Retirement Plan Providers Confront Need for Cybersecurity Measures
March 12, 2020 — Boston
New participant data gathered for financial wellness initiatives underscores need for comprehensive data safeguards
More than 90% of recordkeepers surveyed by Cerulli—as well as a majority of advisors and consultants—now offer financial wellness programs that address topics ranging from budgeting and debt management to investing, college planning, Social Security optimization, and retirement income. As these initiatives evolve to become more comprehensive and personalized, enhancements to existing technology and privacy are critical, according to Cerulli’s report, U.S. Retirement Markets 2019: Looking Toward Holistic Solutions for Participants and Plan Sponsors.
On the one hand, improvements to existing technology will enable greater customization, facilitate in-plan retirement income, and streamline the responsibilities of plan sponsors. “It [technology] has the potential to standardize recommendations, combat human biases, and at the very least alleviate some of the more time-intensive, computational aspects of portfolio management and financial planning,” according to Anastasia Krymkowski, ASA, associate director at Cerulli. She adds that providers should be prepared to make substantial investments in technology to achieve greater operational efficiency in the long run. Responsive design and mobile apps, aggregating account information, and streamlining the navigation process through single sign-on are several areas where innovation continues to occur.
However, cybersecurity has emerged as a top issue for retirement specialist advisors—80% rate data security/cybersecurity very important, deeming it the single most important factor when evaluating recordkeepers. At the same time, it represents a growing concern and significant expense for plan providers, particularly recordkeepers and third-party administrators (TPAs). “In a digital age, these firms essentially double as technology companies, with plan sponsors and their consultants/advisors closely scrutinizing security procedures and policies,” says Krymkowski. “It is critical for providers to maintain accurate data representing participants’ transactions while safeguarding their assets and confidential information.”
In addition to safeguarding sensitive data such as Social Security numbers, firms with personalized financial wellness programs must securely maintain data ranging from individuals’ credit card debt and outstanding student loans to their career satisfaction, work productivity, personal relationships, smoking status, and even sleep patterns. Cerulli urges providers administering such programs to take additional precautions when it comes to data security and ensure the appropriate treatment of Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA).
The evolution of technology in retirement planning and investing has prompted broad industry response. For example, the SPARK Institute formed its Data Security Oversight Board (DSOB) and subsequently released a set of best practices for reporting on cybersecurity capabilities in the industry. Cerulli recommends that providers clearly articulate their procedures for maintaining confidentiality and combat and correct fraudulent activity—not just to stand out in the request for proposal (RFP) process, but also to instill confidence in investors.