Court Finds Plan Sponsor Could Be Found Liable for Retirement Plan Cyberfraud

The plan sponsor had sued plan providers, but the providers in a counterclaim said the plan sponsor was equally liable.

Jess Leventhal, The Leventhal Sutton & Gornstein 401(k) Profit Sharing Plan and Leventhal Sutton & Gornstein, Attorneys at Law (LS&G) sued MandMarblestone Group (MMG) and Nationwide for breach of contract, breach of fiduciary duty under the Employee Retirement Income Security Act (ERISA) and negligence related to cyberfraud against Jess Leventhal’s plan account.

LS&G retained MMG as a consulting firm, whereby MMG agreed to design, administer and consult on the plan. Nationwide served as custodian.

According to court documents, on December 31, 2015, Leventhal withdrew $15,000 from his plan account by completing a withdrawal request form, which is the method prescribed by Nationwide. He emailed the form to MMG, and Nationwide transferred the requested $15,000 to Leventhal. Sometime after that, “unknown criminal(s)” obtained a copy of Leventhal’s original withdrawal form by using an “unknown method of cyberfraud possibly relating to the electronic transmission of that form.” The criminals “posed electronically” as Leventhal’s office administrator and sent fraudulent withdrawal forms to MMG, which appeared to originate from Leventhal’s office email account. These fraudulent withdrawal forms requested that funds be sent to a bank account that did not belong to Leventhal and had not been previously used by him. Leventhal’s account in the plan was depleted from containing more than $400,000 to $0.

The plaintiffs said they obtained documents from MMG that allegedly indicate that MMG was aware of the “peculiar nature” and frequency of these fraudulent withdrawal forms, but did not communicate any of these concerns or observations to the plaintiffs. They also said Nationwide improperly distributed the funds to the bank account that was “fraudulently designated by cyber criminals, even though that account did not actually belong to Mr. Leventhal and had never been authorized or used by him previously.” In addition, the plaintiffs alleged Nationwide failed to authenticate the withdrawal forms and signatures.

The plaintiff said neither defendant implemented the “commonly employed procedures and safeguards” used to notify the plaintiffs of the strange requests and/or verify the authenticity of the requests.

Last May, U.S. District Judge Mitchell S. Goldberg of the U.S. District Court for the Eastern District of Pennsylvania denied MMG and Nationwide’s motion to dismiss as to the ERISA claim, but granted their motions as to the state law claims.

After finding that the plaintiffs sufficiently pled that the defendants are fiduciaries under ERISA, Goldberg found the plaintiffs sufficiently pled the breach of a fiduciary duty by maintaining that MMG and Nationwide failed to act with the requisite prudence and diligence when they saw the “peculiar nature” and high frequency of the withdrawal requests that were to be distributed to a new bank account, but failed to alert the plaintiffs or verify the requests. “Moreover, plaintiffs have averred that defendants failed to implement ‘the typical procedures and safeguards’ used to notify plaintiffs of the strange requests and/or verify the requests,” he wrote in his opinion.

Nationwide argued that the provisions of its agreement with the law firm declaiming liability preclude the plaintiffs’ recovery for breach of fiduciary duty. However, Goldberg said the plaintiffs were correct to respond that such waivers of fiduciary duty are prohibited by ERISA. Under ERISA, “any provision in an agreement or instrument which purports to relieve a fiduciary from responsibility or liability for any responsibility, obligation or duty under this part shall be void as against public policy.” Whether plaintiffs have pled the element of “loss” is not disputed, Goldberg’s opinion noted.

Regarding the two dismissed claims, Goldberg cited Gilbertson v. Unum Life Ins. Co. of Am., which stated, “State law breach of contract claims are pre-empted by ERISA’s express pre-emption clause when the contract breached is considered an employee benefit plan under ERISA.” The judge noted that both the agreement between the law firm and MMG and between the law firm and Nationwide “relate to the plan” because they directly inform and affect the administration of the plan. Thus, the breach of contract claim is pre-empted by ERISA. Goldberg added that because the plaintiffs’ negligence claims also relate to the administration of the plan, these claims are similarly pre-empted.

After the ERISA claim was allowed to proceed, MMG and Nationwide filed counterclaims against the plaintiffs.

They said the plan document itself names LS&G and the plan trustees, including Jess Leventhal, as the plan administrator and named fiduciaries. In addition, according to the agreements between the law firm and MMG and between the law firm and Nationwide, “it was the responsibility of, and within the sole authority of, the named fiduciaries of the plan to authorize and approve the merits of each distribution request and provide the required authorized signature,” the defendants said.

“Plaintiffs’ own carelessness with respect to their employees and their computer/IT [information technology] systems and policies, including their decision to permit [an employee] to work remotely from Texas and use her personal email for official employment duties, permitted the cyberfraud or other criminal fraud to occur. To the extent MMG is liable under ERISA as alleged, Mr. Leventhal, his law partners and the LSG firm, are equally liable in their capacity as the named fiduciaries of the LSG plan,” the defendants further claim.

MMG put forth affirmative defenses which collectively allege that the plaintiffs are proportionally liable for the losses, that the plaintiffs were named fiduciaries under the plan and that plaintiffs’ ERISA claim is “precluded, reduced or set off by [plaintiffs’] respective breaches of fiduciary duty.” Nationwide put forth affirmative defenses for contribution, which likewise sought equitable contribution for the portion of loss alleged caused by the plaintiffs.

Explaining how the court circuits were split on the issue, Goldberg said he was persuaded by the district court authority that allows for claims of contribution and indemnity. And he noted that nothing within the ERISA statute forecloses these types of claims. “Absent contrary precedent from the Third Circuit, I conclude that traditional trust law permits claims of contribution and indemnity to proceed in the ERISA context,” he stated in his opinion. In addition, Goldberg concluded that MMG satisfactorily alleged that the plaintiffs were fiduciaries of the plan and they breached those duties.

However, Goldberg noted that in Trustees of Local 464A United Food & Comm. Workers Union Pension Fund v. Wachovia Bank, N.A. , the district court struck affirmative defenses seeking to bar or reduce the defendant’s liability based on a plaintiff co-fiduciary’s own breaches. The court explained that a plaintiff-fiduciary’s breach of its fiduciary duties would not absolve a co-fiduciary defendant of liability to the plan. In other words, a plaintiff’s breach of its fiduciary duty does not give rise to an affirmative defense of contribution or indemnification, but rather, “could simply give rise to a cause of action to be asserted on behalf of the plan against plaintiffs.” Considering that, Goldberg found that MMG’s and Nationwide’s affirmative defenses—seeking to bar or reduce their liability based on co-fiduciary plaintiffs’ alleged proximate cause of the losses—are legally insufficient.

“While MMG and Nationwide can pursue claims of contribution and indemnity and resolve any issues regarding causation of losses through their counterclaims, they cannot reduce their joint and several liability owed by ERISA fiduciaries for plan losses through the assertion of such affirmative defenses. Therefore, I will grant plaintiffs’ motion to strike MMG’s and Nationwide’s affirmative defenses at issue,” the judge wrote in his opinion.

«