Never miss a story — sign up for PLANSPONSOR newsletters to keep up on the latest retirement plan benefits news.
Administration May 1, 2025
How Institutions Are Trying to Spot Cognitive Decline
Plan sponsors and recordkeepers aim to prevent both participant mistakes and fraud schemes that can decimate retirement savings.
Reported by Elizabeth Harris
Art by Shout
When a 79-year-old client asked Kevin Avent, managing director of wealth management at American Trust Co., to withdraw more than what was in one account, Avent realized something was very wrong.
“He requested funds that were just wildly over the number that’s been there for 20-plus years,” says the Lexington, Kentucky-based Avent of the moment he first suspected his client was experiencing cognitive decline. “That was a big red flag.”
The need to keep investments safe is growing, just as the risk of loss from both fraud and errors in judgment due to cognitive decline are also rising. In 2024, consumers lost more than $12.5 billion to financial crimes, representing a 24% increase from the year before, according to the Federal Trade Commission. Recent studies have shown that about one-third of Americans aged at least 65 experience some type of cognitive impairment which could put their retirement assets at risk of bad decisions—whether they are the target of fraud or making poor choices on their own. These twin—and sometimes overlapping—challenges are prompting recordkeepers to re-evaluate the layers of protection they are putting in place to secure participants’ assets.
Spotting Cognitive Decline: ‘They Would Have No Way to Know’
How to identify cognitive impairment may become a more common question in the future. Pamela Hess, executive director of the Retirement Research Center, an organization of the Defined Contribution Institutional Investment Association, has tracked an uptick in plan sponsors’ interest in retaining retiree assets in-plan.
RRC reported that an average of four in 10 plan sponsors actively encourage participants to stay in the plan, and another 58% said they are neutral on the idea.
Given these developments, Hess sees a need for greater attention to providing guidance on everything from strategies for tapping Social Security benefits to developing income-producing investments that are geared toward helping retirees. But she anticipates that recordkeepers and plan sponsors will also need to develop a robust plan for helping participants as they age—including if they experience cognitive decline.
“As that population gets older, now we essentially have challenges with cybersecurity and cognitive decline, and that cognitive decline is a real challenge and can go hand-in-hand with cybersecurity,” Hess says, noting that she is completing an upcoming report on the challenges of establishing retirement income and has added this issue to the list.
DCIIA ran a small survey in 2020 asking large employers what percent of their participants had cognitive decline, nearly 70% said they did not know, according to the survey. For one thing, cognitive decline can be hard to spot.
“If you think about it for active participants, they may have some sense if there’s some medical issue or people need to take time off, but particularly for terminated participants, they would have no way to know,” Hess says. “This is going to be critical, long-term, that we’re able to figure out how to solve for this and really support the individual and their family member.”
Fighting Fraud
Maintaining the integrity and security of retirement plan data and transactions is crucial for recordkeepers, according to Tim Rouse, executive director of the SPARK [Society of Professional Asset Managers and Recordkeepers] Institute, a trade group representing recordkeepers whose members administer accounts for more than 125 million participants.
Rouse, based in Wrentham, Massachusetts, sees recordkeepers paying increased attention to best practices in this area, including advocacy for multifactor authentication; applying behavioral analytics to detect suspicious activity; and requiring biometric access and cross-channel verification. When fraud occurs, due to shortcomings in their own systems or processes, recordkeepers often take responsibility for the losses, he says.
Under the Employee Retirement Income Security Act, recordkeepers typically perform administrative functions and do not exercise control over plan assets or management decisions, so they generally are not considered fiduciaries under ERISA, Rouse says. But they nonetheless take the responsibility of protecting assets seriously, he adds.
“We [have] always experienced fraud, since the beginning of 401(k) plans, and we typically called it family fraud,” says Rouse, of examples when family members exploited elderly relatives. But following a spate of data breaches, recordkeepers started seeing more overall fraud. “It was the non-family fraud that sent up a bunch of red flags. Our industry is constantly improving [its] defenses because criminals continue to refine their attacks.”
At an upcoming annual public policy event in June, Rouse anticipates a significant focus will be on further fortifying the financial services industry by looking at what recordkeepers can do to strengthen their systems. The event includes a half-day agenda devoted to cybersecurity and fraud prevention.
Rouse also encourages the federal government to play a bigger role in fraud prevention. Education efforts can raise awareness among participants about potential threats and how to safeguard their accounts, he says. Victims of retirement account fraud often lose not just savings to scammers, but they may incur taxes and early-withdrawal penalties on stolen funds. SPARK supports legislation to amend the Internal Revenue Code to recognize the loss as not being a taxable event, he says.
However, while recordkeepers are zeroing in on criminal fraud, they are not equipped to assess mental fitness and may be limited in how to shield participants from their own poor decisions, Rouse says.
“We are not either legally or practically in a position to assess a participant’s cognitive capacity,” he says. “We’re not medically trained on that, and it’s not something that a phone rep at a recordkeeper should have responsibility for.”
Using AI to Combat Fraud
Providing layers of protection, as well as boosting training, is a key also cited by Sastry Durvasula, TIAA’s chief operating, information and digital officer, who recognizes the need for increased education for participants, plan sponsors and employees who assist participants.
“That is the most important thing, because it is continuing to be a cat-and-mouse game,” says Durvasula, who is based in Charlotte. “With fraudsters, with bad actors, with AI, with deepfakes, with all the crazy stuff that is going on through nation-sponsored attacks on the cybersecurity side, we believe it starts with education and tooling.”
Durvasula looks at the tools in place for all three constituent groups and reports that TIAA has gone passwordless for participants for all digital channels, is introducing biometrics and secure document verification and has moved to multifactor authentication on all digital channels for plan sponsor clients as well. For in-house colleagues that help clients, whether they are participants or plan sponsors, TIAA has implemented AI tools for cybersecurity.
“With the advancements over the last couple of years, it’s a great time to use AI to combat cyber fraud,” he says.
Even given the emphasis on education and tools, Durvasula recognizes the need to enhance protection for older participants, for whom the threat of being targeted for fraud may be higher, and on whose behalf he sees the challenge as trying to halt attempts as they happen.
“Can you intercept that as a red flag and can we catch that?” Durvasula asks about the time-sensitive nature of potential fraud and the importance of addressing problems immediately.
Already, TIAA has succeeded in halting scammers who have pretended to be tech support or the IRS and stopped attempts to withdraw funds at their request, he says. In one recent example, a retirement participant with several million dollars in assets received a pop-up alert, supposedly from Apple, warning that the computer had a virus and to call for assistance. The participant called and gave remote access to the computer. The scammer then convinced the participant that their Social Security number had been used in a financial crime; that their account was in danger; and that they needed to liquidate and move the proceeds, which is when the participant called TIAA.
“Immediately, with all the technology I talked about, it was red-flagged, and a fraud investigation expert did a detailed investigation, and [we] were able to educate and convince the participant that they were being scammed,” Durvasula says.
In cases like this, TIAA also reaches out to a trusted contact on file, in this case the participant’s daughter.
“It requires a lot of conversation with the participant and the mental ability to have these tough conversations may also not be fully there, which is where I fundamentally believe that trusted contacts is such an important element in these types of situations: to prevent real-time fraud,” Durvasula says.
Identifying Signs
Anna Rappaport, president of Rappaport Consulting, also encourages recordkeepers to consider adding some new practices to support older participants. At the age of 84, she has seen, first-hand, her peers struggle with cognitive decline, and she sees a clear need for different services for older participants. In particular, she sees some customers as being unable to successfully deal with an automated system; instead, they need to talk with a person who can truly help them, she says.
“All financial institutions need to be aware of cognitive decline when they’re responsible for money, because they need to be able to deal with a person in such a way that they if they’re [experiencing] cognitive decline, [the institutions] recognize it,” says Rappaport.
She explains that her experiences, based on late-in-life research and consumer education, particularly a guide from the Society of Actuaries, helps inform this perspective, along with her service on the Department of Labor’s ERISA Advisory Council and work with other agencies, such as the Financial Industry Regulatory Authority and the Securities and Exchange Commission. “You can transfer those ideas over to recordkeepers,” she says.
While cybersecurity has been a main focus of plan sponsors and recordkeepers for some time, Rappaport sees challenges in identifying cognitive decline—especially when people are good at hiding it. There are signals that often appear, Rappaport says, which can usually be identified by people close to a participant—from unopened mail and unpaid bills to the inability to calculate the tip on a restaurant bill or missed appointments.
“You watch for changes in people,” Rappaport says.
She anticipates that specialized call centers could help notice similar shifts in behavior, and, ideally, representatives could also be trained to help people who are hard of hearing, who have vision problems or who are confused. She says adding the capacity to connect with a trusted contact could help recordkeepers check on participants without taking responsibility for assessing cognitive decline.
“What you say to the trusted contact is, ‘Something seems a little odd with your mother, and she’s given me permission to call—is everything OK?’” Rappaport says.
A ‘Growing Conversation’ That Must Produce Action
The recognition of and planning for the needs of older participants, and understanding how those needs may differ from those of younger participants, is increasing, according to Josh Cohen, a managing director and head of client solutions with PGIM DC Solutions, based in Chicago.
“There is a growing conversation in the market overall about plan sponsors who are more open to retaining retirees in their plans for a lot of noble, as well as economic, reasons,” Cohen says. “If you’re going to do that, you need to even elevate these issues more.”
Cohen also says some plan sponsors are just at the beginning of considering this issue, starting with plan design, since some still have provisions that do not allow for systematic withdrawal. Within plan design, he sees a push to make plans attractive to participants through investment options and solutions, advice, guidance and tools, all of which he sees as significant to protecting older participants. He suggests that plan sponsors could offer retirees the safety of Employee Retirement Income Security Act protections and fiduciary advice, as well as lower fees, due to the purchasing power of plan sponsors.
For Avent, of American Trust Co., establishing trusted contacts with new clients is now an essential first step in avoiding problems later.
“When you have those situations that arise, that’s where you fall back on the planning you’ve done for them, the relationship building that you’ve done,” Avent says.
If concerns deepen, Avent then notifies American Trust’s compliance department, to monitor any changes in the pattern of a client’s behavior that can signal a problem.
“Senior customer service people have logs of these calls and frequently check activity,” Avent says. “If there’s an unusual amount of calls from one particular participant, they can identify that and say, ‘This seems off.’”
