On January 15, 2026, the Department of Labor’s Employee Benefit Security Administration (DOL) announced significant changes to its list of national enforcement projects for fiscal year 2026. The updates reflect where the DOL will focus its enforcement efforts to increase employee benefit plan compliance, address abusive practices, and protect the rights of participants and beneficiaries. Employer plan sponsors should take note of this development and consider taking proactive steps to minimize compliance risks.
According to the DOL, investigators will now prioritize health and welfare cases related to:
- Cybersecurity: This project aims to address risks that cyberattacks pose to employee benefit plans and participants and promote best cybersecurity practices for plans and service providers to protect sensitive information. As part of its investigations, the DOL will review how plans and service providers protect their systems and data from cyber threats.
- Employer Takeaway: Employers, as plan fiduciaries, are responsible for protecting plan and participant confidential data from cybersecurity threats. Employers may want to review and incorporate DOL cybersecurity guidance into their policies and procedures, including with respect to the selection and monitoring of service providers. Participants should also be educated regarding measures they can take to protect their confidential data, such as those outlined in the DOL online security tips.
- Employer Takeaway: Employers, as plan fiduciaries, are responsible for protecting plan and participant confidential data from cybersecurity threats. Employers may want to review and incorporate DOL cybersecurity guidance into their policies and procedures, including with respect to the selection and monitoring of service providers. Participants should also be educated regarding measures they can take to protect their confidential data, such as those outlined in the DOL online security tips.
- Barriers to Mental Health (MH) and Substance Use Disorder (SUD) Benefits: With this initiative, the DOL seeks to ensure that plans and service providers meet their legal obligations to provide MH/SUD benefits and remove barriers to accessing care, such as unjustified treatment exclusions, inaccurate provider lists, unreasonable limits on care, and burdensome claims processes.
- Employer Takeaway: Employers should verify and monitor the adequacy and composition of their MH/SUD networks, as well as the accuracy of provider directories, to ensure participants’ access to benefits. They should also review plan provisions (e.g., treatment exclusions and limitations) for MHPAEA compliance and ensure they have a written comparative analysis, as required by the CAA 2021, that demonstrates parity between the plan’s MH/SUD and medical/surgical benefits with respect to nonquantitative treatment limitations (NQTLs). Employers may want to review the DOL MHPAEA tools and resources and ask their broker or consultant for a copy of the NFP publication MHPAEA NQTL Comparative Analysis: A Guide for Employers.
- Employer Takeaway: Employers should verify and monitor the adequacy and composition of their MH/SUD networks, as well as the accuracy of provider directories, to ensure participants’ access to benefits. They should also review plan provisions (e.g., treatment exclusions and limitations) for MHPAEA compliance and ensure they have a written comparative analysis, as required by the CAA 2021, that demonstrates parity between the plan’s MH/SUD and medical/surgical benefits with respect to nonquantitative treatment limitations (NQTLs). Employers may want to review the DOL MHPAEA tools and resources and ask their broker or consultant for a copy of the NFP publication MHPAEA NQTL Comparative Analysis: A Guide for Employers.
- Surprise Billing: The DOL’s work in this area will center on enforcing the protections under the No Surprises Act (NSA), which is designed to protect participants from unexpected medical bills for certain out-of-network (OON) services, such as emergency and air ambulance services or nonemergency services performed by OON providers at in-network (INN) facilities. For NSA-protected services, participant cost-sharing is limited to INN levels.
- Employer Takeaway: The DOL intends to review, among other items, whether proper notices are provided to participants, so employers should ensure the required surprise billing notice is posted on a public website that is accessible to plan participants and beneficiaries.
- The DOL seeks to address NSA claim and payment processing issues at the service-provider level to achieve widespread correction of errors across many plans. For example, if the DOL discovers that a TPA is not processing NSA claims correctly for a particular plan, they may try to review the claims processing for other plans serviced by that TPA. Accordingly, employers may want to verify their service providers are properly adjudicating claims for NSA-protected services. For further information, employers may want to review the DOL NSA resources and ask their broker or consultant for a copy of the NFP publication Transparency and CAA 2021 Obligations of Group Health Plans.
- Criminal Abuse of Contributory Benefit Plans: The DOL’s Contributory Plans Criminal Project (CPCP) concentrates on protecting employees who contribute to employer-sponsored health and retirement plans from criminal abuse. For example, the CPCP focuses on employers who use employee payroll contributions toward benefits for their own personal use or to cover business expenses, rather than for their intended purpose, resulting in unpaid health benefits.
- Employer Takeaway: Employers should recognize that participant contributions are plan assets under ERISA that must be timely forwarded to the carrier or TPA for the payment of plan premiums or benefits. It is never acceptable for an employer to use plan assets for their own interests; criminal charges may result.
Although not a national project, the DOL indicated it would also continue to identify abusive multiple employer welfare arrangements (MEWAs) and prevent fraudulent MEWA operators from opening new arrangements in other states.
NFP will monitor and report further developments regarding DOL enforcement efforts in Compliance Corner.
For more information on the 2026 enforcement priorities, read the DOL’s news release on national enforcement projects for employee benefit plans.