Some people think that 401k plans have little exposure to fraudulent activity. The truth is, whenever there is an incentive, the opportunity, and the rationalization to commit fraud, then fraud should definitely be considered by your Company.
The following risks, and mitigating recommendations, will be helpful to the following persons (but not limited to1):
• Director (s) of 401K plans
• Trustee (s) of 401K plans (especially if you are an employee of the 401K Plan provider).
• Plan committees (“Committee”) or those an individual charged with governance.
• All other interested parties that place reliance on a 401k plans operations, and/or financial results.
Risk #1 – Employee distributions
If a plan administrator can request for terminated employees’ distribution checks to be mailed to their (administrator’s) attention and address, then the plan administrator may have the opportunity to deposit these funds in the company’s name or in his/her name.
Recommendation – The Committee should request from their 401K plan third party administrator (this is the person that maintains the 401k plan’s asset records and sometimes the assets of the plan), that distribution checks not be mailed to the Administrator’s address. Additionally, for every change of address made by a participant, an address change notice should be mailed to the participant’s prior address and the new address.
What if I do not have a third party administrator? If you do not have a third party administrator, then a distribution should be approved by both the plan administrator and the Committee, in which the approval should be evidenced by a distribution request form signed by the terminated employee, the plan administrator and the Committee.
Risk #2 – Employee Distributions subject to vesting
If your Employer contributes to your account on your behalf, then chances are you will earn their contributions based on a vesting schedule. Upon termination you will want to verify that you receive the correct amount of Employer contributions that you earned. There have been some fraud cases whereby the plan administrator will incorrectly calculate the portion of Employer contributions you earned, and then keep a portion for himself/herself.
Recommendation – The Committee should put a control in place whereby there is an independent review of the vesting calculation on the distribution, whereby the reviewer is someone other than the preparer of the calculation.
Risk #3 – Are you paying for the correct administrative fees?
If you pay a third party administrator to perform recordkeeping services and/or custodial services for your plan assets, then you should be aware of the fees you are being charged and paying for the related services, to ensure that you are not being overcharged.
Recommendation – the Committee should review the administrative charges paid by the Plan on a regular basis, and should review their monthly/quarterly statements for accuracy. For example, if your recordkeeper charges $50 per participant loan serviced, and charged you for 20 loans in the month, then you should do an accuracy check against your files and participants requests for loans.
Risk #4 – General Plan Administration
It is not uncommon for a smaller 401K plan to have an administrator that performs the majority of the plan’s operations. While this is probably the most efficient for your company, and makes the most sense that one person can answer all the participants questions, it may provide for too much opportunity to commit fraud in the 401K plan.
Recommendation – The Committee should have a policy whereby the administrator must take a break from the Plan for an unspecified period of time, with the time determined by the Committee. The Committee should then have a back-up administrator that is independent of the primary administrator perform the plan operations. This may allow for any inconsistencies or fraudulent activity to be identified. Additionally, the Committee should request from the third party administrator for an e-mail to be sent to the Committee for any 401k Plan transaction authorized by the administrator. (i.e. request for participant distributions, loans, contributions to the plan, forfeiture re-allocation requests, etc).
Footnote: 1Note – this list is not meant to contain all risks that are present in a 401k plan, nor are the risks in any particular order. The recommendations are suggestions only, and are not the only recommendations to mitigate against such risks. If you are concerned about fraud in your 401k plan, you may consider consulting with an independent auditor qualified to audit employee benefit plans, and/or an attorney specialized in ERISA.