In Practice September 3, 2024

AI Is Here. Fiduciaries Must Remain Diligent

Experts discuss how the benefits of artificial intelligence for 401(k) plan administration and management also come with risks to be questioned and considered.

Reported by

Alex Ortolani

Art by Giulio Bonasera

Artificial intelligence is playing an increasingly important role in employer-sponsored retirement plans, used by everyone from asset managers to recordkeepers to financial wellness providers. But with evolution also comes risks, from bad inputs to cybersecurity concerns.

When operating under the Employee Retirement Income Security Act, it is important that the same processes and evaluations are in place as they would be for other plan design and investment decisions, according to Michael Abbott, a partner in Foley & Lardner LLP who works with ERISA plan fiduciary clients.

Never miss a story — sign up for PLANADVISER newsletters to keep up on the latest retirement plan adviser news. 

“We are still in an environment where going through the procedural prudence and process matters,” Abbott says. “Just relying on an AI-generated output is probably not going to get you where you need to be in terms of satisfying ERISA requirements.”

In a post concerning the use of AI and 401(k) fiduciary and investment committees, Abbott and colleague Aaron Tantleff, also a partner in Foley & Lardner, laid out a variety of ways AI is being used in financial services.

Those include personalizing messages to plan participants and prospective customers (Vanguard’s use of Persado); assisting financial advisers (Morgan Stanley’s Debrief); and automating investing with digital robo-advisors (Charles Schwab’s Intelligent Portfolios).

Tantleff, who focuses specifically on AI implementation in the financial sector, says it is important to know what data and information are being used by AI, allowing one to account for any bias or errors in the materials it is producing.

“Are we using training data, validation data? What am I putting in here, and what is the purpose of it?” he asks. “I, as a human, can create a selection bias in terms of what is being put into the AI. … That is always a risk, so there must be controls to it.”

Tantleff notes that, unlike with an algorithm created to run a process, AI can go off in many different directions, producing results that can be hard to track back to the source. The inputs, then, must be well-understood, and checks and balances must exist on the results of AI-produced or AI-backed material. He also says that systems using AI may be coming from a third-party provider; in those cases, it is important to ask questions that will get them into the conversation and detail their process.

To that end, Abbott and Tantleff’s blog post lists 14 different questions a plan committee can ask about the use of AI. Those questions range from how much AI is being used for 3(38) investment decisions to whether a recordkeeper gives the option for a company or participant to opt out of an AI-driven offering.

Vast Amounts of Data

It also includes a section warning against the cybersecurity risk that AI can introduce, noting: “Vast amounts of sensitive participant data fuel these systems, making them prime targets for malicious actors seeking to exploit weaknesses in security protocols. A data breach or cyberattack could not only compromise the integrity of the retirement plan but also expose fiduciaries to legal and regulatory repercussions.”

Lisa Crossley, executive director and CEO of the National Society of Compliance Professionals, agrees that AI use for investing and financial services has to be as rigorously vetted as any other priority process.

“What happens if investment recommendations based on AI rely on factors that are incorrect?” she asks. “It has to have its own governance structure, its own compliance, its own risk assessment.”

In an annual cybersecurity benchmarking survey, the NSCP and the ACA Group collected responses from asset managers, investment advisers and private markets. Crossley says they were interested to find that 38% of respondents do not yet identify AI as a cybersecurity risk, but a larger amount (49%) are considering using AI to combat cybersecurity concerns.

She notes that the organization is delving further into the topic of AI use and concerns among its audience and will be discussing initial results in October at NSCP’s national conference. For people and organizations interested in compliance-related issues, considering AI’s uses and the risks that emerge from them will clearly, per Crossley, be a burgeoning area of study.

For now, she says, the society representing compliance professionals is advocating for humans to backstop AI-driven processes and procedures, with policies and procedures similar to combatting cybersecurity concerns themselves.

“You have to have the same governance structures and protocols that you do for cybersecurity,” she says. “You can’t just trust the AI.”

Avoiding Biases

Foley & Lardner’s Abbott notes that, when operating as a plan fiduciary, one must be especially diligent in ensuring that an AI process is not introducing bias, not only to protect the plan and participants, but to stay protected against potential lawsuits.

“I’m concerned about this in the ERISA space,” he says. “We have active plaintiffs’ bar [lawyers] who are looking for weak spots. … They may say, ‘How could you totally rely on [an AI process] for an outcome that you were a fiduciary on?’ We can’t just put a rubber stamp on it.”

As with other processes of plan design and management, understanding the starting point and documenting the steps along the way is the best form of protection, he says.

Some of the other questions for committees recommended by Foley & Lardner are:

What is the risk of misinformation or a biased output?
Who is liable if the AI’s advice leads to poor investment decisions?
How does one evaluate the quality and accuracy of the content it produces? If the AI generates investment advice or market analysis for a 401(k) plan, how do fiduciaries ensure the information is reliable and compliant with regulations?
Should the committee seek independent professional advice regarding what AI can provide as a resource to satisfy fiduciary obligations under ERISA?

“If I’m on a committee and I’m a plan fiduciary, I need to be asking these professionals that I’m working: ‘How is AI figuring into what you are telling me?’” Abbott says. “I need to know how you came to do what you did and what went into it.”

Correction: This story adjusted a quote for accuracy.

You Might Also Like:

Data & Research

May 12th, 2025

C-Suite Prioritizes a Shift to Proactive Management

According to PR firm Padilla, 67% of executives report their employees are ready to support change initiatives, and leaders are...

Data & Research

April 15th, 2025

Financial Firm Investment in Gen AI Surges, Cybersecurity Remains Priority

A Broadridge survey found a leap in firms’ investment plans for generative AI technology.

Practice Management

March 25th, 2025

In the Rush to Hire AI Talent, Companies are Rushing Too Fast, Survey Finds

"Firms are competing for an ever-shrinking pool of skilled candidates when they should be investing in developing their own qualified...

Compliance August 1, 2024

Major 401(k) Litigators Are ‘Back in Action,’ With More Entering the Fray

After a lull in filings last year, 2024 is seeing an uptick, including from law firms not previously active in 401(k) litigation.

Reported by

Mallika Mitra

Art by Klaas Verplancke

Just more than halfway through 2024, 401(k) plan lawsuits based on the Employee Retirement Income Security Act show no sign of slowing down.

After a dip in the number of lawsuits in 2023, they have picked up pace in 2024, with complaints ranging from excessive fees for recordkeeper services to use of managed accounts in plans. The most prolific law firms like Walcheske & Luzi and Capozzi Adler are filing a consistent number of cases.

Never miss a story — sign up for PLANADVISER newsletters to keep up on the latest retirement plan adviser news. 

“Those law firms were digesting their significant case portfolio in 2023 because they filed many cases in 2022, and we feel they were just managing their portfolio,” says Daniel Aronowitz, president of Encore Fiduciary. “But they’re back in action, with each of the law firms essentially filing one or two cases per month.”

New Types of Cases

From 2021 and 2023, there were approximately 200 401(k) plan lawsuits filed, according to Aronowitz: 60 in 2021, 88 in 2022 and 48 in 2023. While 2024 is so far on a similar pace as last year for excess-fee cases—23 in the first half of the year—there have been 43 overall class actions filed involving retirement plans, higher than last year.

The additional cases reflect a trend toward more class action fiduciary breach lawsuits involving defined benefit retirement and health plans, Aronowitz says. Five cases were filed challenging pension risk transfers to annuity and retirement services provider Athene, and at least five cases were filed involving challenges to health plan fees, including four filed by plan sponsors against third-party administrators. A trend of actuarial equivalence cases is continuing as well, he adds.

For excessive fee cases, most cases are surviving an early motion to dismiss, which is often the case, as usually 70% to 80% survive, Aronowitz says. However, there have been several cases dismissed on summary judgment this year—including those against Humana Inc., Evonik Corp. and PNC Financial—which “is rare, as the conventional wisdom is that it is difficult to win summary judgment on fiduciary process grounds, given the inherent fact issues in proving prudence.”

There are also new theories popping up, he notes: “The flavor of the month is plan forfeitures,” which started with a new firm filing complaints at the end of last year and has continued this year, mostly in California.

Challenging a plan fiduciary’s application of forfeitures is a bit of a “wild card,” says Marcia S. Wagner, founder of and managing partner in the Wagner Law Group. The two decisions to date reached opposite conclusions, but if additional district court decisions support plaintiffs’ positions in these cases, there will likely be an increased number of these types of cases brought, since the practice of applying forfeitures to reduce employer contributions is commonplace, she told PLANADVISER via email.

Cases From Wider Range of Firms

New law firms have jumped into the fray in recent years, following patterns and issues that have proven successful.

“You used to recognize the names of all the firms that brought these cases,” saysJoshua Lichtenstein, an ERISA and benefits partner in Ropes & Gray. “It used to be when you looked up the filing, you had a feeling of who the firm was.”

That has not been the case for about the last two years. Nowadays, there are a lot of smaller firms bringing “copycat cases,” he says. Those can include the types of cases that are “always percolating”—such as those alleging recordkeepers are too expensive—but there were also a significant number of cases involving target-date funds included in plans in a short period of time. Lichtenstein says the case he is most “concerned” about is one against American Airlines for allegedly breaching its fiduciary duty by offering funds focused on investments based on environmental, social and governance principles.

“If that case succeeds, I don’t see why that same theory wouldn’t work to sue virtually any plan sponsor,” says Lichtenstein. He believes the American Airlines case has no merit.

This environment makes it difficult for a plan sponsor to understand the types of claims that could be on the horizon and address those claims preventatively, Lichtenstein adds. He does not see how this influx of copycat cases could end without legislation changing pleading standards and making it more difficult to bring these cases.

Major firms, meanwhile, appear to be narrowing their scope based on their understanding of what courts will allow, according to Wagner.

“The results in a particular circuit may affect the number of lawsuits,” says Wagner. If courts in a circuit are generally dismissing excessive fee claims because a plaintiff failed to establish meaningful comparators, plaintiffs must either stop filing that type of lawsuit or spend more time finding information that will enable them to address the court’s concerns, she adds.

What’s to Come

Wagner says one area in which she has not seen cases but had expected to is cybersecurity breaches.

“By their nature, there is a limited number of such lawsuits that could be filed in any plan year, but I had anticipated seeing some filings,” says Wagner.

She also says there may be more lawsuits brought against nonfiduciaries. While the rules with respect to nonfiduciary liability are more difficult for a plaintiff to satisfy, this approach would allow different parties to be treated as defendants.