Advisor Update: Helping to Safeguard Your Company's 401(k) Plan from Identity Fraud

At the start of each year, conversations with business owners and HR leaders often focus on how the plan is working for employees: participation and savings rates, recent SECURE 2.0 and policy changes, and whether the plan’s design and features are helping people make progress toward retirement. Additionally, there is one more topic that belongs on that list: the growing risk of identity fraud and cyberattacks targeting retirement accounts, and what you can do to help protect your participants.

Regulators and industry data point to a sharp rise in fraud and cyber-related losses. Consumers reported losing more than 10 billion dollars to fraud in 2023, an increase of over 1 billion dollars in just one year. According to a recent Federal Trade Commission report to Congress, total fraud losses reported by adults aged 60 and older increased about fourfold from roughly 600 million dollars in 2020 to 2.4 billion dollars in 2024. One leading retirement-plan provider notes that Americans lost a record 16.6 billion dollars to cyberattacks in 2024, with criminals increasingly targeting retirement plans because of their large balances and rich personal data.

The Department of Labor has also made it clear that plan sponsors have a fiduciary responsibility to address cyber risk, issuing formal guidance on cybersecurity best practices for retirement plans and their service providers.

Why 401(k) Accounts Are Being Targeted

For employers, this is not just an IT issue; it is a plan and people issue. Identity fraud has become more personal and more sophisticated. Rather than only trying to breach systems, criminals often deceive individuals and plan administrators through social engineering. Tactics include phishing emails that mimic your recordkeeper, fake customer service calls, fraudulent loan or withdrawal requests, and rollover scams promising “better” investments. Others use SIM-swap attacks to intercept verification codes or steal mail containing distribution or rollover checks.

Because retirement accounts are designed for long-term growth, unusual activity can go unnoticed longer than in checking or savings accounts. That delay can increase losses, create operational headaches for HR and Payroll, and expose sponsors to questions about governance and vendor oversight.

Guidance for Plan Sponsors

While cyber risk cannot be fully eliminated, plan sponsors can take meaningful steps to set expectations, select strong partners, and integrate fraud awareness into ongoing governance. As co-fiduciary advisors, we support and reinforce thoughtful practices such as:

Confirming that recordkeepers and key service providers maintain documented cybersecurity programs and controls aligned with Department of Labor guidance.
Including cyber and identity fraud as a recurring topic on the plan committee agenda—alongside investments, plan design, and participant outcomes.

In addition, we encourage plan sponsors to consider complementary internal practices, including:

Establishing a clear escalation process so HR, Payroll, and employees understand what to do and whom to contact if suspicious activity arises, in coordination with internal IT and existing policies.
Reinforcing fraud-prevention awareness through enrollment meetings, webinars, and financial wellness conversations throughout the year.
Building a simple escalation process so HR, Payroll, and employees know exactly what to do and whom to contact if something looks suspicious. Consider creating a separate compliance/cyber policy that outlines this. Lean on your in-house or outsourced IT team to support the development of these processes.
Incorporating fraud-prevention topics into enrollment meetings, webinars, and financial wellness conversations throughout the year.

Your employees look to you and your partners for guidance, so even simple reminders can make a meaningful difference in protecting their accounts.

How Clearwater Can Support You

Your 401(k) represents years, and often decades, of disciplined saving for your employees and is a visible reflection of how your organization shows up for its people. While investment risk is part of long-term growth, identity fraud is a risk that can be significantly reduced when sponsors set clear expectations, partner with the right providers, and help participants take proactive steps aligned with emerging regulatory guidance.

Sources: Federal Trade Commission, TIAA, U.S. Department of Labor, Alliant Retirement Consulting, IdentityTheft.gov

20260330 – 2

disclosure

THIS COMMENTARY HAS BEEN PREPARED BY CLEARWATER CAPITAL PARTNERS. THE OPINIONS VOICED IN THIS MATERIAL ARE FOR GENERAL INFORMATION ONLY AND ARE NOT INTENDED TO PROVIDE OR BE CONSTRUED AS PROVIDING LEGAL, ACCOUNTING, OR SPECIFIC INVESTMENT ADVICE OR RECOMMENDATIONS FOR ANY INDIVIDUAL. ALL ECONOMIC DATA IS DERIVED FROM PUBLIC SOURCES BELIEVED TO BE RELIABLE. TO DETERMINE WHICH INVESTMENTS MAY BE APPROPRIATE FOR YOU, PLEASE CONSULT WITH US PRIOR TO INVESTING. INVESTING INVOLVES RISK WHICH MAY INCLUDE LOSS OF PRINCIPAL.

This material is not intended to be relied upon as a forecast, research or investment advice, and is not a recommendation, offer or solicitation to buy or sell any securities, insurance products, or to adopt any investment strategy. The opinions expressed are as of the date of writing and may change as subsequent conditions vary. The information and opinions contained in this material are derived from proprietary and nonproprietary sources deemed by Clearwater Capital Partners to be reliable, are not necessarily all-inclusive and are not guaranteed as to accuracy. Past performance is no guarantee of future results. There is no guarantee that any forecasts made will come to pass. Reliance upon information in this material is at the sole discretion of the reader. Investment involves risks. International investing involves additional risks, including risks related to foreign currency, limited liquidity, less government regulation and the possibility of substantial volatility due to adverse political, economic or other developments. Index performance is shown for illustrative purposes only. You cannot invest directly in an index. S&P 500 is a registered trademark of Standard & Poor’s Financial Services, a division of S&P Global (“S&P”) DOW JONES, DJ, DJIA and DOW JONES INDUSTRIAL AVERAGE are registered trademarks of Dow Jones Trademark Holdings (“Dow Jones”). NASDAQ-100 Index®, NASDAQ-100®, NASDAQ Composite Index® are registered trademarks of The NASDAQ OMC Group, Inc. The two main risks related to fixed-income investing are interest rate risk and credit risk. Typically, when interest rates rise, there is a corresponding decline in the market value of bonds. Credit risk refers to the possibility that the issuer of the bond will not be able to make principal and interest payments. Private Market investing is for Accredited Investors and Qualified Purchasers only. Private market investing involves liquidity risk as well as operational risk. Private debt is subject to credit and interest rate risk.

Family Office

Speak with a Partner

John W. Sleeting

Institutional Advisory Services

Start a Conversation

Kevin G. Carani, CRPS®

Private Wealth

Speak with a Partner

Jeffrey P. DeHaan, CFP®

About

Speak with our Founder

John E. Chapman

What can we help you with?

You deserve the power of a family office.

What can we help you with?

Tell Us About Yourself.

What can we help you with?

Schedule Your First Meeting

Start A Conversation

What can we help you with?

Connect Today to Explore Your Potential For Prosperity

Advisor Update: Helping to Safeguard Your Company’s 401(k) Plan from Identity Fraud

Kevin G. Carani

disclosure

Connect

Schedule Your First Meeting

Quick Links

About

Resources

Subscribe To Our Commentary