Wells Fargo 401K Plans Robbed -- Thousands $ Missing
According to a Minnesota TV station, a Wells Fargo 401(k) plan
operations manager has been accused of robbing 401k plan
The 401k Operations Manager, who oversaw the 401k daily fund
operations, allegedly disbursed money from dormant 401k
accounts to fictitious names he created. He then had the checks
sent to his own office and deposited the funds into his own
HOW THE 401K ACCOUNTS WERE ROBBED
Point-by-point, this retirement operations manager eluded what
should have been Well’s Fargo’s own financial and procedural
• Requested name changes on dormant 401k accounts,
• Provided false Social Security numbers for the fake names,
• Requested the disbursements from the accounts, and finally
• Reset the account information back to the original owners.
Where were the procedural controls? At each step in this
alleged theft, there should have been procedural controls to
prevent someone from taking these actions without either an
independent review and / or supervisory authorization.
A lack of independent review or supervisory oversight was only
half the problem. The other half was bundling the record
keeping and the assets under the same organization.
When a 401k plan’s administration and assets are at the same
organization, the risk of insiders bypassing their own
procedural controls is always present.
“Five Actions You Must Take Now to Protect Your Plan’s Assets.”
You put your 401k funds into the hands of those who seem trust
worthy. Whether it is greed or some other need that results in
the abandonment of their obligations and responsibilities to
you, you need to protect yourself and your plan’s assets.
Here is what you need to do now--
Check with your plan administrator or record keeper to
determine whether they are also holding your assets. You may
find that your record keeping is being done by one subsidiary
and your assets are being held by another subsidiary or
division of the same company.
Request a “SAS -70” or “SysTrust” audit of the system,
procedural and financial controls on your 401k assets.
A SAS 70 audit is designed to provide information and assurance
to clients and their auditors regarding the organization’s
procedural and financial controls. The auditor renders an
opinion on whether the controls were suitably designed, placed
in operation, and operating effectively. The SAS 70 auditor’s
report includes the independent auditor's opinion, a
description of the service organization's controls, and the
results of the service auditor's procedures.
A SysTrust audit is designed to increase the comfort of
management, customers, and business partners with systems that
support a business or particular activity. In a SysTrust audit,
the auditor evaluates and tests whether or not a specific system
is reliable when measured against three essential principles:
availability, security, and integrity.
Require that all Plan information changes be authorized by a
Plan Representative or Trustee.
Have a standardized form that can be completed by the 401k
record keeper. The data changes must then be approved by a plan
representative. Often you will find that the plan representative
is the one supplying both the data and the approval. Be sure to
get a quarterly report of all information changes and the
reasons for the changes.
Require that all plan participant disbursements be first
approved and authorized by a plan representative.
All plans have standard distribution forms that need to be
completed and approved prior to a disbursement. Make sure that
these forms are being completed. Have your record keeper
complete a form even if it is for an automatic rollover
participant, one of those whose balance is between $1,000 and
$5,000 and is being moved to an IRA. Just like the information
changes, an accounting of all disbursements from the plan
should be provided to you on a quarterly basis.
Transfer your plan to an organization that can meet your
financial and procedural control requirements.
In the review of your plan’s record keeper, you may find many
of the necessary controls and procedures lacking or non
existent. If your record keeper can not provide the types of
procedures and controls that will let you sleep at night, then
it is time for a change.
By implementing the five actions now you will have one less
furrowed brow. If however, you can’t implement these actions
now, you will be lying awake nights with one eye open for your
About The Author: Get a complementary copy of a SAS 70 report-
Email Lawrence Groves at email@example.com
www.solo-k.com or www.womensolok.com
Please use the HTML version of this article at: