Deloitte has developed systems for States throughout the U.S. to try to avoid Covid fraud. However, nationally, the losses have been estimated at around $45 billion and could reach as high as three times, according to estimates from the government.
The Big 4 accounting giant promised states AI powered anti-fraud detection tools in exchange for hundreds of millions of Covid unemployment agreements. Forbes finds that criminals using the same systems could have earned even more money.
In early 2021, Deloitte subcontractor Randstad terminated a teleservices employee helping Ohioans access Covid-19 unemployment benefits via Deloitte’s system that was implemented earlier in the epidemic. For her employer, she appeared to be a typical tardy employee. However, according to federal authorities, she was, in fact, guilty of a more brutal and criminal act which was allegedly involving receiving compensation to run an illegal side business that involved removing fraud flags on applications to PUA, the pandemic unemployment assistance (PUA) that is the $150 billion Covid-19 for those who are self-employed. In exchange for removing fraud flags, she allegedly received kickbacks from the applicants. An $18,000 cash payment, as an example, resulted in a return of $2,000 to the person who committed the crime, as investigators stated in a warrant for search discovered through Forbes.
In an unreported oversight regarding the safety of Ohio’s use of Deloitte’s Un-employment insurance framework for Automated Claims and Tax Services (uFACTS) the suspect was said to be able to remove as many as 176 fraud-related issues throughout at least a month following the time her dismissal, investigators claim. The fraudulent gains were channeled via Cash App and Zelle accounts belonging to her daughter, and the other to her mother, as per the law enforcement account. (Attempts to reach the suspect failed. Since neither the family nor the people seeking unemployment benefits have been arrested, Forbes is not divulging the names of those involved. Deloitte and The Ohio Department of Job & Family Services, which oversees PUA assistance, have declined to discuss the situation. Randstad was not available to comment.)
The security breach in Ohio suggests a basic security flaw in the company’s problems in preventing the nation’s Covid fraud catastrophe — and not only in Ohio. Eight states have seen Deloitte have secured million-dollar deals based on the promise of powerful anti-fraud technology and scalable, secure telecoms infrastructure. In a speech at the Kansas Department of Labor (KDL), in which it professed it could have prevented the theft of $100 billion from fraudulent unemployment that was widespread, Deloitte touted “advanced AI-driven fraud detection” and “identity verification” to “prevent illegal activities,” technologies that had been in use throughout U.S. states for over ten years.
“It’s a terrible idea and something we strongly discourage every time. …”
Sherrod DeGrippo is vice president for threat analysis at Proofpoint
With its claims that it was in a position to modernize and secure unemployment programs, Deloitte was seen as the most obvious choice to help states in the wake of the imminent flood of Covid benefits applications to that $650 billion pool of welfare funds for a pandemic. “Deloitte is the sole firm with an in-production PUA system that was available,” said Kimberly Hall, chief of the Ohio Department of Job & Family Services, in a written statement on May 20, 2020. For agreements at California, Colorado, Illinois, New Mexico, New York, Ohio, Virginia, & Wisconsin, Deloitte either deployed custom uFACTS systems or upgraded its legacy infrastructure and set the teleservices centers that were attached to it. The deals — which totaled at least $370 million – contributed to Deloitte’s record of $50 billion and 60 billion annual revenue in 2021-2022. According to data from local governments in the states where Deloitte was asked to stop fraud or manage the benefits system, it collected as high as $21.2 billion of fraud. FACTS alone saw a close at $3.2 billion.
Deloitte spokesperson Karen Walsh said that the company has helped states pay over $200 billion of federal and state unemployment aid and ended “millions of false unemployment claims.”
“Deloitte included all identity proofing methods and anti-fraud technology that the states have approved, and when signs of criminal activity began to emerge, it recommended further methods and tools to improve security and prevent millions of dollars of fraud,” she added.
However, in Ohio, in the meantime, as the price for the Deloitte contract increased, and the price of the contract soared, so did the costs associated with the fraud. Beginning at a minimum of 10 million dollars in 2020, The Deloitte contract jumped to $122 million by October 2022. At a minimum, $166 million of fraudulent applications were paid via the Deloitte system during the fiscal year for the state that ran from July 2021 to June 2021, according to the figures that the state auditor has provided to Forbes. However, the information needs to be completed. It doesn’t consider the statistics for the financial year, which is still being counted as well as that of the $1.2 billion worth of benefit payouts that were flagged as being fraudulent and currently being sorted out. Ohio Department of Job & Family Services spokesperson Bill Teets said the department has made around one billion dollars in illegal PUA overpayments through June 30th, 2022. Some of the overpayments were made via a Deloitte system since the old infrastructure handled a significant portion of the requests. The state will also continue to work with Deloitte for PUA for at least until June 2023, the official said.
Although Deloitte claims to have sophisticated anti-fraud technology and detection, the breach of the FACTS security system in Ohio was insignificant and brazen, as per the warrant. During an interview with a Labor Department investigator, one of the accused customers said that the suspect had advertised her ability to eliminate fraudulent flags via Instagram as per the warrant. The suspect also claimed unemployment in her name while employed by the Ohio Department of Job & Family Services and the U.S. Postal Service at the time. Deloitte and its subcontractor Randstad, the employer directly for the accused, could not recognize her alleged crimes until an anonymous tipper discovered them.
Sherrod DeGrippo, vice president of security research at cybersecurity firm Proofpoint, said that leaving computer systems vulnerable to malicious employees was not uncommon but “horrible.” “It’s a terrible thing and something we strongly advise against every single time in terms of security hygiene,” she added.
But Deloitte was aware of the hidden threats that faced workers’ unions during the era of Covid. In June of 2020, it was asked by Michigan to review the state’s fraud issues related to Covid and reported on a case that had a lot of similarities to one in Ohio as per the court documents along with Deloitte’s report. In October of last year, Brandi Hawkins, a Teleservices representative with an access point to the Michigan employment system, was found guilty of approval of several fraudulent benefits, which caused losses of $3.8 million in federal funds. Deloitte stated in its report it was noted that Hawkins was able to eliminate fraudulent flags from the Michigan benefits database for a while after her departure.
Deloitte office building is located on Wacker drive in Chicago, Illinois, the state where the firm is facing criticism by the auditor for the state regarding the pandemic system of unemployment benefits.
Contrary to Hawkins and Hawkins, the investigators stated that the defendant in the Ohio investigation also claimed to obtain fraudulent applications acquiesced in other states where she did not have accessibility to the systems, the investigators stated. According to the federal government, the suspect was wildly successful in California and California, where Deloitte has agreements worth around $188 million in The Employment Development Department (EDD) for Covid-19 benefits. In the latter half of 2020, the suspect’s clients were granted fraudulent applications in California with more than $50,000 in cash payouts in this West Coast state, Labor Department officials claim. These same individuals had received fraud flags on their applications in Ohio removed and received the money, according to the warrant, which showed the possibility of filing claims in several states with the same name and getting insurance payouts.
Alongside concerns that millions of calls made to Deloitte-sponsored call centers in California were not answered, Assemblyman David Chiu spoke to the local press in March 2021that “Deloitte has been underperforming.” Call centers, Chiu said, were a “mess.” Then, in January 2021, during an evaluation of the EDD’s work regarding Benefits for Covid-19, the state auditor condemned the agency for its failure to act swiftly to stop the payment of up to $10.4 billion in potential fraudulent unemployment payouts. It noted the estimated amount of $810 million that was paid to prisoners who weren’t eligible for benefits. As of October, the EDD estimated the total loss due to fraud was $20 billion.
The other states couldn’t determine the amount of fraud that was perpetrated by their systems. Like Ohio, Illinois spent $14.3 million on a uFACTS setup and $42.7 million to fund the call centers attached to contracts with the federal government. However, the format was “inadequate” because it failed to gather accurate information regarding PUA claims in the state audit, said the state auditor Frank Mautino. He said to Forbes, “We recognize it was a significant amount of fraud” however, the state auditor will need to wait until the next audit for the proper information to determine an exact dollar figure on the crime.
Deloitte’s troubles in the company’s Covid benefits contracts date to the pandemic’s beginning. In May of 2020, a lapse made by Deloitte caused the personal data of nearly 240,000 people who were enrolled in unemployment insurance from Colorado, Illinois, and Ohio to leak on the benefits websites of the government. Deloitte has settled a class-action suit in connection with the breach at $4.95 million in 2021.
Deloitte’s uFACTS systems could not manage the influx of claims during the pandemic. Florida created its bespoke version of facts, called CONNECT, in the middle of 2010 for $55 million. However, it could not take on the burden when the virus struck. This meant that many Floridians couldn’t access benefits, which led Gov. Ron DeSantis to order the Office of the Chief Inspector General to investigate. While Deloitte attempted to defend itself against criticism by saying that it gave the system to Florida to oversee in 2015 and that it was not in control, however, it was still under fire for the service it provided and its inability to meet “contractual capacities” for at minimum the 200,000 concurrent users. “Deloitte’s offered uFACTS was not up to par with the proposed solution,” the Inspector General said in his conclusion. In the words of local news media, the state claimed it was able to recover $1.9 billion in fraud related to CONNECT at the time of the epidemic.
The federal government played a part in the fraud committed by Deloitte’s processes. When creating PUA benefits and allowing self-employed people to self-certify without any requirement to conduct a background examination of applicants’ backgrounds or request proof of employment, the whole system is vulnerable to fraud. According to it was stated by the Illinois Department of Employment Security declared in response to auditor’s critiques, many states were impacted by substantial fraudulent activities “because it was because the Trump administration created a unique inadequate system.” In that context, Deloitte was asked to develop the IT infrastructure and personnel to handle a dramatic increase in insurance claims in just a few weeks. In Illinois, the principal auditor Kathy Lovejoy, who is investigating concerns about the Deloitte contract, stated that the “contract was put into within a short amount of time to begin to get this program off to give the residents of Illinois some help.”
“I’m not suggesting that this is just a lie. However, it’s real,” she added.