A plan sponsor, sued for a 401(k) account theft, is off the hook for now—but not the recordkeeper.
The suit was filed on behalf of Heide Bartnett, 59, a retired former employee of Abbott Laboratories, who had left her savings in the Abbott Corporate Benefits Stock Retirement Plan. Filed against the fiduciaries of the Abbott Labs retirement plan, and Alight Solutions, LLC, the recordkeeper for the plan, the suit alleges that the defendants “failed to enforce a security question routine set up for security purposes on the Defendants’ website”… and “instead simply provided a one-time code over the phone that was used to loot Ms. Bartnett’s account.” And then, “rather than communicating with Ms. Bartnett via email concerning changes to her account, as Defendants knew Ms. Bartnett preferred, they mailed notices, allowing the theft to be consummated and $245,000 to be transferred out of the country via email to an Indian IP address before Ms. Bartnett could take any steps to halt the fraud.”
The series of events involving Bartnett’s account are worth a read—suffice it to say that an individual (subsequently tied to an IP address in India) accessed her account online, and after entering invalid information, triggered the “forgot password” option, and with the code (they apparently had access to her email account) was able to access the account, had communications (yes, more than one) with service center personnel, and changed the bank account associated with that account, and transferred money from it to that other bank—without being noticed—until the confirmations of the activity were actually received—by regular postal mail (Bartnett—who no longer works at Abbott Labs—claims her established communication preference was email).
The Counts
Bartnett’s complaint contains two counts: one against the Abbott Defendants and Alight for breach of fiduciary duty under ERISA §§ 409 and 502(a)(2), 29 U.S.C. §§ 1109 and 1132(a)(2), and the other against Alight for violations of the Illinois Consumer Fraud and Deceptive Business Practice Act (ICFA).
U.S. District Judge Thomas M. Durkin of the U.S. District Court for the Northern District of Illinois quickly dispensed (Bartnett v. Abbott Laboratories et al., case number 1:20-cv-02127, in the U.S. District Court for the Northern District of Illinois) with the claims against Abbott Labs as a fiduciary, dismissing Bartnett’s “conclusory allegation” regarding Abbott Labs role with regard to plan assets as “nothing more than a ‘formulaic recitation’ of 29 U.S.C. § 1002(21).” In fact, despite the complaint’s labelling of Abbott as a functional fiduciary who failed to take acts in defense of Bartnett’s account, he wrote: “The complaint fails to allege any fiduciary acts taken by Abbott Labs, no less link them to the alleged theft. And while the complaint alleges that the call center and website were used to perpetuate the theft, it also indicates that both are operated by Alight.”
Fiduciary’s Duties
As for Marlon Sullivan, administrator and named fiduciary of the Abbott Labs plan, while Judge Durkin acknowledged that there “is no dispute that he had a fiduciary duty to Bartnett,” he found no evidence that Sullivan “misled” or acted contrary to the exclusive purpose of providing benefits to plan participants, nor that he failed to make sound investment decisions on behalf of the plan. He went on to state that, while Bartnett asserts that the duty of prudence extends to the “safeguarding of data and prevention of scams,” “Bartnett has not pointed the Court to any case law in the Seventh Circuit that states as much. Further, the cases on which Bartnett relies are inapposite.” Dismissing claims regarding Sullivan’s breach of prudence, he continues, “the complaint does not allege that Sullivan knew about the unauthorized attempts to access Bartnett’s account. Further, Bartnett’s account was frozen as soon as she told the call center about the improper withdrawal of funds.”
As for a duty to monitor, Judge Durkin notes that Bartnett’s allegation that Sullivan “fail[ed] to monitor other fiduciaries’ distribution processes, protocols, and activities” amounts to “nothing more than speculation.” Moreover, he notes that “the complaint does not allege any monitoring process between Sullivan and Alight, let alone a defect in that process,” and that while Bartnett “makes several allegations concerning Alight’s own protocols, none of those allegations speak to Sullivan or his duty to monitor Alight.” In other words, he found no credible case for the notion that Sullivan breached a fiduciary duty to monitor.
Judge Durkin made even shorter work of alternate claims against the plan, and Abbott Corporate Benefits (which, he pointed out, was neither a legal entity, nor the actual plan sponsor—that, according to the Form 5500, was Abbott Labs).
On the other hand, Judge Durkin left the door open, noting that “Bartnett may file a motion for leave to file an amended complaint if she believes she can cure the deficiencies in the allegations against the Abbott Defendants described in this opinion. That motion must be filed within 21 days or dismissal of the claims against the Abbott Defendants will be with prejudice.”
Alight Allegations
On the other hand, “the complaint alleges far more than legal conclusions concerning Alight,” Durkin wrote. “The complaint catalogues the repeated actions taken by Alight related to the Retirement Plan and its assets, including, most importantly, the disbursement of $245,000 in plan assets.”
As is common in lawsuits against recordkeepers, Alight argued that it only performed “ministerial functions,” and that it was therefore not a fiduciary, and that the claims against it should be dismissed. However, Durkin commented, “Unlike the sparse allegations concerning the Abbott Defendants,” he continued, “there are sufficient allegations on the face of the complaint to infer that Alight acted as a fiduciary by exercising discretionary control or authority over the plan’s assets. And even though Alight argues that its actions were purely ministerial, Bartnett’s complaint challenges that assertion.”
As regards the legal standard for dismissal, “Since competing factual allegations and any reasonable inferences drawn from them must be resolved in favor of the nonmoving party at the pleading stage, Alight’s factual assertions do not provide a proper basis to dismiss Bartnett’s claim,” Durkin concluded.
ERISA Preemption
Alight had also argued that ERISA preempted the IFCA state law claim. Judge Durkin disagreed. “The ICFA claim does not require the Court to interpret the terms of the Retirement Plan,” he wrote. “Indeed, the claim is premised on the allegations that Alight misrepresented the quality of its services and engaged in an unfair business practice, which have little to no bearing on the plan itself. And while the ICFA claim involves an ERISA plan, the claim arises in the context of that plan.”
Judge Durkin goes on to point out that “the complaint specifically alleges that Alight made representations online about the quality of its services and that those representations were misleading because Alight failed to protect her retirement money. It also alleges that Alight engaged in an unfair business practice because it failed to implement proper security procedures online and over the phone, which led to the improper withdrawal of her funds,” he noted. “The claim therefore seeks recovery for activities that occurred outside the terms of the plan. Accordingly, the ICFA claim is not preempted by ERISA.”
And while he did conclude that Bartnett’s assertions that the website service claims were deceptive weren’t valid (and dismissed them), he concluded that “Bartnett has sufficiently stated a claim for unfair business practice under ICFA” with allegations that “Alight failed to protect Bartnett’s personal information and properly notify her of important changes to her account.” The allegations that “Alight’s failures allowed the scammer to steal hundreds of thousands of dollars in retirement funds,” and that “proper security measures would have prevented the theft” were “…sufficient to state an ICFA claim for unfair business practices.”
The plaintiff in this case is represented by Todd A. Rowden, James L. Oakley, Jeramee T. Gwozdz and Donnell J. Bell of Taft Stettinius & Hollister LLP.
Stay tuned. This is only just beginning.
What This Means
In considering a motion to dismiss a suit, the courts must accept “all well-pleaded facts as true and draws all reasonable inferences in favor of the non-moving party.” On the other hand, it is expected that the plaintiff “pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.”
We still really only have one side of events, and easy as it seems with that version to see plenty of room for improvement in the process, it’s worth remembering that it is only one side. However, it seems a good opportunity for recordkeepers—and those that rely on them—to say, “could something like this happen here?” And, if so—to take steps to prevent it.
- Log in to post comments