By Jam Yap and Beth Garne, BDO USA, LLP
Benefits leaders spend a lot of time understanding the complex rules that govern plans, and often less time making sure controls are in place to protect against fraud. Unfortunately, thieves who understand how benefit plans operate can work undetected—sometimes for a long period of time—and cause massive disruption to organizations and plan participants.
The Department of Labor (DOL) has been hard at work to protect employee benefit plans from fraudulent transactions. Last year, the DOL restored more than $2.5 billion to plans, participants and beneficiaries, with $2 billion coming from enforcement investigations. Many of these cases could have been prevented with stronger internal controls, beginning with better segregation of duties.
Developing a thorough approach to fraud prevention may seem like a daunting challenge for benefits managers who find themselves juggling multiple responsibilities. Fortunately, these professionals can improve their ability to prevent fraud by educating themselves on common schemes as well as best practices in oversight of benefit plans.
What Does Fraud Look Like?
Staying informed on recent examples of benefit plan fraud can help benefits managers identify gaps in their control processes. As highlighted in the examples below, fraud can hit a benefit plan from a number of potential directions. For example, it can be committed by a payroll benefits manager, a company officer, or a service provider.
Examples of fraud cases affecting benefit plans from the DOL and American Institute of CPAs (AICPA) include:
- An operator of a company that provided investment advice and administrative services to pension plans was sentenced to 41 months in prison and ordered to pay $1.6 million in restitution for forging documents, writing phony checks and cheating beneficiaries of a Florida-based rehabilitation center of their defined benefit plan assets.
- The CEO and other fiduciaries of an Ohio-based industrial company were required to pay back and restore nearly $29,000 to the company 401(k) plan after federal enforcement officials found that they failed to forward employee contributions to their retirement accounts.
- A director of a plan administrator’s defined benefit plan embezzled approximately $3 million from the plan over a period of 4-6 years by paying bogus expenses, recorded as miscellaneous plan expenses, to fictitious companies he created. The scheme, which was eventually caught by the DOL, went undetected for several years because the amount taken was under the auditor’s materiality level for the $1 billion plan.
- An outside investment manager for a defined benefit plan reported investments and investment gains that did not exist. The fraud went undetected for a period of six months before being discovered.
- A payroll supervisor requested distribution checks for former employees who had been laid off and requested that the checks be sent to her to distribute through final payroll checks to the employees. The supervisor then deposited these funds in her own savings account. $250,000 was later restored to the plan.
- An employee of a defined contribution severance plan created fictitious participants in the system and cut benefit checks. The scheme was caught at the check cashing facility.
- A plan administrator used forfeitures to pay personal credit card balances.
- An HR employee figured out how to process loans against participants’ accounts and manually prepared annual participant statements to hide the loans. The plan used a small service organization that sent the participant statements to the sponsor for mailing. Proper controls weren’t in place to ensure the statements were private and to approve the loans.
- An individual was offered a position but never actually started the job. The plan sponsor entered the individual as an employee in the HR system, enrolled the person in the benefit plan, and then started issuing paychecks with deductions for contributions to the plan. This scheme went on for three years and was eventually uncovered when the employee running the scam requested a distribution.
Spotting these crimes might seem easy in retrospect, but how can you improve your chances of discovering fraud that is occurring right under your nose? Some potential warning signs include:
- Participants reporting inaccuracies or anomalies, such as late plan statements and errors in account balances, contribution amounts or distribution check
- Changes in the investment lineup without proper notification
- Late transfers to participant account
- One-time transactions or unusual payments to vendors
- Unusual, lavish lifestyle or sudden changes in behavior of a plan administrator
Improving Internal Controls and Segregating Duties
Your internal controls should be customized to fit your organization’s benefits lineup. Internal controls can be simplified so they become a regularly scheduled part of managing benefits offerings. Some examples of internal controls best practices include regularly monitoring outside service providers, reconciling recordkeeping and custodial records, periodically reviewing distribution reports and matching up third-party reports with payroll records. The goal of internal controls should be to help prevent mistakes, reduce the risk of fraud and reassure plan sponsors that benefits are compliant with the law.
Segregation of duties is paramount in helping to prevent fraud and detect it once it occurs. Employees who have access to both plan assets and records already have opportunity to commit fraud; now they just need the incentive and a way to rationalize their behavior. At a minimum, custody of assets and related authorizations should be separated from recording functions. It is important to review the oversight and executional roles involved in administering your benefit plan and ensure that your plan has separated duties appropriately.
Benefits leaders should also encourage plan participants to help prevent fraud. Providing participants with examples of fraud patterns, encouraging strong passwords, discouraging users from sharing information (even with loved ones) and creating a process to report potential fraud can help bring awareness to this growing problem. Studies have shown that fraudulent activity is most often reported by someone internally; a fraud hotline or similar whistleblowing channel is a powerful tool in limiting potential fraud.
Insight: Revisit Internal Controls and Review Procedures
It is human to think bad things won’t happen in our lives. Unfortunately, this is an unrealistic and dangerous assumption when it comes to managing benefit plans.
Some plan sponsors may believe that their annual plan audit should catch any fraud that occurs in their benefit plans. While audits can sometimes be helpful in identifying irregularities, they aren’t specifically designed to detect fraud. An audit performed in accordance with auditing standards generally accepted in the United States doesn’t provide absolute assurance or any guarantee of the accuracy of the financial statements; as such, an audit is subject to inherent risk that fraud, if it exists, may not be detected. Many fraud schemes are designed to avoid detection by operating at dollar amounts that are less than the audit’s level of materiality. It is the responsibility of plan management to implement internal controls that ensure oversight of the many types of transactions that happen within their plans on a regular basis.
Contact our audit and assurance experts to get further information about how to reduce the risk of fraud in benefit plans.