Recognizing the Risks of Benefit Plan Fraud
By Michael D. Frenza, CPA/CFF, CFE
Defined benefit pensions, plans that are fully funded by employers with guaranteed income streams for the duration of a retiree’s life, are rapidly becoming the exception, not the rule, to employer-offered retirement benefits. Defined contribution plans (e.g. 401(k) or 403(b)), where employees set aside a percentage of their wages to fund their own retirement, are the new norm. With the rise in defined contribution plans comes a greater responsibility for workers to take control of their personal finances and remain vigilant to ensure their future security. As if there was not enough risk in the stock market, U.S. economy and Euro-zone, now you have to worry about whether investments in your 401(k) plan are safe from not only market gyrations, but theft.
Under the Employee Retirement Income Security Act (ERISA), the U.S. Department of Labor (DOL) has the authority to conduct civil and criminal investigations to protect employee benefit programs and the related investments. DOL studies have highlighted concerns in benefit plan audits, given many of the complexities associated with such plans. In 2010, the DOL’s Employee Benefits Security Administration (EBSA) responded by implementing the Contributory Plans Criminal Project (CPCP) to combat criminal abuse of defined contribution plans. The CPCP targets those who commit fraud and abuse against plan participants and beneficiaries of defined contribution plans, including 401(k) plans and contributory health plans, such as Health Savings Accounts.
Why should you care?
In defined contribution plans, theft of plan assets can deprive employees of savings set aside for their retirement. In the case of contributory health plans, theft of plan assets could result in unpaid health benefits and/or insurance premiums, resulting in workers lacking sufficient medical coverage. Violators can be charged civilly or criminally, resulting in penalties including fines, restitution and/or imprisonment.
Who is vulnerable to theft?
Plan participants (i.e. employees) and plan sponsors (i.e. employers) are both susceptible to being victimized by benefit plan fraud.
Plan participants can be victimized by their own employer or by third party administrators (TPA), such as Advisors or Service Providers. For instance, if an employer or other fiduciary has authority over plan assets, they may convert employee contributions for their own personal benefit or misapply those contributions and use them to cover business expenses.
Plan sponsors are also susceptible to theft. EBSA has investigated cases in which TPAs have accessed plan funds and embezzled money for their own gain.
How does benefit plan fraud occur?
The following are examples of benefit plan fraud based on recent criminal prosecutions by the EBSA:
- A plan trustee, the company’s owner, misrepresented to the plan custodian that plan participants wanted to close out their accounts and receive lump sum disbursements. The plan trustee had the plan custodian close out the participants’ accounts, issue a check payable to the business and had the check mailed directly to the company’s owner.
- A business owner failed to remit employee contributions to the company 401(k) plans and used the funds for personal expenses.
- An investment advisor received over $5.3 million from clients to invest in securities, bonds and mutual funds. Instead of investing his clients’ money, he operated a Ponzi scheme in which false account statements were issued to mislead clients, while $2.5 million was used for his personal benefit and $2.8 million was paid out to early investors.
The common theme in each of these cases was a lack of segregation of duties and an override of internal controls by those responsible for performing as fiduciaries to the respective plans.
How can benefit plan fraud be prevented?
- Plan sponsors should consider a plan audit by an experienced firm. While a plan audit is not designed to detect fraud or required for plans with less than 100 participants, a plan audit may be effective in deterring those who are contemplating committing benefit plan fraud.
- When hiring an auditor, the plan sponsor should consider a firm that is a voluntary member of the American Institute of Public Accountants (AICPA) Employee Benefit Plan Audit Quality Center (EBPAQC). THE EBPAQC is a firm-based voluntary membership designed to help CPAs meet the challenge of performing quality ERISA audits. Member firms can be found through the EBPAQC section on the AICPA website, www.aicpa.org.
Plan sponsors should verify that service providers have an updated Standards for Attestation Engagement (SSAE) No. 16 report (which replaced the Statement on Auditing Standards [SAS] No. 70 report). An SSAE 16 report provides evidence that the service provider has sufficient internal controls in place.
The SSAE 16 report comes in two types:
- Type I - A review of the design of controls as of a specified date.
- Type II - A comprehensive test of design and operating effectiveness of controls throughout the specified period.
- The SSAE 16 report comes in two types:
- Account statements and disbursement checks should be sent directly to plan participants, instead of the plan sponsor.
- Plan sponsors should periodically reconcile data between company records and TPA/service providers to verify accuracy of transactions.
- Plan participants should report any denial of health or retirement benefits or problems with their plan to the EBSA.
- If required, plan participants should review the plan’s annual Form 5500 return to the Internal Revenue Service available from either EBSA’s website or their employer, and review for any unusual disclosures or findings.
Plan sponsors should educate and encourage plan participants to recognize the ten warning signs from the DOL that their plan contributions are possibly being misused:
- Your 401(k) or individual account statement is consistently late or arrives at irregular intervals.
- Your account balance does not appear to be accurate.
- Your employer failed to transmit your contribution to the plan on a timely basis.
- A significant drop in account balance that cannot be explained by normal market ups and downs.
- 401(k) or individual account statement shows your contribution from your paycheck was not made.
- Investments listed on your statement are not what you authorized.
- Former employees are having trouble getting their benefits paid on time or in the correct amounts.
- Unusual transactions, such as a loan to the employer, a corporate officer or one of the plan trustees.
- Frequent and unexplained changes in investment managers or consultants.
- Your employer has recently experienced severe financial difficulty.
Michael D. Frenza is a manager at BlumShapiro, the largest regional accounting, tax and business consulting firm based in New England, with offices in Connecticut and Massachusetts. The firm, with nearly 300 professionals and staff, offers a diversity of services which includes auditing, accounting, tax and business advisory services. In addition, BlumShapiro provides a variety of specialized consulting services such as succession and estate planning, business technology services, employee benefit plans, litigation support and valuation, and financial staffing. The firm, with offices in West Hartford and Shelton, CT and Boston and Rockland, MA, serves a wide range of privately held companies, government and non-profit organizations and provides non-audit services for publicly traded companies.