Record-keeper cybersecurity personnel increased 10.5% to 4,504 employees in the year ended Sept. 30, Pensions & Investments' latest survey of the largest record keepers showed. Meanwhile, the number of professionals working in record-keeping operations declined 15% to 19,328; investment analysis and due diligence, down 3.5% to 4,757; and relationship managers, a 6.8% decline to 2,612 employees. Record-keeper assets totaled $7.49 trillion as of Sept. 30, a slight increase from $7.45 trillion the year prior, according to the survey.
TIAA-CREF, which had $611.4 billion in record-keeping assets as of Sept. 30, down 6% from the previous year, in 2019 created a partnership with The New York University Tandon School of Engineering to offer employees the opportunity to obtain a master's degree in cybersecurity at no cost after successfully completing the coursework and utilizing TIAA's tuition reimbursement program, according to Tim Byrd, Charlotte-based chief information security officer. "Our partnership with NYU Tandon strengthens the skills of our existing cyber team, while also offering other TIAA employees the opportunity to transition into cybersecurity from another area of the company if that's something they are interested in pursuing," he said in an email. TIAA had more than 250 cybersecurity employees, according to Mr. Byrd.
Alison Borland, executive vice president of wealth solutions and strategy at Alight Solutions in San Francisco, said in addition to hiring staff who specialize in cybersecurity, Alight formalized an internal "security first" program two years ago to ensure all employees are actively engaged in all aspects of security including proper cyber protocols, like avoiding email phishing scams and protecting participant data. "We consider security the job of every colleague who works at Alight," Ms. Borland said. Alight had 278 cybersecurity employees as of Sept. 30 and $459.2 billion in record-keeping assets, up 3.4% from the previous year, according to the survey.
Of note, the Department of Labor filed a petition April 6 in U.S. District Court in Chicago seeking a court mandate to compel Alight to produce documents in an ongoing ERISA compliance investigation.
The Labor Department issued a subpoena in November, and in January, said Alight "provided a limited number of documents and provided a 39-page letter containing numerous objections," according to the agency's court filing.
"We have been working with the DOL to better understand their request, but their specific asks and intent remain broad and unclear," Alight spokeswoman MacKenzie Lucas said in an email. "We will continue to work with them to provide necessary information while protecting the privacy of our clients and their people."
During its investigation, which began in July, the Labor Department's Employee Benefits Security Administration discovered that Alight processed unauthorized distributions as a result of cybersecurity breaches relating to its ERISA plan clients' accounts, the agency said in court filings.
Alight said there's no evidence to suggest there's been any compromise of its systems.
Moreover, in early April, a former employee of Abbott Laboratories, Chicago, sued the company and Alight, its record keeper, accusing plan fiduciaries and Alight of violating their ERISA duties because her 401(k) account was looted by an impostor. The suit alleges that $245,000 was transferred from the former employee's account without her knowledge, blaming the defendants for allowing the money to be transferred to an internet address in India before she could take steps to stop the fraud.
Alight declined to comment on the lawsuit but said it takes seriously the security of data and accounts it oversees and takes an "aggressive approach" in preventing fraud.