A few weeks ago FiduciaryNews.com published an exclusive interview with Assistant Secretary Phyllis Borzi. In that article, Borzi expressed concern about the potential for fraud and abuse in Multiple Employer Plans (MEPs). This set off a major debate among those in the know. Was Borzi suggesting MEPs are more susceptible to fraud and abuse than the typical 401(k) plan? Or was it just an innocent caveat emptor argument that could be applied to almost any possible transaction? Talking heads weighed in with their interpretations and comments (see "Industry Thought-Leaders: 401(k) MEPs as Safe as Any Other 401(k) Plan," FiduciaryNews.com, Oct. 8, 2013). 

Although that particular discussion focused on MEP plans, it revealed something about preventing fraud and abuse in all types of 401(k) plans. Here's a list of the top three ways to reduce fraud and abuse based on the comments from the experts cited in the article: 

1. Make sure the plan is fully compliant with DOL regulations. Rule 408(b)(2) – the 401(k) Fee Disclosure Rule – makes it much more difficult for shady vendors to hide fees, but only if the plan rigorously complies with the statute. Likewise, the requirement for trustee-to-trustee transfers is an almost fool-proof way to prevent illicit distributions. As much as we like to belittle regulations, they often have a good reason for being there. Their effectiveness, however, is limited only by our ability to fully comply with them. Ignore regulations and you will soon find yourself swimming in fraud and abuse. Worse, if your own negligence caused these twin evils to surface, you may find yourself classified not as a victim, but as an accessory.
2. Require all withdrawals to be notarized or witnessed by a plan representative. This is becoming increasingly difficult in an age when you can cash a check simply by taking a picture of it with your cell phone. Plan sponsors often too easily yield to employee demands to "make life simpler" without considering the security ramifications of relying solely on computers when initiating withdrawals. Trustee-to-trustee transfer requirements can only provide a certain level of protection, and that protection dissolves to nothing in the case of identity theft. By continuing to demand a face-to-face for all withdrawals, while certainly inconveniencing the employee, better protects that same employee. It's like those crazy scanner lines in airports. They may drive you to complain, but they are effective in making your flight a little safer.
3. Use multiple independent service providers. Of course it makes sense to fully vet your service providers. We all want reputable vendors who incorporate sterling silver internal controls and have sparkling clean records. Alas, the truth is, one's past reputation can never guarantee one's future actions (q.v., Madoff). The best way to avoid fraud and abuse is to employ independent agents who are constantly checking one another. In the ideal world, the TPA/recordkeeper (i.e., the vendor generating the withdrawal request) is not the same company as the custodian (i.e., the company holding the assets). Again, as before, we're sacrificing the convenience of a bundled service provider for the safety of independent and competing service providers. 

The idea of preventing fraud and abuse impacts almost every man-made system, from financial transactions to manufacturing processes to government. Accountants like to use a double-entry system to catch mistakes. A similar functional redundancy can be used by 401(k) plans – whether they be MEPs or single-employer plans – to create an integrated system of checks and balances. Sure, it might cost a little more, but what are the alternatives?