DOL ERISA Enforcement: 10 Areas of Current Focus

Elizabeth Goldberg

The U.S. Department of Labor maintains an active program for investigating employee benefit plans for potential violations of Title I of the Employee Retirement Income Security Act of 1974, focusing especially on fiduciary duties. The investigations can be taxing, resource intensive and can lead to referral for enforcement litigation (and, in turn, liability and reputational harm for the party under review).

This article identifies 10 areas of DOL enforcement focus, including official “enforcement priorities” and “projects,” as well as other, unofficial areas of focus. For plan sponsors and fiduciaries, understanding these areas can provide valuable focus for strengthening compliance programs before the department conducts a review.

This list is drawn from multiple sources. First, the department identifies and publishes on its website “national enforcement priorities,” which are broad enforcement initiatives, and “,” which are targeted investigatory projects. Second, there are other areas that may not be official initiatives, but have historically been present in many department reviews. Third, there are a few areas that are not yet official enforcement priorities or projects, but are anticipated based on public statements made by department leadership. Finally, the DOL used a recent Field Assistance Bulletin, FAB 2026-01, to set out “Guiding Principles for EBSA Enforcement Priorities.”

1. Cybersecurity

For several years, the department has been focused on protecting benefit plans from cybersecurity risks. This area is now officially identified as one of the agency’s enforcement priorities. The department describes this initiative as addressing “the growing risks cyberattacks pose to employee benefit plans and participants.” The department states that it is especially focused on promoting “cybersecurity practices for plans and service providers to protect sensitive information and reduce the risk of fraud and financial loss.”

In its cybersecurity reviews, the department tends to focus on risk management processes, with investigations assessing whether plan fiduciaries had adopted reasonable safeguards, including written data protection policies and incident detection procedures. Often, the department evaluates whether these processes align with its cybersecurity best practice guidelines. The department is especially focused on how plans and service providers protect their systems and data from cyber threats. Also, when breaches occur, the department is likely to evaluate whether any participant has suffered financial loss or other harm and, if so, require that the participant be made whole.

2. Fiduciary Investment Advice and Management

The department has long focused on helping to protect plan participants from improper or conflicting investment advice and management provided by third-party fiduciaries. In its present form, the department titled this enforcement priority the “Retirement Asset Management” project. Its goal is “protecting retirement income by ensuring fiduciaries select and monitor plan investments prudently.” The department frames its goal as mitigating “[p]oor investment choices, high fees, and conflicts of interest.”

This project has three key focus areas. The first is focused on 3(21) and 3(38) fiduciaries: investment advice fiduciaries—often referred to as 3(21) fiduciaries because they give investment advice that makes them a fiduciary under the definition set out in ERISA Section 3(21)—and discretionary investment fiduciaries—often referred to as 3(38) investment managers because they meet the definition of an investment manager under ERISA Section 3(38). The department examines both types of fiduciaries directly, making sure they provide sound and conflict-free recommendations. The department is also interested in whether the plans that utilize these third parties are properly vetting and monitoring them.

Examples of areas of review include:

• Conflicts of interest that may lead to conflicted decisionmaking processes; imprudent application of investment guidelines; and charging of excessive fees;
• Undisclosed fees or improper compensation from ERISA plan assets;
• Fraud, kickbacks and embezzlement involving investment managers and advisers that affects plans and participants;
• Improper or undisclosed compensation, such as undisclosed indirect compensation; and
• Whether a plan’s fiduciaries are adequately engaging in due diligence related to service providers to address possible conflicts of interest.

This area has long been a focus under different names over the years. In the recently issued FAB 2026-01, the department identifies that for these types of investigations involving investment decisionmaking, it will seek to “avoid cases that unfairly second-guess process-based fiduciary judgments.” Instead, the department intends to focus on investment matters “where the Department can make the most significant difference in addressing harm to plan participants and beneficiaries—particularly when there is direct evidence of disloyalty or impermissible conflicts of interest.”

3. Underfunded Defined Benefit Plans.

Another area of focus under the Department’s “Retirement Asset Management” project is what the agency calls its “Underfunded Defined Benefit Plans” priority.

This initiative is technically a new official enforcement project, but it appears to have been already underway for several years, as there has been an uptick in reviews of defined benefit plans focused on investments. The department intends to focus on “underfunded defined benefit plans because participants face a high risk of reduced or lost benefits.” The department appears to be focusing on “risky or unsuitable investment strategies” and “systemic risks across the entire portfolio.”

4. Investment Selection and Monitoring

Another area of focus under the department’s “Retirement Asset Management” project is a new initiative titled the 404(c) Enforcement Project. The department describes it as focusing on whether “fiduciaries follow a reasonable process when choosing and overseeing the plan’s investment lineup.” The department states a concern that “[i]ssues with these processes may be common, especially in midsize plans that may lack the resources of larger plans.”

• This initiative builds off a longstanding department concern with how fiduciaries construct investment lineups for participant-directed plans. The department has historically focused—and likely will continue to focus—on conflicts of interest that may affect decisionmaking processes, such as with proprietary fund and service offerings; Overly expensive and/or overly risky menu options;.
• Failures to establish and/or follow appropriate plan processes, such as committee processes, and investment policy statements; prohibited transactions involving investments; and whether a plan’s fiduciaries are adequately engaging in due diligence related to such plan investments to vet such investments and address conflicts of interest.

Soon after announcing this priority in early 2026, the department issued its proposed rule on Fiduciary Duties in Selecting 401(k) Plan Designated Investment Alternatives. While that proposed rule provides guidance on how fiduciaries should make investment decisions for individual account plans, it does not indicate that the department intends to cease reviews about such fiduciary evaluations.

5. Protecting Benefit Distributions

The department has had a significant focus over the last decade on “missing participant reviews.” This initiative is continuing as the Terminated Vested Participants project. Through this effort, the department continues to review such things as whether plans:

• Maintain adequate census data;
• Use reasonable methods to contact former employees who have earned vested benefits but have not yet begun receiving payments (this could also be done by delegated administrators);
• Provide appropriate notices as participants approach normal retirement age or required minimum distribution age;
• Adopt reasonable search practices; or
• Resolve uncashed checks in a timely manner.

While this initiative has historically focused on defined benefit plans, the department appears to have extended it to defined contribution plans in recent years.

6. Missing and Late Contributions

A central focus of the department’s enforcement program has always been, and remains, ensuring that participant contributions go into the plan (in the first place, and on time). Participant contributions are treated as plan assets and, therefore, must be deposited into the plan as of the date they can reasonably be segregated from the employer’s general assets.

This is an area the department regularly audits. In these reviews, the department typically confirms contributions to tie out or reconcile (and where a breach occurs, confirm there was timely remediation). The department also looks to confirm that participant loan repayments are paid into the plan on time.

7. Health Plan Enforcement

Over the last decade, the department has dramatically increased its enforcement focus on group health plans. This enforcement priority was further bolstered by the Consolidated Appropriations Act of 2021, which amended ERISA to enhance oversight of health plan service providers and also provided funding for the continued implementation and enforcement of the Mental Health Parity and Addiction Equity Act and the No Surprises Act.

The agency’s current official priorities include several initiatives related to group health plans. Two key areas of focus are mental health parity and surprise billing issues. In particular, the department is heavily focused on enforcement of mental health parity rules, such as barriers to mental health or substance use disorder benefits, and whether parity exists between mental health and medical benefits. Areas of concern include unjustified treatment exclusion, claims processes, unreasonable limits on care, and compliance with required parity analyses.

The department also continues to focus on investigations tied to the No Surprises Act, especially confirming there are no unexpected medical bills or other violations of the act. Other areas of regular department review include whether health plans treat emergencies appropriately, including applying in-network cost sharing to such services and providing proper notice and disclosures. In FAB 2026-01, the department emphasized its commitment to continuing these cases, stating that it “remains committed to protecting benefits for plan participants and beneficiaries through the enforcement of ERISA, including but not limited to health benefit rules under Part 7.”

8. Plan Minimum Requirements: Documents, Disclosure, Bonding and Claims

Although not listed as official enforcement priorities, the department almost always reviews minimum plan requirements to ensure that required plan documents, required disclosures and minimum bond requirements are maintained. For example, the department will almost always confirm the proper maintenance of required documents and the dissemination of required disclosures. This includes the maintenance and/or disclosure of such documents as the plan’s summary plan description, participant-level disclosures (i.e., the 404(a)(5) disclosure), the receipt of plan service provider disclosures (i.e., the 408(b)(2) disclosure), and other disclosures covered by Title I of ERISA, such as blackout notices for investment or service disruptions, and mapping notices, if the plan is seeking 404(c) protection when it changes the plan’s investment options.

Similar minimum review can be expected with respect to the maintenance of a bond required under ERISA Section 412. The department recently underscored its focus on these types of issues, stating that it “remains committed to protecting benefits for plan participants and beneficiaries through the enforcement of ERISA, including [to reviewing] disclosure requirements, claims processing, and adjudication requirements.”

If the department finds gaps in these areas, it will typically focus on encouraging the plan administrator to fix those issue. However, in egregious cases, the department may tie the gaps to breaches of fiduciary duty and/or impose statutory monetary penalties.

Another topic that is not an official priority, but is common in department investigations, is the review of the plan’s claims and appeals. The department often examines whether plans are following both the plan’s terms and department regulations (which set minimum timelines and disclosures for the processing of claims and appeals). Although this issue arises more frequently with respect to health plans, it is still an area the department often evaluates for retirement plans. For example, the department routinely asks for recent claims and appeals, then reviews those materials against the requirements of its claims regulations.

9. Egregious Conduct

 
In its recently issued FAB 2026-01, the department emphasized its focus on investigating and addressing “the most egregious conduct and significant harm,” resulting in “criminal cases to address the most significant harm to the employee benefits system.” With respect to civil matters, the department states that it wants to focus on “individuals and entities who, acting in bad faith, improperly administer plan benefits or misappropriate (or, aid in the misappropriation of) assets set aside for the benefit of the American worker,” including conduct “designed to enrich themselves or other goals unrelated to participants’ best interests.”

While not an enforcement topic per se, this position signals the department wants to prioritize bad-actor reviews over smaller matters and good-faith foot faults.

10. ESOPs

 Employee stock ownership plans—defined contribution plans designed to invest primarily in the stock of the sponsoring employer—have been a focus of the agency since at least 2005, when the department established the ESOP National Enforcement Project. In examining ESOPs, the department has long been focused on such issues as whether the employer’s securities have been correctly valued (when purchased, sold or distributed); the failure to provide participants with the specific benefits required or allowed under ESOPs, such as voting rights, participant distributions and stock-sale rights; and whether corporate governance is being passed on to participants correctly. These investigations have historically made up a significant portion of department enforcement work and recoveries.

In 2026, the department made a significant change to its official enforcement priorities by removing ESOP reviews as one of its official priorities. This could represent a watershed moment, because investigations of ESOPs have been a primary focus for decades. But it remains to be seen whether the department will fully cease all reviews of ESOPs or simply lessen the focus.

Conclusion

The best defense to avoid any drawn-out DOL review—or worse, a referral for enforcement litigation (and, in turn, liability and reputational harm)—is a robust compliance program that addresses areas of department concern before the department begins its review.

These 10 areas of enforcement focus provide a road map for addressing these topics and strengthening compliance before the department conducts a review.

Elizabeth Goldberg is a partner in Morgan Lewis & Bockius and advises employee benefit plan sponsors and plan service providers on compliance with ERISA fiduciary duties, including DOL enforcement.

This feature is to provide general information only, does not constitute legal or tax advice, and cannot be used or substituted for legal or tax advice. Any opinions of the author do not necessarily reflect the stance of ISS STOXX or its affiliates.