Cyber Attacks Impact 401k Plan Accounts

Cyber Attacks Impact 401k Plan Accounts

Cyber attacks in 401k plans are on the rise. A contributing factor to the vulnerability of 401k plan assets is the fragmented nature of the ownership and oversight of retirement plan assets.   With a Recordkeeper, plan sponsor in-house fiduciaries, a custodian, money-managers and third-party administrators all servicing and plan in different ways – there can easily be a breakdown when it comes to changing an account mailing address or where to wire account balances.   The retirement plan industry is replete with transaction-based service providers who want to get the current and next transaction completed and “off their desk” or “off their computer screen” as quickly as possible – and sometimes, too quickly.   At the conclusion of a Plan Sponsor University (TPSU) Fiduciary Education Program held at a Georgia State University in Alpharetta, Georgia, TPSU Founder, and CEO, Fred Barstein spoke with David Griffin, Adjunct Lecturer of The Plan Sponsor University.  David works with plan sponsors and plan participants to oversees clients’ 403b and 401k retirement plan processes and outcomes.  David speaks with Fred when discussing the need for a vigilant effort of monitoring plans and plan assets to eliminate the many possibilities where a cyber attack could occur.  Learn how you can better protect your plan assets during as they discuss, cyber attacks, data security, indemnification, insurance coverages, risk management, and guarantees.

Full Transcript Here

Fred:
Fred Barstein with 40lk TV. I just completed a TPSU program in Alpharetta, at Georgia State University. We are here with our esteemed adjunct lecturer David Griffin. Welcome, David.

David:
Thank you, Fred.

Fred:
David’s group is one of the top DC advisory groups in the country. In fact their firm just won Planned Sponsor Small Team Advisor of the Year 2019. I was actually at the award dinner. Congratulations on that.

David:
Thank you, sir.

Fred:
He’s been in the industry for 20 years, very passionate about it. One of the things that we talked about today and you brought up in your presentation is cyber security. Why did you bring that up as a topic?

David:
You know, Fred, it was very interesting to me that I heard through one of the top record keepers in the country that when they surveyed their plan sponsors last year that selected them as a record keeper, that the number one reason they chose this particular record keeper was for cyber security protection. It led me to believe just how at top of mind this particular subject is for plan sponsors and it was something that we wanted to make sure that our team was educated on and that we were very aware of the risks out there and also how to advise our plan sponsors how to mitigate those risks.

Fred:
So you instantly became a cyber security expert, right?

David:
Well, I wouldn’t say that. I think my team would very much agree with the fact that I’m not a technology expert, but we had a couple of seminars with clients where we had the cyber security lead from two of the major record keepers come and speak clients of ours and those were very well received. What I learned through that process was the unbelievable amount of investment that the record keepers are having to take each year just to be competitive in our space because the challenge in the 401k world is this is so called “soft money” in the eyes in the criminals. These are large-

Fred:
Easy money?

David:
Easy money. Large pools of assets that no one is watching very closely. For that reason it’s attracted a lot of attention and we have personally seen clients of ours have issues as far as fraudulent requests for loans and distributions. We’ve had to get involved and see exactly what causes this, how we can create some safeguards around it and certainly want to advise our clients if they are making a change of record keeper or TPA or investment firm, that there’s proper safeguards in place.

Fred:
What would be one or two key pieces of advice on cyber security that you’re giving to your clients then?

David:
As RFPs are issued now we’re seeing more and more plan sponsors ask some questions about cyber security. One of the things that I would encourage our clients to do is ask providers if they have a guarantee or advisors should be finding out if there’s a guarantee in place.

Fred:
Like insurance almost.

David:
Almost. If there’s a breach, who pays for it? When we had a situation with a client where there was a potential breach we had legal involved and we had that particular provider draft a letter saying, “If there’s anything that stems from this you’re completely help harmless.”

David:
I would ask for service guarantees. I would ask for a SOC 1 and SOC 2 report, which are two very industry specific reports that are important in the 401k space and I would make sure that they’ve got adequate investment in the cyber security space.

Fred:
Your record keeper has that and then maybe your advisor, too.

David:
And potentially your advisor.

Fred:
And TPA.

David:
And your TPA.

Fred:
It never ends.

David:
And your payroll provider. It never ends.

Fred:
It never ends. Well, great. Well, thanks for your time and thanks for participating in TPSU.

David:
My pleasure. Great to see you, Fred.

Fred:
Very good. And thank you for watching 401k TV. Stay tuned.

FOLLOW US:

Thank you for visiting our site!

TRAU, Inc. and its affiliates TPSU and 401kTV do not provide investment, legal, tax or accounting advice. 401kTV readers and viewers should consult their legal and tax advisors for guidance. All materials, including but not limited to articles, directories, photos, videos, graphics etc., on this website are the sole property of TRAU, Inc. and are intended for educational purposes only. We do encourage your sharing 401kTV content with Plan Sponsors; however, unauthorized use of any and all materials is prohibited/restricted.

Permission to use any of the materials, etc. on any of this site or affiliate websites may be requested in writing at [email protected] and may be granted in writing on a case by case basis. Use of all editorial content without permission is strictly prohibited.

Scroll to Top