<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=187647285171376&amp;ev=PageView&amp;noscript=1">

Another Concern During the Pandemic – Data Security

Published by Kim Moore on Jul 6, 2020 6:00:00 AM

We know it has been a difficult time for most businesses during the Covid-19 Pandemic. You have most likely had workers that needed to move their “office” to their homes without much notice. Your IT Department was probably working round the clock to ensure the business could still operate at full capacity with workers operating in different settings.

If you're the Plan Administrator for your Company’s 401(k) Plan, you should realize that your service providers were in the same position. The staff at those companies that work with the day-to-day transactions for your Plan, manage the Plan investments and help ensure you remain compliant were also working from home. Most of us Data Security in the pandemichave been concerned with keeping things running and working on a day to day basis. However, have you considered the risks presented for all the individuals that “touch” your 401(k) Plan working from home? 

As the Plan Administrator for a 401(k) Plan, you are a named fiduciary to the Plan. This designation carries with it specific responsibilities with respect to the participants in the Plan. One of the primary duties of the fiduciary is to ensure that the participants are treated fairly and that their accounts are safeguarded from any fraudulent or negligent activity.

As an example, in a recent lawsuit involving a participant in the 401(k) Plan for Estee Lauder, the participant alleges that funds from their account were disbursed without their knowledge or approval to bank accounts which are not owned or controlled by the participant. According to the participant, $99,000 was disbursed from their account. The TPA/record-keeper, custodian, Estee Lauder, Inc. and the named Plan fiduciaries are all parties to the lawsuit. The suit was filed October 9, 2019, in a U.S. District court in San Francisco. The lawsuit alleges that the defendants failed to “establish distribution processes to safeguard the Lauder plan assets against unauthorized withdrawals” and “failing to identify and halt suspicious distribution requests”. 

Cyber-security is a real threat to your Plan. Controls to help combat potential attacks include:

  • regular monitoring of Plan activity,
  • reviewing distribution requests prior to processing,
  • review of controls at the service providers especially with regard to access controls and physical access to data, and
  • physical custody and safeguarding of confidential data such as employee names, addresses, Social Security numbers, account numbers and e-mail addresses.

While no controls can fully prevent a cyber-security attack, controls such as those noted above can help protect your Plan and the assets it holds. While we understand everyone has a full plate these days, we encourage you to review the controls around the security of data in your 401(k) Plan and continue to ensure monitoring work is carried out on a regular basis.

As the plan sponsor, it’s also your responsibility to hire an auditor when it’s time to audit your plan. It’s vital that you hire an experienced auditor to ensure your plan is in compliance. At Summit CPA we specialize in retirement plan audits. We have the ability to offer assistance entirely off-site with little or no distraction to your daily office routine. We also offer flat-fee pricing so there are no surprises on your bill when the job is complete. For assistance contact our office at (866) 497-9761 to schedule an appointment.

Get a FREE 401k Audit Consultation

Leave a comment