A recent case involved a 401(k) plan participant who was defrauded of approximately $740,000 by overseas criminals. Unfortunately, fraud involving 401(k) accounts doesn't stop there—friends, family members, and even employers have been implicated in stealing millions of dollars from retirement savings every year. Here's what your organization can do to help protect your employees' 401(k) accounts from fraud.
Assessing Existing Protections
If your organization sponsors a 401(k) plan, assessing the protection systems and policies of your plan's service providers is crucial. Many providers carry cyber fraud insurance to cover plan participants but be aware that there may be limitations. For example, providers may not cover losses if they determine that a breach occurred due to actions taken by the plan sponsor or participants.
Review your plan's documents carefully. They may state that participants must follow recommended security practices, such as frequently checking account information and promptly reviewing communications from the plan administrator. Ensure you and your employees fully understand these requirements—and follow them diligently.
Using Technology to Foil Thieves
In recent years, several 401(k) plan sponsors have faced legal action for failing to adequately protect the personal data of participants whose accounts were hacked. Every business needs robust cybersecurity measures, but you must be especially vigilant if you store 401(k) plan information on your servers.
While two-factor authentication is a standard security measure, some experts recommend three-factor authentication to thwart increasingly sophisticated fraud schemes. Additionally, employees should be encouraged to adopt strict security protocols, such as:
- Choosing complex passwords that aren't used on other sites and changing them frequently
- Never write down or store passwords in browsers
- Being cautious if they experience trouble logging in or if the sign-in page appears different
- Verifying the identity of anyone who contacts them, claiming to be from the government, law enforcement, or their 401(k) plan sponsor, before providing any account information
Be aware of more sophisticated fraud tactics, such as criminals posing as fraud investigators who advise account holders to move their savings to "safer" locations. The criminals then disappear with the funds. Ensure employees know whom to contact for legitimate plan information or verify the identity of anyone who reaches out to them.
A Rare but Worrisome Issue: Employer Theft
While rare, employer theft of 401(k) funds is a significant concern. Financially troubled companies have been known to illegally withdraw or withhold employee 401(k) contributions. According to the Department of Labor (DOL), 401(k) sponsors must deposit employee contributions as soon as they can be segregated from the organization's assets—no later than the 15th business day of the month after the amounts were withheld. Smaller companies (fewer than 100 participants) should deposit contributions within seven business days.
Stay Protected: How We Can Help
Protecting your employees' retirement savings requires proactive steps and awareness of potential fraud risks. If you have questions about securing your organization's assets and ensuring the safety of your workers' 401(k) plans, Brinker Simpson is here to help. Contact us today to learn more about safeguarding your plan from fraud and maintaining compliance with the latest regulations.