Practice Management
When was the last time you checked on your 401(k) account(s)?
And yes, I say account(s) because there’s evidence that many of us are leaving our old 401(k)s “behind.” TIAA has estimated that 30% of employees—tens of millions of Americans—left a retirement account at their previous employer, including 43% of Gen Xers and 35% of Gen Yers.
The truth is, it’s gotten easy to “leave” it—easier even than cashing it out, certainly if your balance is larger than $5,000. Cashing it out takes forms, after all, involves withholding, eventually taxes and penalties. As for rollovers—well, don’t even get me started. As a consequence, a growing number of workers have multiple 401(k)s strung out behind them (including your humble correspondent, who at this writing, has three in addition to my current one[1]).
There are pitfalls aplenty to this “practice”: balances unattended can be buffeted in undesirable ways by markets (particularly these markets), accounts neglected can be considered abandoned and eventually escheated to state authorities, and they can simply be “forgotten” by workers in the press of every day life, leaving money “on the table,” so to speak. Or more critically, on someone else’s table.
There is, of course, another hazard to this practice, though it can happen even if you have all of your retirement savings in a single account: the vulnerability to attack by individuals accessing those unattended accounts. The latter was highlighted by litigation filed in April by a retired participant who left her retirement savings in the 401(k) of the Abbott Corporate Benefits Stock Retirement Plan. Heide Bartnett sued her former employer and the plan recordkeeper for failing to secure her account from the intrusion (some $245,000 worth), though both have recently rebutted those claims.[2]
Indeed, there were all manner of security protocols[3] in place designed to prevent this kind of thing—though a key element was communication with the participant through her email account, an account to which the thief had already obtained access. Ditto her Social Security number and date of birth. And this including a security protocol which included a block on wiring money to a new bank account less than seven days after it had been established by the user (the thief was apparently either aware of, or told of those restrictions). And all this during a period where Bartnett’s husband had actually been in the account, noted the password had been changed, and reset it, but didn’t notice the banking account change. Indeed, more than a little unsettling was that ex-participant Bartnett actually seemed more in touch with that account than many seem to be.
Now, if an identity thief could make off with a quarter of a million dollars from an account that was actually and actively being accessed during the period of the “hack,” how much more vulnerable is that 401(k) account you haven’t had the time to access in a month—or two… much less a year or more?
It’s said that “out of sight is out of mind”—and for any number of reasons, you may have been putting off checking out your 401(k) account(s). But if you’ve been out of “site” for awhile—it might be a good idea to do so now—and regularly—to verify beneficiaries, make sure your contact information is current, reconsider your contribution levels, perhaps even rebalance your account(s)…
And when you do, by all means, change your password.
Footnotes
[1] I consider them “market research” into the practices of different recordkeepers…
[2] Her former employer basically saying they didn’t have any direct involvement with the transaction, which was processed through the recordkeeper’s call center, the recordkeeper (Alight) arguing that it wasn’t an ERISA fiduciary, and merely acted in accordance with the directions it was provided (albeit by the thief, pretending to be Bartnett, facilitated by information he/she had obtained outside that process).
[3] The one odd element was that the confirmation of the wire transfer was done via traditional “snail” mail rather than email, when the latter had been the primary means of communication up to that point. On the other hand, since the email had been hacked…
- Log in to post comments