DOL Enforcement Trends: What 2025 Investigations Tell Us About 2026

TL;DR: The DOL recovered $1.4 billion in FY 2025 and just announced its most aggressive health plan enforcement agenda in the agency's history. For FY 2026, EBSA is targeting four areas directly relevant to self-funded plans: cybersecurity, mental health parity, surprise billing compliance, and benefit distribution integrity. The core message is blunt — fiduciary duty requires documented, independent oversight of your TPA's claims administration, not just a contract that says they'll behave. This post breaks down what investigators are actually looking for, the five highest-risk red flags, and what defensible fiduciary documentation looks like in 2026.

The Department of Labor's Employee Benefits Security Administration (EBSA) recovered $1.4 billion in direct payments to plans, participants, and beneficiaries in fiscal year 2025, closing 878 civil investigations and delivering corrective action in 63% of cases. That number alone should command the attention of every self-funded plan fiduciary.

But the real story isn't in the rearview mirror. It's in what EBSA announced on January 15, 2026: a wholesale overhaul of its national enforcement priorities for FY 2026, with a pronounced shift of investigative resources toward health and welfare plans — and directly toward the TPAs, service providers, and plan sponsors who operate them.

If your self-funded plan has been operating under the assumption that DOL enforcement is primarily a retirement plan problem, 2025 served as a clear and documented correction. For plan fiduciaries, benefits committees, TPAs, and brokers, the investigative patterns of FY 2025 — combined with EBSA's explicit 2026 priorities — create a compliance roadmap that is impossible to ignore.

EBSA FY 2025: What the Investigation Data Actually Shows

The FY 2025 enforcement numbers are not abstract statistics. They represent a detailed, documented picture of where compliance breaks down across America's private-sector employee benefit system — and which types of failures most reliably trigger federal enforcement action.

Of the 878 civil investigations EBSA closed during FY 2025, 556 (63%) produced monetary results or required corrective action, generating $714.4 million in recoveries. An additional $468.7 million was recovered through informal complaint resolution, without a full enforcement case even being opened. These "soft enforcement" recoveries are significant: they demonstrate that EBSA's complaint intake function alone generates substantial corrective pressure on plans and service providers.

EBSA also disclosed that 291 civil investigations were opened directly as a result of patterns flagged by Benefits Advisors — investigators whose role includes identifying repeated complaints about the same plan, employer, or service provider. This complaint-to-investigation pipeline is a critical data point. A sustained pattern of participant grievances — over claim denials, delayed payments, or access to care — can and does trigger formal federal investigation.

On the criminal side, EBSA closed 253 criminal investigations in FY 2025, producing 62 indictments and 45 convictions. Cases involved plan officials, corporate officers, and service providers who diverted assets, falsified records, or abused their fiduciary roles. While criminal cases represent a small share of overall enforcement activity, they carry the highest personal consequences — and the underlying misconduct that triggers them (asset diversion, unreasonable fees, undisclosed compensation) is exactly the territory that EBSA's 2026 priorities place squarely in the investigative crosshairs.

EBSA FY 2025 Enforcement Quick Reference:

• $714.4M recovered through 556 civil investigations

• $468.7M recovered through informal complaint resolution, with no formal case required

• 291 civil investigations opened from participant complaint referrals

• 253 criminal investigations closed; 62 indictments; 45 convictions

• 797 Voluntary Fiduciary Correction Program (VFCP) applications received

• $39M+ in voluntary VFCP corrections — a record year for the program

EBSA's 2026 National Enforcement Projects: A Health Plan Reckoning

On January 15, 2026, EBSA announced a significant overhaul of its national enforcement priorities for fiscal year 2026. The announcement represented something genuinely new in the agency's history: a decisive shift of investigative resources toward health and welfare plans. For decades, EBSA enforcement was focused overwhelmingly on retirement plans. That era is now over.

Groom Law Group, in its February 2026 analysis, described the shift directly: "EBSA's enforcement priorities for FY 2026 will likely focus on plan operations, service provider oversight, and benefits administration."

The agency's four named national enforcement projects for 2026 are:

1. Cybersecurity of Plan Systems and Data

EBSA designated cybersecurity as its first-listed enforcement priority for FY 2026, building on guidance issued in 2021 and updated in 2024. Investigators will review how plans and service providers protect participant data, governance practices, incident response protocols, and third-party vendor oversight. Plans that cannot document their data security posture — including TPA and vendor cybersecurity requirements — face heightened investigation risk. This connects directly to the duty to protect plan assets.

2. Mental Health and Substance Use Disorder Benefits

This priority extends beyond traditional Mental Health Parity and Addiction Equity Act (MHPAEA) comparative analysis reviews to encompass claims administration practices, network accuracy, and unreasonable treatment limitations. Investigators will target plans and service providers that:

• Impose burdensome claims processes for MH/SUD benefits

• Apply unjustified treatment exclusions or quantity limits

• Maintain inaccurate provider directories

• Place unreasonable limits on behavioral health care

EBSA has 90 full-time staff dedicated to CAA-funded NQTL enforcement, and the agency has already reviewed comparative analyses for over 470 NQTLs from 180 plans and issuers. The agency has stated it expects to double its MHPAEA review capacity as mandatory funding becomes available. This is not a future threat — it is an active investigative program with substantial agency resources already deployed.

3. Surprise Billing Under the No Surprises Act

New in 2026, surprise billing compliance is now a named national enforcement priority. EBSA investigators will examine whether plans:

• Apply the prudent layperson standard to emergency service claims, rather than auto-adjudicating denials based solely on diagnosis codes

• Apply in-network cost sharing to NSA-protected services

• Provide required disclosures and participant notices

• Comply with payment timeliness requirements during open negotiations and the Independent Dispute Resolution (IDR) process

For self-funded plans, TPA claims administration practices are directly in scope. Plan sponsors cannot delegate compliance to their TPA and walk away — they remain fiduciaries responsible for ensuring their administrator is meeting NSA requirements. This is precisely the oversight gap that most plans currently cannot document.

4. Benefit Distributions and Contribution Integrity

EBSA will prioritize investigations into delays, denials, or errors in processing payments to participants and beneficiaries. Plans that involve employee contributions — including premium payments and health flexible spending arrangements — will be scrutinized to ensure contributions are collected, handled, and remitted without diversion or misuse.

What EBSA Is Not Telling You: The Real Fiduciary Exposure

The official list of enforcement priorities is the starting point, not the complete picture. The most significant insight from FY 2025 enforcement data is what it reveals about the gap between what plan fiduciaries believe is happening in their plans and what EBSA actually finds when it investigates.

TPAs Cannot Police Themselves

The most consistent finding across EBSA investigations involving self-funded health plans is the structural conflict embedded in TPA self-administration: the same party that adjudicates claims is also the party responsible for identifying payment errors in those claims. This arrangement — which is standard practice among both large carriers and many independent TPAs — creates a documented oversight gap that plan fiduciaries cannot remediate through goodwill or contractual assurances.

When EBSA investigates a health plan for improper claims administration — whether under the MHPAEA priority, the NSA priority, or the contribution integrity priority — it evaluates the plan sponsor's oversight process, not just the TPA's output. A plan that relies solely on TPA self-reporting, without independent verification, has no documented defense.

The Documentation Standard Has Changed

One of the clearest patterns in EBSA enforcement is that documentation of fiduciary process is now an active enforcement criterion, not merely good practice. Morgan Lewis, in its February 2026 analysis, noted that the DOL's own fiduciary guidance booklet expressly states that "hiring a service provider in and of itself is a fiduciary function." Selecting a TPA, claims processor, PBM, or benefits consultant is subject to ERISA's prudent process standard, which requires not just initial selection, but ongoing monitoring of fees, performance, and conflicts of interest.

For self-funded plans under active DOL scrutiny in 2026, the question is not whether you have a TPA agreement. The question is whether you can demonstrate, with documented evidence, that you are actively monitoring that TPA's performance against objective standards — and that you have independent verification of claims accuracy to support your fiduciary oversight obligation.

The Schlichter Connection: Private Litigation Tracks DOL Priorities

DOL enforcement does not operate in isolation. The Schlichter Bogard lawsuits filed in December 2025 — naming Gallagher, Mercer, Lockton, and Willis Towers Watson as co-defendants in ERISA actions alleging "self-dealing at the expense of participants" — directly parallel the agency's enforcement focus on undisclosed compensation and TPA conflicts of interest.

Private plaintiffs and federal regulators are reading from the same playbook: the 401(k) fee litigation model, which has produced over $10 billion in settlements, is now being applied systematically to health plan administration. DOL enforcement activity in 2025 and 2026 creates the evidentiary foundation — specifically documented violations, corrective action records, and enforcement patterns — that plaintiffs' counsel uses to identify and build health plan breach-of-fiduciary-duty cases.

Five Red Flags That Could Trigger a DOL Investigation in 2026

Based on FY 2025 enforcement outcomes and the stated 2026 priorities, the following five operational conditions represent the highest-probability triggers for EBSA investigative attention in self-funded health plans:

• Participant complaint patterns — EBSA's Benefits Advisors flagged 291 civil investigations in FY 2025 from complaint referrals. Plans that generate recurring participant complaints about claim denials, delayed payments, or access to care are directly in the investigative pipeline.

• MH/SUD denial patterns without comparative analysis documentation — Under the 2026 MHPAEA priority, EBSA investigators will specifically look for plans that cannot produce a current, compliant comparative analysis demonstrating parity between MH/SUD and medical/surgical benefit limitations.

• NSA non-compliance in emergency claims — Plans that allow auto-adjudication denials of emergency services based solely on diagnosis codes, rather than the prudent layperson standard, are directly targeted by the 2026 surprise billing enforcement project.

• No documentation of TPA monitoring — A plan that cannot produce records of its TPA performance review process, fee reasonableness analysis, or conflict-of-interest evaluation has no documented defense against a fiduciary breach allegation, regardless of whether its TPA is actually performing well.

• Cybersecurity gaps with third-party vendors — EBSA's top-listed 2026 priority will include examination of how plans oversee the cybersecurity practices of their TPAs and other service providers. Data sharing agreements, security requirements, and incident response protocols will all be in scope.

The ClaimInformatics Approach: Independent Oversight as Fiduciary Documentation

The enforcement picture EBSA has painted for 2026 has a clear underlying logic: fiduciary duty is not self-certifying. The DOL does not accept a plan sponsor's assurance that their TPA is performing well as a substitute for documented, independent verification. It does not accept a carrier's self-generated payment integrity report as evidence of arms-length oversight. And it does not accept a benefits committee's belief that their plan is compliant as a defense against a claim that they failed to exercise prudent process.

ClaimInformatics was built on exactly this principle. As the only truly independent payment integrity partner for self-funded health plans — with no ownership, revenue sharing, or contractual relationships with TPAs, carriers, networks, or providers — ClaimInformatics delivers what DOL enforcement standards actually require: documented, conflict-free oversight of every claim, every month.

What Independent Oversight Delivers Under 2026 DOL Standards:

• Pre-pay review — Clinically intelligent, CMS-aligned claim review identifies coding errors, medical necessity issues, and billing irregularities before payment, creating a documented record that the plan's fiduciary process evaluated claims against objective standards before disbursement.

• Post-pay analysis and monitoring — 100% claims analysis using ClaimIntelligence™, applying a proprietary edit suite across 8 payment integrity categories aligned to CMS, AMA CPT®, NCCI, ICD-10, and federal billing standards. PAIR™ provides 2-3 year historical lookback for retrospective recovery and validation. Pre-pay and post-pay operate as two halves of one continuum.

• MHPAEA compliance support — Independent evaluation of MH/SUD claim handling against medical/surgical benchmarks, creating comparative documentation that directly supports the 2026 enforcement priority's requirements.

• Audit-ready fiduciary documentation — Every ClaimInformatics engagement produces plan-specific reports and documentation that demonstrate prudent process — exactly the evidence a plan needs when EBSA knocks on the door.

• TPA performance validation — Independent, conflict-free analysis of TPA claims administration provides the third-party verification that ERISA requires when evaluating service provider performance.

• CLEAR™ contract review — 1,100+ compliance checks against ERISA §404, §406, §408(b)(2), CAA 2021, PHSA, and other relevant requirements for TPA/ASO, SPD, PBM, and stop-loss agreements. Specific redline corrections with regulatory citations. Learn more about FOCUS™ Fiduciary Governance.

Frequently Asked Questions

What are EBSA's top DOL enforcement priorities for self-funded health plans in 2026? EBSA's four named national enforcement projects for FY 2026 are: (1) cybersecurity of plan systems and data, (2) mental health and substance use disorder benefits parity, (3) surprise billing compliance under the No Surprises Act, and (4) benefit distribution and contribution integrity. These are supplemented by ongoing investigation of MEWAs and criminal abuse of contributory plans. For self-funded health plans, the practical implication is heightened scrutiny of TPA claims administration practices, MH/SUD treatment limitation documentation, and participant data security.

How much did EBSA recover in FY 2025, and how does that affect my plan? EBSA recovered $1.4 billion in FY 2025 across civil enforcement actions, informal complaint resolution, and abandoned plan distributions. Of the 878 civil investigations closed, 63% produced monetary results — averaging roughly $813,000 per corrective enforcement action. The practical implication for self-funded plan sponsors is that EBSA investigations are not merely regulatory formalities: they result in documented correction requirements, monetary restoration obligations, and, in cases of egregious misconduct, criminal referral.

Can my plan be investigated for TPA performance issues even if we have a contract requiring compliance? Yes. ERISA makes clear that a plan sponsor's fiduciary duty includes not just the initial selection of a TPA, but ongoing monitoring of that TPA's performance, fees, and conflicts of interest. A contract requiring compliance does not create a documented defense; what creates a defense is evidence that the plan actively monitored TPA performance — including independent verification of claims accuracy — on an ongoing basis. EBSA's 2026 enforcement priorities specifically include "service provider oversight" as an investigative focus.

What documentation does EBSA typically request in a health plan investigation? Based on published EBSA enforcement guidance and litigation patterns, DOL investigators typically request: plan documents and amendments; TPA agreements and any side letters on compensation; fee disclosure records under CAA Section 202 / ERISA Section 408(b)(2); claims administration reports and denial rate data; MH/SUD comparative analysis documentation (for MHPAEA reviews); participant complaint records and resolution logs; cybersecurity policies and vendor agreements; and any fiduciary committee meeting minutes or governance records. Plans that cannot produce these documents have no documented defense.

How does independent payment integrity oversight help a plan respond to a DOL investigation? Independent payment integrity oversight — specifically oversight performed by a party with no financial relationship to the TPA, carrier, network, or provider — creates documented evidence that the plan sponsor exercised prudent process in monitoring claims administration. This documentation directly addresses EBSA's core investigative criteria: did the fiduciary actively monitor the plan's claims operations, identify errors, and take corrective action? A plan with monthly independent claims analysis, transparent rationale for every edit, and documented recovery of identified overpayments is in a fundamentally stronger position than a plan relying solely on TPA self-reporting.

The Bottom Line for Self-Funded Plan Fiduciaries

The FY 2025 enforcement record and FY 2026 priority announcement deliver a single, clear message: EBSA has fundamentally expanded its health plan enforcement footprint, and it is actively looking for the compliance gaps that have been accumulating in self-funded plans for years. The agency recovered $1.4 billion in FY 2025 and announced a direct targeting of TPA performance oversight, MHPAEA compliance, surprise billing administration, and cybersecurity — all areas where self-funded plans have historically operated with limited independent scrutiny.

Fiduciary duty requires more than good intentions. It requires documented, defensible evidence of a prudent process, including independent verification of the claims administration practices you delegate to your TPA. In 2026, EBSA has made clear that it intends to find the plans that lack that documentation. The question is whether your plan will be one of them.

Schedule a confidential fiduciary assessment before EBSA does.

What's your plan's DOL readiness score? Is your self-funded plan prepared to demonstrate independent oversight of TPA claims administration, MHPAEA compliance, and No Surprises Act adherence to an EBSA investigator? Share your biggest fiduciary compliance concern in the comments — we read every response.