Benefit plan fraud: Yes, it can happen to your business

Business owners and managers often think fraud can’t happen to them because of their sharp eye and focus on detail.

But a fraudster is likely to look for one of the least scrutinized aspects of an entity’s financial reporting in hopes that their fraudulent acts will go unnoticed. One place that might get overlooked by entities is their employee benefit plans. There are common risk factors and warning signs that, if detected, could alert management to potential fraud, and there are certain controls management can implement to mitigate the chances of fraud being committed.

Fraud risk factors

When evaluating the potential for benefit plan fraud in your business, there are three fraud risk factors to consider: incentives and pressures, opportunities, and attitudes and rationalizations. A business owner should evaluate all employees for these risk factors — especially those who have access to payroll information and benefit plan administration.

Incentives and pressures

  • personal financial difficulties affecting employees responsible for performing plan transactions;
  • tension between plan management and those performing plan transactions;
  • potential changes to employer work force, such as layoffs;
  • feelings of being improperly compensated or drastic changes in employee portion of benefit costs;
  • lack of communication between employer and employees regarding promotions or compensation.


  • poor organizational controls inside custodians and third-party administrators;
  • lack of internal controls surrounding initiation and review of plan transactions;
  • no oversight by those charged with governance regarding investment transactions;
  • reconciliation of assets in an untimely manner;
  • no controls surrounding the vetting of parties in interest and related parties;
  • inadequate information technology access controls.

Attitudes and rationalizations

  • disregard shown for the need to reduce or monitor risks;
  • consistently overriding existing controls;
  • not correcting known deficiencies in internal controls;
  • open dislike or disrespect for employer;
  • giving the appearance of living beyond one’s means.

Several employees may have at least one risk factor. For example, if your plan does not have strong internal controls or lacks proper segregation of duties, then the opportunity risk is inherent. The opportunity risk alone may not raise suspicion, but couple opportunity risk with one or more of the other risk factors (incentives/pressures or attitudes/rationalizations), and the potential for fraud increases.

Warning signs of fraud

Understanding fraud risk factors can alert you to the potential for fraud in your plan. Knowing specific warning signs will help you discover fraud that has taken place. Certain triggers, if they occur, should raise red flags to point you in the direction of fraud, including, but not limited to:

  • late or inaccurate participant statements;
  • participants receiving statements with inaccurate account balances;
  • appearance of irregular investments that are not offered by the plan;
  • patterns in investment income that do not correlate to what is seen in the market;
  • lack of access for participants requesting distributions and variances in amounts requested;
  • significant variances when comparing third-party statements to internal payroll reports;
  • irregular transactions noted when supervisory review is performed by plan management;
  • large or unusual plan expenses with unauthorized service providers.

What fraud looks like

Fraud can occur in all types of employee benefit plans transactions, so it is important to have segregation of duties surrounding all transactions.

These are real-life examples of benefit plan frauds segregated by the type of transaction:


  • An HR manager requested distributions for terminated employees who had been separated from the company for two or more years. The HR manager then had the funds diverted and was successful three times, stealing a total of more than $10,000.
  • A pensioner’s benefit checks were fraudulently endorsed and cashed by a relative (after the custodian received no response to attempted contact with the pensioner).
  • A bank custodian employee skimmed money from distributions. The employee was able to cover the shortfall by having the ability to respond to client questions and transfer amounts between client accounts.
  • A payroll supervisor requested distribution checks for former employees who had been laid off and requested the checks be sent to her to distribute with the final payroll checks to the employees. The payroll supervisor then deposited these funds into her personal account. The $250,000 she stole was restored to the plan (paid by the employer).


  • A plan sponsor intentionally did not allocate plan expenses to highly compensated participants on the allocation schedule.
  • A plan administrator used forfeitures to pay personal credit card balances.
  • A plan paid for record-keeping services, and the custodian also paid for the recordkeeping services as an indirect payment. No disclosure was made by the custodian who saw both payments being made. The trustee sued both the recordkeeper and the custodian.

Participant loans

  • An HR employee figured out how to process loans against participants’ accounts. To cover it up, she manually prepared annual participant statements to hide the loans. The plan used a small TPA that sent the participant statements to the sponsor for mailing.
  • A secretary in the plan sponsor’s payroll department was able to convince the outside payroll service that she was allowed to suspend her 401(k) loan payments. The payroll service did not confirm with the employer. Unknown to her employer and the plan administrator, this fraud was discovered during the annual audit.
  • A company president borrowed $13 million from the plan to finance his new home. Although the interest rate for this loan was near the market rate, the transaction was prohibited under ERISA.


  • A trustee of a small plan created a fictitious employee in the census data and made employer contributions. The trustee then took out loans against the balance.
  • A fictitious employee file created by an HR employee received paychecks and small employer profit sharing contributions. The fraud was discovered during the audit testing of new hire eligibility.
  • A person was offered a job but never actually started the job. The payroll coordinator at the plan sponsor entered the person as an employee into the HR system, enrolled the person in the plan and then started issuing paychecks with deductions for contributions to the plan. This fraud went on for three years until the employee running the scam requested a distribution, at which time the fraud was discovered.


  • An HR director made changes to the employer contributions that were to be allocated to the individual participants before submitting the tape to the TPA. He moved thousands of dollars belonging to other participants to his personal account. He made sure the contributions he moved to his account did not exceed the annual contribution limit.
  • A company failed to remit all employee deferrals ($350,000) for a period of time. The company was having financial difficulties and ultimately went bankrupt.
  • An HR department employee, who also assisted with payroll, diverted both payroll taxes and plan contributions into his personal account for six months and then left the country. This employee also had responsibility to reconcile payroll bank accounts.

Investments and other

  • An outside investment manager for a defined benefit plan reported investments and investment gains that did not exist. The fraud took six months to discover.
  • A bank trustee stole money from the retirement plan of a plan that was winding down. The plan sponsor was no longer in business because of business failure. There was nobody to provide oversight of the trustee.

How to avoid it

Before the fraud schemes noted above happen to your plan, what internal controls can you put into place to mitigate risk and let you sleep well at night.

Step 1: Regularly evaluate and compare both the individual account balances and the plan balances from third-party reports to what is shown on internal plan reports.

  • Do all contribution amounts shown on third-party reports agree to the internal payroll reports?
  • Do individual participant account balances match the custodian reports to the third-party administrator?
  • Do the transactions that occur in your plan during the year seem reasonable?

Step 2: Perform timely and thorough reviews of all payroll transactions.

  • Are employee-approved changes to deferral rates set up in the system in a timely manner and reflected accurately when processed?
  • Did payroll personnel properly apply the definition of compensation in accordance with the plan document when calculating deferrals? For instance, bonuses are often overlooked.
  • For individuals participating in health plans, are their elections being properly calculated, withheld, and remitted?

Step 3: Perform thorough evaluations of all benefit payments to ensure that the correct amount is remitted to the individuals and taxing authorities, as well as to ensure that forfeitures are remitted back to the plan.

  • Were the vesting percentages used to calculate distributions accurate when compared to years of service?
  • Did the service provider and plan management process the benefit payment within the confines of the plan document and as authorized by the plan participant?
  • When the employee requested the distribution, did plan management compare the noted reason with the internal human resources records to ensure that they agreed?
  • When a plan participant requested a hardship distribution, was the noted reason compared with allowable transactions noted in the plan document? Follow-up with these participants should be done to ensure that the funds were received by that individual.
  • Are distributions reviewed throughout the year? This process is extremely important, especially when the distributions are handled directly between the participants and the third-party administrator and custodian.
  • When individuals inside a health plan requested a distribution, did plan management ensure that the employees and dependents were eligible to receive those benefits?

Step 4: Evaluate all agreements with third-party service providers to ensure that the expenses being deducted from the plan are in accordance with the agreements.

  • Were there any major changes or unusual activity within the expenses of the plan?
  • Was there proper oversight by plan management regarding all payments made to parties in interest and related parties?
  • Did plan management understand the fee structure that its plan operates within? For example: Does the employer or participant pay for the expense? Is it paid based on revenue sharing or allocated equally to all participants?

Step 5: Evaluate logical access to both internal systems and third-party providers’ systems.

  • What procedures are performed by plan management when a new employee is set-up or other plan transactions are initiated in each system? If the same person who performs payroll processing also sets individuals up in the plan system, then there should be adequate review over all new entrants. Ideally, there would be two individuals assigned these tasks.
  • When a new employee is set up in the system or a change is authorized by an employee regarding payroll or plan transactions, does a supervisory level of review take place for each transaction?
  • Which employee remits payroll information to the third-party service provider? If the same person who prepares the payroll is uploading the information to the third-party service provider of the plan, then the input, once complete, should be reviewed by a separate individual who compares the upload to the payroll reports.
  • Which member of the accounting staff performs the reconciliation of the payroll bank account to compare the payroll reports with the reports from the custodian and third-party service provider? If the same individual performs both functions, ensure a secondary review is occurring. Ideally, two individuals would perform these tasks.

There are many risk factors and warning signs associated with fraud in employee benefit plans, but they can be mitigated and potentially prevented with a sound set of internal controls and oversight.

Though not all entities have the resources to ensure a properly functioning internal control structure, it is important to at least have segregation of duties surrounding access to funds, approval of all transactions, posting to the general ledger system, payroll, and review and reconciliation of statements and transactions. Also, having monthly statements sent directly to the participants from the custodian will allow for frequent independent review by the participants. This process will help to ensure that participant statements can’t be tampered with by another employee. Work with your custodian to ensure all changes to individual accounts are confirmed directly with the participants if they make changes online or via voicemail.

With extensive experience in plan administration and audit, the KraftCPAs employee benefits team can be a resource to help you strengthen your plan’s internal controls. If you’d like an independent assessment of your plan’s internal controls or help setting up policies and procedures to help reduce the risk of fraud, please contact us. We’ll be glad to assist you.

© 2018

KraftCPAs can help.

Call us at 615-242-7351 or complete the form below to connect with an advisor.

  • Should be Empty:
  • Topic Name:

Search Site

Search Team

Search Articles