Crypto in a 401(k): Risks, Rules, and Safer Options
Interest in crypto in a 401(k) keeps growing—but so do the fiduciary and compliance questions for plan sponsors. Here’s how to evaluate crypto requests, manage participant risk, and consider alternatives that may better fit a prudent process.
Employees are asking about crypto in a 401(k) more often—sometimes because they believe it’s the “investment future,” and sometimes because they’ve already invested personally and want the same exposure at work. For plan sponsors and HR teams, the question isn’t just whether crypto is popular. It’s whether offering crypto inside the plan can be justified through a prudent, well-documented fiduciary process.
Below is a practical guide to help you understand what “crypto in a 401(k)” can mean, why it’s challenging from a risk and governance standpoint, and what alternatives may help participants without putting the plan in the crosshairs.
What does “crypto in a 401(k)” actually mean?
“Crypto in a 401(k)” can refer to a few different approaches, and the details matter:
Crypto as a core plan investment option (e.g., a designated fund or account option on the plan’s main menu).
Crypto exposure through an indirect vehicle (for example, a fund that holds companies tied to blockchain or other related themes—still volatile, but different than holding tokens directly).
Crypto access through a self-directed brokerage account (SDBA), sometimes called a “brokerage window,” where participants choose from a broader universe of investments beyond the core lineup (subject to the provider’s rules and the plan’s design).
From a plan sponsor perspective, the biggest difference is what you are selecting and monitoring. Adding crypto to the core lineup is typically a much heavier fiduciary lift than allowing broader access through a structure like an SDBA (though an SDBA is not “set it and forget it,” either).
Why plan sponsors need to be cautious: fiduciary responsibility and participant harm
In most workplace retirement plans, the employer and/or committee members are fiduciaries under ERISA. In plain English, that means you’re expected to act prudently and in participants’ best interests when selecting and monitoring plan investments and service providers.
Crypto introduces challenges that can be difficult to reconcile with a prudent process, including:
Extreme volatility: Prices can swing dramatically in short periods, which can magnify losses close to retirement.
Valuation and liquidity concerns: Some crypto-related vehicles may have pricing, trading, or settlement complexities compared to traditional mutual funds.
Custody and security risks: Digital assets can be exposed to hacking, fraud, or operational failures, depending on how they’re held.
Participant behavior risk: Even if you add a small “slice,” some participants may go all-in on a high-risk category—especially during hype cycles.
Regulatory scrutiny: Government agencies have publicly cautioned plan fiduciaries about crypto in retirement plans. Plan sponsors should assume crypto-related decisions will be second-guessed if outcomes are poor.
For sponsor teams, the biggest practical concern is often not whether one participant wants crypto. It’s whether offering it inside the plan could lead to widespread concentration risk—participants putting a large percentage of retirement savings into a single, highly speculative category.
What regulators have said (and why it matters)
Regulators have signaled that crypto in retirement plans deserves special caution. The U.S. Department of Labor (DOL) has specifically addressed cryptocurrencies in 401(k) plans and indicated it expects fiduciaries to exercise “extreme care.” You can review DOL guidance and related releases directly on the DOL/EBSA site: Employee Benefits Security Administration (EBSA) and the DOL’s crypto-related compliance materials: EBSA Resource Center.
Separately, the IRS provides foundational rules for 401(k) plans and tax-qualified retirement arrangements. While IRS materials may not “approve” or “disapprove” specific investments, they are essential for understanding plan compliance basics: IRS Retirement Plans.
Bottom line: even if a vendor can technically make crypto available, plan sponsors should evaluate whether it’s appropriate under ERISA’s fiduciary standards and whether you can document a prudent process.
Practical risks: what happens when participants go all-in?
When participants concentrate heavily in a high-risk option, the consequences can be severe:
Retirement readiness declines after a major downturn, especially for older workers.
Increased complaints and HR escalations when balances fall quickly.
Potential fiduciary exposure if the plan is viewed as encouraging or enabling imprudent concentration without appropriate guardrails.
If your organization is considering any form of crypto access, consider whether you have (or can implement) safeguards such as:
Clear participant education that explains volatility, concentration risk, and long-term retirement implications.
Thoughtful plan design (for example, limiting how much can be allocated to certain high-volatility options, where permitted and feasible).
Documented fiduciary review including why the option is being considered, how it will be monitored, and what would trigger removal.
A potential “pressure release valve”: the self-directed brokerage account (SDBA)
Some plan sponsors look to a self-directed brokerage account (SDBA) as a way to address participant demand for expanded investment choice without placing a speculative option directly on the plan’s core investment menu.
Conceptually, an SDBA can:
Offer broader investment access for participants who want it,
Help keep the core lineup focused on diversified, retirement-oriented options, and
Reduce the perception that the plan sponsor is “endorsing” a specific crypto option as a primary retirement investment.
Important: An SDBA is not automatically a fiduciary “get out of jail free” card. It still requires careful design, participant communication, and coordination with your recordkeeper and advisor. If you’re exploring this route, consider creating a separate internal review and education plan before rollout.
If you want to go deeper on this approach, consider publishing (or reading) a dedicated post on brokerage windows and then linking it as a next step for interested participants. For now, the key takeaway is that an SDBA may be a middle-ground solution when employees want more flexibility but the sponsor wants to keep the core lineup prudent and simple.
How crypto conversations connect to your broader compliance and governance
Crypto tends to spotlight whether a plan has strong governance: an investment policy statement (IPS), a consistent review process, and clear documentation. Those same habits also support your plan’s broader compliance obligations, including annual reporting and (for larger plans) audit readiness.
If you’re reviewing your plan’s overall risk posture, these resources may help:
What an ERISA bond is and how to buy one (often confused with cybersecurity coverage, but very different)
And if you need specialized help, these directories can help you build the right team:
401(k) financial advisors to help evaluate investment options and document a prudent process
ERISA attorneys for fiduciary and plan document considerations
retirement plan providers if your current platform can’t support your desired design
401(k) auditors (and all auditors) if you’re approaching audit thresholds or want readiness support
Conclusion: focus on a prudent process, not the hype
Crypto may be part of the investing landscape for years to come, but a 401(k) is primarily a long-term retirement vehicle—not a trading account. For plan sponsors, the best path forward is to evaluate employee interest through the lens of fiduciary duty, participant outcomes, and operational realities. In many cases, the “right” answer is not adding crypto to the core lineup, but improving education, reinforcing diversification, and exploring structures like an SDBA where appropriate.
Call to action: If your employees are requesting crypto in the 401(k), don’t go it alone. Work with an experienced advisor who can help you evaluate options, document your decision-making, and design guardrails that protect participants and the plan. Start here: how to hire a retirement plan advisor—or browse our directory of 401(k) financial advisors to find the right fit.