Texas pension fraud case highlights cybersecurity risks

A man who helped siphon hundreds of thousands of dollars from Texas retirees was sentenced last week to eight years in prison.

Olumide Morakinyo, 38, a Nigerian national who was living in Canada, was found guilty in U.S. District Court for the Western District of Texas of conspiracy to commit money laundering in connection with a scheme that involved establishing unauthorized accounts for numerous participants in the Employees Retirement System of Texas.

Morakinyo and another man, Lukman Aminu, a New Hampshire resident, in 2017 began accessing accounts through the pension system’s online portal, using personally identifying information for numerous participants, according to court records.

The two allegedly used bank deposit information from participants’ accounts to redirect payments to debit cards they controlled, funds from which were ultimately used for cash, expenses and buying used cars that were shipped to Nigeria and Benin for resale.

The pair also allegedly stole personal identifying information from a Texas CPA and filed fraudulent tax returns, according to the 2019 complaint against Morakinyo.

In total, the thefts came to nearly $1 million, which Morakinyo was ordered to repay as part of his sentencing.

Aminu was charged separately and was sentenced in late 2019 to 51 months in prison, according to a statement from the Department of Justice.

EYES ON CYBERCRIME

The sentencing announcement from the DOJ follows recent efforts by the Department of Labor to increase cybersecurity in retirement plans.

In April, the DOL issued cybersecurity guidance in three parts, outlining the responsibilities of plan fiduciaries. That included tips for hiring service providers, cybersecurity best practices and security advice for retirement savers. The guidance came after a report from the Government Accountability Office that called upon the DOL to provide clarity on their responsibilities for plan sponsors and service providers.

Over the summer, the DOL has started auditing plans, sending requests for information to numerous plan sponsors, according to a report in June from law firm Morgan Lewis, which noted that “the requests are probing and indicate serious inquiry.”

Last week, Tim Hauser, the deputy assistant secretary for national office operations within the Employee Benefits Security Administration, told attendees at an American Retirement Association conference that the burden of cybersecurity is highest for record keepers and other service providers, not plan sponsors. He noted that the DOL’s request for information is aimed at helping improve policies and is not necessarily punitive, according to a report from ARA.

In July, an industry group, the Spark Institute, put out its own list of cybersecurity standards, which are similar to those issued by the DOL but are more specific and clearer, according to the announcement. That guidance includes a seven-part fraud control chart that outlines responsibilities for plan sponsors, record keepers and participants.

Related Topics: Cybersecurity, Employee Benefits Security Administration