The era of delegating benefits oversight to vendors and assuming fiduciary protection is limited, according to a recent report from Mercer. A perfect storm of Supreme Court decisions, aggressive litigation and emerging technologies is exposing HR executives to unprecedented legal liability, even for decisions made by their outsourced partners.
“ERISA fiduciaries who violate their duties may be subject to investigation and personally liable for any profits obtained or losses incurred through the use of plan assets,” warns Mercer’s latest compliance analysis, which tracks the regulatory and litigation landscape for employer health plans.
Supreme Court lowers the bar for plaintiffs
Legal exposure is growing for employers. In April 2025, the U.S. Supreme Court unanimously ruled in Cunningham v. Cornell University in a way that “will likely make it more difficult for fiduciaries in these cases to defeat a prohibited transaction allegation on a motion to dismiss,” as noted in Mercer’s analysis.
The decision, according to Mercer, “sets a low bar for what plaintiffs must plead in these cases to avoid dismissal and proceed to the costly discovery phase of litigation.” This may indicate that more benefit-related cases will survive early dismissal motions, forcing employers into expensive discovery and increasing settlement pressure.
Major employers in the crosshairs
According to Mercer, three Fortune 500 companies are currently defending themselves in federal court against allegations concerning their employee benefit plans:
- Stern v. JPMorgan Chase & Co. (filed March 2025)
- Navarro v. Wells Fargo (filed July 2024)
- Lewandowski v. Johnson & Johnson (filed February 2024)
The allegations are similar across all three cases: failure to conduct open RFPs, failure to consider alternative pharmacy service providers and failure to pay reasonable compensation to service providers. The result, according to plaintiffs, is that “the group health plan and members overpay for benefits, including higher payments for prescription drugs, premiums and out-of-pocket costs.” One case goes further, alleging “a prohibited transaction for failing to pay reasonable compensation to a service provider.”
The PBM transparency crackdown
Mercer notes that pharmacy benefit managers are also facing increased regulatory scrutiny, with the FTC investigating insulin pricing and specialty drug markups.
In September 2024, the FTC filed an administrative complaint against major PBMs over insulin pricing that remains ongoing. In January 2025, the FTC issued a second interim staff report concluding, in Mercer’s words, “that the Big 3 PBMs significantly marked up specialty generic drugs at their affiliated pharmacies.”
Additionally, President Trump issued three major executive orders directing agencies to reduce drug costs, including one that specifically targets PBM transparency. The order instructs DOL to “improve employer health plan fiduciary transparency into the direct and indirect compensation received by pharmacy benefit managers.”
As a result, DOL is expected to propose rules later this year under ERISA §408(b)(2). Mercer advisors say this aims to achieve “the EO’s goal to ‘improve employer health plan fiduciary transparency into the direct and indirect compensation received by pharmacy benefit managers.'”
The AI factor: claims denials you don’t know about
Here’s where it gets particularly concerning for HR leaders: Third-party administrators may be using artificial intelligence and algorithms to process and (in some cases) deny employee claims, and employers may have no idea.
Mercer notes a May 2025 survey finding that 84% of health insurers use AI or machine learning in some form. Yet Mercer’s researchers say that most employers and plan sponsors lack access to all negotiated prices and cannot provide transparency disclosures without input from the insurer or TPA.
This has important fiduciary implications. According to Mercer, ERISA plan fiduciaries must act prudently when selecting and monitoring service providers, including how those providers use AI.
Read more: Amid high-cost claims from chronic illness, how HR can respond
Recent cases illustrate the liability risk
In one California case, plaintiffs allege that a carrier relied on an algorithm to handle mental health and substance use disorder (MH/SUD) claims in ways that violated federal parity requirements. According to the complaint, the tool was used only for MH/SUD claims to track patient “progress” and trigger peer-review referrals, a process the plaintiffs say was more restrictive than what the carrier used for medical or surgical claims.
Other lawsuits make similar claims. In one, “the algorithm allegedly allowed the claim administrator’s clinicians to automatically deny payments in large batches, evading the physician review process required by state law (and in violation of ERISA’s fiduciary duties),” as detailed in Mercer’s report. In still others, “algorithms were allegedly used to override doctors’ recommendations and deny post-acute care.”
According to Mercer, when AI systems administer claims and override doctor recommendations, they may violate ERISA’s requirement for full and fair review of claims.
In a related antitrust case (CHS/Community Health Sys. v. MultiPlan), the Department of Justice filed a statement of interest sharing their view “that use of an algorithm can be the basis for a lawsuit under antitrust laws.”
What this means for your vendor contracts
Mercer’s report outlines five critical areas where HR leaders need to strengthen vendor oversight:
Demand AI disclosure. Ask all service providers how they use AI in claims adjudication, pre-authorization and medical necessity determinations. Request third-party audits of these systems.
Scrutinize all fees. Examine direct and indirect compensation, including shared-savings arrangements and PBM rebates and spreads.
Eliminate gag clauses. Ensure agreements don’t restrict access to provider-specific cost or quality data. Annual attestations confirming compliance are due December 31.
Build in audit rights. Agreements should allow ongoing monitoring and contract termination if needed.
Document everything. All fiduciary actions must be recorded and retained for at least six years under ERISA.
The report also recommends employers verify their fiduciary insurance coverage is appropriate, ideally including a nonrecourse rider, since “plans cannot indemnify fiduciaries from liability for ERISA violations.”
For detailed guidance on implementing these measures, see Mercer’s full report, Top 10 health, fringe and leave benefit compliance and policy issues in 2026.
