Skip to main content
Article

Does your insurance cover losses from 401(k) fraud?

Financial, Executive and Professional Risks (FINEX)
N/A

By Steve Leggett | July 16, 2020

Fraud involving 401(k) accounts is rising but existing crime policies may not cover the losses.

Set up through employers and often administered by a third party, 401(k) savings accounts are generally seen as hands-off investments, carrying penalties for withdrawals before the age of 59 ½, and expectations of big payoffs upon retirement. While most people think of their 401(k) plans as safely tucked away for retirement, experts say the accounts may be particularly vulnerable to cyberfraud1. Over the past few months, several news outlets have published articles relating to 401(k) fraud, including the Chicago Tribune and USA Today.

One of those articles concerned an impersonation fraud scheme affecting a retiree of Abbott Laboratories, whose 401(k) account managed by Alight Solutions, was fraudulently drained of $245,000. Heide Barnett, a former employee of Abbott Laboratories, and a participant in the company’s 401(k) retirement plan, claimed that an outside hacker fraudulently accessed her plan account information and used that information to initiate a withdrawal from her 401(k) account.

In addition, Barnett alleged that the hacker tricked an Alight Solutions customer service representative into giving him additional personal information. This information was subsequently used to transfer Barnett’s pension funds into a new bank account.

While this is a new twist to the usual social engineering frauds involving “fake CEO” or fake vendor schemes, companies of all sizes and industries have been impacted by 401(k) fraud losses over the past several years. These events have struck a chord as many companies (and their current and former employees) have learned that their existing crime policies do not typically cover retirement plan fraud losses for the following reasons:

  1. Deductible:
    Most plan participants have account balances of $100,000 or less, which is generally below the applicable deductible. Thus, even where coverage exits, the loss would not likely exceed the deductible.
  2. Crime insuring agreements:
    • Social engineering (SE) insuring agreement – as currently written, SE coverage only applies when an employee of an insured is being duped. However, most larger firms outsource recordkeeping and fund disbursement functions to outside plan administrators, like Alight, rendering the insured’s SE insuring agreement inapplicable to the pension fraud scheme discussed above.
    • Computer fraud insuring agreement – the majority, if not all, crime policies, require that the loss involve a computer utilized or owned by the insured. As noted above the majority of these losses involve a computer owned or used by the account administrator and therefore the computer fraud insuring agreement would be inapplicable.
  3. Exclusions:
    The courts remain sharply divided as to whether fraudulent emails used to cause social engineering type losses represent a loss resulting “directly” from the use of an insured’s computer system, and therefore the indirect loss exclusion could apply.

Implementing robust security protocols, including multi-factor authentication, is highly recommended and found to be most effective in preventing successful fraudulent attacks. Despite best efforts to protect against fraud, cybercrime schemes have become highly sophisticated and losses continue to occur. Reviewing your existing policies and understanding the potential solutions available to protect your firm and your employees’ assets are essential activities for any risk manager.

Disclaimer

Willis Towers Watson hopes you found the general information provided in this publication informative and helpful. The information contained herein is not intended to constitute legal or other professional advice and should not be relied upon in lieu of consultation with your own legal advisors. In the event you would like more information regarding your insurance coverage, please do not hesitate to reach out to us.In North America, Willis Towers Watson offers insurance products through licensed subsidiaries of Willis North America Inc., including Willis Towers Watson Northeast Inc. (in the United States) and Willis Canada, Inc.

Footnote

1 https://www.chicagotribune.com/business/ct-biz-401k-fraud-abbott-alight-solutions-investigation-20200410-yaye2pmcgjhqzbvttsw2xfjcxi-story.html

Contacts

Senior Vice President, National Fidelity Advisor

Director, National Fidelity Product Leader

US Fidelity Thought Leader,
FINEX North America

Contact Us
Related content tags, list of links Article Financial, Executive and Professional Risks (FINEX)