Written by

Quick Takes

  • SECURE 2.0 continues to reshape plan administration with Roth catch-up mandates for high earners in effect 1/1/2026.
  • DOL has issued guidance regarding missing participants. Plans should have a “prudent process” in place with an emphasis on maintaining good records and conducting a diligent search.
  • Mergers and acquisitions require proactive planning to align retirement benefits and minimize transition risks.

Spotlight: Roth Required Catch Up Contributions for High Earners in 2026

Roth catch-up provision (Secure 2.0) takes effect January 1, 2026. Employees aged 50+ with 2025 FICA W-2
earnings exceeding $145,000 must make catch-up contributions to a Roth account. If a plan does not offer a
Roth option, higher-earning participants will be unable to make catch-up contributions. Now is the time to
review your plan design, talk with your recordkeeper and payroll provider, and ensure compliance for 2026.

Align Supports You By:

  • Facilitating planning discussions with your recordkeeper and vendor teams.
  • Targeted communications to impacted participants and 1:1 personalized advice meetings.

Trend: Advanced Technology and AI Tools to Support Participants

Technology and AI tools are making it easier to access personalized guidance. Sponsors are leveraging
analytics to evaluate plan performance, understand participant trends and inform decisions. Used
responsibly, these technologies strengthen employee engagement and confidence in retirement futures.
Sponsors should also ensure digital and AI-based solutions used comply with DOL cybersecurity guidelines

Align Supports You By:

  • Identifying patterns and trends in participant behaviors.
  • Introducing platform tools and technology to support improved wealth outcomes.

Regulatory Update

Action Required: Roth Required Catch Up Contributions for High Earners in Effect 1/1/2026

Sponsors must be ready to identify the impacted participant group and ensure proper coding of contributions.

Take Action | Align Can Help:

  • Identify the impacted participant group and notify payroll and recordkeeper partners in January.
  • Communicate the new rules to impacted participants allowing them enough time to plan for the changes.
  • Confirm how to correct errors in catch up contributions by consulting your payroll and recordkeeper vendors.

Action Required: Lost Participants | What Plan Sponsors Need to Know

DOL has increased focus on lost participants, issuing guidance requiring sponsors keep participant records current,
periodically update contact information and follow documented search procedures when participants cannot be
reached. Regulatory enforcement and legal activity have targeted sponsors who cannot demonstrate a proactive and
well-documented process for locating lost participants, leading to penalties and potential claims of fiduciary breach.

Take Action | Align Can Help:

  • Regularly update participant addresses and beneficiary information through periodic outreach.
  • Maintain thorough, well-documented records of search efforts and communications with participants.
  • Implement a documented procedure to locate lost participants, using multiple search methods if initial outreach fails.

Litigation Update

Cybersecurity Update | Beyond Cyberattacks, Sponsors Must Know How Data is Being Used

Cybersecurity-related litigation in the 401(k) marketplace is accelerating, highlighting the urgent need for
plan sponsors to treat participant data protection as a core fiduciary duty and business priority. Recent cases
demonstrate that ERISA fiduciary liability extends to cybersecurity practices, oversight of vendors, and use of
participant data—meaning sponsors must rigorously monitor service providers and proactively implement
protective measures.
Horizon Actuarial Services LLC agreed to an $8.7 million settlement (2024) after a major data breach
compromised the personal information of over 100,000 participants, with plaintiffs alleging insufficient
safeguards and oversight. It isn’t just cybertheft in the legal spotlight. In 2025, a class-action lawsuit was
brought against a major recordkeeper for allegedly misusing confidential participant data to promote its
own managed account services. This highlights the evolving legal risks tied to both cyberattacks and
improper use of participant information by hired vendors.
It is increasingly clear that ERISA fiduciary duties extend to a sponsor’s responsibility to protect participant
data through careful vendor selection and ongoing oversight. Lawsuits continue to name both service
providers and plan sponsors as jointly responsible for cybersecurity lapses, especially when prudent
oversight by the sponsor cannot be documented. The Department of Labor has reinforced these expectations
by publishing guidance and stressing the need for transparency, strong security controls, and clear data-use
policies.
This heightened litigation and enforcement climate is driving plan sponsors to conduct more rigorous due
diligence on vendors, update service agreements for explicit cybersecurity terms, and partner with
recordkeepers to implement best practices such as multi-factor authentication, fraud monitoring, and
prompt participant communications following a breach.

Align Supports You By:

  • Helping you evaluate and monitor your recordkeeper’s cybersecurity program and contract protections.
  • Supporting committees with training and documentation to demonstrate diligent oversight.

What Align is Watching

  • Regulatory focus on in-plan income solutions and participant transitions into retirement.
  • Potential tax policy shifts impacting retirement incentives.
  • Ongoing legislative efforts to expand access and participation.
  • Proposals aimed at reducing ERISA litigation exposure.

Your’re Never Alone with Align

With over 60 years of combined experience, we can do a lot to help you
understand and gain more from your 401k. Explore what’s possible…