Software flaw hid signs of $576 million state unemployment fraud, officials say

Criminals used bogus claims to siphon off state and federal benefits

By Paul Roberts The Seattle Times • September 21, 2020 3:30 pm

By Paul Roberts

The Seattle Times

The state’s Employment Security Department took nearly a year to fix a software flaw that wound up playing a small but significant role in this spring’s massive unemployment fraud.

The disclosure comes as the agency shakes up its anti-fraud operations and personnel in the wake of the spring’s $576 million unemployment scam.

The software flaw, which ESD said resided in its three-year-old claims-processing system, meant the agency was sending out benefits payments before claims had been run through a so-called discovery process to check for fraud risk.

“Claims were made, claims were paid and then discovery was run,” ESD Commissioner Suzi LeVine said during a Thursday interview. Even if unemployment claims were eventually flagged as having a high fraud risk, the sequencing flaw meant “they were already paid,” LeVine added.

As unemployment claims in Washington soared to historic levels during the coronavirus-triggered economic shutdown, criminals used bogus claims to siphon off state and federal benefits worth $576 million, of which $346 million has been recovered. Similar fraud schemes, some of them believed to have been orchestrated from Nigeria, have been reported in 37 other states.

In August, several lawmakers raised concerns that ESD had turned off some of its fraud controls in its claims system, known as Unemployment Tax and Benefits, or UTAB, in an effort to speed payments to jobless Washingtonians — assertions LeVine rejected at the time.

The software flaw wasn’t the only culprit, LeVine said Thursday.

Even if the flaw had been fixed before fraudsters first struck in March, LeVine said, the discovery process that was in place at that time would have stopped just 14.5% percent of the roughly 86,000 fraudulent claims ESD ultimately paid before detecting the fraud, according to an ESD analysis. In mid-May, ESD temporarily halted all payments while it investigated the fraud, a move that delayed benefits payments to tens of thousands of legitimate claimants.

LeVine said other, nontechnical factors played a possibly larger role in the fraud.

Among them was the novelty and sophistication of the fraud scheme, in which criminals used stolen Social Security numbers and other personal data to file unemployment claims that were hard to distinguish from the tens of millions of legitimate claims Americans filed during the pandemic.

Another factor: emergency federal directives that were meant to get benefits to Americans quickly but which also eliminated some basic fraud safeguards, LeVine said.

Crucially, Washington and other states waived the traditional “waiting week,” which normally gave the ESD up to 10 days to verify claims before paying benefits — and which would have made the software flaw moot, ESD officials say.

Although ESD staff identified the software flaw in the claims processing system back in June 2019 — and although the waiting week was “turned off” on March 18 as layoffs soared — the flaw wasn’t fixed until May 14, 2020, after most of the fraud losses had already occurred, LeVine said.

Further, even as ESD staff made two separate efforts to work with Fast Enterprises, UTAB’s Colorado-based maker, to fix the flaw, LeVine said, she and other members of the agency’s senior leadership weren’t told of the flaw or even that it had been fixed until August 2020.

ESD is investigating both these delays as part of its own probe into the fraud. ESD officials are asking “who knew what when on this issue?” LeVine said. The agency is also working “to make sure that this type of lag in leadership awareness doesn’t happen in the future,” LeVine said.

The probe comes as the agency faces intense outside scrutiny from legislators and the state auditor, which is conducting five separate audits of the fraud and other agency operations.

ESD is also making organizational changes to its anti-fraud operations. On Friday, the agency confirmed that Patricia Trevino, who had been chief investigator of the agency’s Office of Special Investigations and Collections since June 2018, was no longer in that role, according to ESD spokesman Nick Demerice.

As chief investigator, Trevino “was specifically responsible for implementing the Department’s investigation of, and response to, the impostor fraud ring it detected beginning in late April 2020,” according to a court document Trevino filed in June in a lawsuit related to the ESD’s fraud response.

Rebecca O’Hara, who had been ESD’s chief data privacy officer, “assumed a leadership role in coordinating our fraud response both within and outside our agency” in mid-May, Demerice said.

The agency is also recruiting for a new role, tentatively known as fraud chief, who will report directly to LeVine, Demerice said. “That way, there’s a very clear escalation path and a very clear cross-agency coordination effort,” LeVine said.

Whether the shake-up will mollify critics of the agency and of LeVine, a prominent figure in Democratic politics, remains to be seen.

Sen. Karen Keiser, D-Des Moines, whose Labor and Commerce Committee has oversight of the ESD, has been generally supportive of LeVine since the fraud. On Friday, Keiser, who will hold a work session on the fraud next week, lauded ESD for “changing the sort of siloed approach that bureaucracies tend to fall into” and that may have contributed to the delays.

But Keiser was critical of UTAB, which ESD launched in 2017. She said it didn’t come with sufficiently stringent anti-fraud safeguards in the first place.

Keiser said Fast Enterprises has since blamed ESD for the lack of fraud protection because the ESD “didn’t purchase additional security” that Fast Enterprises could have offered.

But, Keiser said, selling ESD a “core” system that lacked stringent anti-fraud protections was like selling “a car without brakes,” Keiser said. “You expect the brakes to be in there, and apparently they weren’t.”

A Fast Enterprise spokesperson responded with a statement that it “remains committed to working at the direction of, and with the ESD, to ensure that unemployment insurance payments are made in a timely manner while minimizing fraud in a dynamically changing environment.”