Selecting a crypto 401(k) provider due diligence process is more important than ever as regulatory guidance shifts and digital assets become a more frequent consideration in employer-sponsored retirement plans. In May 2025, the Department of Labor (DOL) rescinded its previous “extreme care” guidance, clarifying that such a standard is not found in ERISA and reaffirming a neutral stance: “neither endorsing nor disapproving of plan fiduciaries who conclude that the inclusion of cryptocurrency in a plan’s investment menu is appropriate” (Compliance Assistance Release No. 2025-01).

For employers, this means the responsibility to evaluate providers, mitigate risks, and protect participants remains paramount.

For additional context on how these changes affect your responsibilities, see our 401(k) resources for employers.

The Short Answer: What’s Changed for Crypto in 401(k) Plans (2025 Update)

The regulatory environment for crypto 401(k) plan compliance has shifted. The DOL’s 2025 release rescinded its previous “extreme care” position, stating that the Department was restoring its historical approach by “neither endorsing, nor disapproving of, plan fiduciaries who conclude that the inclusion of cryptocurrency in a plan’s investment menu is appropriate” (DOL Compliance Assistance Release 2025-01).

Executive Order 14330, signed in August 2025, also signals a federal policy shift toward broader investment choices for retirement plans.

Fiduciaries are still obligated to fulfill ERISA’s standards of prudence and loyalty, no matter the asset class.

For updates and deeper regulatory insights, visit our 401(k) resources hub.

How to Use This List: Scorecard Approach for Employer Teams

A structured approach helps your HR and finance teams navigate the due diligence process. Use the questions below as a scorecard, marking providers green (meets expectations), yellow (needs clarification), or red (potential concern), and capture notes for your records to demonstrate ERISA compliance if needed.

This method not only supports crypto 401(k) provider due diligence but also documents your process in case of future audits or compliance reviews.

For a more in-depth checklist and sample documentation, see our Crypto in the 401(k): Policy, Process & Provider Checklist for Employers.

Governance and Compliance: Critical Questions for Fiduciary Safety

It’s essential to understand your ongoing responsibilities under ERISA when considering digital assets. As Richard E. Nowak, a partner at Mayer Brown, notes, “the Labor Department was returning to its historical approach of taking a neutral standard toward particular investment types and strategies by ‘neither endorsing, nor disapproving of, plan fiduciaries who conclude the inclusion of cryptocurrency in a plan’s investment menu is appropriate’” (mayerbrown.com).

This reinforces the need for thorough diligence and adherence to ERISA’s prudence and loyalty standards, underscoring that the DOL continues to expect fiduciaries to act with care, skill, prudence, and diligence.

Ask providers:

• How do you support plan sponsors in meeting ERISA fiduciary standards for crypto investments?

• What compliance documentation and audit trails are available?

• How do you monitor regulatory changes and update plans accordingly?

• What legal resources or indemnification do you offer for fiduciary risk?

• Can you provide evidence of litigation or regulatory actions involving your firm or crypto plan features?

For detailed strategies on adding crypto to your IPS, see Adding Crypto to Your Investment Policy Statement (IPS): A Practical Guide.

Operations and Custody: What to Ask About Security and Asset Protection

The operational backbone of a strong crypto 401(k) plan is secure custody and sound risk controls. As highlighted by industry experts at Fidelity Digital Assets, best practices include multi-factor authentication, insurance coverage, and regular third-party audits. These measures are critical to safeguarding plan assets and protecting participant interests, along with regular adaptation to new cybersecurity threats and regulatory requirements.

Here’s how leading providers stand out:

• Secure custody solutions: Use of insured, third-party custodians with audit transparency. Learn more about secure custody solutions.

• Insurance coverage: Policies against theft, hacking, and operational failures.

• Audit practices: Routine, independent security audits and public incident response protocols.

• Regulatory compliance: Alignment with federal guidance and reporting.

The bottom line: Prioritize providers that can demonstrate high operational and custody standards.

Fees and Disclosures: Transparency Questions Every Employer Should Ask

Transparent fees are non-negotiable for prudent plan management. The DOL reminds fiduciaries to make sure all fees and expenses—including those tied to cryptocurrency options—are fully disclosed to participants and remain reasonable relative to the services provided.

Fee clarity is essential for participant trust and regulatory compliance, including any novel costs unique to digital assets such as network or custody fees.

Ask providers:

• Can you provide a complete breakdown of all crypto-related fees (management, custodial, transaction)?

• How are fee changes communicated to plan sponsors and participants?

• What is your process for fee benchmarking and maintaining competitiveness?

A transparent approach not only supports compliance but also enhances your ability to compare providers.

Participant Experience and Education: Questions About UX and Employee Readiness

A 2024 GAO survey found that cryptocurrency investments in 401(k) plans account for “substantially less than 1 percent of the 401(k) market, whether measured by plans, participants, or assets” (mayerbrown.com).

Despite Gen Z being four times more likely to own crypto than to have a retirement account, according to Nasdaq, actual adoption in workplace retirement accounts remains low.

Ask providers:

• What educational resources do you offer for plan participants considering crypto?

• How do you communicate volatility, liquidity, and tax implications?

• What support is available for participants with questions about digital assets?

• How do you deliver an intuitive participant experience?

Effective education and user experience are crucial for employee engagement with digital assets in retirement plans.

Support and Implementation: What to Expect from Onboarding to Ongoing Help

Launching crypto investment options in a 401(k) plan requires comprehensive support, including dedicated onboarding and participant education tailored to digital assets. Industry experts emphasize that effective implementation hinges on clear communication, participant education, and ongoing provider responsiveness, especially for complex investment options like cryptocurrencies.

Ask providers:

• What is your process for onboarding new employer clients?

• How do you support plan sponsors and participants during rollout and beyond?

• What ongoing resources are available for troubleshooting or compliance questions?

• Can you provide examples of successful implementations?

Strong provider support can make or break the success of new investment options.

What to Request in Writing: Essential Documentation Checklist

A thorough crypto 401(k) provider due diligence process requires documentation at every step. Request the following from providers:

1. Written descriptions of investment options, custody arrangements, and insurance.

2. Detailed fee schedules and disclosure statements.

3. Copies of security audit reports and incident response procedures.

4. Sample participant education materials.

5. Compliance and regulatory updates relevant to crypto in 401(k) plans.

For a comprehensive documentation checklist, see our Crypto in the 401(k): Policy, Process & Provider Checklist for Employers.

Next Steps for Employers: Get Guidance or Start Your Evaluation

Selecting the right provider for your crypto 401(k) plan is a high-stakes decision. Use this due diligence list to compare your options, safeguard your participants, and stay ahead of regulatory expectations.

To discuss your needs or start your evaluation, Get started with Basic Capital.

This content is for informational purposes only and is not legal, tax, investment, or compliance advice.

References

• Department of Labor. (2025). Compliance Assistance Release No. 2025-01. https://www.dol.gov/agencies/ebsa/key-topics/retirement-benefits/cryptocurrencies/compliance-assistance-release-2025-01?utm_source=openai

• Mayer Brown. (2025, June). A Return to Investment Neutrality: DOL Rescinds Guidance Discouraging Plan Fiduciaries from Considering Cryptocurrencies. https://www.mayerbrown.com/en/insights/publications/2025/06/a-return-to-investment-neutrality-dol-rescinds-guidance-discouraging-plan-fiduciaries-from-considering-cryptocurrencies?utm_source=openai

• Fidelity Digital Assets. (n.d.). Security and Risk Management. https://www.fidelitydigitalassets.com/

• Government Accountability Office. (2024). 401(k) Plans: Industry Data Show Low Participant Use of Crypto Assets Although DOL’s Data Limitations Persist. https://www.gao.gov/products/gao-25-106161?utm_source=openai

• Department of Labor. (2025, May 28). News Release: EBSA20250528. https://www.dol.gov/newsroom/releases/ebsa/ebsa20250528?utm_source=openai