Washington's unemployment agency was "wholly unprepared" to prevent or even detect a massive criminal fraud scheme that stole more than $640 million amid a surge in jobless claims last year, a new investigation has concluded.
While most of last spring's fraud has been tied to foreign cybercriminals, one state employee is under criminal investigation for "potential misappropriation" of an undisclosed amount of unemployment benefits, according to reports released Tuesday by the state Auditor's Office.
The auditor also said the state Employment Security Department may have understated the total fraud losses, which the audit suggested could run as high as $1.1 billion once all claims flagged for investigation are reviewed.
ESD concurred with many of the audits' conclusions about the causes of the fraud, but the agency sharply disputed the auditor's $1.1 billion figure as "a gross mischaracterization of possible fraud loss" in a statement Tuesday.
The findings, in a pair of audits and a related fraud report, provide the most detailed account yet of the ESD's struggles to ferret out fraud while trying to process an unprecedented surge in legitimate unemployment claims during the early chaotic phase of COVID-19 pandemic.
ESD declined to release details about the employee under investigation, including the amount of any possible theft and whether the person was fired, with a spokesperson citing an ongoing law enforcement investigation.
"This is not currently, nor has it ever been, a systemic issue," ESD wrote in its formal audit response, calling any potential fraud by the employee "immaterial" to the overall fraud losses.
The audits laid out vulnerabilities that left ESD exposed to cybercriminals, who used stolen Social Security numbers and other personal information to file tens of thousands of bogus unemployment claims.
As The Seattle Times previously reported, ESD missed warning signs about attacks by a group of Nigerian scammers known as "Scattered Canary," including payments to out-of-state banks and suspicious email addresses, despite a $44 million software upgrade that was supposed to help detect fraud.
"There are fraud prevention techniques Washington's program could have used to lessen the impact of these schemes, but the agency's resources also were overcome by circumstances truly beyond its control," state Auditor Pat McCarthy said in a statement Tuesday.
Hours on hold
The new reports also examined ESD's continued struggles with customer service, including long call-wait times for thousands of legitimate claimants, many of whom have described a bureaucratic nightmare while trying to receive payments or prove they didn't defraud the state.
At one point last April, when the unemployment crisis began to peak, callers to ESD waited on hold for an average of two hours, the audit found. Though the agency brought on additional people to answer phones, they remained overwhelmed.
"During some of the peak periods, more than 90% of all calls resulted in people not being able to get through at all," one of the audit reports noted.
People trying to contact ESD through its website often fared no better. By late August, it took an average of more than two months for ESD to respond to messages.
In an interview Tuesday, acting ESD Commissioner Cami Feek said the agency has brought down wait times, but "that's a problem we continue to work on to solve." Feek took the place of former ESD Commissioner Suzi LeVine, who resigned earlier this year to take a job in the Biden administration.
ESD's customer-service problems have not been unique, the auditor acknowledged, as other states also struggled to respond to the surging demands and call volumes. In Wisconsin, for example, just 1% of the 41 million calls to its work force agency were answered, according to an audit in that state.
The new audit reports by McCarthy's office also updated the scope of the fraud.
During 2020, the ESD received 191,634 so-called imposter claims filed by criminals using stolen identities, and another 2,157 fraud claims filed by citizens who used their own identities but misrepresented their eligibility to receive benefits.
All told, the imposter and fraud claims represented $646.8 million in misappropriated benefits. (Not all the imposter claims were paid; many were stopped by ESD before funds went out.) Of that, the state has recovered $370 million, the audit stated.
$1.1 billion in losses?
The audits noted improvements ESD has made in its fraud prevention and other systems, but the new reports also highlighted ongoing tensions between the two agencies over how the fraud is assessed and characterized.
In an unusual step, McCarthy rebuked LeVine last fall for imposing "significant constraints" on auditors, including attempts at limiting interviews and delaying access to important documents.
The most recent dispute — over the auditor's claim of $1.1 billion in potential losses — centers on the way McCarthy's staff characterized a batch of 52,139 claims, representing $460.5 million that ESD had flagged for investigation, as of Dec. 31.
If those claims, which the audit lists as "questionable," were added to the $646.8 million in known fraud, those questionable claims bring the state's total potential loss to just over $1.1 billion.
But ESD said that since Dec. 31, it has determined that many of those 52,139 claims weren't fraudulent, and others are still being checked. As a result, "the characterization of the total amount of possible imposter fraud paid in 2020 is false," said the ESD in a response statement included in Tuesday's fraud report.
Feek said those claims could've been flagged "for any number of issues," including late or incorrect responses from claimants.
But McCarthy said ESD didn't provide enough data about the questionable claims for the auditor's staff to verify that they were not fraudulent.
Sen. Karen Keiser, D-Des Moines, who chairs the Senate committee that oversees ESD, also objected to the way the auditor included questionable claims with imposter-incurred losses. But Keiser acknowledged that the audit process was hurried so lawmakers could see the audits finished before the Legislature adjourns this month.
"It could be they telescoped the timeline because of our demands," Keiser said. "So maybe we pushed a little too hard for this — because sometimes you need a little more time."
The audits also laid out vulnerabilities that exposed ESD to cybercriminals.
"Prior to the pandemic, ESD lacked a robust anti-fraud unit and the tools necessary to respond to widespread imposter fraud," the audit notes. "Compounding the problem, some tools within the fraud prevention portfolio were not working in the first part of 2020. ESD has since taken steps to resolve many of the issues it faced at the start of the pandemic."
The audit also notes how the imposter fraud was initially missed by the agency as it focused "on answering phones and processing the flood of unemployment claims" in March and April, leaving the agency unable for weeks to "understand the breadth and severity of what was happening."
The auditor also warned that while the agency has improved its anti-fraud systems, its continued problems with delayed claims and customer service pose a serious problem given that pandemic-related layoffs continue at high levels.
"With more federal funds for COVID relief on the way in 2021, another wave of claims seems likely and the agency's ability to handle the volume of calls is of concern," the audit said. "Improvements to the customer service experience are necessary to restore public confidence in the benefit system."