I recently spoke to CPAs gathered for their annual, national Employee Benefits Conference, and I provide a summary of my Fraud and Embezzlement talk here below.

Fraud and embezzlement occur more routinely in the world of 401(k) (and other employee benefit) plans than any would like to believe.

It’s hardly accidental that the Department of Labor and the IRS remain keenly interested in the incidence of fraud and embezzlement in 401(k) plans. Their level of scrutiny will not decrease, and our clients’ fiduciary obligations and vigilance practices will continue to require oversight by ERISA professionals.  

Do not underestimate the creativity of insiders who have no compunction about helping themselves to money others have saved and invested. Employers/clients (and their ERISA advisers) should educate and train themselve as to nature of embezzlement and fraud, as well as the modes of commission (means, opportunity, and motive for embezzlement and fraud), particularly where a plan’s internal controls and organizational framework may be less than optimal.

Financial Firewall: The Current Approach to 401(k) Plan Embezzlement

“Embezzlement,” relative to 401(k) plans, covers transactions that ERISA and the Tax Code absolutely prohibit (and thus the defined term "prohibited transaction").  Such prohibited transactions involve improper transfers of funds and receipt of compensation.  Embezzlement offends Title 18 U.S.C. §664 and is, therefore, a criminal act, sanctionable by fine, imprisonment for up to five years, or both.

In cases of embezzlement, a plan sponsor must –- in addition to meeting other reporting obligations under the U.S. Code -–  file Form 1099 with the IRS for each year in which the guilty party embezzled. The form must show the “non-employee compensation” that the guilty employee stole. These funds are actually taxable in the hands of the embezzler, notwithstanding that he or she acquired the funds through criminal acts. Moreover, the employee cannot escape the tax liability by making restitution because the liability arises upon the employee's wrongful acquisition of the funds. 

Obviously, it’s preferable to act pre-emptively to detect wrongful activity from its outset, and we have a duty to advise our clients to act with due diligence (and more) in adopting controls that minimize opportunities for malfeasance. 

These controls should include regular large-plan style audits, even where no statutory audit obligation is triggered. As I’ve discussed in another post on the benefits of regular 401(k) audits, employers/clients gain value from the audit process by using it to assist with fraud detection. 

Getting Our Money Back: The Scope of the Problem

The Employee Benefits Security Administration (EBSA) of the DOL is charged with enforcing ERISA. In a published Fact Sheet, EBSA has stated that in 2018, it recovered approximately $1.6 billion dollars owed to 401(k) and other forms of employee benefit plans through civil litigation, criminal proceedings, and voluntary initiative programs.

While the recovered sum looks impressive, it will be of small comfort to clients who must cope with the potentially devastating impact when their plans fall prey to embezzlers and to those who defraud.

The Fact Sheet information also fails to reveal just how creative these criminals can be. 

Indeed, it is incumbent on employers/clients (and their auditors) to ask:


"How would I steal from the 401(k) plan? "

The hypothetical question might yield some real answers re: how fraud and embezzlement could occur with respect to employee benefit plan assets.  Thus, the crime might become easier to spot, with some candid answers to guide the vetting.

Consider our employers/clients who had to confront real crimes like these:  a comptroller paying off 401(k) loans not with her own money, but rather the employer’s bank account; a payroll processor cashing out others' 403(b) accounts and sending to an address that the payroll processor himself sets up; a TPA running off with money set aside for employee health insurance (with that TPA handing money for many companies and many employees); a TPA and record keeper overstating profit sharing contributions owed to employees, but keeping the delta for itself. 

Whistleblower: How to Report 401(k) Embezzlement

Plan managers and sponsors have fiduciary obligations of honesty and transparency in their administration of plan funds and in the material veracity and accuracy of plan-related statements they make. They also have obligations to oversee plan management to ensure that a plan’s financial house remains in good order. ERISA recognizes these obligations and enables plan members to seek compensation for losses arising from fiduciary breaches.

There’s an established mechanism for reporting suspected fraud, including (but not limited to) embezzlement from employee 401(k) accounts.  

An ERISA plan fiduciary (typically, an employee of the plan sponsor) who suspects that fraud or embezzlement may have occurred within a 401(k) plan may file an “Information Referral”(Form 3949-A) with the IRS.  The employee could also call IRS Criminal Investigation Hotline at 1-800-829-1040. 

The employee has additional options for reporting suspected embezzlement, including contacting EBSA at the DOL. When EBSA receives reports of suspicious activity, the Office of the Solicitor at the DOL coordinates with the office of the U.S. District Attorney and any police or detective involvement. The employee should also report internally, though there is case law to suggest that an employee who reports suspicious activity only internally to the employer (without reporting to the IRS or EBSA) may not receive whistleblower protection.

Note that an employer who hopes to get its legal and accounting fees (or any recovery of money) by way of its EPLI, Directors and Officers Coverage, Fiduciary Insurance, or ERISA Fidelity Bond should consult those policies to determine timing and notification procedures to insurance carriers.

The Hits Just Keep on Coming: Accountability, Professional Responsibility, and Constant Vigilance

The incidence of fraud and embezzlement within 401(k) plans will not likely diminish in the immediate future. Our commitment to vigilance as professionals, advisors, managers, plan sponsors, ERISA fiduciaries, or even as employee/plan participants must, therefore, remain unwavering:

 Accountability: All interested parties, including the member employees, must understand the lines of accountability and transparency that enable a plan to function optimally. The maintenance of a plan’s health is not a “set it and forget it” proposition. It depends on all parties taking ownership of their rights and responsibilities to drive optimal plan growth and stability.

 Professional Responsibility: Sponsors, managers, administrative staff, and others who play roles in plan management must execute on their professional and fiduciary responsibilities and must undertake to keep themselves informed as to plan status, control functions, and reporting procedures.

●  Constant Vigilance: The hits really will keep on coming – the financial hits, in the form of attempts at fraudulent conduct and embezzlement. There can be no decrease in our vigilance on behalf of our own clients, or in the vigilance of plan sponsors and others charged with strict oversight and reporting obligations.

When embezzlement or other criminal conduct impacts a plan, all the interested parties suffer, but none more so than the employees who are relying on the plan’s security and integrity as the means of safeguarding their financial futures.