Audit: Control inadequate at Employment Security to prevent fraud
The state Employment Security Department did not have adequate controls to prevent a slew of illegal unemployment insurance claims last spring that totaled about $600 million and grew into the largest fraud in state history, the Washington State Auditor said Friday.
The first of five audits expected on the scandal provided the first accounting of the circumstances surrounding schemes that targeted Washington state's unemployment benefits as the coronavirus pandemic was growing. The remaining audits are due next year.
As part of its annual audit of the state's financial statements, the state auditor found that the Employment Security Department also initially reported inaccurate fraud and recovery numbers that have since been updated.
"We are still learning about what happened and vetting the information,'' Auditor Pat McCarthy said in a press release. "I expect more clarity in the months to come."
Republican state Rep. Drew Stokesbary said the failures at ESD are "why so many Washingtonians are so frustrated with government."
"A high-ranking appointee loses half a billion dollars to Nigerian scammers, and there's no accountability," he said. "It just continues to sow mistrust in the government.''
Much of the money apparently went to a West African fraud ring using identities stolen in prior data breaches, such as the massive 2017 Equifax breach. Washington is one of several states where attacks have been detected, including New Mexico, Michigan and Montana, according to California cybersecurity firm Agari, which has monitored the Nigerian fraud group, dubbed Scattered Canary.
Democratic state Rep. Mike Sells said in a written statement that the hacks "are a national problem from employment security departments in many states and the FBI is investigating currently."
"We are awaiting further audits around performance issues to help us guide changes that need to be made in the system," he said.
Data used in this audit is as of June 30, 2020, the end of the fiscal year. Key findings include:
- The "known and suspected" fraud loss, as of June 30, was about $600 million. This sum covers more than 122,000 known or suspected fraudulent claims in fiscal 2020.
- The state had recovered $250 million as of June 30.
- These amounts are almost certainly different today, as ESD's recovery efforts are ongoing.
The Employment Security Department paid out more than $7.5 billion in unemployment insurance benefits to 926,815 people in fiscal year 2020. The vast majority of those payments happened after the pandemic began in March.
The ESD in fiscal 2020 issued 684% more in benefits funding (about eight times) to 390% more people (about five times) than in fiscal 2019, the audit found.
The audit found that changes in ESD's internal controls made the program more vulnerable to fraud.
For instance, the agency in March eliminated the "waiting week," which is the time ESD typically would use to verify eligibility for benefits. This decision was driven by federal incentives to distribute pandemic relief quickly as well as an executive order from the governor. As a result, benefits were paid before eligibility was verified.
An automated process to detect claims that present a higher risk for identity theft was not working for much of the year. By the time it was repaired in May, a large number of fraudulent transactions had already occurred, the audit said.
The audit found that some pandemic-related relief funding was especially vulnerable to fraud.
The federal Pandemic Unemployment Assistance Program offered benefits to self-employed people and others who would not typically be eligible for unemployment insurance. These claimants were not required to submit documentation to substantiate employment.
Employment Security Department Commissioner Suzi LeVine said her agency appreciated the feedback and that all the auditor's recommendations were actions the agency had already taken.
"We especially welcome the recognition of our critical work on funds recovery, which currently stands at $357 million and rising,'' LeVine said.
"Washington was among the first states to be impacted by the nationwide unemployment fraud attack, but we were not the last,'' she said.
LeVine said the audit recognized that her agency was under great pressure last spring to distribute money quickly because of job losses from the pandemic.
"The waiving of the waiting week was encouraged and paid for by the federal CARES Act,'' LeVine said, referring to the coronavirus relief act passed by Congress. "While it affected some of the fraud, waiving it enabled claimants to receive funds more quickly at a time they desperately needed relief due to mandatory shutdowns.''
The Employment Security Department is also being audited by the U.S. Department of Labor and the Justice Department.