Article
Key steps for employers to prevent benefit plan fraud
January 27, 2025 / 6 min read
Employee benefit plan fraud can take a wide variety of forms, but several key solutions can help businesses avoid these internal losses. This article shares examples of frauds and looks at common preventatives.
Benefit plans deliver valuable support and incentives to employees, but, to do so, plans must collect funds from those employees and responsibly manage them in accordance with applicable laws, plan documents, and the instructions of management and beneficiaries. The aggregation of employee funds coupled with a lack of oversight can create an opportunity for fraud. While external attacks and tactics like firewall breaches, cyberattacks, phishing, and malware are a significant risk, those topics are covered in more tech-based articles. This discussion will focus on preventing or minimizing the human aspects of internal benefit plan fraud — misappropriation of plan assets by individuals within a business or plan administrators who have control over and responsibility for those assets.
The aggregation of employee funds coupled with a lack of oversight can create an opportunity for fraud.
To understand some of the steps that can be taken to protect plan assets from internal fraud and processes that can identify fraud in its earlier stages, the discussion will focus on examples in these four common areas of internal benefit plan fraud:
- Contributions
- Distributions
- Expenses
- Participant loans
Contribution fraud: Who benefits from an employee’s or employer’s contribution?
Scenario: An HR director made changes to employer contributions that moved thousands of dollars intended for other employees into the HR director’s own account. The fraudster made sure contributions moved into their account didn’t exceed the annual contribution limit. The fraud was only detected when an employee reviewed an annual statement and noticed that the employer’s contribution wasn’t what it should’ve been.
The key to preventing this type of fraud is going to become a refrain in this article, for very good reason. This employer concentrated too much authority in the HR director and could have split the responsibilities for recording and authorizing changes in employer distributions between at least two people. Segregation of duties is perhaps the first and foremost effective prevention for internal benefit plan fraud. The employer could’ve used a dual approval process here, and also could have limited access to payroll functions and recordkeeping to prevent one person from making a change to a contribution and also modifying related records in a different database. to prevent one person from making a change to a contribution and also modifying related records in a different database.
Segregation of duties is perhaps the first and foremost effective prevention for internal benefit plan fraud.
Once a business takes these critical preventative steps, the next step is to set up regular reconciliations between payroll records and plan statements and implement processes that create an effective audit trail and records of changes to the contribution process. Also, an occasional “irregular” reconciliation — an unscheduled examination couple of times a year would make it even harder to continue an ongoing fraudulent scheme. At a minimum, these processes tell those tasked with plan procedures that there are others reviewing the data/information.
Lastly, the means by which the fraud was detected in this example raises an important point. Employers need an effective whistleblower channel that can report irregularities outside of the normal chain of management. If the employee in this case had noticed the problem and asked the HR director about it, the fraudster might have had the means and opportunity to allay the employee’s concerns and continue the fraudulent behavior.
Distribution fraud: Are payments going to the proper beneficiaries?
Scenario: An HR manager began requesting distributions for employees who had been terminated more than two years. The fraud was discovered when a bank refused to take a deposit because the deposit name was different from the account holder’s name.
Once again, a key deterrent here would have been segregating duties between multiple people in this process. One HR employee had the ability to authorize and direct distributions without any additional review or approval. In smaller businesses where there may not be enough staff to effectively segregate the duties between multiple individuals, a dual approval process could help stop one person from creating a scheme like this. An additional employee identification step could have helped here as well, requiring some type of extra proof from the person who has left the company to verify that the individual initiated the transfer.
Steps that could mitigate the impact of a fraud scheme like this include reconciliations of participant accounts to plan documents, looking for contact information that’s different from the participant’s information. In general, if an internal review shows an increasing or unusually high number of corrections or changes to account balances and plan records, executives should consider performing, or engaging a third party to perform a more extensive examination of plan activity.
Expense fraud: Are plan expenses legitimate?
Scenario: A director of a benefit plan created fictitious companies and paid millions of dollars in bogus expenses over several years, recorded as “miscellaneous plan expenses” to the entities that they controlled. The expense amounts were below the auditor’s materiality threshold, and the plan was only exposed after several years by the Department of Labor.
One common thread in preventing any type of fraud is going to be segregation of duties. No employee should have the ability to create vendors and process payments, and that concentration of responsibilities in this fraudster cost the plan millions. There’s also a basic business process at play here regarding independent review and approval of expenses and vendors. It’s an important function at any business, and it would have thwarted this scheme from ever starting.
Permissible plan expenses are spelled out in the plan documents to help mitigate the damage of a scheme like this if someone manages to initiate it. Any significant amount of expenses classified as “miscellaneous” indicates that somebody may be trying to work around safeguards that were put in place at the creation of the plan. On top of that, the frequent addition of new vendors, or increasing amounts of spending with particular vendors, should raise concerns among those with oversight responsibilities.
Participant loans: Are loans paid to participants who request them?
Scenario: An HR employee figured out how to process loans against participants’ accounts without their knowledge and divert the proceeds to the fraudster’s benefit. Because the third-party plan administrator sent the statements to the HR employee, the same employee then prepared manual statements to the plan participants to hide the loans.
Segregation of duties here would’ve required that the statement preparation function of the benefit plan be outside of the HR department’s control and certainly would’ve prevented the manual preparation of these statements by any one individual. The statements should be prepared by the administrator and sent directly to participants.
In the event an employee was somehow still able to create a similar scheme, continuous monitoring would’ve helped to mitigate the damages. Changes in participant behavior, like a sudden increase in the number of participants taking loans and/or the amounts of those loans should raise a red flag that prompt additional investigation by plan administrators is needed.
Trust but verify
Clearly, any employee who plays a role in the process of managing employee benefit payroll deductions and transferring those amounts to the proper administrators has earned a place of significant trust within a business. The key to keeping an internal control system healthy is to set up processes that verify controls, such as:
- Segregate duties so that no sole individual can perform multiple key steps to modify contributions, initiate distributions or participant loans, and direct the payment of benefits.
- Continuously monitor transactions and use data analytics to identify anomalies at the earliest stage possible.
- Perform regular reconciliations between payroll contribution records and plan records to confirm that money is getting where it’s supposed to go.
The key to keeping an internal control system healthy is to set up processes that verify controls.
Most importantly, a business should be creative and somewhat random in how these tests are applied. If a fraudster knows that reconciliations are performed on the first of every month, that person can create processes to make the numbers look right on that date.
To learn more about steps your business can take to prevent internal fraud in its benefit plans, contact your advisor to discuss a possible review of your control processes.
