The 401(k) program is one of the best benefits that employers can provide, and is one of the most attractive targets for criminals. There are billions of dollars in retirement accounts of employees, and scammers are always seeking ways to swindle the plan’s administrators, sponsors and the participants.
If your company is the sponsor of the 401(k) plan, you are subject to an obligation as a fiduciary as per the laws to act prudently and solely in participants’ interests. This includes protecting the assets of the plan and securing personal information. And being aware of new scams, knowing the security procedures of your plan provider and ensuring that your employees follow the highest standards.
Review the Basic Security Measures
Like many plan sponsors, you probably depend on an outside service provider to help administer your 401(k). Being aware of its security procedures and policies is vital. The majority of providers have cyberfraud insurance that covers plan participants, however there could be limitations if the provider finds you (the sponsor) or your participants played a role in an incident.
Your plan’s documents might require your participants to follow the security guidelines recommended by your provider for checking their account details “frequently” and checking the correspondence “promptly.” Be sure everyone is aware of what these terms refer to. If you don’t have it yet, create a robust educational and communication plan that teaches new members about security measures to prevent fraud and refreshes them regularly.
Fortify Cybersecurity
In recent times, a variety of 401(k) program sponsors have faced legal action because they failed to protect the personal information of participants when their accounts were compromised. Every organization should have comprehensive and up-to-date cybersecurity. Be especially cautious when you keep plan data within your server.
Two-factor authentication is a standard but it may not be sufficient. Many cybersecurity experts recommend using multifactor authentication, which is a combination of something that users know (a password) as well as something they own (a gadget or device) and something they are (a biometric identifier) to stop the ever-increasing sophistication of fraud strategies.
As important, you should invest time and money in educating users to adhere to strict security guidelines when managing their accounts. Instruct them to:
- Use your own, unique passwords that are complex and make sure to change them frequently.
- Avoid storing passwords or usernames in your browsers or other files.
- Be aware if users have difficulties logging into or an account sign-in page looks unusual.
Make sure that participants are cautious when they’re approached by someone that claims to represent the law enforcement, government or the plan’s provider, or a financial institution. Instead of directly responding, the participant should make use of verified contact details to independently verify the legitimacy of any inquiry.
More sophisticated schemes have involved criminals who pose as fraud experts or representatives of plans and soliciting participants to transfer money in “safer” accounts where the money will, naturally, disappear. Give participants a trusted number to dial and obtain official information about the plan or to confirm any suspicious messages.
Secure Funds for Everyone’s Benefit
Protecting the retirement savings of employees also means that they are in compliance with 401(k) contribution regulations. The U.S. Department of Labor requires that plan sponsors deposit contributions of participants as soon as they are segregated from their employer’s assets, and not later than the 15th business day in the following month.
For smaller companies (those that have less than 100 employees) a safe harbor rule specifies that contributions made within seven business days of the pay date are deemed timely. This helps to ensure compliance, safeguards the members’ savings, and increases the trust in your retirement plan.
Be Clear About Your Commitment
The protection of the 401(k) plan from fraudulent activity is essential to fulfilling your fiduciary responsibility. But it’s also a chance to establish trust and boost the engagement of your employees. Secure plans encourage participation and show your commitment to participant’s financial wellbeing over the long term. Parr & Ibarra CPA firm in Keller, TX can assist you in evaluating the internal controls of your company for your 401(k) as well as across all other operations to discover weaknesses and enhance the security measures against fraud.
