The $35.4 trillion in total retirement assets in the U.S. are at risk of account takeovers and fraud as cybercriminals have been actively targeting retirement savings, according to the Spark Institute.
On Wednesday, the retirement organization’s data security oversight board announced standards designed to protect retirement accounts from fraud in light of heightened cybersecurity threats. The recommendations build upon the Department of Labor cybersecurity guidance released in April and provide more clear-cut guidance to defeat retirement account fraud and protect the retirement benefits of America’s workers, according to the announcement.
While it’s clear that cybersecurity poses a major risk to 401(k)s and other retirement plans, guidance has been lacking on how plan fiduciaries should address it, according to a February report from the Government Accountability Office. The GAO report pointed to several instances of 401(k) accounts being raided by thieves, events that have been well-publicized as a result of the private litigation that followed.
The GAO acknowledged that plan sponsors, record keepers and others have little to go on as far as guidance from the Department of Labor, and that it also isn’t clear whether fiduciaries have responsibility to minimize cybersecurity risks, according to the report.
To address the issue, the Spark Institute developed a fraud controls chart intended to highlight a minimum set of controls that should be considered and set expectations for all parties involved, including plan sponsors, participants and record keepers.
The chart highlights best practices for protection in seven categories: authentication; establishing account access; reestablishing account access; contact data; communications; fraud surveillance; and customer reimbursement policy.
“The protection of retirement accounts can only be fully realized with a partnership among plan sponsors, fiduciaries, record keepers, participants — and advisers, when applicable,” Tim Rouse, executive director of the Spark Institute, said in a statement. “With this in mind, our recommended controls should be implemented among all individuals and organizations involved in a retirement plan.”
Some examples of best practices include plan sponsors requiring that record keepers provide multi-authentication options and ensuring that a fraud reimbursement policy has been established and is available to participants.
For participants, one best practice is to review communications and statements sent by the plan sponsor or record keeper in a timely manner and immediately report any unauthorized activity. Meanwhile, record keepers should verify participant identities during credential resets and the verification must involve controls beyond relying on publicly available information.
For participants, one best practice is to review communications and statements sent by the plan sponsor or record keeper in a timely manner and immediately report any unauthorized activity. Meanwhile, record keepers should verify participant identities during credential resets and the verification must involve controls beyond relying on publicly available information.
“We know that cyberthreats are only going to increase,” Rouse said. “And we also know that protecting plan assets means that the retirement industry has to make a concerted and coordinated effort to fight fraud over the long term.”
IFP Securities’ owner, Bill Hamm, has a long-term plan for the firm and its 279 financial advisors.
A former Alabama investment advisor and ex-Kestra rep has been permanently barred and penalized after clients he promised to protect got caught in a $2.6 million fraud.
As more active strategies get packaged into the ETF wrapper, advisors and investors have to look beyond expense ratios as the benchmark for value.
Survey finds AI widely embedded in research and analysis, but barely touching portfolio construction or trade execution.
Two firms land teams managing more than $1.1 billion in combined assets from Kestra and Edward Jones.
Wellington explores how multi strategy hedge funds may enhance diversification
As technical expertise becomes increasingly commoditized, advisors who can integrate strategy, relationships, and specialized expertise into a cohesive client experience will define the next era of wealth management
