Compliance October 14, 2019

Retirement Plan Cybersecurity the Issue in a New Lawsuit

A retirement plan participant who had $99,000 stolen from her account has sued the plan sponsor and plan providers.

Reported by

A former participant in the Estee Lauder 401(k) plan has sued the plan sponsor and plan providers for failing to safeguard her retirement account.

According to the complaint, in September and October 2016, an unknown person or persons stole the participant’s retirement savings by withdrawing a total of $99,000 in three separate unauthorized distributions from her account in the plan.

Want the latest retirement plan adviser news and insights? Sign up for PLANADVISER newsletters.

The lawsuit names as defendants Estee Lauder; Alight Solutions, whose predecessor Hewitt Associates was the recordkeeper to the plan at the time; and State Street Bank & Trust, the plan’s custodian.

Alight Solutions said it has no comment. Estee Lauder and State Street did not respond to a request for comment.

The complaint says by June 30, 2016, the participant’s account balance in the Lauder Plan had grown to more than $90,000. However, in October, she received by mail two documents entitled “Confirmation of Payment – 401(k) Savings Plan,” one of which stated the plan had distributed $37,000 from the participant’s account to a checking account at Suntrust Bank. The second stated that the plan had distributed $50,000 from her account to a checking account at TD Bank.

In addition, when the participant received by mail her plan account statement for the third quarter of 2016, it showed a withdrawal of $12,000. She received no confirmation letters for this withdrawal, but learned from Estee Lauder that the $12,000 had been distributed on September 29, 2016, to an account at Woodforest National Bank.

The complaint says the participant never requested or authorized any distribution from the plan and never had any account at Woodforest National Bank, Suntrust Bank, or TD Bank.

Upon receiving the first confirmation of payment, she telephoned the Hewitt Customer Service Center at the number on the confirmation form and was informed that her remaining account balance was $3,791. The Customer Service Center stated that it would investigate the unauthorized distributions, but never provided the participant with any information regarding its investigation.

According to the complaint, between October 24, 2016, and January 2, 2017, the participant made at least 23 calls to the Customer Service Center regarding the unauthorized distributions. Ultimately, it informed her that it had completed its investigation, no money had been recovered, and her plan account would not be made whole for the losses.

On or about October 25, 2016, the participant reported the unauthorized distributions to the San Francisco Police Department and the FBI, and placed a fraud alert on her credit file with Equifax.

On November 7, 2016, State Street emailed her and requested that she complete an “Affidavit of Forgery” for each unauthorized distribution. The participant returned the requested affidavits the same day, but State Street did not contact her further.

The lawsuit claims that the defendants breached their fiduciary duties of loyalty and prudence by causing or allowing the unauthorized distributions of plan assets; failing to confirm authorization for distributions with the plan participant before making distributions; failing to provide timely notice of distributions to the plan participant by telephone or email; failing to identify and halt suspicious distribution requests, such as requests for multiple distributions to accounts in different banks; failing to establish distribution processes to safeguard plan assets against unauthorized withdrawals; and failing to monitor other fiduciaries’ distribution processes, protocols and activities.

In addition, Estee Lauder is being sued for not timely providing plan documents that were requested by the participant’s lawyer.

Among other things, the lawsuit seeks an order that the defendants restore to the participant’s plan account $99,000, plus investment earnings thereon from the distribution dates to the date of judgment.

The case highlights the importance of provider process reviews regarding cybersecurity. There are also things retirement plan sponsors and participants can do to safeguard accounts.

Andy Adams and Jay Schmitt, with Strategic Benefits Advisors, have provided information about what makes retirement plan data vulnerable and actionable steps to protect it from fraud.

The cybersecurity threat is so pervasive that lawmakers have asked the Government Accountability Office (GAO) to examine the cybersecurity of the U.S. retirement system.
Deals & People October 14, 2019

Broadridge Acquisition of Fi360 Underlines RIA Fiduciary Evolution

Leading up to its own acquisition by the larger Broadridge organization, Fi360 had been actively acquiring other fiduciary solutions firms, aiming to build a comprehensive suite of RIA services.

Reported by

Broadridge Financial Solutions last week announced it has entered into a purchase agreement to acquire Fi360, a growing provider of fiduciary-focused software, data and analytics for financial advisers and intermediaries.

In recent years, Fi360 has grown organically and through its own acquisition activity. Last year, for example, Fi360 acquired the Center for Fiduciary Management (CFFM). The firm has also been active in forming integrations and working partnerships with fiduciary-focused retirement plan providers.

Never miss a story — sign up for PLANADVISER newsletters to keep up on the latest retirement plan adviser news.

Speaking with PLANADVISER about this latest development, Michael Liberatore, president of Broadridge’s mutual fund and retirement solutions business, and Bill Mueller, CEO of Fi360, say they are very optimistic about the opportunities for synergy between the two firms. Liberatore notes that Broadridge, through its work with retirement plan recordkeepers and plan service providers, already touches tens of millions of retirement plan participants on an annual basis.

“Our adviser clients speak about the need for better tools to help them prospect, win and manage plans,” Liberatore says. “Our view at Broadridge is that Fi360 has the most comprehensive and effective set of solutions to do this while also demonstrating a deep commitment to fiduciary practices and responsible management.”

According to Liberatore, there are other niche providers in the RIA industry that are “really good at one thing or another—prospecting, benchmarking, etc.” But, he says, “We determined that Fi360 has the most comprehensive sweep of services.”

“We are excited about putting what we do on a bigger stage,” Mueller says. “If you look at the two firms, we have similar philosophies about open architecture and agnostic services. So, working with Broadridge is a great opportunity for us to expand what we do, both on the tools/solutions side and on the fiduciary training side for advisers. Broker/dealers, wirehouses and large RIAs are increasingly interested in this type of oversight support for their retirement businesses.”

Liberatore says Broadridge sees the RIA marketplace as being naturally complementary to the firm’s mutual fund trading intelligence business.

“We’ve always had a strategy to be close to the advisers that are heavily focused in the retirement market, and this acquisition will certainly help us connect even more deeply with those advisers and provide better solutions to them,” he says. “On the analytics side, we’ve been working with asset managers to help them gain transparency into the retirement plan ecosystem. We think the combined team will drive new product offerings across trading and custody and on the data analytics side. That’s one of the reasons we decided it was not enough to just partner with Fi360. An acquisition could mean one plus one equals more than two, in this case.”

Considering how the fiduciary services marketplace has evolved in the last decade, Mueller says the future looks bright.

“We see continued evolution towards fee-based fiduciary advisory services,” Mueller says. “Frankly, this is not so much a regulatory-driven event. It’s more of a market-driven event at this point. When I think about our clients and their challenges, it’s been an evolving discussion from being the broker of record to becoming a 3(21) fiduciary and now a 3(38) fiduciary. There has been a progression along this fiduciary scale and we’re continuing to move towards a higher fiduciary bar—in terms of more oversight and just a higher level of professionalism in general. This is great for the industry, and we are eager to support this trend by providing the tools, platform and data to make the job of being a fiduciary easier.”

Liberatore echoes that idea, noting the ongoing shift to fee-based advice and imminent regulatory changes, including the SEC’s Regulation Best Interest, are increasing the scrutiny on firms to ensure that they are demonstrating prudent advisory practices.

“Our goal is to help firms stay ahead of this evolving regulatory landscape,” he concludes. “Integrating Fi360’s solutions set with Broadridge’s leading wealth and retirement solutions will enable better support for clients as they build and maintain responsible fiduciary practices.”

«