Leaked Fidelity Memo Casts Doubt on Internal Security Procedures

Millions of customers with retirement funds invested through Fidelity Investments could be at risk following the revelation of a damaging internal company memo, The San Francisco Chronicle reports.

Written by Tom Strotman, a director in customer support services at Fidelity the leaked note depicts a hypothetical scenario whereby a customer's 401(k) account is accessed and emptied by an unauthorized caller. It claims that this sort of activity actually occurs and states that Fidelity's risk-management department "has had to make many unpleasant calls to customers in situations like the one described above."

Strotman continues to say that 43% of "invalid calls" received by the company last month were not properly authenticated, and claims that in 2005, the risk-management department investigated 457 cases of potential fraud with "over $31 million in customer assets at risk." He refers to the issue as "serious."

The memo has been labeled "grossly exaggerated and misleading" by Fidelity spokeswoman Anne Crowley, who told the Chronicle that adequate security measures were in place to protect the firm's $1.4 trillion in client assets. She called Strotman's use of statistical data "incomplete and inaccurate." Crowley refused, however, to categorically deny the allegation that certain customers' retirement accounts had been accessed illegally, or to discuss details of the company's authentication procedures.

"Most people don't realize how vulnerable their financial accounts are to illegal access," said Beth Givens, director of the Privacy Rights Clearinghouse, a consumer advocacy group in San Diego. "This document from Fidelity indicates that there could be massive amounts of fraud that we're not even aware of," she said.

Fidelity handles retirement accounts on behalf of nearly 12 million individuals, with clients including the University of California, Stanford University and Hewlett-Packard. In the event of fraud, it is likely that Fidelity, as a legal fiduciary, would be required to compensate any 401(k) holders for any fraud-related losses. According to Crowley, only two of the 457 cases investigated last year resulted in compensation being paid, and the total liability was a mere $10,750. 

The staff of Money Management Executive ("MME") has prepared these capsule summaries based on reports published by the news sources to which they are attributed. Those news sources are not associated with MME, and have not prepared, sponsored, endorsed, or approved these summaries.