OK, don’t everyone run and close your IRA and put the money under your mattress. First of all, it would probably make your mattress lumpy and sleep difficult. It is important to understand this issue and you need to ask your IRA administrator some tough questions.
Here is this story.
In June 2018 a con man posed as Michael Eckenwiler, an Oppenheimer Funds customer, and withdrew $176,262.77 from his IRA. Oppenheimer is now part of Invesco.
According to a lawsuit, the hacker posed as Michael using an ID with an incorrect middle name, a fake driver’s license with no hologram and a forged signature.
The IRA custodian, Pensco, did not detect this. In fact, it facilitated the transfer of the money to American Estate and Trust where it was converted to Bitcoin and vanished.
When it comes to consumers and say, their personal checking accounts or their personal credit cards, the rules for who is liable for fraud are very clear. The rules for debit cards are also clear, but less favorable to the consumer.
When comes to businesses, the rules are different and are usually driven by the Uniform Commercial Code (UCC) and contracts between the business and the financial institution.
But apparently, when it comes to your IRA, your only option is to sue your IRA provider and their custodian.
I say only option, but that is not fair. We have clients in this line of business and when they have run into situations like this, they have chosen to make their clients whole.
John Reed Stark, attorney and former head of the Securities and Exchange Commission’s Office of Internet Enforcement said “This kind of compliance, with someone standing up and holding a driver’s license … I’ve always felt
that it doesn’t pass a straight face test.”
Pensco (now Pacific Premier Trust) and American Estate issued Medallion Guarantees that assured that the signatures were genuine and verified.
Michael did not discover that his account was almost $200,000 lighter for almost two months (note to self: make sure that you turn on all of the notifications of deposits and withdrawals that your financial institution allows).
Everyone is declining comment as this litigation plays out. The litigation says that these companies violated the above mentioned UCC as well as breaching their duties as a fiduciary.
In July a fraudster was indicted for trying the same tactic At Boeing’s 401(k) program and in 2019 a participant in Estee Lauder’s 401 (k) program sued them after she lost more than $100,000. That suit has been settled.
Okay, so now what.
To be clear, for certain types of accounts like IRA deposit accounts there may be federal insurance if the company goes broke. Likewise, for investment firms – non-banks – that are members of the SIPC, there may be similar insurance. But that insurance is different that what happens if a hacker steals your money.
Financial institutions need to better train their employees and, more importantly, customers of these institutions need to ask questions, read documents and, longer term, get laws changed.
If you don’t get answers that you are comfortable with, consider changing IRA providers. Vote with your money; that often gets people’s attention. Credit: John Reed Stark