Skip to main content

You are here


Fake 401(k) Distribution Request Triggers Suit


A new case of 401(k) theft has led to a lawsuit by the participant—and the plan—against a provider.

The suit—filed by Raymond J. Mandli and Mandli Communications, Inc.—alleges that on Feb. 14, 2020, “American Trust made an unauthorized distribution in the total amount of $124,105 from Mr. Mandli’s Plan account in response to a request for a distribution from an unknown third party.”

The suit further alleges that “American Trust failed to timely inform Mr. Mandli and Mandli Communications of its unauthorized distribution from Mr. Mandli’s Plan account, has concealed facts, and has declined to provide Mr. Mandli and Mandli Communications with copies of any of the requested documentation related to the details of American Trust’s unauthorized distribution from Mr. Mandli’s Plan account.”

So, what exactly happened here? 

Well, first off, according to the 33-page suit, Mandli Communications currently has 59 employees and its subsidiaries Roadview, Inc. and Digilog, Inc.—which operate out of same facility as Mandli Communications—have 44 and 9 employees, respectively. Thus, Mandli Communications and its subsidiaries employ 112 people in Fitchburg, WI. 

Much of the filing is devoted to a description of the role/responsibility of American Trust as a fiduciary to the plan, and a series of statements regarding its role with regard to processing distribution requests, as well as the continuity of those statements/commitments through a series of acquisitions involving America Trust. An example cited in the suit is that American Trust would “approve or deny a request based on provisions of the plan document, IRS/DOL rules and established procedures,” and that American Trust & Savings Bank “will sign off on distribution forms as the Plan Administrator and will be considered a plan fiduciary in this regard.”

What Happened

As for what happened, the suit lays out what the plaintiffs believe to be the case (as always, remember that at this point we only have one side), to wit:

On Feb. 11, 2020, an unknown third party called American Trust and requested distribution paperwork from Mr. Mandli’s Plan account. This paperwork was subsequently forwarded “to an email address that was not in American Trust’s records as being Mr. Mandli’s email address or by mail or overnight delivery to a physical address that was not in American Trust’s records as being Mr. Mandli’s address.”

On Feb. 12, 2020, American Trust received a completed Mandli Communications, Inc. 401(k) PS Plan and Trust In-Service Withdrawal Election form requesting a distribution of $124,000 from Mr. Mandl’s Plan account. That form, according to the suit, included a “Daytime Phone Number” that was not any phone number that was ever Mr. Mandli’s or Mandli Communications’ phone number and that was not any phone number in American Trust’s records as being Mr. Mandli’s or Mandli Communications’ phone number.

That form was signed—but the suit notes, and acknowledges, that America Trust recognized that the signature was electronic—the kind you get when you choose the “Add Signature” feature in Adobe Acrobat—and took the time to contact their participant services unit for verification—but were told that as part of the request a voided check had been received (presumably to facilitate the transfer of funds) that had Mr. Mandli’s name on it. 

The suit, however, cites a couple of problems[i] here; first that the withdrawal form itself called for this type of request to be paid by check (and by inference, at least, not by wire/ACH—based on a precise, literal reading of the form text—there was an allowance for wire/ACH on lump sum options, lending credence to the argument here). Secondly, and perhaps more significantly for these purposes, the voided check mentioned above was a check #100—which, as anyone who has opened a checking account knows, that’s an indication that the account is new/just opened.

The suit alleges that there American Trust “did not mail or email any acknowledgement of receipt of the In-Service Withdrawal Election form submitted by the unknown third party to Mr. Mandli or Mandli Communications, by telephone using a telephone number in its records known to be the phone number of Mr. Mandli or Mandli Communications, or otherwise contact Mr. Mandli or Mandli Communications to verify that the In-Service Withdrawal Election form requesting an in-service distribution of $124,000 from Mr. Mandli’s Plan account was legitimate.” 

Moreover, it alleges that an employee of American Trust took a phone call checking on the status of the in-service distribution request from this “unknown third party purporting to be Mr. Mandli”—but “failed to determine that the unknown third party was an imposter,” and that after that payment was received, “…the unknown third party made additional attempts to obtain additional unauthorized distributions from Mr. Mandli’s Plan account, but American Trust recognized that those requests were not legitimate and did not honor them”—the last on March 3 for a lump sum of the entire account balance—but then, the suit alleges, even knowing that this was the same individual, American Trust made no attempt to contact the FBI or any law enforcement agency, and did not inform that company or plaintiff Mandli of the activity until March 11. On that date, an American Trust employee told a Mandli Communications employee that he tried calling the number and “it is clearly not his number.”

Police ‘Report’

And then, on May 12, 2020, that same American Trust employee informed Mr. Mandli that, to process a claim for reimbursement of American Trust’s unauthorized distribution from Mr. Mandli’s Plan account, an insurance company for American Trust requested that a police report be filed with respect to American Trust’s unauthorized distribution from Mr. Mandli’s Plan account, offered to help with that report, and then (the suit says) “because Mr. Mandli did not have any details about American Trust’s unauthorized distribution from Mr. Mandli’s Plan account,” he accepted the offer to file a police report—subsequently—after much going back and forth outlined in the suit came to naught. 

At least until Mandli received a letter from American Trust stating that they had recovered the $24,800 of the distribution withheld in taxes on the distribution, that they would waive their $105 distribution processing fee—and that “All other efforts to recover any of the stolen funds will need to be performed by you.”

Following this, a number of exchanges between the parties ensued, an ultimately the plaintiffs filed the suit in question to recover the $99,200 (plus earnings after Feb. 14, 2020), as well as attorney fees.

What This Means

Amid the current work-from-home environment, these are hazardous times for plan sponsors, administrators or any other providers with fiduciary liability that may fall prey to cyber criminals looking to exploit lax protocols. 

For all the (justifiable) concerns about “cyber” attacks and electronic hacking of data, this suit—at least according to the facts alleged—should remind us all that 401(k) theft can occur under more “mundane” circumstances, and that—doubtless far less often than it occurs—attempts at recovery can wind up in litigation. Recent cases cited have involved participant accounts at Abbott Laboratories (Split Decisions in 401(k) Theft Suit for Plan Sponsor, RK ), Estee Lauder (Recordkeeper, Plan Sponsor Charged in 401(k) Account Theft),  MandMarblestone Group (Court Backs TPA Counterclaim on Plan Sponsor in 401(k) Cyber Theft Case) and Boeing (Man Charged with Retirement Account Thefts).

We’ve heard that the Labor Department is ramping up its focus on cybersecurity, going so far as to in audits asking to see employers’ written cybersecurity policies and procedures—and asking about cybersecurity attacks, and the response(s) to them. And from even the modest amount that we see through the lens of litigation, it seems that focus is timely indeed.

[i]The suit goes on to suggest that American Trust should reasonably have wondered why a 60-year-old like Mandli (which the suit alleges they knew) would be opening a new checking account, and it also suggests that they might have questioned the request since he had never requested a distribution from his account. 


All comments
Gregg Braccili
2 years 8 months ago
This is very concerning as I have heard this happening more and more lately. Cyber crimes against 401K plans and particularly loans seem to be more common since they can be initiated online with very little supporting documentation. We try to discuss this with our recordkeeper to ensure their online certifications and security are constantly evolving...thanks for sharing.