Retirement Plan Trustee Faces Cybersecurity-Related Lawsuit

The lawsuit says the trustee failed to prevent a fraudulent distribution from a participant's account and is failing to take responsibility.

A plan sponsor is suing the trustee for its 401(k) plan for breaches of fiduciary duties related to a fraudulent distribution from a participant’s account made in 2020.

American Trust is the trustee for the Mandli Communications Inc. 401(k) Plan and Trust. One of the services it provides to the plan is reviewing and approving all distributions from the plan.

On February 14, American Trust made an unauthorized distribution in the total amount of $124,105 from the account of Raymond J. Mandli, the president and founder of Mandli Communications, in response to a request for a distribution from an unknown third party.

According to the complaint, American Trust has refused to take responsibility for the unauthorized distribution from Mandli’s account, failed to timely inform Mandli and Mandli Communications about the unauthorized distribution, has concealed facts and has declined to provide Mandli or his company with copies of any of the requested documentation related to the details of the distribution.

The lawsuit alleges that on February 11, the unknown third party called American Trust and requested distribution paperwork for Mandli’s plan account. The lawsuit says that since American Trust has not released all requested documentation to Mandli, he cannot allege all facts, but he believes American Trust forwarded the distribution paperwork to an email address that was not in American Trust’s records as being Mandli’s email address or by mail or overnight delivery to a physical address that was not in American Trust’s records as being Mandli’s address.

Mandli further alleges that the in-service withdrawal election form submitted by the unknown third party included a daytime phone number that was not any phone number in American Trust’s records as being Mandli’s or Mandli Communications’ phone number. In addition, the signature on the form was not similar to any of the examples of Mandli’s signature in American Trust’s records.

The complaint says an American Trust employee who reviewed the purported signature of Mandli recognized that it was not an actual handwritten signature of Mandli’s but rather was an “electronic” signature. The complaint includes a copy of the signature portion of the form with notes made by that employee.

“Upon information and belief, American Trust had no protocols in place for verifying that an electronic signature added to an in-service withdrawal election form submitted was actually placed on the form by the purported signatory,” the complaint states.

The distribution of $124,000 from Mandli’s plan account was made by a direct deposit or wire transfer to a Citibank checking account for which the unknown third party provided a routing number and an account number. The complaint notes that the unknown third party also submitted an electronic image of a copy of a voided check for the checking account and the check number was “100,” suggesting that the checking account was new or recently opened.

The lawsuit suggests that since American Trust knew that Mandli was 60 years old, it should have made inquiries to ascertain why a 60-year-old plan participant would desire funds distributed from his account to be deposited into a new checking account.

According to the lawsuit, American Trust did not mail or email any acknowledgement of receipt of the withdrawal election form submitted by the unknown third party and did not call or otherwise contact Mandli or his firm to verify that the distribution request was legitimate.

However, on March 3, American Trust received another in-service withdrawal election form for Mandli’s account and knew it was fraudulent, according to the complaint. “Nevertheless, upon information and belief, American Trust did not immediately contact the Federal Bureau of Investigation (FBI) or any other law enforcement agency with cybersecurity and money-tracking resources,” the complaint states.

On March 11, the American Trust employee responsible for American Trust’s relationship with Mandli Communications informed Mandli about the unauthorized distribution from his plan account on February 14. On May 12, he informed Mandli that to process a claim for reimbursement, an insurance company for American Trust requested that a police report be filed. He offered to help Mandli file the report and Mandli accepted the help.

Mandli Communications’ general counsel repeatedly asked for an update on the reimbursement of the distribution from Mandli’s account, but the relationship manager never responded.

On September 9, American Trust’s chief revenue officer sent a letter to Mandli stating, “We are pleased to let you know that we have been able to recoup from the Internal Revenue Service the $24,800 paid in taxes in connection with the distribution. Additionally, we will reimburse our $105 distribution fee. All other efforts to recover any of the stolen funds will need to be performed by you.”

Mandli Communication’s general counsel requested that American Trust reimburse the rest of the funds to Mandli’s account. However, American Trust’s general counsel sent a letter stating, “We dispute your assertion that American Trust must return to Mr. Mandli the $99,200 distribution plus earnings. This demand is unacceptable to American Trust.”

Mandli Communication’s general counsel also requested documentation related to the fraudulent distribution and was told, “We respectfully decline to provide you with copies of any of the requested documentation.”

The complaint notes that no one has provided Mandli or his firm with any information suggesting that there is any further review procedure available to seek recovery from American Trust.

The lawsuit asks that American Trust be held liable to make good to the plan the losses to the plan from its breach of fiduciary duties in an amount not less than $99,200 plus lost earnings from February 14 “and other equitable or remedial relief as the court may deem appropriate.”