The Department of Labor’s regulatory arm has new priorities for ERISA. Here’s how employers can adapt.

As is often the case under a new presidential administration, the past year has brought significant changes to the federal Department of Labor (DOL), including new leadership and a new approach to regulatory enforcement.

It’s up to employers to make sure legal counsel is aware of these changes and taking steps to remain compliant with the DOL’s priorities. To ignore what’s going on in Washington could run the risk of fines for your company and, at worst, personal liability.

The following summarizes what’s been happening at the DOL and what company leaders can do to stay ahead of the curve. For a deeper dive into these issues, check out Lockton’s February webcast (opens a new window) hosted by two of our ERISA compliance attorneys who also happen to be former investigators for the DOL’s Employee Benefits Security Administration (EBSA). Our Compliance Consulting team is also available to discuss with clients any questions they have about changes at the DOL.

New leadership and direction

In September, the U.S. Senate confirmed Daniel Aronowitz as the new assistant secretary of labor for the EBSA, which regulates employer-sponsored health benefit plans in accordance with the federal Employee Retirement Income Security Act (ERISA).

Employer groups generally supported Aronowitz’s confirmation. With a background as president of a fiduciary insurance firm, it’s believed he brings a turnaround-focused, plan sponsor-friendly, and litigation-reforming approach to the agency. Aronowitz has expressed a desire for greater collaboration and innovation with industry stakeholders. Already, EBSA’s enforcement strategy under Aronowitz represents a noticeable pivot from that of his predecessor.

He takes over as the EBSA faces challenges from staff turnover and budget cuts, raising concerns about adequate oversight for the 180 million Americans covered by employer- and union-sponsored retirement, health, and disability plans.

Current enforcement priorities

In January 2026, the EBSA unveiled its national enforcement priorities, emphasizing health plan oversight and introducing several important changes from previous years:

• Cybersecurity is a top priority for the agency, reflecting the growing threat of data breaches and fraud targeting benefit plans.

• Barriers to mental health and substance use disorder benefits remain a focus, to help ensure employees have access to services, adequate provider networks, and fair claims processes.

• Surprise billing enforcement now zeroes in on employers’ compliance with the No Surprises Act, particularly emergency claim denials and out-of-network charges.

• Fraudulent Multiple Employer Welfare Arrangements (MEWAs) are another concern, as the EBSA targets plans with unpaid claims and illegal self-insured MEWAs.

The EBSA no longer lists previous enforcement priorities like transparency, hidden fees, and service provider self-dealing, but these topics remain relevant due to ongoing legislative, regulatory, and litigation developments. Plan sponsors should continue to remain vigilant in these areas.

Cybersecurity: A fiduciary imperative

The EBSA’s heightened focus on cybersecurity builds upon guidance the agency issued in 2021 and reinforced in 2024, which now clearly applies to health and welfare plans. If they haven’t done so already, plan fiduciaries should implement robust, documented cybersecurity programs, conduct annual risk assessments, and ensure third-party audits of security controls. Some best practices include:

• Clearly defining security roles and responsibilities

• Implementing strong access control procedures

• Providing cybersecurity awareness training for employees

• Planning ahead for a rapid, coordinated response to a cybersecurity breach

Unprotected participant data exposes health and welfare plans to fraud, identity theft, lawsuits, and regulatory scrutiny. Effective vendor oversight is required, as third-party administrators and recordkeepers often handle sensitive information.

Parity and access for mental health and substance use disorders

While “nonquantitative treatment limitations” (NQTLs) are not explicitly mentioned, the DOL continues to scrutinize barriers to care for mental health and substance use disorders, including inadequate provider networks, burdensome claims processes, and impermissible exclusions (examples of those exclusions include ABA therapy for autism, nutritional counseling for eating disorders, and medication-assisted treatment for opioid addiction). Plan sponsors must maintain comparative analyses of NQTLs as required by the 2022 No Surprises Act, and they must ensure compliance with parity standards.

Surprise billing and the No Surprises Act

EBSA enforcement now targets plan compliance with the No Surprises Act, passed by Congress with the intent of protecting health plans and patients from unexpected “surprise” medical bills. Those compliance standards include:

• Emergency services claim adjudication (prudent layperson standard)

• Application of in-network charges for out-of-network emergency care

• Timely dispute resolution during the independent dispute resolution (IDR) process

Since the passage of the No Surprises Act, medical providers have been winning a majority of IDR cases, which underscores the importance of robust compliance and documentation for plan sponsors.

Fraudulent MEWAs and voluntary compliance

MEWAs, which are plans covering two or more insufficiently-related employers, pose significant compliance risks, especially if they are self-insured. Annual Form M-1 filings are required, with penalties for noncompliance. The EBSA is increasing enforcement against fraudulent MEWAs but also offers relief for inadvertent failures to file.

A popular voluntary compliance amnesty program called the Delinquent Filer Voluntary Compliance Program (DFVCP) may assist. It offers relief for missed Form 5500 filings and, now, also for Form M-1 errors.

In 2024, the EBSA processed over 20,000 DFVCP applications (mostly for Form 5500 issues), emphasizing the value of self-correction and proactive compliance.

Fiduciary responsibilities and best practices

Anyone exercising discretionary authority over plan management or assets is considered a fiduciary, regardless of title. Fiduciaries must:

• Act solely in the interest of participants and beneficiaries

• Defray reasonable plan expenses

• Follow plan documents and diversify investments

• Exercise care, skill, prudence, and diligence

Regular training, formal governance committees, meeting documentation, and ongoing monitoring of service providers are essential for maintaining compliance. Insurance strategies – such as fidelity bonds and fiduciary liability coverage – can help mitigate risks, while indemnification provisions (when available) offer additional protection.

Fiduciaries face significant personal and organizational liability for breaches, including fines, restitution, and even imprisonment in cases of criminal misconduct. In 2024 alone, EBSA investigations across all plan types recovered $1.4 billion, with over 70% of cases resulting in corrections by plans and fiduciaries.

Summing things up

The DOL’s compliance landscape continues to change, with new leadership, evolving enforcement priorities, and ongoing scrutiny of plan fiduciaries.

Health and welfare plan sponsors should prioritize robust cybersecurity, mental health and substance use disorder parity, and No Surprises Act compliance, while maintaining strong governance and voluntary correction practices. By staying informed and engaged, employers can successfully traverse the road ahead and protect the interests of their plan participants.

In short, staying proactive and well-informed about EBSA priorities is critical, as “best practices” can quickly become industry standards.

For more alerts, insights and additional information, click here (opens a new window) to visit Lockton's ERISA Compliance Consulting page.