIB to conduct a focused evaluation of these risks and clarify what additional steps, if any, are needed. Given the systemic and unprecedented risk that climate change is expected to have on global financial markets, GAO continues to believe that it is important for FRTIB to evaluate TSP's investment offerings for these risks. While FTRIB stated that its upcoming mutual fund window would provide TSP participants with an opportunity to invest beyond the five core funds, the mutual fund window does not address the potential climate change-related risks to TSP's core investment funds. Examining climate change-related risks facing TSP's $700 billion in assets under management would provide FRTIB with a greater understanding of its potential exposure to these risks and enable it to decide if any further actions are necessary to protect the retirement savings of over 6 million federal workers

Defined Contribution Plans: Federal Guidance Could Help Mitigate Cybersecurity Risks in 401(k) and Other Retirement Plans

GAO-21-25
Mar 15, 2021
Show
2 Open Recommendations
Agency Affected Recommendation Status
Department of Labor The Secretary of Labor should formally state whether cybersecurity for private sector employer-sponsored defined contribution retirement plans is a plan fiduciary responsibility under ERISA. (Recommendation 1)
Open
In February 2021, DOL neither agreed nor disagreed with this recommendation. The agency stated that plan fiduciaries must act prudently and solely in the interest of plan participants and beneficiaries, and that these duties require plan fiduciaries to take appropriate precautions to mitigate risks of malfeasance to their plans, whether cyber or otherwise. DOL also cited existing regulations on electronic records and electronic disclosures that include provisions to ensure systems are safe and personal information is protected. While these regulations are important, we believe making a formal statement will help ensure that plan fiduciaries are clear on their responsibility to mitigate cybersecurity risk in private sector employer-sponsored DC retirement plans to better protect PII and plan assets. In April 2021, DOL announced new guidance for plan sponsors, plan fiduciaries, record keepers and plan participants on best practices for maintaining cybersecurity, including tips on how to protect the retirement benefits of America's workers. DOL issued three forms of cybersecurity guidance: 1) Tips for Hiring a Service Provider; 2) Cybersecurity Program Best Practices; and 3) Online Security Tips. Within Cybersecurity Program Best Practices, DOL states that "responsible plan fiduciaries have an obligation to ensure proper mitigation of cybersecurity risks," and "the Employee Benefits Security Administration has prepared the following best practices for use by recordkeepers and other service providers responsible for plan-related IT systems and data, and for plan fiduciaries making prudent decisions on the service providers they should hire." GAO asserts that these DOL actions amount to a statement by DOL that describes the responsibility of plan fiduciaries under ERISA to include mitigating cybersecurity risk in retirement plans.
Department of Labor The Secretary of Labor should develop and issue guidance that identifies minimum expectations for mitigating cybersecurity risks that outline the specific requirements that should be taken by all entities involved in administering private sector employer-sponsored defined contribution retirement plans. (Recommendation 2)
Open
DOL agreed that increasing awareness of fiduciaries' duties under ERISA with respect to cybersecurity would be helpful. DOL stated it is drafting compliance assistance materials to help (1) increase awareness among plan fiduciaries of DOL's position on cybersecurity risk mitigation and (2) ensure that fiduciaries satisfy their ERISA obligations when selecting and monitoring service providers. We believe that, in addition, DOL should identify minimum expectations for mitigating cybersecurity risks for all entities involved in the administration of DC plans. GAO believes that fully implementing this recommendation will provide assurances to the agency, and to DC plan participants and beneficiaries, that PII and plan asset data are being adequately and consistently protected in DC retirement plans. In April 2021, DOL announced new guidance for plan sponsors, plan fiduciaries, record keepers and plan participants on best practices for maintaining cybersecurity, including tips on how to protect the retirement benefits of America's workers. DOL issued three forms of cybersecurity guidance: 1) Tips for Hiring a Service Provider; 2) Cybersecurity Program Best Practices; and 3) Online Security Tips. Within Cybersecurity Program Best Practices, DOL states that "plans' service providers should: have a formal, well documented cybersecurity program; conduct prudent annual risk assessments; have reliable annual third party audit of security controls; have strong access control procedures; conduct periodic cybersecurity awareness training; encrypt sensitive data; implement strong technical controls, among other items. Within Tips For Hiring a Service Provider with Strong Cybersecurity Practices, DOL indicated that plan sponsors should use service providers that follow strong cybersecurity practices; the guidance provides information on how plan administrators are to evaluate providers' cybersecurity posture. We maintain that these statements and guidance identify for plan administrators minimum expectations and specific requirements for mitigating cybersecurity risks in retirement plans.
GAO Contacts