According to a Minnesota TV station, a Wells Fargo 401(k) plan operations manager has been accused of robbing 401k plan accounts.

The 401k Operations Manager, who oversaw the 401k daily fund operations, allegedly disbursed money from dormant 401k accounts to fictitious names he created. He then had the checks sent to his own office and deposited the funds into his own account,


Point-by-point, this retirement operations manager eluded what should have been Well’s Fargo’s own financial and procedural controls. He:

• Requested name changes on dormant 401k accounts,
• Provided false Social Security numbers for the fake names, then
• Requested the disbursements from the accounts, and finally
• Reset the account information back to the original owners.

Where were the procedural controls? At each step in this alleged theft, there should have been procedural controls to prevent someone from taking these actions without either an independent review and / or supervisory authorization.
A lack of independent review or supervisory oversight was only half the problem. The other half was bundling the record keeping and the assets under the same organization.

When a 401k plan’s administration and assets are at the same organization, the risk of insiders bypassing their own procedural controls is always present.

“Five Actions You Must Take Now to Protect Your Plan’s Assets.”

You put your 401k funds into the hands of those who seem trust worthy. Whether it is greed or some other need that results in the abandonment of their obligations and responsibilities to you, you need to protect yourself and your plan’s assets.

Here is what you need to do now–


Check with your plan administrator or record keeper to determine whether they are also holding your assets. You may find that your record keeping is being done by one subsidiary and your assets are being held by another subsidiary or division of the same company.


Request a “SAS -70” or “SysTrust” audit of the system, procedural and financial controls on your 401k assets.

A SAS 70 audit is designed to provide information and assurance to clients and their auditors regarding the organization’s procedural and financial controls. The auditor renders an opinion on whether the controls were suitably designed, placed in operation, and operating effectively. The SAS 70 auditor’s report includes the independent auditor’s opinion, a description of the service organization’s controls, and the results of the service auditor’s procedures.

A SysTrust audit is designed to increase the comfort of management, customers, and business partners with systems that support a business or particular activity. In a SysTrust audit, the auditor evaluates and tests whether or not a specific system is reliable when measured against three essential principles: availability, security, and integrity.


Require that all Plan information changes be authorized by a Plan Representative or Trustee.

Have a standardized form that can be completed by the 401k record keeper. The data changes must then be approved by a plan representative. Often you will find that the plan representative is the one supplying both the data and the approval. Be sure to get a quarterly report of all information changes and the reasons for the changes.


Require that all plan participant disbursements be first approved and authorized by a plan representative.

All plans have standard distribution forms that need to be completed and approved prior to a disbursement. Make sure that these forms are being completed. Have your record keeper complete a form even if it is for an automatic rollover participant, one of those whose balance is between $1,000 and $5,000 and is being moved to an IRA. Just like the information changes, an accounting of all disbursements from the plan should be provided to you on a quarterly basis.


Transfer your plan to an organization that can meet your financial and procedural control requirements.

In the review of your plan’s record keeper, you may find many of the necessary controls and procedures lacking or non existent. If your record keeper can not provide the types of procedures and controls that will let you sleep at night, then it is time for a change.

By implementing the five actions now you will have one less furrowed brow. If however, you can’t implement these actions now, you will be lying awake nights with one eye open for your plan’s assets.

Leave a Reply

Your email address will not be published. Required fields are marked *