If your company sponsors a 401(k) plan, a pension, or a self-insured health plan, you are a potential defendant — and whether you become an actual one has less to do with whether you did anything wrong than with whether your plan is large enough to attract attention. Whether you win or settle an ERISA fiduciary lawsuit depends on whether your conduct as a fiduciary is documented in such a way as to defeat the Plaintiff bar’s template complaint. This has been fundamentally true for retirement plans for two decades. Two developments make it more urgent today: First, in April 2025 the Supreme Court made these cases significantly easier to file and harder to dismiss. And second, the targeting engine that the Plaintiff lawyers use to choose defendants now runs on the same public data and inexpensive AI that everyone else has access to.
The good news is that the best defense is the same as it has always been, only more so: a prudent, documented fiduciary process. The faster and cheaper it becomes to find you, the more your fiduciary file — not your luck — is what protects you.
Four things every Plan fiduciary should do, explained below:
1. Stop assuming you are too small or too clean to be sued. Target selection tracks plan size, but AI-assisted template-ability is lowering the bar. Fiduciary misconduct (or lack thereof) is not what determines whether you will be sued.
2. Build (or enhance) your prudent documentation process now — because after *Cunningham*, the fight moves to discovery, where documentation wins or loses it.
3. Audit the specific items plaintiffs are litigating today — fees, forfeitures, PBM oversight, and tobacco surcharges.
4. Govern your own benefits team’s AI use so it reduces your exposure instead of quietly creating it.
The ERISA litigation machine is already running
ERISA fee litigation is not a series of one-off disputes; it is a repeatable business model. A relatively small number of plaintiffs’ firms file large volumes of near-identical complaints, and they pick targets from public information — principally the Form 5500 that every plan files and that anyone can read, plus SEC filings and plan documents.
The selection criteria they use are revealing. Industry trackers of this litigation observe that suits overwhelmingly target large plans — and, counterintuitively, often target large plans whose fees are already low. That is not a paradox if you consider the economics: the settlement leverage comes from plan size and the cost of defense, not from the size of any actual overcharge. A Plaintiff firm scanning for its next case is looking for a plan big enough to justify the effort and a fact pattern that fits a complaint it has already written fifteen times. While size still matters when it comes to the risk of being sued, AI efficiency gains are lowering the bar.
The question is not “did this fiduciary breach a duty?” It is “can we plausibly (and efficiently) allege one against a plan this size?” Increasingly, your ability to defend yourself, not your size or your innocence, is what keeps you off the list.
The bar recently dropped: Cunningham v. Cornell
On April 17, 2025, the US Supreme Court unanimously decided Cunningham v. Cornell University, 604 U.S. ___ (2025), and changed the math on a whole category of these cases. The question was technical but the consequence is not. To state a prohibited-transaction claim under ERISA § 406(a) — for example, that the plan paid a recordkeeper, who is a “party in interest” — must the plaintiff also plead that none of § 408’s exemptions (including the everyday exemption for reasonable compensation for necessary services) applies?
The Court said no. The § 408 exemptions are affirmative defenses the fiduciary must raise and prove; the plaintiff need only allege the bare elements of § 406, which is ridiculously easy to do. In practice, that means a plaintiff can survive a motion to dismiss by alleging something nearly every plan does — paying its service providers — and proceed into discovery. The Court openly acknowledged the risk that this opens the door to more litigation and pointed lower courts to tools to weed out meritless claims (Rule 7(a) replies, Article III standing, limited discovery, Rule 11 sanctions, and cost-shifting). The concurrence was blunter, warning of “untoward practical results.”
Why it matters to you: in ERISA fiduciary litigation, even before Cunningham, the motion-to-dismiss stage had become “the whole ball game.” Once a case clears that hurdle, the cost and disruption of discovery push even strong defendants toward settlement. Cunningham lowered that bar. This increases the stakes – your process now carries more of the weight — and that is built long before any complaint is filed.
The frontier is widening
The Plaintiff’s legal theories are multiplying, and they are reaching plan types that used to feel safe.
– Forfeitures. Beginning with a September 2023 suit against Thermo Fisher, roughly fifteen near-identical class actions have challenged a practice the IRS has expressly permitted for decades — using 401(k) forfeitures to offset employer contributions rather than to reduce participant expenses. Defendants named include Intuit, Clorox, Qualcomm, HP, and BAE Systems. Results are split: some courts have dismissed (the plan language made the choice a settlor decision), others have let the claims proceed.
– Health plans and Pharmacy Benefits Managers (PBMs). A newer wave of cases allege that fiduciaries imprudently managed pharmacy benefit manager arrangements and overpaid for drugs. So far courts have largely dismissed these on Article III standing grounds, but plaintiffs keep refining their approach to find a way in, and incoming PBM price-transparency data will hand them more raw material to work with.
– Tobacco surcharges and wellness incentives. A separate line of cases challenges premium surcharges on tobacco users and wellness-program designs under ERISA and HIPAA nondiscrimination rules.
The common thread here is that same fiduciary-breach playbook built over twenty years in the $10-trillion-plus retirement market is being aimed at the $5-trillion-plus health market — which means welfare-plan fiduciaries who never thought of themselves as litigation targets now are.
Where AI comes in — for them, and for you
Here is our theory: the targeting that drives this litigation is already data-driven, and inexpensive AI lowers its cost further. Reading thousands of Form 5500 filings, flagging plans by size and fee pattern, and pulling matching language from plan documents is exactly the kind of work Ai can now do quickly and cheaply.
The practical implication is a lower economic floor for a viable case. Litigation that once made sense only against mega-plans has already crept toward plans in the $250-million-to-$750-million range; cheaper scanning pushes that floor down further. “We’re not big enough to bother with” is a weaker bet every year.
But the same capability cuts both ways, and that is the opportunity for plan fiduciaries. The AI tools a plaintiff’s firm uses to find a problem in your plan, are the same tools that you can use — to benchmark your fees, surface gaps in your governance file, and document the prudent process that defeats these claims at the only stage that matters. Finding and fixing your own issues before someone else finds them is now a realistic exercise.
One elated caution worth mentioning: if your benefits team is already using general-purpose AI — to interpret plan provisions, answer eligibility or COBRA questions, or triage testing issues — without verification, documentation, or a rule about when to escalate to counsel, that is not a productivity use of AI. It is an undocumented, unsupervised decision process sitting inside a regulated fiduciary function, and it is precisely the kind of thing that looks bad in discovery. AI in the benefits department is either part of your governance or part of your exposure. There is no neutral third option.
What to do now
1. Treat target-ability as the real risk, and assume you have it. If your plan is not large and your conduct is documentable, you are in range regardless of whether you have done anything wrong. Stop relying on size or a clean conscience as a defense.
2. Ensure your process is prudent and write it down. A functioning fiduciary committee, regular meetings with real minutes, periodic benchmarking and RFPs for major service providers, and a documented basis for each significant decision. After Cunningham, the contest moves into discovery — and a contemporaneous record of prudent process is more important than ever.
3. Audit the specific items plaintiffs are litigating right now. Benchmark recordkeeping and investment fees; review your forfeiture-allocation language and practice against your plan document; examine your PBM contract and the oversight you actually exercise over it; and confirm any tobacco surcharge or wellness incentive offers a compliant reasonable-alternative standard.
4. Govern your team’s AI use deliberately. Adopt an AI-use policy for the benefits function, require human verification of AI output, set clear criteria for when a question goes to counsel, and document vendor due diligence for any AI tool touching plan administration — so that a fiduciary committee can show it adopted AI prudently rather than drifted into it.
5. Consider using AI to find your own gaps first. The defensible move is to run the same kind of review against yourself that a plaintiff’s firm would, and to fix and document what you find — before the file is built by someone whose interests are adverse to yours.
The volume, the data-driven targeting, and the lowered pleading bar are real. The fear some of this generates is not the right response, and frankly not warranted — many of the newer theories are being dismissed, and there are signs of a regulatory appetite to curb litigation abuse. The right response is the unglamorous one: know where you are exposed, run a prudent process, and keep a record good enough to end a meritless case early. If you would like an assessment of where your practices fit, give us a call.