The Department of Labor (DOL or the Department) recently announced its 2026 national enforcement projects, signaling changes in the administration’s enforcement priorities for this fiscal year. The Department identified priorities both with respect to health and welfare plans and retirement plans, as well as cybersecurity, although the Department has clearly shifted significant resources to health and welfare plan enforcement. While some priorities are consistent with those in prior years, there are several new priorities that plan sponsors and service providers should be aware of and prepared to address should the DOL knock at their door.
Health and Welfare Plan Enforcement
Historically, DOL has done limited enforcement in the health and welfare space, having its enforcement activities targeted toward multiple employer welfare arrangements (MEWAs). In recent years, most activities focused on the enforcement of the Affordable Care Act (ACA) and the Consolidated Appropriations Act (CAA). As anticipated, the Department plans to continue to devote many more resources to health and welfare plan enforcement. In particular, DOL highlights two projects for 2026: (1) barriers to mental health and substance use disorder benefits (MH/SUD), and (2) surprise billing.
- Mental Health and Substance Use Disorder Benefits. Although the DOL announced on May 15, 2025 a non-enforcement position of its 2024 Final Rule implementing the nonquantitative treatment limitations (NQTLs) comparative analyses requirements to the Mental Health Parity and Addiction Equity Act (MHPAEA), the inclusion of MH/SUD as an enforcement project indicates that the agency will continue to target violations of the statute by plans and service providers that impede access to mental health care. In particular, the DOL calls out burdensome claims processes, unreasonable limits on care, inaccurate provider lists, and unjustified treatment exclusions. Therefore, we expect to see investigations with respect to MH/SUD that are more focused on these particular areas.
- Surprise Billing. New this year, the surprise billing project focuses on enforcement activities under the No Surprises Act, which protects consumers from unexpected medical bills, particularly in emergency situations or when receiving care from out-of-network providers. The Department indicates that it will investigate appropriate cost-sharing, proper notice and disclosure, and timely payment of amounts under the independent dispute resolution (IDR) process. Since surprise billing made its debut on the list of enforcement priorities this year, we expect special regulatory attention will be paid to surprise billing-related investigations.
Retirement Plan Enforcement
In the past, the Department has focused most of its resources on retirement plan enforcement. While there is a decided shift of resources to health and welfare plans, as discussed above, DOL continues to pursue a variety of projects to protect the benefits of retirement plan participants. In particular, DOL stated it will focus on:
- Protection of Benefit Distributions. The Department continues its terminated vested participant project (TVPP), with an emphasis on compliance with required minimum distribution rules. DOL references the Retirement Plan Lost and Found database as a good tool to locate participants who must commence distributions. The Department will also focus on ensuring distressed plan sponsors continue to operate their retirement (as well as health) plans in compliance with law. Finally, DOL will continue to investigate and assist with abandoned plans, and will also look into fees charged by custodians of abandoned plans.
- Retirement Asset Management. The Department will focus on 404(c) defined contribution plans and underfunded defined benefit plans to ensure plan fiduciaries fulfill their fiduciary duties to plan participants through their selection of plan investments or investment lineup, and are not inappropriately shifting risk to plan participants. The Department will also investigate potential conflicts of interest with 3(21) and 3(38) fiduciaries at the service-provider level and through plan-level investigations. While the Department has historically reviewed plan conflicts, the FY2026 project language more narrowly references these three subject areas, and we anticipate that DOL investigations will lean into these areas when reviewing plan investments.
Notably, ESOPs are no longer a national enforcement project.
Cybersecurity
While cybersecurity questions and requests for information have appeared on standard DOL requests for years, the Department for the first time included cybersecurity on the national enforcement project list. The Department indicates that the project builds on DOL’s 2021 and 2024 cybersecurity guidance.
Below is a chart comparing the FY2025 vs. FY2026 National Enforcement Projects.
| FY2025 National Enforcement Projects | FY2026 National Enforcement Projects | Changes |
| ESOPs | ESOPs do not appear in the FY26 list of national projects | |
| Health Enforcement Initiatives: MHPAEA | Barriers to Mental Health and Substance Use Disorder Benefits | Shift from umbrella of health enforcement initiatives and breaks it out into two distinct projects. |
| Health Enforcement Initiatives: Emergency Services | Surprise Billing | Shift from umbrella of health enforcement initiatives and breaks it out into two distinct projects. Although emergency services are no longer referenced in 2026, surprise billing and the No Surprises Act remain a primary area of focus. |
| Health Enforcement Initiatives: Service Provider Self-Dealing | This is no longer referenced as a health initiative. | |
| Health Enforcement Initiatives: MEWAs | Continuing focus on identifying and shutting down abusive MEWAs | Remains the same. |
| Protecting Benefits Distribution: Terminated Vested Participant Project (TVPP) | Protecting Benefits Distribution: TVPP | Remains the same. |
| Protecting Benefits Distribution: Distressed Plan Sponsors | Protecting Benefits Distribution: Distressed Plan Sponsors | Remains the same. |
| Protecting Benefits Distribution: Custodial Abandoned Plans | Protecting Benefits Distribution: Custodial Abandoned Plans | Remains the same. |
| Protecting Benefits Distribution: Abandoned Plans | A renewed focus on including abandoned plans, which have been a staple in DOL investigations and inquiries. | |
| Plan Investments Conflict (PIC) | An enforcement area that focuses on protecting retirement income by ensuring fiduciaries select and monitor plan investments prudently. Specifically: -404(c) plans -Underfunded defined benefit plans -3(21) and 3(38) fiduciaries | While DOL has conducted investigations of underfunded defined benefit plans, it is newly listed as a project for FY26. Although 404(c) plans and 3(21) and 3(38) fiduciaries are new to FY26, the DOL’s PIC project previously focused on conflicts of interest in plan asset vehicles, fiduciary service provider compensation, and the receipt of improper/undisclosed compensation, aspects of which are incorporated into these named projects. |
| Contributory Plans Criminal Project (CPCP) | Contributory Plans Criminal Project (CPCP) | Remains the same. |
| VFCP | VFCP | Remains the same. |
| Abandoned Plan Program (APP) | The APP is not explicitly referenced in the FY26 national enforcement projects. However, abandoned plans are now encompassed as part of the protecting benefits distribution project, and APP is still an active program. | |
| Cybersecurity | A recent focus by the DOL but newly listed as a national enforcement project. |
Thompson Hine Takeaways
Named national enforcement projects signal where enforcement will concentrate and reflect the priorities of the new leadership under this administration. EBSA’s explicit focus on removing barriers to mental health and substance use disorder benefits and on surprise billing, together with added emphasis on cybersecurity and selected plan‑investment conflict areas, makes clear that plan sponsors and service providers should be prepared for a DOL investigation in these areas. The agency aims to target widespread noncompliance and harmful practices to better protect plan members, suggesting that large-scale problems and significant operational mistakes will be investigated.
Practical Considerations for Plan Sponsors and Service Providers
While there is no magic formula for avoiding a DOL inquiry or investigation, there are several practical considerations for plan sponsors or service providers that can make an investigation quicker and less painful.
Health and Welfare
- Consider conducting a refreshed MH/SUD parity review focused on both formal analyses of NQTLs and scrutinizing treatment exclusions and any limits on care. Plans should pay attention to policies and operations to identify any barriers to accessing mental health care.
- Confirm provider directories are up to date and accurate, with controls to promptly correct inaccuracies and to prevent inadvertent out-of-network charges due to directory errors.
- Ensure plan documents, including Summary Plan Descriptions (SPDs), Summaries of Benefits and Coverage (SBCs), and other notices to members accurately describe surprise billing protections and cost-sharing limits.
- Self-insured plans will need to actively monitor their third-party administrators to ensure participants are not drawn into payment disputes covered by surprise billing protections and that out-of-network claims are paid correctly under the IDR process. Plans should review any reporting made available by TPAs regarding out-of-network claims payments.
Retirement
- While DOL has indicated it is moving away from the large-scale missing participant investigations of the past, it is clear that DOL still cares about missing participants, particularly those owed required minimum distributions. Keep searching for lost participants, especially those close to or at required beginning date.
- Conduct regular requests for proposal or requests for information with respect to outsourced investment advisors or managers to ensure market pricing, and monitor for potential conflicts of interest.
- Outsourced investment advisors or managers should continue to adequately document decision-making with respect to investment advice or selection for retirement plans.
- Service providers should consider refining processes for identifying abandoned plans and selecting an abandoned plan custodian.
Cybersecurity
- Bolster plan cybersecurity readiness. Review and document your plan’s or company’s security framework, including incident response, access controls, participant data protections across all benefit systems, and training. Cybersecurity best practices are constantly evolving with advances in technology; ensure your policies reflect those advances.
- Perform cybersecurity due diligence and contract oversight for third-party administrators and other service providers, including breach notification timelines, right-to-audit provisions, minimum control requirements, and periodic independent assessments. Plan sponsors should document any action taken as a result of identified weaknesses in any risk assessments.
If you have questions about preparing for or managing a DOL enforcement matter, please contact any of the authors or or any other member of our Employee Benefits & Executive Compensation group.