By Jam Yap and Beth Garne, BDO USA, LLP
Benefits leaders spend a lot of time understanding the complex rules that govern plans, and often less time making sure controls are in place to protect against fraud. Unfortunately, thieves who understand how benefit plans operate can work undetected—sometimes for a long period of time—and cause massive disruption to organizations and plan participants.
The Department of Labor (DOL) has been hard at work to protect employee benefit plans from fraudulent transactions. Last year, the DOL restored more than $2.5 billion to plans, participants and beneficiaries, with $2 billion coming from enforcement investigations. Many of these cases could have been prevented with stronger internal controls, beginning with better segregation of duties.
Developing a thorough approach to fraud prevention may seem like a daunting challenge for benefits managers who find themselves juggling multiple responsibilities. Fortunately, these professionals can improve their ability to prevent fraud by educating themselves on common schemes as well as best practices in oversight of benefit plans.
Staying informed on recent examples of benefit plan fraud can help benefits managers identify gaps in their control processes. As highlighted in the examples below, fraud can hit a benefit plan from a number of potential directions. For example, it can be committed by a payroll benefits manager, a company officer, or a service provider.
Examples of fraud cases affecting benefit plans from the DOL and American Institute of CPAs (AICPA) include:
Spotting these crimes might seem easy in retrospect, but how can you improve your chances of discovering fraud that is occurring right under your nose? Some potential warning signs include:
Your internal controls should be customized to fit your organization’s benefits lineup. Internal controls can be simplified so they become a regularly scheduled part of managing benefits offerings. Some examples of internal controls best practices include regularly monitoring outside service providers, reconciling recordkeeping and custodial records, periodically reviewing distribution reports and matching up third-party reports with payroll records. The goal of internal controls should be to help prevent mistakes, reduce the risk of fraud and reassure plan sponsors that benefits are compliant with the law.
Segregation of duties is paramount in helping to prevent fraud and detect it once it occurs. Employees who have access to both plan assets and records already have opportunity to commit fraud; now they just need the incentive and a way to rationalize their behavior. At a minimum, custody of assets and related authorizations should be separated from recording functions. It is important to review the oversight and executional roles involved in administering your benefit plan and ensure that your plan has separated duties appropriately.
Benefits leaders should also encourage plan participants to help prevent fraud. Providing participants with examples of fraud patterns, encouraging strong passwords, discouraging users from sharing information (even with loved ones) and creating a process to report potential fraud can help bring awareness to this growing problem. Studies have shown that fraudulent activity is most often reported by someone internally; a fraud hotline or similar whistleblowing channel is a powerful tool in limiting potential fraud.
It is human to think bad things won’t happen in our lives. Unfortunately, this is an unrealistic and dangerous assumption when it comes to managing benefit plans.
Some plan sponsors may believe that their annual plan audit should catch any fraud that occurs in their benefit plans. While audits can sometimes be helpful in identifying irregularities, they aren’t specifically designed to detect fraud. An audit performed in accordance with auditing standards generally accepted in the United States doesn’t provide absolute assurance or any guarantee of the accuracy of the financial statements; as such, an audit is subject to inherent risk that fraud, if it exists, may not be detected. Many fraud schemes are designed to avoid detection by operating at dollar amounts that are less than the audit’s level of materiality. It is the responsibility of plan management to implement internal controls that ensure oversight of the many types of transactions that happen within their plans on a regular basis.
Contact our audit and assurance experts to get further information about how to reduce the risk of fraud in benefit plans.