Never miss a story — sign up for PLANSPONSOR newsletters to keep up on the latest retirement plan benefits news.
Compliance July 11, 2022
Lawsuit Alleges $751K Retirement Account Theft
A plan participant saw her whole defined contribution retirement account balance vanish.
Reported by Noah Zuss
A retiree’s golden years could become a nightmare.
The plaintiff in a new Employee Retirement Income Security Act lawsuit, a former global director for customer marketing at Colgate-Palmolive, has alleged that thieves have ripped off her entire account balance. The lawsuit, filed in the U.S. District Court for the Southern District of New York, names as defendants the Colgate-Palmolive employee relations committee, plan recordkeeper Alight Solutions and custodian BNY Mellon for their parts in operating the company’s defined contribution retirement plan.
The lawsuit, which brings a claim for breach of fiduciary duty, alleges that plan providers missed several red flags.
“The fact that within the span of less than two months, a person claiming to be a plan participant changed the participant’s phone number, email address, mailing address, and bank account information, and then requested an immediate cash distribution of the participant’s entire $750,000 plan account, should have been red flags that triggered further action to confirm that the requested distribution had come from the plan participant,” the complaint states. “The fact that a person claiming to be a plan participant changed the participant’s contact information such that the phone number and email address were from one country and the mailing address was in a different country should have been a red flag that triggered some further action to confirm the legitimacy of the request.”
Under ERISA, retirement plan fiduciaries owe twin duties of loyalty and prudence in operation of the plan to participants. The plaintiff worked for Colgate-Palmolive from 1993 to 2004 in England, Mexico and the U.S., according to the complaint. She became eligible to contribute to the plan beginning in 1998 and made regular contributions to the plan, and Colgate-Palmolive regularly made employer contributions, the lawsuit states.
The participant left Colgate-Palmolive in 2004 to return to England, the lawsuit notes.
The Colgate-Palmolive company plan comprises a defined contribution arrangement with profit sharing and an employee stock ownership plan, the complaint states. According to the lawsuit, the plan’s 2020 IRS Form 5500 showed that it had 7,264 participants with account balances and $3,304,005,459 in assets.
According to the complaint, the plaintiff has lived in South Africa since 2008. Upon moving there, she updated her contact information with the plan, and in 2016, she again submitted to the plan an update of the contact information, which consisted of a physical mailing address, email address and cellphone number, the lawsuit states.
Her contact information had not changed since that time, the plaintiff claims.
In August 2020, the plaintiff attempted to access the account online to review the balance but she was blocked and the website informed her that she was entering an incorrect username ID and password, the complaint states. She then contacted the Colgate-Palmolive Benefits Information Center to request access and information about her plan account, according to the lawsuit.
The plaintiff claims that she always intended to leave her plan account alone until she was ready to retire at 65. “She has never requested or received any distribution from her plan account,” states the lawsuit.
“On September 14, 2020, [the participant] was informed that the entire balance of her plan account, totaling $751,430.53, had been distributed from the plan in a single taxable lump sum, even though at no point had she authorized or received any such distribution,” the lawsuit states. “[She] later learned that her plan account was distributed to an individual with an address and bank account in Las Vegas, Nevada in March 2020.”
Allegedly, the impostor contacted the benefits center in January 2020, falsely identified herself as the plaintiff and requested to update the contact information that was on file with the plan, according to information from Alight cited in the complaint.
Alight sent a temporary personal identification number by mail to an address in South Africa, which was intercepted, according to the lawsuit.
“The fraudster, and/or others working in conjunction with her, intercepted [her] mail and stole the temporary PIN,” the lawsuit states. “Alight did not contact [the participant] at the phone number or email address that she had previously provided to the plan to notify her of the request or of the mailing of the temporary PIN, or to confirm that she had authorized the requested PIN.”
An internal fraud investigation, conducted by Alight in 2020, found that prior to theft of the plan assets the alleged thieves made several attempts to access the individual’s account, according to the lawsuit.
The Alight investigation found “at least seven additional phone calls to the Benefits Information Center and at least eleven additional website log-in attempts were made by the fraudster (and/or others acting in concert with the fraudster) during the first half of 2020, during which the individual attempted to access [the] account information, but was unable to authenticate the call or was unable to provide the PIN, address, phone number or email address on file for the account,” the complaint states.
The lawsuit claims that the plan providers failed to follow proper procedures, despite explicit instructions contained within the plan’s Summary Plan Description. These were intended to provide the process for which all benefits are to be paid from the trust fund.
For example, if a request for a distribution is received by 4:00 p.m. Eastern time on a regular business day, the election is generally processed that day, according to the lawsuit.
According to the complaint, the plan’s SPD states that “[i]f you have changed your address or the address of a financial institution to which you would like payment to be mailed within the last 14 days, any payment request cannot be mailed to such address.” It also advises that “complicated tax issues may arise for certain participants who reside outside of the U.S. at the time of distribution from the [plan],” per the complaint. “Therefore, it is strongly recommended that you contact the International Benefits Department prior to requesting a final distribution so that the appropriate paperwork can be completed in advance of the transaction.”
An October 2021 claim submission for benefits under the plan was made, in which the individual explained that she had not requested or authorized any distribution from the plan. In response, the plan’s claims administrator denied the claim by asserting that while “it is unfortunate your information and plan benefit may have been stolen from you … the plan had in place reasonable procedures” for asset distribution, procedures were followed and the plan benefit was paid according to plan terms and requirements, according to the lawsuit.
“However, the plan did not have reasonable procedures in place, and the procedures it did have were not in fact followed by defendants,” the complaint states. “Defendants failed to follow their own procedures, including but not limited to failing to wait for 14 days after [the participant’s] address was changed before processing and distributing plan assets,” the lawsuit states. “Instead, defendants ignored numerous significant red flags, failed to follow their own procedures, and failed to implement reasonable procedures to detect and prevent fraud and theft of plan assets.”
BNY Mellon declined comment.
“Security and fraud detection are critically important to our business and to staying in front of the constantly evolving threat landscape,” an Alight spokesperson says. “Our policies and practices meet or exceed all industry standards and have proven effective in thwarting fraudulent activity. ”
Colgate-Palmolive did not return a request for comment.
