Plan theft is a perennial hot-button issue in the benefit plan arena. This is for good reason. Recent estimates show that defined contribution plans alone hold over $6.3 trillion for 106 million participants. This makes plans a target for thieves—for example thieves may steal a participant’s identity and submit a request for a distribution. When the participant discovers the missing funds (sometimes years later), they often turn to the plan sponsor looking to be made whole (such as in the highly publicized Estee Lauder case).
Recent DOL guidance noted that mitigating cybersecurity risk is a fiduciary duty and specifically notes that plan fiduciaries should understand and guard against identity theft. You can help your plan sponsor clients meet their fiduciary obligations and protect their participants.
Here are some questions you can discuss with your clients to help them evaluate their processes and combat the risk of plan theft:
· Who is in charge of approving distributions and loans? How do they ensure the person requesting the distribution or loan is the actual participant or beneficiary?
· Are all changes to employee data (such as changed address, marriage/divorce, etc.) passed along to the plan’s TPA or recordkeeper?
· How are address changes verified? Is there extra verification when a change is made close in time to a loan or distribution request?
· Are prudent processes in place to mitigate identity theft and cybersecurity incidents? What do password requirements look like? Is multifactor authentication required?
· Does the client know what steps to take if they suspect theft or another cybersecurity incident has occurred?
EJReynold’s takes cybersecurity and identity theft very seriously. Give us a call today to discuss ways we can help protect your plan’s assets and to review practical steps you can take to reduce the risk of plan theft.
Please contact us at 954.431.1774 and we will be happy to assist you.