Although it looked like a typical request to take a distribution from a 401(k) plan, the address on the application didn't match the one on file.
In a follow-up call, the individual seeking the withdrawal tried to explain away the disconnect by claiming he was submitting the request on behalf of the employee, who had been terminated.
Except the employee was still on the retirement plan sponsor's payroll.
This was fraud, and one that hit close to home for BOK Financial, which was the 401(k) record keeper in this case. After confirming the individual's employment status, the BOK Financial® team marked the request as fraudulent, alerted the client company (the plan sponsor) and notified BOK Financial's fraud team.
"It's a very structured process with lots of checks and balances and procedures for verifications," said Jesus Herrera, a retirement plans education consultant with BOK Financial.
Tough system to game
Given the value that can build up in 401(k) plans, it's not surprising that criminals occasionally target them. Although such cases tend to attract attention, Herrera said that 401(k) plan fraud is rare, due largely to the nature of the accounts. Consisting primarily of mutual funds and company stock, retirement accounts don't typically have easily retrievable cash balances.
"These accounts don't generally hold liquid assets, so it's not like stealing a debit card and making as many withdrawals as you can before you get caught," he said. "Trades have to take place and most of the information has to go through the employer."
Your vigilance helps, too
As more and more companies move toward increased automated plan administration, including allowing for distribution requests through a participant website, they’re building additional authentication steps into the process. Such measures help protect the data flow within the plan, which still moves from the participant to the employer to the administrator and back again.
"We work in partnership with employers and a big part of that is putting steps in place to guard against something going wrong," Herrera said.
Participants share in the responsibility for catching and addressing fraudulent behavior. Herrera said following safe online practices such as strong passwords and extra caution while using publicly accessible Wi-Fi access is a must, as are regular reviews of your account.
"In addition to looking at your balance, make sure the address and other information check out as well," he said.