Compliance October 14, 2019

New Lawsuit Highlights Importance of Cybersecurity for Retirement Plans

A former 401(k) plan participant is suing the plan sponsor and plan providers after unauthorized distributions were made from her account.

Reported by

Rebecca Moore

A former participant in the Estee Lauder 401(k) plan has sued the plan sponsor and plan providers for failing to safeguard her retirement account.

According to the complaint, in September and October 2016, an unknown person or persons stole the participant’s retirement savings by withdrawing a total of $99,000 in three separate unauthorized distributions from her account in the plan.

Get more! Sign up for PLANSPONSOR newsletters. 

The lawsuit names as defendants Estee Lauder; Alight Solutions, whose predecessor Hewitt Associates was the recordkeeper to the plan at the time; and State Street Bank & Trust, the plan’s custodian.

Alight Solutions said it has no comment. Estee Lauder and State Street did not respond to a request for comment.

The complaint says by June 30, 2016, the participant’s account balance in the Lauder Plan had grown to more than $90,000. However, in October, she received by mail two documents entitled “Confirmation of Payment – 401(k) Savings Plan,” one of which stated the plan had distributed $37,000 from the participant’s account to a checking account at Suntrust Bank. The second stated that the plan had distributed $50,000 from her account to a checking account at TD Bank.

In addition, when the participant received by mail her plan account statement for the third quarter of 2016, it showed a withdrawal of $12,000. She received no confirmation letters for this withdrawal, but learned from Estee Lauder that the $12,000 had been distributed on September 29, 2016, to an account at Woodforest National Bank.

The complaint says the participant never requested or authorized any distribution from the plan and never had any account at Woodforest National Bank, Suntrust Bank, or TD Bank.

Upon receiving the first confirmation of payment, she telephoned the Hewitt Customer Service Center at the number on the confirmation form and was informed that her remaining account balance was $3,791. The Customer Service Center stated that it would investigate the unauthorized distributions, but never provided the participant with any information regarding its investigation.

According to the complaint, between October 24, 2016, and January 2, 2017, the participant made at least 23 calls to the Customer Service Center regarding the unauthorized distributions. Ultimately, it informed her that it had completed its investigation, no money had been recovered, and her plan account would not be made whole for the losses.

On or about October 25, 2016, the participant reported the unauthorized distributions to the San Francisco Police Department and the FBI, and placed a fraud alert on her credit file with Equifax.

On November 7, 2016, State Street emailed her and requested that she complete an “Affidavit of Forgery” for each unauthorized distribution. The participant returned the requested affidavits the same day, but State Street did not contact her further.

The lawsuit claims that the defendants breached their fiduciary duties of loyalty and prudence by causing or allowing the unauthorized distributions of plan assets; failing to confirm authorization for distributions with the plan participant before making distributions; failing to provide timely notice of distributions to the plan participant by telephone or email; failing to identify and halt suspicious distribution requests, such as requests for multiple distributions to accounts in different banks; failing to establish distribution processes to safeguard plan assets against unauthorized withdrawals; and failing to monitor other fiduciaries’ distribution processes, protocols and activities.

In addition, Estee Lauder is being sued for not timely providing plan documents that were requested by the participant’s lawyer.

Among other things, the lawsuit seeks an order that the defendants restore to the participant’s plan account $99,000, plus investment earnings thereon from the distribution dates to the date of judgment.

The case highlights the importance of provider process reviews regarding cybersecurity. There are also things retirement plan sponsors and participants can do to safeguard accounts.

Andy Adams and Jay Schmitt, with Strategic Benefits Advisors, have provided information about what makes retirement plan data vulnerable and actionable steps to protect it from fraud.

The cybersecurity threat is so pervasive that lawmakers have asked the Government Accountability Office (GAO) to examine the cybersecurity of the U.S. retirement system.

You Might Also Like:

Data and Research | October 29th, 2024

Plan Sponsors May Be Paying Too Much in DC Plan Fees

Some 80% of companies were spending more than efficient pricing for 401(k) and 403(b) plans, Abernathy Daley 401k Consultants survey...

Compliance | August 7th, 2024

TIAA, Morningstar Sued Over Retirement Advice Tool

A Schlichter Bogard-led complaint alleges that providers pushed participants into retirement advice that led to TIAA annuity investments.

Compliance | May 3rd, 2024

How Should a Plan Sponsor Respond to a Data Breach?

Given the recent data breach at J.P. Morgan, plan sponsors should evaluate their recordkeepers’ cybersecurity practices and ensure there is...

Data and Research October 14, 2019

DC Plans 3.0 Will Really be Tailored to Individual Situations

Bob Collie, head of research at the Thinking Ahead Institute, tells PLANSPONSOR version 3.0 will be customized by “hyper-customization and integrated whole-of-life wealth management” that takes into account all of a person’s savings.

Reported by

Lee Barney

In a new report, “Shifts for the DC Organisation of Tomorrow,” Willis Towers Watson’s Thinking Ahead Institute outlines what it calls defined contribution (DC) plans version 3.0. The findings are based on surveys and interviews of 10 leading companies on four different continents with a median size of $80 billion in assets serving a base of 900,000 participants.

“Target-date funds (TDFs) offered what was the beginning of customization for defined contribution plans, by taking into account an individual’s age,” Bob Collie, head of research at the Thinking Ahead Institute, tells PLANSPONSOR. “As technology advances to address each individual’s situation, then DC plans will begin to really be tailored to individual situations.”

The new research also asserts that the DC version 2.0 is now emerging, with a focus on retirement income solutions. Collie says version 3.0 will be customized by “hyper-customization and integrated whole-of-life wealth management” that takes into account all of a person’s savings.

“The need for change has been clear for a long time,” Collie says. “Even 10 years ago, we talked of a version 2.0 of DC that was built around the purpose of providing income throughout retirement. It’s only recently that real progress has started on this front. But momentum has been building, and we expect things to develop quickly from here.”

The institute also expects DC plans to embrace the growth of master trusts and other multiple-employer platforms.

Collie adds: “DC has become the world’s dominant retirement savings vehicle, and work is needed if it will live up to the responsibilities of this role. The next few years will be pivotal ones in the development of retirement plans all around the world.”

The report says that “post-retirement income arrangements are primitive” and that there is a need for “longevity tail insurance.”

The Thinking Ahead Institute also expects that the need for retirement plan providers to keep up with technological developments will squeeze out small players.

The institute says there is a real problem with the coverage gap in the U.S., with roughly half the private-sector workforce not participating in an employment-sponsored retirement plan. People are also not saving enough, and there is a need for plans with automatic enrollment to increase the deferrals. Plans also need to address leakage, as people move from one job to another, the institute says.

Ninety-three percent of the respondents to the survey and interviews said their organizations make effective use of their investment managers. Collie says he believes the reason they did not express concerns about their investment lineups is because there has historically been so much emphasis on the investments offered in a plan.

With the growth of master trusts and multiple employer plans, the institute believes more retirement plan sponsors will be able to outsource many functions of their plans. “This development will offer employers more choice in what role they’d like to play in the provision of retirement benefits,” the institute says in its report. “It will, most likely, become easier to outsource not only merely investment or administrative functions, but also the key fiduciary role of operating a plan.”

Collie also believes that because technology will enable customization for each participant, the pendulum will move away from set-it-and-forget TDFs and automatic enrollment to obtaining more personal information from each participant—resulting in more engaged participants.

You Might Also Like:

Compliance | March 4th, 2025