By: David I Gensler, MSPA, MAAA, EA

A scheme using what appears to be stolen identity information has resulted in a lawsuit by the Attorney’s office in Colorado. Their goal is to recover $2 million in losses from participants’ 401(k) accounts.The lawsuit, U.S. v $81,683.74 in U.S. Currency was filed in federal court on December 4th. It seeks to recover up to $342,335 in assets from five individuals suspected of depositing the misappropriated funds from the alleged scheme in multiple banks including JP Morgan, Chase Bank, Bank of America, PNC Bank and Wells Fargo.

In November of 2016, the FBI’s Denver Division was contacted by Great-West Financial’s VP of Internal Audit. Great-West had detected suspicious activity with regard to what they thought might be fraudulent transfers from clients’ 401(k) accounts. Great-West later identified that 20 participants had been affected with losses of at least $1 million with a potential loss in excess of $2 million.

According to Great-West, plan participants established an online account. Great-West’s call center will assist participants, as needed when contacted by a plan participant. They utilize a four-part authentication process using personal identifiers for the plan participant. Great-West also allows for online distribution requests. According to the suit, Great-West observed that unauthorized individuals had been falsely using this process to obtain access to funds held in retirement accounts, causing these funds to be transferred from those accounts to other bank accounts without the knowledge or consent of the actual participants. How Great-West knew this is not entirely clear.

Apparently, whoever made the requests was able to provide the plan participants’ biographical data (Social Security numbers, dates of birth and dates of hire). Since the requests were made using the plan participants’ identifiers, the perpetrator (or perpetrators) was able to make changes to the account and facilitate the withdrawals.

Great-West stated that the information used to access the accounts did not come from a breach of their systems. Great-West also noted that the affected participants did not incur a financial loss as a result of the breach, as they were made whole by Great-West.

The FBI said that Great-West was not the only financial institution to be impacted. Some of the entities being advised of similar fraudulent acts were Voya Financial and Nationwide.

Given the amount of identity theft that goes on in the world, this was bound to happen sooner or later. I would not be surprised if this were not the first incident like this, although it is the first one that I have heard about. I would like to think this was an isolated incident but I am probably being overly optimistic. And I suspect that these sorts of unauthorized distributions will become more and more frequent. 401(k) plans now contain over $4.7 trillion of assets and IRAs hold another $3.6 trillion. With more and more institutions taking on-line direction from the participants or IRA owners, you have to assume that sadly, this is just the beginning.


  • The elective deferral contribution limit for employees that participate in 401(k) and 403(b) plans is increased to $18,500, up from the 2016 and 2017 limit of $18,000.
  • The catch-up contribution limit for employees aged 50 and older remains unchanged at $6,000.
  • The limitation for defined contribution plans under Code Section 415(c)(1)(a), (the maximum that an individual can receive from employer contributions, employee salary deferrals and forfeitures) is increased for 2018 to $55,000, up from the 2017 limit of $54,000.
  • Social Security Taxable Wage Base – $127,400*


*originally released by the Social Security Administration as $127,800 and later changed to $127,400

Leave a Reply

Your email address will not be published. Required fields are marked *