Skip to main content

You are here


Fraud Scheme Targeting 401(k) Accounts Uncovered

A scheme targeting individual 401(k) accounts, potentially at multiple recordkeepers, has resulted in a lawsuit by the U.S. Attorney’s office in Colorado to recover as much as $2 million in losses.

The lawsuit, U.S. v. $81,963.74 in U.S. Currency (D. Colo., No. 1:17-cv-02894-PAB), filed Dec. 4 in federal court in Colorado, seeks to seize up to $342,335 in assets from five individuals who deposited funds from the alleged scheme in multiple banks, including JP Morgan Chase Bank, Bank of America, PNC Bank and Wells Fargo.

According to the suit, the FBI’s Denver Division was contacted by in November 2016 by Great-West Financial’s VP of Internal Audit regarding allegations of fraudulent transfers from clients’ 401(k) accounts from JP Morgan. At that time, Great-West Financial had 20 participants affected and a loss of at least $1 million with a potential loss in excess of $2 million, according to the suit.

Basically, according to Great-West, plan participants established an account online. Thereafter, the Great-West call center assists as needed when contacted by a plan participant, utilizing a four-part authentication process using biographical identifiers for the plan participant. The plan participant is provided a distribution form via either email or mail. Once a plan participant has access to an account, information could be changed or updated and disbursements requested. According to the suit, Great-West observed that unauthorized individual(s) had been fraudulently using this process to obtain access to funds held in retirement accounts for which Great-West was the recordkeeper, causing funds to be transferred from those retirement accounts to other bank accounts without the knowledge or consent of the actual participant.

While it has yet to be determined why specific accounts were targeted, requests for withdrawals were received and the requestor was able to provide the plan participants’ biographical data, i.e., name, Social Security numbers, date of birth and employment data. Since the requests were authenticated with the plan participants’ identifiers, the perpetrator was able to make changes to the accounts and facilitate the withdrawals.

According to BloombergBNA, Stephen Gawlik, Great-West’s Director of Public Relations, said that the information used to access the accounts didn’t come from a breach of the recordkeeper’s systems. Additionally, Gawlik noted that the 401(k) account holders affected by the scheme didn’t incur any financial loss in the end, as they were made whole by Great-West.

The FBI says that some of the initial recipients of the funds fraudulently transferred from Great-West also received funds from other institutions or sources identified as fraudulent.

These additional entities advised of being recently targeted by similar financial fraud schemes as the one affecting Great-West included Voya Financial and Nationwide, according to the lawsuit.