A relatively overlooked aspect of a recent Mercer/CFA Institute report found that artificial intelligence could present a significant problem for plan sponsors and participants (and advisors).
While coverage primarily centered on the Global Pension Index section of the report, which ranked retirement income systems by country, it also delivered a stark AI warning.
In addition to ensuring prompts are correct, fake or misleading information isn’t generated, privacy protections are in place, and algorithms are free from creator bias, the thorny—and terrifying—account takeover issue is an increasing concern.
After all, AI can accurately reproduce a person’s voice (as well as writing style, photo, or video).
“This, combined with the growth of sophisticated cyber-breaching security programs, will probably lead to an increased incidence of identity fraud, which may threaten public confidence in long-term pension systems,” the authors wrote.
High-profile lawsuits from participants over security breaches—a recent case involving Colgate-Palmolive Co. and Alight Solution comes to mind—have the attention of recordkeepers, advisors, sponsors, and the industry as a whole. In an effort to reassure sponsors and participants, certain firms, including Empower, offer a guarantee to make the account whole if they are at fault.
But AI could make it that much more complicated.
“In addressing these challenges, strong governance and clear accountability arrangements will be essential in the development of all AI models,” according to the report. “They are not in a world of their own! Such models must be reviewed and tested regularly as conditions change to ensure that their outcomes are sensible and consistent with existing legislation and compliance requirements as well as changing legislation or economic conditions.”
And it’s not only lawsuits—cybersecurity and account takeovers are also a major priority for the Department of Labor (DOL). Assistant Secretary of Labor and EBSA Head Lisa Gomez recommends that plan sponsors should “definitely” purchase cyber liability insurance.
Gomez recently stressed that many employers assume that since the company has cyber-liability insurance, they’d be covered in a breach. The policy’s fine print often notes that it applies only to the company and not the company in its capacity as a plan sponsor—something not obvious to most.
She also penned a piece over the summer on how to protect online accounts, which, by this point, should (hopefully) be common sense, like use a strong and unique account password, and use multi-factor authentication, yet something AI will no doubt complicate.
