Submitted by the Office of New York State Comptroller Thomas P. DiNapoli
The state Department of Labor’s (DOL) failure to replace its long-troubled unemployment insurance (UI) system and ad hoc workarounds to compensate for the old system weakened oversight and ultimately contributed to an estimated billions of dollars in improper payments during the COVID-19 pandemic, according to an audit released today by State Comptroller Thomas P. DiNapoli. DOL refused to provide auditors with the data that would have enabled auditors to calculate the precise amount of improper payments and was slow to provide requested information that delayed the completion of the audit. The audit examined the period from January 2020 to March 2022.
“The state Department of Labor’s antiquated UI system was ill-equipped to handle the challenges posed by the extraordinary demand caused by the pandemic for unemployment benefits and more lenient federal eligibility requirements,” DiNapoli said. “The agency resorted to stop-gap measures to paper over problems, and this proved to be costly to the state, businesses, and New Yorkers.
“The department needs to recoup fraudulent payments and correct its mistakes. I was pleased the department agreed with our recommendations and is moving to implement them.”
DOL officials did not heed warnings as far back as 2010 that its UI system was out of date, nor did it address issues identified in a 2015 state comptroller’s audit. The system lacked the resources necessary to adjust to new laws or handle workload surges – a dire forecast with disastrous consequences during the pandemic. Not only did DOL have to manage an unprecedented volume of traditional UI benefit claims, but it also administered UI benefits for the temporary programs created by the federal Coronavirus Aid, Relief, and Economic Security Act (CARES Act). These temporary federal benefits, with less stringent eligibility requirements, contributed to a dramatic increase in UI claims.
Even before the pandemic, the U.S. DOL reported New York’s traditional UI estimated improper payment rate at 10.34%, including a fraud rate of 4.51%, in state fiscal year (SFY) 2019-20, exceeding the federal performance threshold of 10%. Unlike temporary programs which are funded 100% by the federal government, New York’s UI program is funded by taxes collected from employers. With the increase of claims during the pandemic, U.S. DOL’s estimated improper payment rate in New York’s UI program increased significantly to 28.89% including a fraud rate of 17.59% in SFY 2021-22.
From April 1, 2020, through March 31, 2021, the state made 218.2 million traditional and temporary UI payments totaling over $76.3 billion, an increase of nearly 3,140% over the amount paid in the prior state fiscal year. Using the U.S. DOL’s estimated fraud rate for New York’s traditional UI program for SFY 2020-21, this would equate to approximately $11 billion lost to fraud in that fiscal year. This likely understates the actual amount, as New York DOL acknowledged that the temporary programs had a significantly higher risk of fraud.
Auditors found that, during the pandemic, DOL had to compensate for its outdated system by overriding existing controls designed to prevent improper payments. DOL’s “pay and chase” approach increased the risk of overpayments, payments charged to the wrong funding source, and fraud. For instance:
√ Auditors tested a sample of 53 claimants, selected for various risk factors, and found that 18, or one-third, potentially received UI payments that exceeded the maximum allowed amount.
√ Auditors sampled an additional 100 claimants and found 96 of the combined total of 118 claimants were improperly paid nearly $2.8 million through the state’s traditional UI program instead of the temporary federal CARES Act.
√ Auditors identified another $41.2 million paid to 8,798 claimants, whose payments appeared to be more than the maximum allowed amounts. Auditors questioned whether these claims were correctly paid or if the correct funding source was used. While DOL officials said it had identified this issue and adjusted claims on its UI system, adjustments to federal reports have not occurred and these claims were incorrectly paid with state funds.
The outdated system also created obstacles to monitoring and analyzing fraudulent claims and for making operational decisions. Auditors found that DOL could not identify the root cause of overpayments and fraud and did not implement controls to address weaknesses in the system. During the audit, DOL was unable to provide auditors with information to support their management and response to fraudulent claims and could not account for:
√ The number of claims that were paid to fraudulent claimants before being detected;
√ The length of time from when claims were filed to when they were identified as fraudulent (to determine the number of weeks that payments were made); and
√ How the claims were identified as fraudulent (e.g., whether through departmental procedures or based on complaints from individuals whose identities were used by imposters to file false claims).
DOL’s failure to provide auditors with information and its slow response to requests delayed the audit’s completion. DOL was unable to provide supporting documentation on the over $36 billion in fraudulent claims the commissioner of labor said that it had prevented. It also could not explain to auditors why the estimated number of frauds for traditional UI claims more than tripled during SFY 2020-21, nor was it willing to provide data to auditors that would enable them to perform their own independent analysis to assess the amount of fraudulent claims.
This information is critical for New Yorkers because, during the pandemic, the state had to borrow from the federal government to support UI claims. It had a loan balance from the federal UI trust fund that averaged $9.3 billion from September 2021 through April 2022, which now stands at about $8 billion. This loan must be paid back with interest at the expense of New York’s employers. Previous DiNapoli reports identified that borrowing from the federal UI trust fund has a significant cost impact for businesses operating in New York state.
Auditors also found that, while DOL repeatedly pointed to identity theft as the major cause of fraud within the program, specifically for the temporary benefit programs, it did not implement a critical system to stop identity theft, a program called ID.me, until February 2021, or nearly a full year after these temporary programs were put in place and approximately 80% of UI claims had already been made.
In implementing ID.me, DOL failed to capture information to ensure it not only prevented fraudulent claims but also balanced the ease of access for legitimate applicants. For example, groups like seniors, lower-income people and recently migrated individuals were identified in a 2018 report by ID.me as being particularly disadvantaged in proving their identity online. DOL acknowledged that certain groups may encounter difficulties with the verification process using ID.me, but did not capture information on which applicants had difficulty with the verification process to enable it to address these issues in the future.
DiNapoli’s auditors also found DOL did not take some critical steps to secure its UI system and data. As a result, DOL has minimal assurance that its substantial personal information assets are protected against loss or theft. For example, auditors determined DOL did not classify data on its UI system, failed to encrypt certain information, did not enforce strong access controls or authentication rules, and did not have a policy in place to ensure systems logs were monitored. Some of its changes to the UI system made in response to the pandemic did not meet all the necessary requirements of the State’s Office of Information Technology Services (ITS) Change Management Process and Policy, intended to ensure the mitigation of risks and minimize disruption of critical services.
The audit recommended DOL:
√ Continue the development of the replacement UI system and ensure its timely implementation.
√ Take steps, including collecting and analyzing data related to the identity verification process, to ensure the correct balance between fraudulent identity detection and a streamlined process for those in need of UI benefits.
√ Follow up on the questionable claims identified by this audit to ensure adjustments have been made so they are paid from the proper funding source and overpayments are recovered, as warranted.
√ Ensure the current and new UI system and data comply with provisions of the NYS Information Security Policy-the Classification, Authentication, Encryption, and Logging Standards, as well as the ITS Operations Change Management Process and Policy.
√ Improve the timeliness of cooperation with state oversight inquiries to ensure transparent and accountable agency operations.
Department officials generally agreed with the audit’s findings and recommendations.