2019 946 946
Though some employers may not think so, the truth is that in today's world 401(k) plans are subject to fraudulent activity and that the often-overlooked retirement plan can be the perfect place for it to occur.
For example, in late 2017, several news outlets reported a scheme targeting individual 401(k) accounts. The U.S. Attorney's office in Colorado had filed a lawsuit to recover up to $2 million in losses due to fraudulent distributions from retirement plan accounts. The lawsuit, filed December 4th, 2017 in federal court, sought to seize up to $342,335 in assets from five individuals that deposited funds from the alleged scheme. Multiple banks, including JP Morgan Chase Bank, Bank of America, PNC Bank, and Wells Fargo, received the fraudulent transactions. According to the suit, the FBI's Denver Division was contacted in November 2016 by Great-West Financials' VP of Internal Audit regarding allegations of fraudulent transfers from clients' 401(k) accounts by JP Morgan. At that time, Great-West Financial had 20 participants affected with a loss of at least $1 million and a potential loss in excess of $2 million.
As in many 401(k) plans, participant victims of the fraud established an account online with the plan's recordkeeper (in this case Great-West). Great-West maintains a call center to assist with questions when contacted by a plan participant, utilizing a four-part authentication process that employs biographical identifiers set up by the plan participant. Using this biographical information (e.g. name, Social Security numbers, or date of birth) obtained through phishing scams and password hacking, the scammers were able to provide accurate information to change the online profile and ultimately affect a distribution. According to the suit, Great-West observed that unauthorized individual(s) had been fraudulently using this process to obtain access to funds held in retirement accounts. Upon obtaining access, the funds were able to be transferred from those retirement accounts to other bank accounts without the knowledge or consent of the actual participant. The FBI indicated that Great-West wasn't the only recordkeeper that was targeted by fraud schemes. In the end, Great-West reimbursed all funds to the participant's account.
Please note, in this instance, neither the TPA nor Great-West had experienced a data breach. The participant's personally identifiable information (PII) was obtained by other means prior to contacting Great-West or submitting the distribution request. It appears that the PII was obtained through scams aimed at the participant. This being the case, what can you do to help mitigate distribution fraud?
It's good practice to review your retirement plan's transactions each month like you would your company bank account or credit card accounts. If you see any questionable transactions, please contact your TPA immediately.
©2019 Benefit Insights, LLC All rights reserved.