News of commercial database hackings may seem commonplace in 2019. But while many of these stories focus on hacked bank and credit card accounts, 401(k) plan sponsors and participants probably don’t realize that their plan assets also are at risk.
Employers who offer 401(k) plans to their employees need to take precautions against identity theft. Part of this is educating participants.
Role of sponsors
If your organization sponsors a 401(k) plan, it’s essential that you assess plan service providers’ protection systems and policies. Most providers carry cyberfraud insurance that they extend to plan participants. But there may be limits to this protection if, for example, the provider determines that you (the sponsor) or employees (participants) opened the door to a security breach.
Your plan’s documents may say that participants must adopt the provider’s recommended security practices. These could include checking account information “frequently” and reviewing correspondence from the administrator “promptly.” Make sure you and your employees understand what these terms mean — and follow them.
What participants can do
Traditionally, 401(k) plan participants have been discouraged from worrying about short-term fluctuations and volatility in their accounts, and instead encouraged to focus on the long run. However, lack of regular monitoring can make these accounts vulnerable. Instruct employees to periodically check their account balances and look for signs of unauthorized activity.
Employees also should take the same steps they follow to protect other online accounts. For example:
- Use strong passwords and change them regularly.
- Take advantage of two-factor authentication.
- Don’t use the same login ID and passwords for multiple sites.
- Don’t allow a browser to store login information.
- Never share login information.
Such precautions can foil some of the most common retirement plan thieves — relatives and friends — from using their knowledge to gain account access. In one real-life case, a plan participant divorced his wife and moved out of the house. However, he didn’t update his address with his plan provider, change his password or review his balance regularly. His ex-wife cleaned out his more than $40,000 balance.
A few clicks
Without adequate vigilance, anybody can be a few clicks away from cleaning out your employees’ 401(k) accounts. Review your plan documents carefully and educate participants about their responsibilities for monitoring their accounts. Contact us for more information on identity theft at 205-345-9898 or email@example.com.
© 2019 CovenantCPA
Forensic accountants are best qualified to unearth the “hows and whys” of occupational fraud. But it’s up to employers to know when it’s time to call for professional help in the first place. The signs of fraud can be easy to miss, but they’re usually there.
Something doesn’t belong
Dishonest employees may use anything from fictitious vendors to false invoices to cover up theft. To ferret out potential fraud, look for such signs as:
- Duplicate payments,
- Out-of-sequence entries,
- Entries by employees who don’t usually make them,
- Unusual inventory adjustments,
- Accounts that don’t properly balance, and
- Transactions for amounts that appear too large or too small, or transactions that occur too often or too rarely.
An increase in the number of complaints your company receives is another warning sign. An investigation may lead to a relatively innocent explanation, such as a glitch in your shipping system — or it may lead to a fraudulent billing scheme. Pay equally close attention to declines in product quality. They could just stem from a faulty batch of paint or indicate that a thief is working in purchasing.
Living it up
Changes in an employee’s lifestyle can be evidence of fraud. Although such changes usually are difficult to spot initially, a pattern is likely to emerge over time.
For example, one piece of expensive jewelry could be a gift, and a good investment return may pay for an exotic vacation. But if your warehouse manager brags about his new state-of-the-art home theater, buys an expensive car and decides to install a backyard pool, you should question how that’s possible on the salary you’re paying.
When employees steal, especially if they’re first-time offenders, they may no longer be on their best behavior. In fact, you may not even recognize them. People who have always been cooperative may become argumentative. Or, alternatively, someone who typically is difficult to work with may suddenly become everyone’s friend.
If an employee starts drinking to excess or takes up smoking, ask what’s wrong. If they can’t sleep, or if they worry obsessively about the possible consequences of actions and resent other employees’ participation in “their” projects, be concerned. They may be wrestling with a family problem — or stealing you blind.
Don’t jump to conclusions
The signs of fraud are easy to overlook, in part because they aren’t necessarily signs of fraud. There may be explanations for suspicious behavior that have nothing to do with fraud, but you won’t know unless you investigate further. If you begin to suspect fraud, contact us at 205-345-9898.
© 2019 Covenant CPA