Spark announces best practices to protect against retirement fraud

Spark announces best practices to protect against retirement fraud
The Spark Institute's standards build upon DOL cybersecurity guidance to provide more clear-cut practices designed to defeat retirement account fraud.
JUL 23, 2021

The $35.4 trillion in total retirement assets in the U.S. are at risk of account takeovers and fraud as cybercriminals have been actively targeting retirement savings, according to the Spark Institute.

On Wednesday, the retirement organization’s data security oversight board announced standards designed to protect retirement accounts from fraud in light of heightened cybersecurity threats. The recommendations build upon the Department of Labor cybersecurity guidance released in April and provide more clear-cut guidance to defeat retirement account fraud and protect the retirement benefits of America’s workers, according to the announcement. 

While it’s clear that cybersecurity poses a major risk to 401(k)s and other retirement plans, guidance has been lacking on how plan fiduciaries should address it, according to a February report from the Government Accountability Office. The GAO report pointed to several instances of 401(k) accounts being raided by thieves, events that have been well-publicized as a result of the private litigation that followed.

The GAO acknowledged that plan sponsors, record keepers and others have little to go on as far as guidance from the Department of Labor, and that it also isn’t clear whether fiduciaries have responsibility to minimize cybersecurity risks, according to the report.

To address the issue, the Spark Institute developed a fraud controls chart intended to highlight a minimum set of controls that should be considered and set expectations for all parties involved, including plan sponsors, participants and record keepers. 

The chart highlights best practices for protection in seven categories: authentication; establishing account access; reestablishing account access; contact data; communications; fraud surveillance; and customer reimbursement policy.

“The protection of retirement accounts can only be fully realized with a partnership among plan sponsors, fiduciaries, record keepers, participants — and advisers, when applicable,” Tim Rouse, executive director of the Spark Institute, said in a statement. “With this in mind, our recommended controls should be implemented among all individuals and organizations involved in a retirement plan.”

Some examples of best practices include plan sponsors requiring that record keepers provide multi-authentication options and ensuring that a fraud reimbursement policy has been established and is available to participants. 

For participants, one best practice is to review communications and statements sent by the plan sponsor or record keeper in a timely manner and immediately report any unauthorized activity. Meanwhile, record keepers should verify participant identities during credential resets and the verification must involve controls beyond relying on publicly available information. 

For participants, one best practice is to review communications and statements sent by the plan sponsor or record keeper in a timely manner and immediately report any unauthorized activity. Meanwhile, record keepers should verify participant identities during credential resets and the verification must involve controls beyond relying on publicly available information. 

“We know that cyberthreats are only going to increase,” Rouse said. “And we also know that protecting plan assets means that the retirement industry has to make a concerted and coordinated effort to fight fraud over the long term.”

Latest News

Merrill lands four advisor teams as May recruiting data shows firm's two-way churn
Merrill lands four advisor teams as May recruiting data shows firm's two-way churn

Merrill's latest hires span Colorado to Louisiana, even as industry-wide recruiting data suggests the firm is losing almost as many advisors as it gains.

Fund manager sues Kandeo, alleges $100 million FinSocial loss
Fund manager sues Kandeo, alleges $100 million FinSocial loss

The $36 million buy allegedly hid inflated books and a $50 million diversion.

Advisor gets $200,000 from Ameriprise in 'emotional distress' lawsuit
Advisor gets $200,000 from Ameriprise in 'emotional distress' lawsuit

“An award citing emotional distress is very unusual,” an industry executive said.

Workplace financial education linked to stronger financial habits, but participation remains low
Workplace financial education linked to stronger financial habits, but participation remains low

New EBRI research found workers who participated in employer financial education reported higher confidence, literacy and financial satisfaction.

The rise of the super advisor: How AI is redefining competitive advantage in wealth management
The rise of the super advisor: How AI is redefining competitive advantage in wealth management

Beyond operational excellence, the winning advisors of the future are the ones who can reach across multiple disciplines without discarding specialist skills.

SPONSORED Direct indexing webinar targets tax-loss harvesting amid market swings

Northern Trust’s Ken Lassner shows advisors how to convert volatility into after-tax portfolio gains

SPONSORED Who builds the income when the pension disappears?

Dan Biagini of American Equity says the steady decline of pensions, longer lifespans and a reset in interest rates are rewriting how advisors build retirement income