It is increasingly evident that artificial intelligence (AI) is reshaping all facets of business, and its impact on employee benefit plans is no exception. From automating plan administration to personalizing participant communications, AI introduces both new opportunities and new responsibilities for those overseeing Employee Retirement Income Security Act of 1974 (ERISA)-covered retirement and health plans (Plans).
Plan sponsors and fiduciaries should understand how AI intersects with their legal obligations under ERISA and take proactive steps to leverage this technology responsibly to improve participant outcomes.
How AI is Already Impacting Plan Operations
AI technologies are already being integrated into various aspects of Plan management and operations. Fiduciaries should understand how these technologies can benefit participants and beneficiaries—and how to mitigate associated risks. Ignoring AI is no longer a prudent option.
For example, AI-driven platforms can analyze individual participant data to deliver tailored communications that support retirement readiness. AI-automated systems also streamline manual and repetitive tasks, reducing processing time, limiting errors, and improving compliance. These systems can process loans, hardship withdrawals, and domestic relations orders.
However, because AI is not infallible, regular validation is essential. To comply with ERISA’s prudence requirements, fiduciaries should not delegate critical responsibilities to AI without implementing ongoing oversight and monitoring protocols.
Cybersecurity and Fraud Detection
Fiduciaries have an obligation to protect participants’ personal and financial data, which includes adopting and maintaining robust cybersecurity practices. (See: Compliance Assistance Release 2024-01.)
AI-based fraud detection systems can identify anomalies in account access and distribution activity, helping protect participants from unauthorized transactions. Given AI’s capabilities, fiduciaries may face increased scrutiny if they fail to explore AI solutions that bolster account security.
At the same time, integrating AI can introduce new cybersecurity vulnerabilities. Fiduciaries should understand how AI tools operate to strengthen Plan cybersecurity without inadvertently creating risks that harm participants.
Investment Management Tools
Most fiduciaries engage professional advisors to assist with Plan investment options. As a best practice, fiduciaries should ask prospective advisors whether—and how—they use AI-enabled tools to help participants optimize their investment decisions. Similarly, fiduciaries should evaluate how advisors use AI to assess Plan investment performance and strategy.
Vendor Selection and Monitoring
Diligence in vendor selection is critical when working with AI-driven services. Fiduciaries should understand how the AI models are built, what data they use, how results are validated, and whether cybersecurity and privacy controls are adequate.
Vendor contracts should specifically address:
- Data usage rights and limitations
- Indemnification provisions
- Insurance requirements
- Audit rights and transparency obligations
Transparency and Explainability
Fiduciaries should understand how AI-based decisions are made. Reliance on “black box” AI systems—where the internal logic is opaque—could run afoul of ERISA’s prudence standards. Ongoing monitoring of AI vendors, including thorough audits and performance reviews, is essential to ensuring continued compliance.
AI Data Sources and Governance
AI outputs are only as reliable as the data they rely on. Fiduciaries should make sure the data driving AI tools is accurate, current, complete, and secure. Implementing robust processes for data validation and correction is a key governance priority.
Actionable Steps for Plan Sponsors and Fiduciaries
While AI presents significant opportunities, its deployment should be subject to rigorous oversight. AI should complement, not replace, traditional methods of Plan management. Fiduciaries should evaluate and monitor AI through the lens of ERISA’s fiduciary standards.
Recommended action items include:
- Integrate AI risk management into the Plan’s overall governance strategy
- Evaluate and document how AI tools impact investment selection, recordkeeping, and participant advice
- Review and revise service provider contracts to include AI-specific clauses
- Conduct initial and periodic due diligence on vendors, involving technical experts as needed
The Jackson Lewis Employee Benefits Practice Group members can assist if you have questions or need assistance. Please contact a Jackson Lewis employee benefits team member or the Jackson Lewis attorney with whom you regularly work. Subscribe to the Benefits Law Advisor Blog.