Skip navigation
oil-derricks-field-sun.jpg Maksim Safaniuk/iStock/Getty Images Plus

The Next 401(k) Land Grab—Participant Data

The issue over who owns 401(k) and 403(b) participant data and whether it is a plan asset is one of the hottest debates in the defined contribution industry.

Data is the new oil. Those who have access and can leverage it like the big tech companies, consumer marketers and financial service providers such as banks and credit card companies are profiting. Throw in AI and the possibilities seem endless.

The issue over who owns 401(k) and 403(b) participant data and whether it is a plan asset is one of the hottest debates in the defined contribution industry. Altruistically, providers and advisors need access to data to help people who cannot afford the type of personalized service mass affluent and high net worth investors get. So to help the less affluent, data is required to provide guidance at scale using technology like wellness programs and AI to not respond, but anticipate their needs, helping them cost effectively.

Realistically, many 401(k) and 403(b) record keepers and advisory firms need and want to monetize their relationships with the participants in the plans they manage driven in part by high expectations of their private equity owners but also because it makes sense. People need financial guidance and advice. The workplace is a good place to help and, though not complete, there is data that can be leveraged.

The government, particularly the states led by California, are concerned about protecting personal data with 50% enacting or considering legislation. Plan sponsors are concerned about the misuse of data as well in part because of increased litigation and liability. If a provider or advisor misuses data or sells a bad or fraudulent product, they could be held responsible. Yes, they could conduct prudent due diligence on these ancillary products and services but do they want to or have the time or expertise?

Data is an asset but is it a plan asset? Courts have ruled that it is not but only when compared to financial assets like investments where protections and restrictions would severely impede a provider’s ability to service a DC plan.

So the real question is whether plan providers and advisors who have access to participant data to manage the retirement plan as hired by the plan sponsor can use that data to sell other products and services. Even if providers and advisors get the plan sponsor’s permission, do they need to go to each participant? Is the offer a negative option or just some legalese that we all click on granting permission?

SPARK and DCIIA endeavored to answer these questions through a series of focus groups and surveys with plan sponsors, participants, advisors and record keepers, with mixed results:

  • Only 20% of employees strongly agreed that employers should offer wellness programs—40% agreed while 40% somewhat or strongly disagreed
  • Only 10% of participants strongly agreed that their employer should be sharing their personal data to third parties—less for baby boomers
  • The No. 1 concern of participants was fraud followed by who has access and protection of their information
  • Data privacy and how information is used and stored in a concern for 76% of plan sponsors

In the consumer world, people are willing to allow third parties to use their data if they get value in return. It’s a little unnerving when Amazon or Google offers me a product I was thinking about buying but it is also convenient. On the other hand, being bombarded with services that I have no interest in is annoying. Misuse and mishandling of data, which leads to fraud and financial loss is a huge concern.

There is a need and opportunity to leverage data on workplace retirement platforms but the issues get more complicated because of fiduciary liability. The data shared is needed to run the plan, but does that give providers and advisors the right to cross sell other products without permission of the plan sponsor and participant? While it’s becoming clearer that plan sponsor permission will be required, can the industry cost effectively service participants if explicit permission is needed?

Data is an asset—no one can argue that point—but it’s like a different type of asset than investments so different rules must be applied.  Can the DC industry work together to provide an acceptable solution for all parties or will tech and service companies working outside the system using data they get or already have from participants prevail?


Fred Barstein is founder and CEO of TRAU, TPSU and 401kTV.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.