The data upload template and instructions related to the proposal by the U.S. Department of Labor (DOL) to collect information from retirement plan administrators of ERISA-covered plans on a voluntary basis to populate the Retirement Savings Lost and Found (RSLF) database have been posted to the Office of Information and Regulatory Affairs (OIRA) at the Office of Management and Budget (OMB). These materials have been posted in connection with the DOL’s revised information collection request (ICR) to the OMB published in the Federal Register on September 12, 2024. The revised ICR requests additional public comments on the RSLF by October 15, 2024.

Section 303 of the SECURE 2.0 Act of 2022 (SECURE 2.0) directs the DOL, in consultation with the U.S. Department of the Treasury, to establish the RSLF by December 29, 2024, two years after the law’s enactment. This online searchable database will allow people to find the administrator of a plan in which they are or were a participant or a beneficiary to allow them to make a claim for any vested benefits owed to them. The driving force behind the RSLF is to help address the ongoing problem of missing participants in employer-sponsored retirement plans.

RSLF data to be collected has been significantly pared down

The new revised ICR updates the DOL’s initial proposed ICR that was published in the Federal Register on April 16, 2024. Based on public comments received from its initial proposal, the agency reduced the amount of data it requests plan administrators to voluntarily provide to the following elements. Only information for separated vested participants aged 65 or older is requested.

• Plan identification. The plan name and three-digit plan number as shown on the most recent Form 5500.
• Plan sponsor identification. The plan sponsor’s name, employer identification number (EIN), and telephone number as shown on the most recent Form 5500.
• Plan administrator identification. The plan administrator’s name, EIN, in care of name (if any), mailing address, and telephone number as shown on the most recent Form 5500.
• Participants information. The name and Social Security number or IRS Individual Taxpayer Identification Number (ITIN) of participants who:
  • Have separated from service and are vested
  • Are owed a benefit from the plan
  • Are age 65 or older

Other separated vested participants aged 65 or older who should be included are deceased participants who would be age 65 or older if still living whose beneficiary is entitled to a benefit, missing participants whose benefits were conditionally forfeited because they could not be found, and participants who are in pay status.

The initial proposal called for data related to participants whose benefits were transferred to individual retirement accounts (IRAs) under the plan’s mandatory cash-out provisions (i.e., under $5,000, or under $7,000 if amended under SECURE 2.0) or whose benefits were transferred to an annuity provider. These groups were removed from this latest update.

Who may submit RSLF data

The instructions say that “retirement plan administrators and authorized third parties, such as the plan’s recordkeeper, may provide information for the RSLF.” Prior to submission, recordkeepers or other approved third parties must obtain authorization from a responsible plan fiduciary, and documentation of this authorization must be retained in the records of the plan administrator, recordkeeper, or other authorized third party for at least six years in accordance with ERISA section 107. The template allows for information to be filed for multiple plans simultaneously. “Filers must have a Login.gov account and must create a user profile.”

When and how RSLF data would be submitted

Initially the agency requested that the information be submitted as an attachment to a plan’s 2023 Form 5500. That has changed under the new proposal. The agency now requests that information be filed at least annually, with no specific due date, and encourages more frequent submissions (e.g., quarterly) to keep the database current. Filers should use the DOL’s Excel/CSV template and upload the information at https://lostandfound-intake.dol.gov/ (as of the date of this article, the website was not yet active). Information should not be submitted through the EFAST2 Form 5500 system.

Data security and confidentiality in RSLF submissions

Although the measures the DOL is taking to ensure the data is securely transferred and stored were not specifically addressed in this latest update, the DOL’s Lost and Found Supporting Statement, posted in connection with the new revised ICR, describes its assurance of confidentiality and the statutory basis for the assurance as being required by Sections 523(c) and 523(f) of ERISA as added by SECURE 2.0 (respectively titled, Safeguarding Participant Privacy and Security, and Use of Information Collected). “Section 523(c) of ERISA explicitly requires the Department to preserve the confidentiality of PII [personally identifiable information] and the plan information of individuals. Section 523(f) places strict usage requirements on the Department. The Department intends to strictly adhere to these requirements.”

In its initial proposal, the DOL stated that “a public user will have no access to sensitive data. Government access to the data will also be strictly controlled, which will be encrypted both at rest and in transit. The database will implement extensive logging and monitoring mechanisms, and sensitive data masking techniques will be implemented to mask personally identifiable information.”

Plan sponsors are advised to consult with their retirement plan consultants and legal counsel to determine whether to participate in this voluntary information collection request.

Please contact your Milliman consultant with any questions.