Identity Protection: Using Video
To protect retirement accounts from fraudulent withdrawals, at least one service provider, BPAS, is implementing the use of live video to validate participant identity on some transactions. How might stepped up cybersecurity techniques benefit your plan participants—and lead to industry-wide change?
Fraud Reduction In Real-Time?
Throughout 2021, regulators and experts have advised plan sponsors to step up the cybersecurity of retirement plans. Importantly, the U.S. Department of Labor (DOL) has provided detailed guidance to plan sponsors, urging timely implementation. To help plan sponsors “defeat retirement account fraud,” SPARK has provided specific action steps. Importantly, one such action is the use of multiple authentications. The rollout of the new video tool by BPAS offers one approach to increase the certainty that retirement transactions are indeed being conducted by participants themselves—not criminals. As Plan Sponsor reports:
Under BPAStify, a participant requesting certain assistance through the BPAS participant service center or other means may be required to go through additional scrutiny using a live video identity verification process via smartphone, tablet or computer. When complete, the recording will be shared with the client’s human resources (HR) team, which will verify that the caller is truly the employee in question and provide approval to BPAS.
BPAS says the tool not only helps with authentication and employer review but, in the event of a fraud attempt, the recording itself could be used by law enforcement to identify and prosecute fraudsters. Considering the dollars at stake, BPAS makes this clear on the recorded calls.
“When we decide to invoke BPAStify, we notify the caller that the account has been flagged for additional scrutiny,” says Joe Buczek, manager of the BPAS participant service center. “The caller’s reaction tells you something right away. When you’re dealing with the real participant, there is almost always an immediate willingness to cooperate; they appreciate the added vigilance to protect their account. In cases where there is a refusal to cooperate or some technological reason why the caller can’t participate, it’s a big red flag. We freeze the account and initiate additional security measures to protect the plan assets.”
What Are Your Service Providers Doing?
As a retirement plan fiduciary, it’s your duty to ask all of your service providers about their cybersecurity protocols and protections—and document your findings. Although you can delegate your responsibilities to service providers, your fiduciary obligation to provide the highest duty of care remains—and this applies to cybersecurity. As Rosenbaum Law reminds us:
As a 401(k) plan sponsor, you have a fiduciary duty to secure and keep confidential the personally identifiable information of plan participants, as well as their retirement assets. Although you delegate cybersecurity responsibility to your TPA, you have a fiduciary duty to make sure that your TPA has some sort of cybersecurity program/protocol. You also need to make sure that your TPA has any insurance policies that would cover losses caused by cybersecurity and identify theft breaches (including breaches caused by internal threats, such as misconduct by the TPA’s own employees or contractors, and breaches caused by external threats, such as a third-party hijacking a plan participant’s account). You may be liable if a participant shows that you failed to maintain a prudent process to safeguard plan assets and plan data.
Any individual involved in the management of a retirement plan of any size can face personal exposure for breach of fiduciary responsibilities—including those associated with cybersecurity. As attorneys point out, even if you are not liable, you can be sued—and defending yourself can cost you your life savings. Protect yourself: at Colonial Surety, plan sponsors affordably obtain fiduciary liability insurance and cyber liability coverage along with the required ERISA bond. Fiduciary liability coverage gives you peace of mind that your personal assets are protected from a breach of responsibility in the administration or handling of an employee benefit plan, such as a retirement plan. Colonial’s annual premium is less than what you would pay for one hour with an expert ERISA lawyer: Secure Fiduciary Liability Insurance Now.
Colonial’s multi-year packages provide the greatest value and convenience, and include:
- The required ERISA bond which protects the assets of the retirement plan from theft;
- Fiduciary Liability coverage to protect you and your assets from personal liability; and,
- Cyber Liability coverage to safeguard your company and plan from covered losses and expenses in the event of a cyber breach.
Colonial Surety Company is rated “A Excellent” by A.M. Best Company, U.S. Treasury listed and in business all across the country. Serving customers since 1930, Colonial Surety is the trusted source for the pension industry to secure legally required ERISA bonds, fiduciary liability insurance and cyber-liability insurance. We help safeguard plan sponsors– and keep their businesses compliant — with pain-free, efficient, and friendly service every time.