participant dies, who is responsible for investments

[DMcGovern]

A participant in a large 401(k) plan passed away earlier this year.  There is a legal case pending regarding his beneficiary designation.  (The girlfriend appears to have gone online and changed it to herself the day before participant passed away; family is contesting it.)

The lawyer for the girlfriend has sent a letter to the plan sponsor telling them that they should invest the account balance in a QDIA.  So a couple of questions have come up.  1.  What fiduciary duty would there be for the account when the participant has died and beneficiary is unknown?  (This plan has full participant-directed accounts.)  2.  Should access to the deceased participant account be closed to others?  (It appears the girlfriend still has view-only access to the deceased participant's login information.)

Additional information on the investments - the overall earnings on the account year-to-date are over 20%.  Market fluctuations recently have decreased the value.

[Larry Starr]

I don't think the letter from the lawyer has any meaning other than it might be a good suggestion.  The girlfriend has no authority until the plan determines (probably with the results of the court case) who the rightful beneficiary is.

Now, having said that, might it be a good idea to move into a QDIA?  Probably, but I'll let other who have more involvement with those animals comment on that.  

And, now you have an example of how identity theft is going to be a major issue for all these platforms where access to both the funds and beneficiary issues is done on line with no human intervention.

[Belgarath]

Identity theft is so scary on these accounts. I think I have mentioned this before - my 401(k) at my former employer changed over to Prudential as the recordkeeper. When I read their long, convoluted and crepuscular disclaimer, I was horrified to find that they claimed they had no liability for unauthorized withdrawals unless I had previously notified them of password theft.

Well, how would I know until it is too late that my password was stolen/hacked and my account was emptied? (I give my password to NOBODY, but some hackers are evil geniuses.) So, after protracted unsuccessful responses with BS statements carefully crafted by their legal department, we worked out a system whereby my account is flagged so that NO DISTRIBUTIONS may be made using on-line tools. I must CALL in, and answer a special challenge password before withdrawal forms are MAILED to my address of record. Address cannot be changed without similar steps. Call me paranoid, but I feel a lot more comfortable this way.

[DMcGovern]

One more wrinkle in this - the QDIA is a target-date fund.  What age would be used for this?  

I have suggested (highly recommended) the client seek legal counsel on this one.

I wonder if most (or all) recordkeepers have a similar disclaimer divesting them of any liability for unauthorized activity.

[Peter Gulia]

If the plan’s administrator provides no investment-direction power to the claimants who seek to be recognized as the participant’s beneficiary, the plan’s fiduciaries get no ERISA § 404(c) relief for the temporary investment because the plan does not “[p]rovide[] an opportunity for [the eventual rightful] beneficiary to exercise control over assets in his individual account[.]”  29 C.F.R. § 2550.404c-1(b)(1).

 

Likewise, the plan’s fiduciaries get no QDIA relief.  An investment fund—even if it meets all QDIA conditions regarding other participants and beneficiaries—cannot be a qualified default investment alternative regarding the not-yet-recognized beneficiary.  Among the conditions for QDIA treatment are that the beneficiary must have:

 

“the opportunity to direct the investment of the assets in his or her account . . .”

 

“the ability . . . to transfer, in whole or in part, his or her investment from the qualified default investment alternative to any other investment alternative available under the plan[.]”

 

29 C.F.R. § 2550.404c-5   https://www.ecfr.gov/cgi-bin/text-idx?SID=3e49c7c6acbd50dad463b6cec21dee60&mc=true&node=se29.9.2550_1404c_65&rgn=div8

 

QDIA treatment depends on the individual’s power to reject or countermand the default investment.

 

Instead, a fiduciary must invest the individual account (or segregated portion of an account) for which no beneficiary has an investment-direction power according to the fiduciary’s responsibility under ERISA § 404(a).

 

The challenges of making investment decisions not knowing which claimant might establish a right include not only not knowing the rightful beneficiary’s age but also not knowing when that person might take a full distribution or partial distributions.

 

That said, there might be circumstances in which using a target-year fund might be sufficiently prudent, or circumstances in which it might be imprudent.

[Peter Gulia]

On 9/13/2019 at 3:02 PM, DMcGovern said:

I wonder if most (or all) recordkeepers have a similar disclaimer divesting them of any liability for unauthorized activity.

Recordkeepers vary widely in how much or how little responsibility for identity frauds the service provider accepts or denies.

Well-advised fiduciaries include this point in a request-for-proposals and in negotiations (even apart from an RFP).

To help plans that lack purchasing power, some advisors consider cybersecurity protections and promises in evaluating which recordkeepers one would present to a client.

And if not from the service provider, some consider insurance.

[Luke Bailey]

The plan document should at least vest authority in the plan administrator to take back control of the account. Is there a provision in the plan that addresses?