“A confluence of evolving risk factors,” as well as the rising expectations of 401k plan participants, are two big reasons why ERISA retirement plan attorney, Ary Rosenbaum, is encouraging sponsors to get an early start on fiduciary duties for 2026. Reviewing SECURE 2.0 provisions and investment menus, benchmarking, and tightening cybersecurity protocols are among the top action steps urged by Rosenbaum. Read on for more of his practical pointers, and risk management advice too. Fiduciary Preparedness
While ERISA compliance is essential for retirement plan sponsors, the best 401k plans are not driven by compliance scurries alone, and as attorney Ary Rosenbaum advises, heading into a new year is an ideal time for proactive attention to fiduciary responsibilities:
2026 will test your resilience, your foresight, and your willingness to invest in guardrails—not just for compliance, but for trust. The sponsors that survive and thrive won’t be those who cut corners; they’ll be the ones who leaned in early, documented everything, and treated fiduciary responsibility as a mission, not a burden. It’s not enough to react. You have to anticipate. So take your checklist, tighten your processes, build your defenses, and make sure that when the heat comes, you’re not caught flat-footed.
In the face of AI powered malfeasance, Rosenbaum reminds plan sponsors that cybersecurity must be high on the list of issues requiring their heightened attention, in order to protect the retirement savings of 401k participants:
A breach that impacts plan assets or personal data can become a fiduciary liability. You’ll be judged not just on whether you had security, but whether it was adequate, tested, and maintained … .Sharpen cybersecurity and tech oversight. Security can’t be a checkbox. You need continuous, demonstrable vigilance—third-party audits, penetration testing, staff training, and vendor oversight. And make sure you have cyber and fiduciary liability insurance in place.
Another dynamic 401k plan sponsors must navigate carefully is the exploration of private equity (PE) investment opportunities. Previously reserved for wealthy investors, private equity investments expand options for retirement plan participants, and could boost returns too. On the other hand, the associated fees, transparency and risks could bring problems for both retirement plan participants and sponsors. In the face of these rising risks, Richard Clarke, national risk management expert, and chief insurance officer at Colonial Surety Company, advises plan sponsors to take all decisions associated with investment menus ever more seriously. An additional challenge for plan sponsors is staying current on the “creeping obligations,” of SECURE 2.0, with 2026 marking the switch to Roth catch-up contributions for high earners. To get a proactive grip on the year ahead, retirement plan sponsors will want to tune into the action items on Rosenbaum’s Preparedness Checklist, which include:
- …List all SECURE 2.0 provisions coming online next year—catch-up defaults, Roth conversions, employer match rules. Mark deadlines. Assign responsibility.
- Review your investment menu. If you’re considering alternative or private funds, get due diligence documents, valuation methodologies, liquidity terms, and suitability analysis. Don’t treat these as accessories—they’re central.
- Benchmark and document your fees….Engage independent reviews. Record why you selected each provider. Document comparisons and decisions…..
- Update fiduciary processes and governance. Are your committee minutes current? Are consultant recommendations documented? Are fiduciary decisions memorialized? If not, fix it now. Compliance is as much about process as it is about numbers.
- Strengthen participant communication. Changes to investments, Roth defaults, or fees need to be clearly explained. Don’t let notices drown in legalese. Participants will remember confusion more than compliance.
- Lock down insurance coverage.The ERISA bond is required, but fiduciary and cyber liability coverage are essential. Review policy limits and exclusions before 2026 hits.
Good To Know: ERISA Bond vs Fiduciary Liability Insurance?
Fiduciary liability insurance is the only form of coverage that shields retirement plan sponsors personally in the face of allegations of a fiduciary breach. Under the high standards of ERISA law, a single mistake, such as an oversight in the selection and monitoring of investment options, can lead to investigations and lawsuits. Even if nothing has been done wrong, defense averages over $600 per hour in ERISA cases, and neither the ERISA fidelity bond (required for the protection of the plan–not the sponsor), nor traditional business insurance, covers retirement plan sponsors in the face of ERISA investigations, penalties or lawsuits.
Colonial Surety Company helps retirement plan sponsors mitigate their growing risks with an affordable, tailored insurance package. Armed with our coverage, for a few dollars a day, you’ll have defense costs and penalty limits up to $1,000,000 if faced with alleged or actual breaches of duty in connection with the employee retirement plan. Cyber liability coverage is included at no extra cost, providing additional protection–for the plan and company–against regulatory actions related to data and privacy, as well as expert response services.
Protect Yourself and Your Company, In Minutes, Now:
Fiduciary +Cyber Liability Insurance for Retirement Plan Sponsors
Serving customers since 1930, Colonial Surety Company is the trusted source for the pension industry to secure legally required ERISA bonds, fiduciary liability insurance and cyber-liability insurance. We help safeguard plan sponsors, pension professionals and financial advisors — and keep their businesses compliant — with pain-free, efficient, and friendly service every time. Colonial Surety Company is rated “A Excellent” by A.M. Best Company, US Treasury listed, and in business all across the country.
of a dollar limit. (The IRS just published that this amount is now $150,000 in relation to FICA wages earned in 2025 for the purpose of determining who is an HPI in 2026).
At The American Society of Pension Professionals and Actuaries, Paul Mulholland observes that as the Roth catch-up provision comes into effect on a “good faith” basis in 2026, “It’s one of the trickier rules to implement, and there are some hidden implementation issues that fiduciaries should think about when it comes to their respective plans.” Attorney, Jenny Kiesewetter of Fisher Phillips also anticipates “we’re going to run into a lot of administrative issues next year,” and offers these helpful pointers for retirement plan sponsors related to implementing the Roth Catch-Up provisions of SECURE 2.0:
- The Roth catch-up provision requires employees who earn more than $145,000 in FICA earnings to make catch-up contributions on a Roth basis. The catch-up limit applies to those over 50, and allows them to contribute an additional $7,500 to their qualified account for 2025 (the base limit is $23,500). Those who are ages 60-63 can contribute an additional $11,250 on top of the base $23,500….
- For those plans who lack a Roth option, the higher income participants of that plan “are not allowed to make catch-up contributions…”.
- Catch-up contributions are an optional feature, and sponsors are not actually required to offer them at all.
- …Plans are NOT permitted to require all catch-up contributions to be made on a Roth basis, even for those earning less than $145,000, to make administration simpler. Those with lower incomes must be free to make catch-up contributions on a pre-tax or Roth basis.
More Protocols, More Errors?
Given the sheer breadth and depth of SECURE 2.0, and the corresponding compliance responsibilities, it’s become ever more essential for retirement plan sponsors to protect themselves: plan sponsors are automatically ERISA fiduciaries and can be held personally liable for breaches.
Unforeseen challenges arise all the time, and seemingly small oversights can turn out to be very damaging: on average, resolving an ERISA claim costs even a small business over $1.2 million.
That’s why Colonial Surety Company offers a convenient and affordable package, created especially to help plan sponsors mitigate their rising risks. Armed with our Fiduciary Liability Insurance, for a few dollars a day, you’ll have defense costs and penalty limits up to $1,000,000 if faced with alleged or actual breaches of duty in connection with the employee retirement plan. Plus, we include cyber liability insurance at no extra cost, providing additional protection–for the plan and company–against regulatory actions related to data and privacy, as well as expert response services.
Get Protected, Efficiently and Affordably, Right Here:
Fiduciary+ Cyber Liability Insurance for Retirement Plan Sponsors
Serving customers since 1930, Colonial Surety Company is the trusted source for the pension industry to secure legally required ERISA bonds, fiduciary liability insurance and cyber-liability insurance. We help safeguard plan sponsors, pension professionals and financial advisors — and keep their businesses compliant — with pain-free, efficient, and friendly service every time. Colonial Surety Company is rated “A Excellent” by A.M. Best Company, US Treasury listed, and in business all across the country.