For many finance leaders, retirement plans have long sat in the “benefits” column—a necessary program, managed by HR. That is changing. Rising scrutiny of fees, a fast-evolving regulatory framework, growing interest in private market options and a wave of litigation are pushing defined contribution plans squarely onto the risk agenda. What looks like routine vendor management is, in reality, an internal investment function operating under ERISA’s highest fiduciary standards.
Litigation over excessive fees has surged, with nearly $2 billion paid in settlements since 2020 in addition to defense costs.¹ In the defined benefit pension world, sponsors effectively run an internal insurance company and increasingly turn to pension risk transfers (PRT) to shift longevity and investment risk to insurers. Today, those responsible for managing 401(k) and 403(b) plans function more like internal asset managers—scrutinized on fees, process and outcomes and now facing added complexity as sponsors evaluate private market exposure—but without an equally well-understood mechanism for transferring fiduciary and operational risk.
Questions Every Finance Leader Should Be Asking
For CFOs and treasurers, this convergence of scrutiny, complexity and liability raises uncomfortable questions. How much fiduciary risk is the organization really carrying? How dependent is compliance and participants’ futures, on a few key individuals who are already stretched thin? And how confident are you that your current plan could withstand a focused regulatory review or plaintiff’s attorney? Put differently, it is worth asking whether running a complex, highly regulated retirement platform is really the highest-value use of a finance team’s time and risk capacity—or whether that effort could be redeployed to activities that more directly advance the organization’s strategic and financial goals.
Managing a standalone plan means coordinating investment menus, vendor oversight, fees, data security, plan audits, compliance filings and participant communications, all within a shifting regulatory landscape. Most organizations did not design their operating model with this in mind; internal teams juggle plan responsibilities, while external providers are stitched together in ways that can leave gaps in governance.
From Pension Risk Transfer to 401(k) Pooled Employer Plans
Just as DB sponsors use PRT to transfer pension risk to institutions built to manage it, DC sponsors now have an analogous tool. The emergence of Pooled Employer Plans (PEPs) under the SECURE Act and SECURE 2.0 offers a way to rethink who truly owns retirement plan risk. Joining a PEP can be a form of strategic risk transfer: employers move much of the fiduciary and operational burden to specialists whose core business is plan management, regulatory compliance and governance. Instead of dozens of individual fiduciary decisions made across committees and departments, a PEP consolidates them into a single, documented process overseen by dedicated experts.
Industry leaders are taking notice. Fred Barstein, founder and CEO of The Retirement Advisor University, notes that “PEPs are an option that should be considered by almost every plan.”² ERISA attorney Fred Reish adds: “They’re going to be able to give that [fiduciary] responsibility to somebody else. It’s a significant competitive advantage.”³ This shift is not about abdication; it is about aligning responsibility with capability, focus and scale. A well-designed PEP can offer meaningful transfer of key fiduciary functions, transparent and predictable fees at institutional price points and robust, audit-ready compliance reporting as a built-in feature rather than an annual scramble.
Scale, Governance and the New Risk Baseline
Large pooled arrangements—such as the Aon Pooled Employer Plan—demonstrate what scale can deliver: tens of thousands of participants, billions in assets and meaningful cost savings⁴ versus standalone plans, all within a centralized governance framework that still allows employers to tailor plan design to their workforce. The point is not that any one solution is right for every sponsor, but that the model has matured to the point where ignoring it is, itself, a risk decision.
Scale is particularly important from a risk lens. While many individual plans—especially smaller and midsize ones—struggle to command the lowest fees or sustain the level of governance regulators and courts increasingly expect, even large plans are now being measured against the capabilities and price points of pooled, institutional platforms. Pooled structures turn scale into an advantage: aggregating assets and participants across many employers, creating bargaining power and governance infrastructure that are difficult and expensive to replicate plan by plan. That scale can reduce investment and recordkeeping fees, lower the likelihood of operational and compliance errors and fund continuous improvements in technology, cybersecurity and oversight.
For plan sponsors of all sizes, PEPs have evolved from a cost and efficiency play into a strategic risk-management solution—transferring fiduciary and operational burdens to specialists, using scale to enhance governance and helping deliver better retirement outcomes. In an environment of rising scrutiny and complexity, the real question for finance leaders is whether it still makes sense to operate a standalone plan and carry higher risk.
Sources:
¹ Based on review and analysis of various public sources, among which are Bloomberg Law and PLANSPONSOR.
² Fred Barstein, “The 10 Biggest Decisions Facing 401(k) Plans in 2026: How Advisors and Providers Should Help,” WealthManagement.com, December 1, 2025.
³ John Sullivan, “PEPs Will Match Single Employer Plan Adoption in 5 to 10 Years: Fred Reish,” National Association of Plan Advisors, February 2, 2024.
⁴ Aon. “Aon PEP Passes $5 Billion in ‘Live and Committed’ 401(k) Assets.” Plan Sponsor Council of America, August 28, 2025.
