For many plan sponsors, fraudulent activity within an employee benefit plan (EBP) framework is generally considered to be an insignificant risk since the majority of plan activity is outsourced to third-party administrators. However, an increase in fraudulent activity has been observed over the last several years.
In fact, the recent American Institute of CPAs EBP Regulatory Update stated that 94 plans reported a loss due to fraud or theft in their EBP during the 2023 Form 5500 filing cycle.
Examples of recent fraudulent activity in EBPs include:
- Hacking of participant accounts to request participant loans to updated addresses in the system.
- Plan sponsor employees responsible for remitting contributions were manipulating the data to drive contributions to their own accounts.
- Actuaries for defined benefit plans utilizing unrealistic discount or turnover rates to mask a significant understatement of the plan’s benefit obligations.
- Paying fraudulent plan expenses for vendors created by plan sponsor employees.
- Requesting unauthorized distributions of participant accounts for “lost” employees.
Steps to Identify & Reduce Fraud
Plan fiduciaries need to evaluate the plan’s control structure to assess the plan’s ability to help identify and deter such instances of fraud as it relates to EBP activity.
Combating fraud in EBPs requires a multifaceted approach, including:
- Implementing strong cybersecurity measures to protect both internal and external systems with advanced security protocols, including multi-factor authentication (MFA), encryption, and regular security audits.
- Educating participants by regularly informing them about the risks of fraud and provide training to recognize and report suspicious activities.
- Conduct thorough background checks to vet employees and administrators with access to sensitive plan information, which can help mitigate the risk of internal fraud.
- Continuously monitor plan activities and access to detect and address any irregularities promptly.
- Collaborate with cybersecurity and Employee Retirement Income Security Act (ERISA) legal professionals to develop and implement comprehensive fraud prevention strategies.
More information on cybersecurity guidance and best practices from the U.S. Department of Labor (DOL) also clarifies that its recent updates apply to all types of EBPs.
Maintaining EBP Integrity
Creating a culture of vigilance within organizations is essential for effective fraud prevention. Plan management should encourage open communication and collaboration among employees, administrators, and participants. Foster a community where suspicious activities are promptly reported and addressed, reinforcing the collective commitment to protecting retirement plan assets.
For more details on EBPs and fraud reduction efforts, please reach out to a professional at Forvis Mazars.