The Rosenbaum Law Firm P.C. Blog

When I read that Securian Financial is joining forces with Custodia Financial to bring their “Retirement Loan Protection” (RLP) program into more in-plan offerings, I immediately thought about how many times I’ve seen plan participants unintentionally derail their financial futures over a small 401(k) loan.

This announcement isn’t just another corporate partnership—it’s a signal that the retirement industry is finally acknowledging a problem we’ve all known about for years: participants borrowing against their futures and then losing twice when they can’t repay those loans.

What’s the Deal

Securian and Custodia announced a strategic relationship under which Securian will integrate Custodia’s patented Retirement Loan Protection program into more workplace retirement plans. The program protects 401(k) loans from default if participants lose their jobs, become disabled, or pass away. The goal is to reduce loan defaults and prevent unnecessary cash-outs, which together have created a massive drain on retirement savings—an estimated $2 trillion gap nationwide.

Why It Matters

1. Fiduciary Risk Recognition For years, I’ve warned plan sponsors that loan defaults are the leak nobody talks about. You can have great fund lineups, low fees, and compliant disclosures—but when participants leave their jobs and their loan becomes taxable income, that’s a permanent loss of savings. This partnership acknowledges that issue and offers an in-plan way to protect against it.

2. Reinforcing the Promise of Retirement A retirement plan isn’t just a benefit—it’s a promise. Too often, participants borrow because they have to, not because they want to. This program helps preserve that promise when life takes a bad turn. Securian’s involvement gives it legitimacy, and it signals that the market is shifting from “we hope participants repay” to “we’ll design to protect them if they can’t.”

3. Implementation Realities Execution will matter. Will employers make RLP an opt-in benefit or automatically apply it to new loans? How will costs be handled? Will participants understand it’s insurance against default, not a free loan forgiveness program? Like every new benefit, the success will depend on communication and administration.

The Caveats

· The protection only applies in certain circumstances—job loss, disability, or death. Voluntary quitters might not be covered.

· There will be costs and possible vendor-integration issues. Plan sponsors must evaluate whether it’s worth the expense.

· It doesn’t fix the underlying behavior. Borrowing from your retirement account is still a bad idea unless absolutely necessary. This is protection, not permission.

My Advice to Plan Sponsors

· Audit your loan defaults. Know your numbers—how many loans default annually and what the long-term impact is on participants.

· Document the decision. Whether you adopt the RLP or not, document your fiduciary process.

· Communicate clearly. If you implement it, create a short, simple explainer. Don’t bury it in legal language.

· Coordinate with your record-keeper and advisor. Make sure they understand how it fits into your plan’s operations and disclosures.

· Encourage minimal borrowing. Even with protection, participants should borrow only as a last resort. Education still matters.

A Word to the Next Generation

To anyone just starting their career: your 401(k) is supposed to be your future, not your emergency fund. Programs like RLP help protect you when life blindsides you—but the best protection is not needing one in the first place. Build habits that make borrowing unnecessary. The market is finally catching up to reality, but discipline will always be your best insurance.

This partnership between Securian and Custodia is a smart, needed move. It doesn’t solve every problem, but it plugs a costly leak. And for once, it feels like an innovation that actually helps the people the plan is meant to protect.

If after decades of advising retirement-plans I learned one thing, it’s this: The law doesn’t reward you for almost doing everything right — it rewards you for doing it right, and documenting you did it. So when I read the Supreme Court’s unanimous decision in Cunningham v. Cornell University, I sat up in my seat. Because this one isn’t a footnote. It’s a shift.

At issue: employees of Cornell sued claiming the university’s 403(b) plans paid excessive recordkeeping/administration fees, and in the process engaged in “prohibited transactions” under the Employee Retirement Income Security Act of 1974 (ERISA). They alleged that the plan had contracts with service providers (parties-in-interest), and argued that those contracts thus triggered Section 406(a)(1)(C) of ERISA.

In earlier rulings the 2nd Circuit and others held that plaintiffs had to also plead that no exemption under Section 408 applied — essentially forcing plaintiffs to show up front that the transaction wasn’t “necessary and reasonable.” But the Supreme Court rejected that. It held that the Section 408 exemptions are affirmative defenses for the defendants to plead and prove — the plaintiffs simply need to allege the core elements of a prohibited transaction: (1) a fiduciary caused the plan to engage in a transaction; (2) the transaction involved the furnishing of services, goods or facilities; (3) the transaction was between the plan and a “party‐in‐interest.”

In short: More lawsuits will survive motions to dismiss. They’ll get past the gate. That means discovery. That means costs. That means plan sponsors and fiduciaries need to be sharper than ever.

Why This Matters to Plan Sponsors & Fiduciaries

· Lower pleading threshold = higher exposure. Before, many cases died at the complaint stage because plaintiffs couldn’t overcome the “necessary and reasonable” filter. Not anymore. The bar has lowered.

· Almost every contract with a service provider might be challenged. Under the holding, a plan’s payment of assets to a party-in-interest for services can be deemed a prohibited transaction unless the fiduciary can show an exemption applies — but that’s on the defense side. So every recordkeeping, TPA, investment-line contract is now vulnerable.

· Defensive tools are still available — but you must use them. The Court told lower courts to use Federal Rule of Civil Procedure 7(a)(7), early discovery limits, fee awards, sanctions for frivolous pleadings. But these are reactive tools; the proactive risk remains.

· Document your fiduciary process and reasonableness of fees. If the lawsuit is going to creep into every service contract, the best defense isn’t hoping no one sues — it’s showing you did your homework, negotiated hard, benchmarked, got competitive bids, monitored.

· This hits higher education (403(b) world) and also applies to 401(k) sponsors. While the case involves Cornell’s 403(b) plans, the legal standard affects any ERISA-covered plan. So private-sector plan sponsors should take note.

What You Should Do, Now (In Plain Ary-Rosenbaum Speak)

· Audit all your service-provider contracts. Pull the roster: recordkeepers, TPAs, investment-line providers, any party-in-interest. For each contract review: What’s the fee? How does it compare to market? When was it last renegotiated?

· Ask your advisor: “When was the last competitive bid?” If it’s been more than, say, 3-5 years (depending on size), you may be exposing yourself.

· Review your committee and fiduciary process. Minutes should reflect: you considered alternatives, you had negotiation leverage, you evaluated reasonableness. If you can’t say that, you’re starting from a weaker position.

· Update your disclosures and communications. Your fiduciary memo should now include: “Because of the Supreme Court’s April 17 2025 decision in Cunningham v. Cornell University, we recognize increased risk under ERISA Section 406 of service-provider contracts.”

· Don’t ignore the cost. Litigation is expensive. Even if you believe you’ll prevail, discovery and motions cost millions. Better to reduce the chance of a claim.

· Consider monitoring litigation risk as part of your fiduciary oversight. Just as you monitor investment performance and fees, assess your “litigation-exposure” profile. What service-provider contracts have the potential to spawn prohibited-transaction suits?

Final Word to the Fiduciary Tribe

As I sit and think of my law-firm days, the dinners where the managing partner poured the wine and said: “Rule 2 – never surprise the audit committee,” I’m reminded that surprises are liabilities in retirement-plan fiduciary work. The Cornell decision isn’t hyperbole-alarm bells — it’s clear: the field has shifted. The plaintiffs’ bar has a wider door. You can still be on the right side of this, but you must act.

Your plan is a promise to participants. Not just of return on investment, but of prudent stewardship of their future. When you outsource services, you are still the fiduciary. The storm of litigants may be coming. Don’t wait for the thunder to decide to cover the roof. Get up there now. Metal panels. Secure bolts.

If you’d like, I can draft a one-page briefing memo you can present to your plan committee summarizing the Cornell decision and its implications (ready-to-go, Word-doc style). Would you like that?

I’ve always said, “You’re only one rigorous process away from averting a major fiduciary failure.” It’s one thing to trust your advisors — but completely another to delegate without oversight. So when I saw the article in NAPA – National Association of Plan Advisors titled “Suit Says Plan Sponsor ‘Uncritically Relied’ on Advisor TDF Choice,” I flipped back through the decades of plan-committee meetings I’ve sat in, the ones where we drilled into vendors and funds and saved clients from themselves.

Here’s the gist of the case: In Elanco US, Inc.’s 401(k) plan (case caption: Phillips v. Elanco US, Inc., filed Oct. 21, 2025 in the U.S. District Court for the Southern District of Indiana), participant-plaintiffs accuse the plan’s fiduciaries and the investment adviser of breaching their duties. The complaint claims that the committee “uncritically relied” on the adviser in selecting and retaining a suite of American Century Target Date Funds as the plan’s Qualified Default Investment Alternative (QDIA) and core target-date funds, despite persistent underperformance, high turnover, shrinking market share and a clear plan policy that required under-performing funds (score < 65) to be flagged for review.

Why I View This as a Red-Flag for Plan Sponsors

1. Delegation is not abdication. You can hire a 3(21), have an adviser, outsource many operational tasks—but you remain the fiduciary for selection, monitoring, replacement. This complaint says the committee let the adviser do the heavy lifting and then sat back. That’s vulnerable.

2. Process over performance—but performance still matters. Under ERISA, a proper process may keep you safe even if the fund underperforms. Here, the suit alleges the plan policy said “score under 65 → watch list,” yet the committee didn’t act. That gets to the heart of prudence: it’s not just the tool you used (advisor + fund); it’s how you governed it.

3. The “unreasonable delay” element is emphasized. The complaint alleges the committee “delayed too long” to replace the under-performing TDFs despite knowing of the red flags. In plain Ary-Rosenbaum language: when the gear’s squeaking, you don’t wait for full failure before pulling the lever.

4. The stakes are real: “tens of millions of dollars” lost. The plaintiffs allege the mistakes caused “tens of millions” in losses for participants. Whether or not that number holds up, the message is clear: poor oversight = potential multi‐million liability

What You Should Do Now (Yes, this is the “Ary” checklist)

· Pull your TDF/QDIA suite. Who are the vintages? What are the benchmark returns, peer-group comparisons, turnover, asset-flows? Run a “score <65” type analysis (or something equivalent) and document the result.

· Check your advisor-committee relationship. Service agreement, scopes, meeting minutes: Did the adviser provide analysis? Did the committee challenge it, ask tough questions, get benchmarking data? If your documentation is light, you’ve got exposure.

· Review your investment policy statement (IPS). Does it require periodic suitability/switch reviews? Does it define watch-list triggers? If it says one thing and you do another—or worse, you do nothing—you’re behind.

· Monitor timing and replacement decisions. If you find a fund that’s underperforming, how long until you take action? The court of public opinion (and the plaintiffs’ bar) is increasingly looking at delay as evidence of imprudence.

· Document like your audit depends on it. You’ll want minutes that reflect “we reviewed performance, asked these questions, concluded to stay because of X, Y, Z” OR “we reviewed and concluded to replace effective date Z.” When the next complaint hits, you’ll need that trail.

Final Word to the Fiduciary Tribe

Let me speak directly to all the plan committee chairs, the HR leaders, the in-house counsel reading this: your plan is notthe place to be passive. You’re not just reviewing pie charts and fee schedules—you’re managing a promise to your employees. That promise says: “We will give you a retirement vehicle, guided by prudence, to build tomorrow.” When you say to yourself, “But the adviser told us it’s okay”, ask this question: Did you challenge the adviser? Because the lawsuit says: sitting quietly = “uncritically relying.”

In the days when my grandfather Emil taught me the value of a well-tightened watch gear, he meant: every piece must mesh. In retirement-plan fiduciary work, your watch is the TDF suite, the adviser, the committee process, the IPS. If one gear is loose—you hear the squeak long before the damage sets in.

If you ever want to know how strong your fiduciary process really is, don’t look at the investment lineup—look at your meeting minutes.

I’ve reviewed enough plan files to know that some committees treat minutes like an afterthought. You’d see one sentence: “Reviewed funds. No changes.” That’s not a record; that’s a liability.

In ERISA world, silence isn’t golden—it’s incriminating. If it’s not written down, it didn’t happen. The plaintiffs’ attorneys love that. They’ll wave your minimalist minutes in court and ask, “So what exactly did you review?”

Good minutes don’t need to be novels. They just need to show a prudent process: which reports were discussed, what questions were asked, what decisions were made, and why. It’s not paperwork—it’s protection.

So the next time your committee wraps up a meeting early, take five more minutes to document what you did. Because when the lights go out and the subpoenas come on, silence in the minutes can be deafening.

Every year, I see plan sponsors spend thousands on shiny “financial wellness” programs—apps, webinars, and surveys promising to fix participant behavior. Yet, the same plans still have high loan rates, poor deferral averages, and zero engagement. Why? Because you can’t build wellness on a broken foundation.

If your plan design traps participants with high fees, limited fund options, or auto-enrollment at 3%, no amount of budgeting tips will save them. Financial wellness isn’t a motivational poster—it’s a structural commitment.

Start by fixing the plan before preaching the sermon: review match formulas, reexamine defaults, simplify choices, and communicate like humans, not HR bots. Real wellness happens when the plan helps participants succeed by design, not by luck.

In other words, you can’t give people financial peace of mind while quietly making their savings harder to grow. Wellness starts with the plan sponsor, not the app.

In the retirement plan world, there aren’t many do-overs. You don’t get to “try again” after a fiduciary breach, a failed compliance test, or a DOL investigation. You get one shot to get it right.

I’ve seen too many plan providers treat their work like rehearsal—assuming someone else will fix the missed deadlines, clean up the sloppy plan document, or explain the mistake to the client. That’s not professionalism; that’s passing the buck.

Being a plan provider means owning your work like it’s going to be audited tomorrow—because someday, it will be. Every signature, every disclosure, every vendor selection matters. When you operate like your reputation depends on it, it usually doesn’t get questioned.

Whether you’re a TPA, advisor, or ERISA attorney, your clients remember when you got it right the first time—and they never forget when you didn’t. The fiduciary world doesn’t reward perfection, but it punishes carelessness.

So don’t treat your work like a draft. You get one shot. Make it count.

In this business, every conference has that one person who wants everyone to know they’re the smartest person in the room. They quote obscure ERISA sections, correct speakers mid-panel, and use acronyms like they’re throwing fastballs. The problem? No one hires the smartest person in the room—they hire the one who makes their life easier.

I’ve built a career in a field full of technical experts, but what separates a real plan provider from a walking compliance manual is the ability to translate complexity into clarity. Plan sponsors don’t want to hear the Internal Revenue Code recited back to them; they want to know what it means for their plan, their employees, and their risk.

I’m not saying expertise doesn’t matter—it’s everything. But expertise without empathy is arrogance. The job isn’t to impress; it’s to guide. When a client calls in a panic about a failed ADP test, they don’t want a Latin lecture—they want calm, clear action steps.

Being the smartest person in the room might stroke your ego. Being the most useful keeps you in business.

When I started in this business, plan sponsors worried about lost checks. Now, they should be worried about lost data. Back then, if a participant’s address was wrong, you mailed a letter and hoped for the best. Today, if a hacker gets your payroll feed, you’re not mailing letters—you’re calling your cyber insurer and your lawyer.

ERISA’s Section 404 talks about acting prudently and solely in the interest of participants. That used to mean watching fees, monitoring investments, and keeping minutes. But in 2025, prudence means locking down your participant data like it’s Fort Knox. Every Social Security number, every date of birth, every account balance—those are plan assets in digital form.

The Department of Labor isn’t subtle about it anymore. Cybersecurity is a fiduciary issue. If your TPA or recordkeeper treats data protection like an afterthought, that’s your problem too. Because if participant data gets breached, no one’s pointing fingers at the IT guy—they’re pointing them at you, the plan sponsor.

So, ask questions. Demand documentation of your providers’ security protocols. Review your internal controls. Don’t let an intern email participant data unencrypted. You wouldn’t leave plan assets in a shoebox under your desk, so don’t leave sensitive data floating around in Outlook.

Fiduciary prudence used to mean “protecting the money.” Now it also means protecting the information about the money. Data is the new 404—and unlike plan assets, once it’s leaked, you can’t roll it back into the trust.

I’ve been in this business long enough to know that the only thing “simple” about a 401(k) plan is the way people pretend it is. Every provider brochure says “turnkey,” “easy to administer,” or my personal favorite, “set it and forget it.” The problem is that the Department of Labor never forgets.

When I started out, I thought complexity was the problem. Now I know it’s denial. Plan sponsors want to believe a retirement plan runs itself. Payroll’s on autopilot, the TPA’s on it, and the advisor’s keeping watch. But one missed deposit or a misclassified employee later, and that “turnkey” plan turns into a compliance whack-a-mole.

Good providers don’t sell simplicity, they translate complexity. They build systems that catch errors before they become DOL letters. They educate clients who think an audit means “someone’s getting fired.” And they never promise perfection, just accountability.

If your client thinks their plan runs itself, remind them: 401(k)s aren’t Crock-Pots. You can’t just set it and walk away. Because when things boil over, it’s always the provider cleaning the mess.

Somewhere in Washington, someone at the Department of Labor must have a “Fiduciary Rule” dartboard. Every few years, they take a throw, hit a new buzzword, and decide it’s time for another rewrite. We’ve had more drafts of this rule than Rocky sequels, and at least with Rocky, you knew he’d eventually get up off the mat.

For plan providers, it’s déjà vu all over again. We’ve built policies, rewired procedures, rewritten disclosures, and retrained staff more times than I can count. Then, just when the industry adjusts, a new administration decides to “reimagine” what fiduciary really means. Translation: everyone spends six months reading proposed regs and pretending they understand them.

Here’s the truth, being a fiduciary isn’t about whatever version the DOL drops next. It’s about acting in the client’s best interest every single day, whether there’s a rule or not. The good providers don’t wait for Washington to tell them how to behave, they already have a compass.

Still, every time this roller coaster starts again, I keep my seatbelt fastened and my expectations low. Because unlike Rocky, this saga doesn’t end with triumph, it just resets for the sequel nobody asked for.